Pzz
Verified User
I changed some DNS (MX) setting, and was waiting for it to actualy change. Well it didn't.
intoDNS.com reported:
I took a look at the named.run and this log reported: (among others):
Now I'm viewing my named.conf. I read some articles already and I say that my nameservers IP should be allowed here. But there are no IP's. Allow query isn't even enabled! how can any secundairy nameserver ever read my data? All my zones are listed, so thie must be the actual one being used.
Which brings me to the conclusion, for someone who doesn't change his DNS often, that maybe the NAMED.CONF I used to have got overwritten (months) ago by a new one with an update?
And when I run the conf-check the conf doesn't seems to up up-to-date at all:
Well, it doesn't make sense to me. Here's my named.conf,, and probably pretty default:
intoDNS.com reported:
Code:
Looks like your nameservers do not agree on the SOA serial. Ths SOA records as reported by your nameservers:
195.8.195.195 -> 2016101903
37.97.199.195 -> 2016101903
149.210.146.112 -> 2020032101
I took a look at the named.run and this log reported: (among others):
Code:
client @0x7fd73af03250 87.253.155.101#37009 (<mydomain.tld>): zone transfer '<mydomain.tld/AXFR/IN' denied
Now I'm viewing my named.conf. I read some articles already and I say that my nameservers IP should be allowed here. But there are no IP's. Allow query isn't even enabled! how can any secundairy nameserver ever read my data? All my zones are listed, so thie must be the actual one being used.
Which brings me to the conclusion, for someone who doesn't change his DNS often, that maybe the NAMED.CONF I used to have got overwritten (months) ago by a new one with an update?
And when I run the conf-check the conf doesn't seems to up up-to-date at all:
Code:
$ named-checkconf /etc/named.conf
/etc/named.conf:34: dnssec-lookaside 'auto' is no longer supported
Well, it doesn't make sense to me. Here's my named.conf,, and probably pretty default:
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
allow-transfer { none; };
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
//recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "mydomain.tld" { type master; file "/var/named/mydomain.tld.db"; };
zone ...
zone ...
...