modify named.conf for no recursion options?

Discussion in 'Installation/Configuration' started by tjd, Jul 21, 2006.

  1. tjd

    tjd New Member

    DNS check sites complain *LOUDLY* that the bind server is "open", so we need to put limits on recursion by including the appropriate options. Reintroducing the options {...<recursion ip here} syntax below the "manual additions here" line provided by ISPConfig is no good, as it "redefines options" and bind throws an error. Any edits above the line get overwritten. Where is the php configure library for named.conf text?

    And to sneak one in, what do we do if our zone record serial numbers are out of wack between main ns and slave ns?
     
  2. anoshi

    anoshi New Member

    classic - just came here to ask the same thing.

    It's been bugging me for days!

    Is there a template for named.conf which is used by ISP config for when it overwrites named.conf? If so, where is it located? I could manually modify this template to include the necessary allow-recursion entries
     
  3. tjd

    tjd New Member

    more on "open" dns servers

    Seems like the file reqired is /root/ispconfig/isp/conf/named.conf.master.

    The mods are:
    put this above the options section
    acl internal {
    n.n.n.n/n;
    };

    put this at the bottom of the options section, before the last curly bracket:

    options {
    allow-recursion {
    internal;
    };

    then, go to /etc/named.conf and make the same changes. This way they won't get overwritten.

    Nothing seemed to break. At least it worked fr me. Oh yeah, make local file backups first.

    Which leaves "how do we get zone records serial numbers to sync?"

    And one more, "how come one of my zones keeps making a slave with one ns server, when there are cleary two in the ISPConfig interface?"
     
    Last edited: Jul 21, 2006
  4. tjd

    tjd New Member

    out of sync serials and a missing dns server

    how do we get zone records to sync out of sync serial numbers?

    also, we run our own servers, but one zone continually provides a slave with only one server listed

    Have modified the sql record but it still does it.
     
  5. anoshi

    anoshi New Member

    what's in tail /var/log/messages regarding your DNS setup when you do a restart of named? Anything look out of whack there? The notifies should be sent/received by the pri/sec.

    and yeah, thanks for the named.conf template location, all good!
     
    Last edited: Jul 21, 2006
  6. tjd

    tjd New Member

    out of synch admin brain

    Doh! Don't be logged in as root when you want to force a dns tranfer to slave files....

    blush
     

Share This Page