----- Original Message ----- From: "Nate Peck" <[EMAIL PROTECTED]>
To: <freebsd-questions@freebsd.org>
Sent: Sunday, January 14, 2007 6:39 PM
Subject: BIND9 Syntax?

Dear All,

I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure
where the problem is. When I try to use nslookup, it spits out:

Default server:

** server can't find blue.home.lan: SERVFAIL

I have my server(blue.home.lan), set up on a LAN.

These are my config files:

$TTL 3h
home.lan. IN SOA blue.home.lan. (
                         1        ; Serial
                         3h       ; Refresh after 3 hours
                         1h       ; Retry after 1 hour
                         1w       ; Expire after 1 week
                         1h )     ; Negative caching TTL of 1 hour

And you can define the SOA to be home.lan.
Missing the email address of responsible administrator - should be like:

home.lan. IN SOA home.lan.  email.blue.home.lan

Notice that first dot only in email-address is substituted by @

Usually a good idea is naming the serial like 2007011401 - year, month, day and serial is easier that way in the long run :)

options {

If this was public I would consider adding either a recursion no; or allow-recursion {}; clauses in options in order to avoid some attack techniques utilizing nameservers.

zone "." IN {
       type hint;
       file "named.ca";

You have moved the named.root into named.ca?

No need for IN in these either.

zone "localhost" IN {
       type master;
       file "pri/localhost.zone";
       allow-update { none; };
       notify no;

Again if public, I would add allow-transfer rules to allow the full dump of domains in questions only at appropriate peering servers. Maybe allow-query { any; }; for every domain as well.

I might have missed some bugs at cursory glance, but these should help to get you started.


(By the way Greg Leheys nowadays publicly available book about FreeBSD has pretty good walkthrough about basic nameserver configuration)
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to