thnaks stevan..
really apprecite your quick reply..
u advise was a grt help for me
i was makin a silly mistake
jus for your information i paste a part of named.conf file where i was makin the mistake
acl allow-list {10.0.0.0/8;
172.16.0.0/16;
62.150.152.0/24;
195.226.224.72;
195.226.224.74;
127.0.0.1;
};
options {
directory "/var/newnamed";
//allow-query { allow-list; };
allow-notify { 62.150.152.2 ; };
allow-recursion { allow-list; };
recursion no;
i had recursion no --statement after my acl allow list ..
i jus removed it and it worked perfect...
btw i jus wanna know is my server open to dos attacks since i already have my acl list ..
so definately my server is safe ... am i right
once again really appreciate for ur professional help
regards
simon
cheers
:)
Stephen Carville <stephen@xxxxxxxxxxxxxx> wrote:
sylvan dacounha wrote:
> Dear All,
>
> I have a REDHAT box running bind and been working fine for last few
> months.
> this server was hosting my other other local domains also which were all
> workin fine
>
> i installed a new redhat machine with bind to be a secondary or slave
> named server a week ago as per the documentation .
> so if my primary server goes down all my clients and the inrternet
> users can still access my my web sites.
>
> Now when i restart my primary i c the zones gettin transferred to my
> secondary DNS which i newly setup and when i do a nslookup goin into the
> server for internet sites ex: www.yahoo.com it does not resolve them
>
> but the sites hosted in my netwrok im able to resolve them fine
>
> here the details
>
> my master name server .. ns1.kmun.gov.kw ---- IP
> 62.150.152.1
> slave server which new installed .. ns2.kmun.gov.kw ------- IP
> 62.150.152.2
Looks like 62.150.152.2 is set with recursion off. That means it will
only answer for zones it is authoritative for. If you want it to be a
server for others to query, set recursion to yes. You are using Bind 9
(v9.3.4) so you can set an access list for allow-recursion.
Something like:
acl allowed-nets { x.x.x.0/24; y.y.200.0/21; };
options {
recursion yes;
allow-recursion { allowed-nets; };
};
The allow-recursion is optional but without it, sooner or later, some
dickhead script kiddie will try a DOS on you.
> if i go to server ns1.kmun.gov.kw or the ip i can resolve both the
> internet sites as well as my local domain ...
>
> appreciate ur help
>
> thnks and Regards
>
>
>
> simon
>
>
>
>
>
>
>
> ---------------------------------
> Pinpoint customers who are looking for what you sell.
--
Stephen Carville
Systems Engineer
Land America
1.626.667.1450 X326
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
---------------------------------
Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when.
---------------------------------
Give spam the boot. Take control with tough spam protection
in the all-new Yahoo! Mail Beta.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
