Bind named query

admin_xor · May 1, 2012, 3:59pm

Hello!

I have a DNS server running named on a RHEL 6.2 for very small development servers/clients network. I see the below logs on /var/named/data/named.run

error (network unreachable) resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 193.0.14.129#53
error (network unreachable) resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 198.41.0.4#53
error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 192.58.128.30#53
error (network unreachable) resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
error (network unreachable) resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
error (network unreachable) resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53

I have never configured any forwarding on the DNS server. Then why is it trying to look up on external DNS servers -- this is what I am trying to understand.

Here's how my named.conf looks like:

options {
        listen-on port 53 { 127.0.0.1; 10.0.1.102; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; any; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
zone "vmnet.com" IN {
        type master;
        file "vmnet.com.zone";
};
zone "1.0.10.in-addr.arpa" IN {
        type master;
        file "vmnet.com.rev.zone";
};
include "/etc/named.rfc1912.zones";
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
       algorithm hmac-md5;
       secret "jMR4mMP5RfO1WE5N56Kq6A==";
};
controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
};

This server is isolated from outside world and serves a small group of development machines. Can anyone tell me where I need to look at?

I figured the below entry has something to do with it. Root hint?

zone "." IN {         type hint;         file "named.ca"; };

How do I avoid it?

IKE0000 · May 2, 2012, 1:46am

In the named.conf options zone, set recursion no;

options {
        listen-on port 53 { 127.0.0.1; 10.0.1.102; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; any; };
        recursion no;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

and then restart named

service named restart

admin_xor · May 2, 2012, 2:09pm

Great! Thanks. So I was missing the recursion option.