SUMMARY: named 9.2.1 external resolution problem on 2nd slave (Solaris

From: Gene Matthews <gene_at_xogent.com>
Date: Fri Mar 11 2005 - 11:13:44 EST
Yes.  I did fail to mention (oops!) that these are in a DMZ and behind a
firewall.  I was told that all the firewall rules applied to the other
two had been done.  Of course, as a couple of you are already thinking,
this turned out not to be the case.  Once they added this server to the
same group on the firewall the other two are in, life became good.

Thanks for your quick responses.

Of course, now I'm having sendmail issues.  I didn't set this up; it is
using amavis also which I don't know anything about yet.  I'll dive into
it and see what I can figure out before posting regarding that.

Thanks again!

Sincerely,

Gene

-----Original Message-----
From: Tom Crummey [mailto:tom@ee.ucl.ac.uk]
Sent: Wednesday, March 09, 2005 5:43 PM
To: Gene Matthews
Subject: Re: named 9.2.1 external resolution problem on 2nd slave
(Solaris

Hello Gene,

Can the second system see the outside world. It's not behind a firewall
or anything is it?

Tom.

------------------------------------------------------------------------
----
 Tom Crummey, Systems and Network Manager,      EMAIL: tom@ee.ucl.ac.uk
 Department of Electronic and Electrical Engineering,
 University College London,                       TEL: +44 (0)20 7679
3898
 Torrington Place,                                FAX: +44 (0)20 7388
9325
 London, UK, WC1E 7JE.
------------------------------------------------------------------------
----

On Wed, 9 Mar 2005, Gene Matthews wrote:

> Hi all,
>
> I have added a third dns server to the mix.  All are Solaris 9 running

> bind 9.2.1.  The master and existing slave are working great. They
> resolve internally as well as external domain names just fine.
>
> The 2nd slave was pretty much cloned from the existing slave as far as

> OS and bind.  I can't see any differences in named.conf or zone.conf
> files, file permissions, etc.   Their may be something different, but
if
> so, I haven't found it yet.
>
> named starts ok with no errors on the 2nd (new) slave but it will not
> resolve anything external.  The hints zone is defined on this one just

> as it is on the first slave, but name resolution times out.
>
> Some (hopefully) pertinent file sections are below:
>
> ===========
> 1st slave (working ok):
> named.conf:
> ===========
> controls {
>        inet 127.0.0.1 port 953
>        allow { 127.0.0.1; } keys { "rndc-key"; }; };
>
> options {
>         directory "/";          #working directory
>         pid-file "etc/named.pid";               #pid file in working
dir
>         query-source address * port 53;
>         statistics-file "stats/named.stats";
>         recursion no;
>         allow-transfer { none; };
> };
>
> view "thishost" {
>         match-clients { 127.0.0.1; };
>         recursion yes;
>         include "etc/zones.conf";
> };
>
> view "otherhosts" {
>         match-clients { any; };
>         include "etc/zones.conf";
> };
>
> ===========
> 1st slave (working ok):
> zonesconf:
> ===========
>
> zone "." {
>         type hint;
>         file "zones/named.root";
>         # not allowed here # allow-transfer { can-axfr; }; };
>
> zone "0.0.127.IN-ADDR.ARPA" {
>         type master;
>         file "zones/named.local";
>         notify  no;
>         allow-transfer { can-axfr; };
> };
>
>
>
> Above is all from a working slave.  Some sections were left out.
> Below is from the slave that won't resolv external names.  Otherwise
> it appears to be working fine.  Zone transfers are occuring.  The
> named.root (hints) files are identical.  In fact, the 2nd slave's
> /var/named directory was copied from the 1st slave servers.
>
> ===========
> 2nd  slave (not working ok):
> named.conf:
> ===========
> controls {
>        inet 127.0.0.1 port 953
>                allow { 127.0.0.1; } keys { "rndc-key"; }; };
>
> options {
>         directory "/";          #working directory
>         pid-file "etc/named.pid";               #pid file in working
dir
>         query-source address * port 53;
>         statistics-file "stats/named.stats";
>         recursion no;
>         allow-transfer { none; };
> };
>
> view "thishost" {
>         match-clients { 127.0.0.1; };
>         recursion yes;
>         include "etc/zones.conf";
> };
>
> view "otherhosts" {
>         match-clients { any; };
>         include "etc/zones.conf";
> };
>
>
> ===========
> 2nd slave (not working ok):
> zonesconf:
> ===========
>
> zone "." {
>         type hint;
>         file "zones/named.root";
>         # not allowed here # allow-transfer { can-axfr; }; };
>
> zone "0.0.127.IN-ADDR.ARPA" {
>         type master;
>         file "zones/named.local";
>         notify  no;
>         allow-transfer { can-axfr; };
> };
>
>
> I'm certainly not a bind expert, and I'm open for suggestions on what
> to look at next.
>
> Thanks,
>
> Gene
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Mar 11 11:14:45 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST