On Fri, Feb 27, 2009 at 11:39:40AM +0800, bradonkuo wrote: > Dear all bind users,
Hi Brandon, > I am new to manage 3 BIND 9 servers, lately, I got some complains about users > cannot connect to > some websites while they use our BIND 9 servers, this issue will be solved if > they use other > ISP's BIND 8 servers, one example is as below. Can we modify any > configurations of BIND 9 server to > solve this issue so that users don't need to change anything? I can only take wild guesses here as i don't know about the configuration of your BIND9 servers but let me assure you that you won't need to downgrade to BIND8 in order to provide recursive DNS to your users, BIND9 is totally capable of that but there has been a change in the default configuration meaning that it no longer does allow recursive queries by default. You would have to enable that in your configuration via the following statements: options { recursion yes; allow-query { 0.0.0.0/0; # is most likely what you want here # as per its name your server # looks very much like its also an authoritative # nameserver. }; allow-recursion { 192.168.0.0/16; # or substitute/add this by the network ranges your # institution uses for its clients } }; Please let me stress on some things: - It is best current practice to separate your recursive Nameservice from your authoritative Nameservice, its just more tidy and sane. [1] So what you really _should_ do is urge your users to use a separate recursive [3] DNS Server you provide them with instead of your authoritative. [4] - BIND8 is deprecated and _should_ be rolled out of production wherever possible. [2] [1] http://cr.yp.to/djbdns/separation.html [2] https://www.isc.org/software/bind/security [3] http://en.wikipedia.org/wiki/Domain_name_system#DNS_resolvers [4] http://en.wikipedia.org/wiki/Name_server#Authoritative_name_server Stefan -- printk(CARDNAME": Bad Craziness - sent packet while busy.\n" ); linux-2.6.6/drivers/net/smc9194.c _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users