Home / server / Questions / 165985
Accepted
Recursion
Asked: 2010-08-01 22:34:00 +0800 CST

Tips on running own Bind9 resolver?

  • 772

I am trying to set up my own DNS server, both for learning as well as for privacy. I installed Bind9 and tried to follow a few online tutorials, as well as the Linux Administration Handbook, but it still seems not to work. I set named.conf to listen on the localhost, and set it to be recursive. I then set resolv.conf to have only one nameserver which is 127.0.0.1.

I then tried to use it from my desktop and tried dig nyc.gov, as a site I had never been to before, I got the following resonse

 > dig nyc.gov

; <<>> DiG 9.7.0-P1 <<>> nyc.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 54429
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;nyc.gov.           IN  A

;; Query time: 14 msec
;; SERVER: 97.107.138.191#53(97.107.138.191)
;; WHEN: Sun Aug  1 02:07:09 2010
;; MSG SIZE  rcvd: 25

It seems it needs to be recursive, though I set Bind to be, and yes I did restart the daemon.

Any tips would be appreciated, or any further tutorials on the matter. I mainly want an alternative DNS server for my colleagues and I. Thank you.

bind

3 Answers

  1. Do you have servers to forward requests to?

    Somewhere in your config, you should have these lines like these, which allows your server to pass on requests it doesn't know to servers that might know the answers:

    options {

   // ... various config options ...

   forwarders {
       8.8.8.8;
       8.8.4.4;
   };

   recursion yes;

   // ... various config options ...

}

    Replace 8.8.8.8 and 8.8.4.4 with your ISP's local DNS servers (I used Google's as an example).

    I also typically limit which hosts can use recursion, which you can accomplish with allow-recursion. If you just want to allow all hosts, you can use allow-recursion { "any"; };

    • 3
  2. Best Answer

    If your bind is listening only to localhost you will not be able to use it from another machine. Here is a good writeup on learning DNS/BIND: Quick HOWTO : Ch18 : Configuring DNS

    • 2

  3. You need to enable recursion for clients:

    allow-recursion { address_match_list };

    allow-recursion defines a match list defining IP address(es) which are allowed to issue recursive queries to the server. If the answer to the query already exists in the cache it will be returned irrespective of this statement. If not specified all hosts are allowed to make recursive queries. This statement may be used in a view or a global options clause.

    If you would like to check what is going on with one query the best way to do that is:

    dig +trace google.com

...

google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.
;; Received 164 bytes from 192.42.93.30#53(g.gtld-servers.net) in 181 ms

google.com.             300     IN      A       74.125.87.147
google.com.             300     IN      A       74.125.87.105
google.com.             300     IN      A       74.125.87.106
google.com.             300     IN      A       74.125.87.103
google.com.             300     IN      A       74.125.87.104
google.com.             300     IN      A       74.125.87.99
;; Received 124 bytes from 216.239.38.10#53(ns4.google.com) in 106 ms

    Hope that helps.

    • 2