(SOLVED) Problem with DNS..

C

cruzler

Hi all, i need help, please..

I just had build a DNS server using bind9 for ISP, it run well, i can sent an email, open the website, n there is no error log on messages, and i already add the additional PTR too, but i have got problem when, my client use my DNS as their primary/secondary DNS on their network settings, they can't browsing to any site at all, except my website on my DNS.. :(

And my friend told me, to enable Query on named.conf, to solve this problem, is true, if this problem is because i am not enable the query? And if is it true, how can i enable this query? :\

Thanks..
 
cruzler said:
but i have got problem when, my client use my DNS as their primary/secondary DNS on their network settings, they can't browsing to any site at all, except my website on my DNS.. :(
Click to expand...

You should allow your users to use your DNS server. Check your DNS server setting and the firewall too.
 
@rocky

But, what should i check from this named.conf? n i already shutdown my firewall to try this, but, it doesn't solve the problem..
 
You should read the manual of BIND. There are various ways to control DNS server security. For e.g, the controls directive.

I think you should post your bind configuration here and then we may help...
 
Add to the options section in named.conf:
Code: 
forward only;
forwarders {
    1.2.3.4;
    2.3.4.5;
};
Replace the IP addresses with the IP addresses of your ISP's DNS servers.
 
You need to setup caching dns by adding forward only zone as suggested by above poster. This will open your dns to rest of the world. I suggest you take help of ACL or views to restrict access to your own customer i.e. ISP netblock only.
 
rocky said:
You should read the manual of BIND. There are various ways to control DNS server security. For e.g, the controls directive.

I think you should post your bind configuration here and then we may help...
Click to expand...

Ok sir, thanks..

SirDice said:
Add to the options section in named.conf:
Code: 
forward only;
forwarders {
    1.2.3.4;
    2.3.4.5;
};
Replace the IP addresses with the IP addresses of your ISP's DNS servers.
Click to expand...

But sir, how if we are the ISP's ?

DutchDaemon said:
http://forums.freebsd.org/showthread.php?t=3213
http://forums.freebsd.org/showthread.php?t=3393
Click to expand...

Hoo.. i see.. Thanks sir..

vivek said:
You need to setup caching dns by adding forward only zone as suggested by above poster. This will open your dns to rest of the world. I suggest you take help of ACL or views to restrict access to your own customer i.e. ISP netblock only.
Click to expand...

Should i add catching dns? or Maybe this is because ACL?


Based on what DutchDaemon n vivek said, maybe this is about ACL/recrusion/query, right..? Hmm.. i try..
 
If you need to play the role of "ISP DNS", you will have to define an acl containing the IP networks that are allowed to use your DNS (your ISP networks), and allow that acl recursive query access. The two threads I pointed you to will contain all necessary information about that.

I assume that you are running a regular BIND (base system or ports version) which will already have things like the root nameservers configured (as 'named.root' in etc/namedb/, and as 'zone "."' (type hint) in named.conf).
 
ItaRi said:
Can show a config named.conf, costs what to guess...
Click to expand...

Roger that, sir..

DutchDaemon said:
If you need to play the role of "ISP DNS", you will have to define an acl containing the IP networks that are allowed to use your DNS (your ISP networks), and allow that acl recursive query access. The two threads I pointed you to will contain all necessary information about that.

I assume that you are running a regular BIND (base system or ports version) which will already have things like the root nameservers configured (as 'named.root' in etc/namedb/, and as 'zone "."' (type hint) in named.conf).
Click to expand...

I see, sir.. sorry i am late to reply.. But sir, i was insert the ACL, then allow the option, the named can start well, n there is no error on log/messages, but, my client still cannot use my DNS.. :(

This is my named.conf :

Code: 
acl "xfer" {
        xxx.xxx.xxx.xxx(my another nameserver IP);
};

acl "trusted" {
        xxx.xxx.xxx.xxx/xx; (My block IP who can use my DNS)
        xxx.xxx.xxx.xxx/xx;
        xxx.xxx.xxx.xxx/xx;
        localhost;
};
-------------------------------
options {
        // Relative to the chroot directory, if any
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";


allow-recursion {
        xfer;
};

allow-query {
        trusted;
};

allow-query-cache {
        trusted;
};
--------------------------------------
zone "mydomain.com" {
        type master;
        allow-update { none; };
        allow-query { trusted; };
        allow-transfer  { my slave IP; };
        file "master/mydomain.com.zone";
};

zone "xx.xxx.xxx.in-addr.arpa" {
        type master;
        allow-query { trusted; };
        file "master/xx.xxx.xxx.in-addr.arpa.rev";
};

Puff.. I don't know how to check the error, because there is no error log on message log.. :(
 
@icer

Hoo.. i see.. Thanks sir..

Btw, Thanks to all, my problem solved, this is because i forget to set recursion to "yes".. once again, thanks.. :D
 
You must log in or register to reply here.
Back
Top