![]() ![]() Give me a few minutes to get some coffee in me But looks like you got all the info there to make for a good post. So why are you talking to roots? I still on my first cup of coffee so will have to look through your confs. Why are you going to roots if your wanting to setup a caching forwarder? This is troubleshooting info that was really increased back in like 9.3 something, you can suppress them with something like category lame-servers But curious why your going to roots? Checking that first one - that is a root server. So those errors are telling you those servers sent back a Refused. Consider adding the 1918 zones here, if they are not used in your (reverse config) BIND reverse data file for myhouse.local If BIND logs error messages about the root key being expired, Uncomment the following block, and insert the addresses replacing nameservers, you probably want to use them as forwarders. If your ISP provided one or more IP addresses for stable to talk to, you may need to fix the firewall to allow multiple If there is a firewall between you and nameservers you want rw-r-r- 1 bind bind 16 Jul 31 23:25 named_dump.db ![]() rw-r-r- 1 bind bind 720 Jul 31 18:22 managed-keys.bind ![]() This tells me then that it may not be working correctly, however this leads to the third issue, when I dump the dns cache, the db is empty: rndc dumpdb ls -laĭrwxrwxr-x 2 root bind 4096 Jul 31 23:18. If i immediately dig it again: Query time: 4 msec However If i go and browse to a new site, say, on my desktop, which has this bind server set as it's only dns, when I run dig again: Query time: 41 msec If I run the query again (abbreviated): Query time: 4 msecĤms.this seems to imply dns is working correctly. flags: qr rd ra QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1ġ78ms. >HEADER<<- opcode: QUERY, status: NOERROR, id: 63704 This appears to both work, and not work.įirst, If I query from the dns server itself, say to : dig This result is cached so subsequent queries return from the cache. if It doesn't exist there, then by way of forwarders, it's queried up the chain until a result is found. Second, The way I believe this to work, is the first time a site is queried, it's checked against the dns servers cache. first, in /var/log/syslog, I see the following: Jul 31 22:42:52 dns-p1 named: error (unexpected RCODE REFUSED) resolving './NS/IN': 192.203.230.10#53 I've set up bind in a debian 8 vm, and think I have everything working correctly, but I'm not entirely sure. One of these things, is heavy use of bind as an internal DNS server in our datacenter. I'm working on setting up a home lab to try and replicate parts of our network at home to practice things I use on a daily basis in the office.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |