This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

named.conf.options

4 posts / 0 new

Topic locked

Last post

#1 Wed, 11/21/2012 - 11:31

duman

named.conf.options

Hi all,
I was trying to get Bind which I host on the VPS to act as a recursive dns server for another vps I have. I think during this process i might have messed with something and now Bind just isnt playing right.

I have ns1.foo.com and ns2.foo.com on 2 different ip's on the machine.

Either ns1 doesnt respond at all or when it does it takes as much as 11 seconds according to mxtoolbox.

I "think" I might have played with named.conf.options? I did a bunch of reading up and I think the below is the default state for webmin which it is currently at? Could the below be the cause of my problems?

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Thanks in advance

#2 Wed, 11/21/2012 - 12:14

Locutus

Your BIND config file looks good. Mine additionally has the directive dnssec-validation auto; but I don't think that is related to your problem.

You might want to make sure BIND is listening on all required IP addresses:

netstat -upln | grep 53

To do more tests, I'd need to know the actual domain/hostnames and IP addresses involved.

#3 Fri, 11/23/2012 - 07:13

duman

Thanks for getting back to me,

Is the dns-sec validation setting only for recursive nameservers? As mine isnt open to the public, only used to server the domains i host, do you recommend i still add that setting?

I am still having issues with one of the name servers not responding though. But I am beginning to think it might be mxtoolbox that is the problem.

When i check http://mxtoolbox.com on my domain adhan.org ns1 responds but ns2 does not (response time 4+seconds)
When i check http://www.intodns.com/adhan.org on my domain adhan.org it shows both as responding?

So still not sure what is going on.

#4 Fri, 11/23/2012 - 08:28

andreychek

Yeah your nameservers seem to be resolving your domains properly when I run a DNS test from my own system.

Outside of what mxtoolbox says, is it working okay for you?

-Eric

Topic locked