Имеется FreeBSD 5.4 и Bind9. Висит куча зон как master так и slave. Нифига внутренние зоны не резолвятся. Соответственно и почта не ходит.
Из намед.конфа:
/ $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.3 2005/03/23 17:35:58 dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works. Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.
acl "web" {0.0.0.0/0;};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on port 53 {
127.0.0.1;
};
// listen-on { 127.0.0.1; };
// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
allow-query {"web";};
allow-transfer {"any";};
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
query-source address * port 53;
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
};
zone "." {
type hint;
file "named.root";
};
zone "tir-pir.lv" {
type master;
file "tir-pir.lv.zone";
};
zone "gavgav.lv" {
type slave;
file "gavgav.lv.bak";
masters {
xx.xx.xx.xx;
};
};
one "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
type master;
file "master/localhost-v6.rev";
};
// RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
type master;
file "master/localhost-v6.rev";
};
key rndc-key {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { rndc-key; };
};
Dig показывает всё как надо
dig @localhost gavgav.lv
; <<>> DiG 9.3.1 <<>> @localhost gavgav.lv
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41950
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;celt.lv. IN A
;; AUTHORITY SECTION:
gavgav.lv. 86400 IN SOA web.gavgav.lv. root.ns.gavgav.lv. 20051022 7200 3600 604800 86400
;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 6 11:20:06 2005
;; MSG SIZE rcvd: 73
NSLOOKUP говорит:
web:11:22:53:/etc/namedb# nslookup
> server localhost
Default server: localhost
Address: 127.0.0.1#53
> ешкзшк.lv
;; connection timed out; no servers could be reached
>
А в логах :
Sep 6 10:56:59 web named[8551]: transfer of 'bebebe.lv/IN' from xx.xx.xx.xx#53: failed to connect: connection refused
Sep 6 10:58:19 web named[8551]: transfer of 'fjfjfj.lv/IN' from xx.xx.xx.xx#53: failed to connect: connection refused
Sep 6 10:59:29 web named[8551]: transfer of 'gkgkgkgk.lv/IN' from xx.xx.xx.xx#53: failed to connect: connection refused
И так всё время.
Не могу понять где грабли.
То ли руки кривые то ли что???
Народ, помогите, а то расстреляют как вражину!!!