DNS check sites complain *LOUDLY* that the bind server is "open", so we need to put limits on recursion by including the appropriate options. Reintroducing the options {...<recursion ip here} syntax below the "manual additions here" line provided by ISPConfig is no good, as it "redefines options" and bind throws an error. Any edits above the line get overwritten. Where is the php configure library for named.conf text? And to sneak one in, what do we do if our zone record serial numbers are out of wack between main ns and slave ns?
classic - just came here to ask the same thing. It's been bugging me for days! Is there a template for named.conf which is used by ISP config for when it overwrites named.conf? If so, where is it located? I could manually modify this template to include the necessary allow-recursion entries
more on "open" dns servers Seems like the file reqired is /root/ispconfig/isp/conf/named.conf.master. The mods are: put this above the options section acl internal { n.n.n.n/n; }; put this at the bottom of the options section, before the last curly bracket: options { allow-recursion { internal; }; then, go to /etc/named.conf and make the same changes. This way they won't get overwritten. Nothing seemed to break. At least it worked fr me. Oh yeah, make local file backups first. Which leaves "how do we get zone records serial numbers to sync?" And one more, "how come one of my zones keeps making a slave with one ns server, when there are cleary two in the ISPConfig interface?"
out of sync serials and a missing dns server how do we get zone records to sync out of sync serial numbers? also, we run our own servers, but one zone continually provides a slave with only one server listed Have modified the sql record but it still does it.
what's in tail /var/log/messages regarding your DNS setup when you do a restart of named? Anything look out of whack there? The notifies should be sent/received by the pri/sec. and yeah, thanks for the named.conf template location, all good!
out of synch admin brain Doh! Don't be logged in as root when you want to force a dns tranfer to slave files.... blush
