Dig, open servers and A records

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Dig, open servers and A records

STEPHEN EYRE
Dear All

The good news is that I have my server running. The not so good news is
that there are a few problems which could be interconnected.

My server is called server1.sportshost.co.uk and its ip address is
84.92.56.54.

Going on to whatsmydns.net I find that sportshost.co.uk returns suitable
entries under the NS and SOA section. There are nothing but red crosses
under A records section - I was expecting my ip address.

Then when I dig a domain name like google.co.uk I get suitable replies
but when I dig an ip address like 8.8.8.8 the request gets the reply
REFUSED.

Further enquiries show that I dont have an open recursive site when the
errors above still apply.

When I change my /etc/bind/named.conf.local file from 'recursion no;' to
'recursion yes;' I get an inverse of the above. I get full replies from
all my dig enquiries but I get an open recursive warning - which I
obviously dont want.

whatsmydns.net replies remain the same.

So todays question is - what do I need to do to keep my server closed,
get proper dig replies and get my A records showing up on whatsmydns.net?

Or is everything working well and its not necessary to have dig
providing proper replies?

Thanks

Stephen Eyre
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Dig, open servers and A records

Steven Carr
On 5 April 2015 at 09:32, Stephen Eyre <[hidden email]> wrote:
> My server is called server1.sportshost.co.uk and its ip address is
> 84.92.56.54.
>
> Going on to whatsmydns.net I find that sportshost.co.uk returns suitable
> entries under the NS and SOA section. There are nothing but red crosses
> under A records section - I was expecting my ip address.

Try again, you haven't given things enough time to propagate around
the internet, 24-72 hours is still the usual wait time.

> So todays question is - what do I need to do to keep my server closed, get
> proper dig replies and get my A records showing up on whatsmydns.net?

What is the purpose of the server? are you going to be hosting zones
that need to be accessible from other clients on the Internet
(authoritative) or is it just a DNS server that you can utilize to
handle your queries (recursive)? or are you doing both?

If you need recursion then you'll need an ACL to say which clients are
allowed to perform recursion to prevent it from being an open
recursor.

Steve
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users