Bill,
Thanks very much for your fast response. I did not (knowingly) touch the
iptables (and never have). The named.conf is shown below (with sanitized
zone information). You will see that this is our secondary name server. I
had been pruning (what I thought was) unnecessary/obsolete entries. However
restoring the original named.conf didn't correct the restricted access.
Thanks,
Angus.
options {
directory "/var/cache/bind";
allow-transfer { none; }; // We are the slave, no trfrs
allowed
auth-nxdomain no; // conform to RFC1035
notify no;
};
logging {
category update { null; };
};
view "world" {
match-clients { any; }; // This line is implicit, but thats
ok
recursion yes;
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and
for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add REVERSE entries for other zones here
zone "nnn.nnn.nnn.nnn.in-addr.arpa" {
type slave;
masters { mmm.mmm.mmm.mmm; }; // this is where we pull
the zone from
file "reverse/nnn.nnn.nnn.nnn.rev";
};
zone "mydomain.com" { // name of the zone
type slave; // we are a slave, yes
masters { mmm.mmm.mmm.mmm; }; // this is where we pull
the zone from
file "forward/mydoman.com"; // this is where we write
the zone to
};
<zone files snipped>
// add FORWARD entries for other zones here
<zone files snipped>
};
"Bill Marcum" <(E-Mail Removed)> wrote in message
news:0rmgi4-(E-Mail Removed)...
> On Thu, 24 May 2007 08:33:10 -0400, Angus Macleod
> <(E-Mail Removed)> wrote:
> >
> >
> > I took a working name server running bind 9 and fiddled around with the
> > named.conf file. Then, because I wanted to be able to do further work
> > remotely, I created a link /etc/rc2.d/S20ssh pointing to ../init.d/ssh)
so
> > it would run sshd when it boots. I copied the sshd_config file from the
> > other name server we have (which already had sshd running).
> >
> > Now, although I can ping the name server from anywhere, I can only get
DNS
> > lookups or ssh sessions from a machine on the same subnet. Access from
> > elsewhere just times out.
> >
> > netstat shows that the machine is listening on TCP port 53 on the eth0,
> > hosts.allow and hosts.deny have no entries other than comments. I am not
> > sure if my named.conf changes have caused the problem or if it is
because
> > sshd is running.
> >
> sshd shouldn't have any effect on the dns server. What did you do to
> named.conf? Did you change any iptables settings?
>
>
> > I am hoping that I have made some blindingly obvious novice mistake, so
I
> > won't burden you in this post with config files, logs etc.
> >
> > Can anyone throw some light on why I have restricted access to the
server?
> >
> > Thanks,
> >
> > Angus.
> >
> >
>
>
> --
> The game of life is a game of boomerangs. Our thoughts, deeds and words
> return to us sooner or later with astounding accuracy.
|
Similar Threads
Linear Mode
