Please update the BIND installation instructions for MULTI-SERVER configs in the Manual and documentation section of the website. If you are going through the trouble of creating separate DNS servers, you have to assume that your other servers will use them for DNS servers, and not 8.8.8.8 / 8.8.4.4 or the local ISPs DNS. In order for them to do that, you will need to place similar code in your /etc/bind/named.conf.options: Code: acl "trusted" { 0.0.0.0/0; 0.0.0.0/0; 127.0.0.1; localhost; localnets; }; options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; additional-from-auth no; additional-from-cache no; allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; }; Replace the 0.0.0.0/0; that exist with your networks IP range in CIDR format.
Hi, I have a similar problem. Normally the trusted acl's should go into /etc/bind/named.conf.local if I am not mistaken - but that file is handled/overwritten by ISPConfig we put those into /etc/bind/named.conf.options as well BUT I don't know if this file is permanent . (I had trouble with dovecot.conf and main.cf during an ISPConfig update as well ... )
