Menu
▾
▴
Re: [webmin-l] named\bind forwarders wont be recognised by webmin.
|
From: Eliezer C. <el...@ng...> - 2012-04-01 04:31:41
|
Thanks On 31/03/2012 22:12, Jamie Cameron wrote: > Ok, I see the issue now .. Webmin isn't properly parsing the comments > in the line : > > /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ > > which completely breaks it's parsing of the file. If you remove that > line, the problem will go away. > > The next Webmin release will include a proper fix for this. > > - Jamie > > On 30/Mar/2012 14:20 Eliezer Croitoru<el...@ng...> wrote .. >> On 30/03/2012 09:19, Jamie Cameron wrote: >>> Odd, Webmin should show those IPs.. >>> >>> If you use Webmin to add another forwarder address, where doe it get >>> put in your config file? >> in the allow-query part as shown: >> >> options { >> directory "/var/bind"; >> pid-file "/var/run/named/named.pid"; >> >> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >> //bindkeys-file "/etc/bind/bind.keys"; >> >> listen-on-v6 { any; }; >> listen-on { any; }; >> >> allow-query { >> /* >> * Accept queries from our "trusted" ACL. We will >> * allow anyone to query our master zones below. >> * This prevents us from becoming a free DNS server >> * to the masses. >> */ >> trusted; >> forwarders { >> 8.8.8.8; >> }; >> }; >> >> forwarders { >> 195.60.233.136; >> 147.235.250.2; >> }; >> >> >> allow-query-cache { >> /* Use the cache for the "trusted" ACL. */ >> trusted; >> }; >> >> allow-recursion { >> /* Only trusted addresses are allowed to use recursion. */ >> trusted; >> }; >> >> allow-transfer { >> /* Zone tranfers are denied by default. */ >> none; >> }; >> >> allow-update { >> /* Don't allow updates, e.g. via nsupdate. */ >> none; >> }; >> >> /* >> * If you've got a DNS server around at your upstream provider, enter its >> * IP address here, and enable the line below. This will make you benefit >> * from its cache, thus reduce overall DNS traffic in the Internet. >> * >> * Uncomment the following lines to turn on DNS forwarding, and change >> * and/or update the forwarding ip address(es): >> */ >> /* >> forward first; >> forwarders { >> // 123.123.123.123; // Your ISP NS >> // 124.124.124.124; // Your ISP NS >> // 4.2.2.1; // Level3 Public DNS >> // 4.2.2.2; // Level3 Public DNS >> 8.8.8.8; // Google Open DNS >> 8.8.4.4; // Google Open DNS >> }; >> >> */ >> >> //dnssec-enable yes; >> //dnssec-validation yes; >> >> /* >> * As of bind 9.8.0: >> * "If the root key provided has expired, >> * named will log the expiration and validation will not work." >> */ >> //dnssec-validation auto; >> >> /* if you have problems and are behind a firewall: */ >> //query-source address * port 53; >> }; >>> >>> On 29/Mar/2012 09:17 Eliezer Croitoru<el...@ng...> wrote .. >>>> On 29/03/2012 06:25, Jamie Cameron wrote: >>>>> That config should be handles by Webmin .. what do you mean when >>>>> you say the forwarders aren't recognized exactly? >>>>> >>>> as you can see in the named.conf file.. these lines are exists >>>> forwarders { >>>> 195.60.233.136; >>>> 147.235.250.2; >>>> }; >>>> >>>> but in the webmin bind "forwarders and transfers" page the list of >>>> forwarders is empty. >>>> >>>> Thanks. >>>> Eliezer >>>> >>>>> On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. >>>>>> hey list, >>>>>> >>>>>> i was having issues with webmin 1.580 on gentoo linux. >>>>>> the problems are that webmin wont recognize in named.conf the >>>>>> "forwarders" part. >>>>>> >>>>>> also on the new bind, acls are added with quotes and webmin wont use >>>>>> them at all. >>>>>> is there any way to just show the "listen-on" part but to not change it? >>>>>> cause it will benefit all. >>>>>> >>>>>> Thanks, >>>>>> Eliezer >>>>>> >>>>>> this is my named.conf that webmin wont recognize the forwarders servers. >>>>>> >>>>>> #start of named.conf >>>>>> >>>>>> acl "xfer" { >>>>>> none; >>>>>> }; >>>>>> >>>>>> >>>>>> acl "trusted" { >>>>>> 127.0.0.0/8; >>>>>> ::1/128; >>>>>> 192.168.10.0/24; >>>>>> }; >>>>>> >>>>>> options { >>>>>> directory "/var/bind"; >>>>>> pid-file "/var/run/named/named.pid"; >>>>>> >>>>>> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >>>>>> //bindkeys-file "/etc/bind/bind.keys"; >>>>>> >>>>>> listen-on-v6 { any; }; >>>>>> listen-on { any; }; >>>>>> >>>>>> allow-query { >>>>>> /* >>>>>> * Accept queries from our "trusted" ACL. We will >>>>>> * allow anyone to query our master zones below. >>>>>> * This prevents us from becoming a free DNS server >>>>>> * to the masses. >>>>>> */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> forwarders { >>>>>> 195.60.233.136; >>>>>> 147.235.250.2; >>>>>> }; >>>>>> >>>>>> >>>>>> allow-query-cache { >>>>>> /* Use the cache for the "trusted" ACL. */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> allow-recursion { >>>>>> /* Only trusted addresses are allowed to use recursion. >> */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> allow-transfer { >>>>>> /* Zone tranfers are denied by default. */ >>>>>> none; >>>>>> }; >>>>>> >>>>>> allow-update { >>>>>> /* Don't allow updates, e.g. via nsupdate. */ >>>>>> none; >>>>>> }; >>>>>> >>>>>> >>>>>> //dnssec-enable yes; >>>>>> //dnssec-validation yes; >>>>>> >>>>>> /* >>>>>> * As of bind 9.8.0: >>>>>> * "If the root key provided has expired, >>>>>> * named will log the expiration and validation will not work." >>>>>> */ >>>>>> //dnssec-validation auto; >>>>>> >>>>>> /* if you have problems and are behind a firewall: */ >>>>>> //query-source address * port 53; >>>>>> }; >>>>>> >>>>>> /* >>>>>> logging { >>>>>> channel default_log { >>>>>> file "/var/log/named/named.log" versions 5 size 50M; >>>>>> print-time yes; >>>>>> print-severity yes; >>>>>> print-category yes; >>>>>> }; >>>>>> >>>>>> category default { default_log; }; >>>>>> category general { default_log; }; >>>>>> }; >>>>>> */ >>>>>> >>>>>> include "/etc/bind/rndc.key"; >>>>>> controls { >>>>>> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { >>>>>> "rndc-key"; }; >>>>>> }; >>>>>> >>>>>> zone "." in { >>>>>> type hint; >>>>>> file "/var/bind/root.cache"; >>>>>> }; >>>>>> >>>>>> zone "localhost" IN { >>>>>> type master; >>>>>> file "pri/localhost.zone"; >>>>>> notify no; >>>>>> }; >>>>>> >>>>>> zone "127.in-addr.arpa" IN { >>>>>> type master; >>>>>> file "pri/127.zone"; >>>>>> notify no; >>>>>> }; >>>>>> >>>>>> zone "10.168.192.in-addr.arpa" { >>>>>> type master; >>>>>> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; >>>>>> }; >>>>>> >>>>>> zone "lan" { >>>>>> type master; >>>>>> file "/var/bind/lan.hosts"; >>>>>> }; >>>>>> >>>>>> #end of named.conf >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Eliezer Croitoru >>>>>> https://www1.ngtech.co.il >>>>>> IT consulting for Nonprofit organizations >>>>>> eliezer<at> ngtech.co.il >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> This SF email is sponsosred by: >>>>>> Try Windows Azure free for 90 days Click Here >>>>>> http://p.sf.net/sfu/sfd2d-msazure >>>>>> - >>>>>> Forwarded by the Webmin mailing list at web...@li... >>>>>> To remove yourself from this list, go to >>>>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This SF email is sponsosred by: >>>>> Try Windows Azure free for 90 days Click Here >>>>> http://p.sf.net/sfu/sfd2d-msazure >>>>> - >>>>> Forwarded by the Webmin mailing list at web...@li... >>>>> To remove yourself from this list, go to >>>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>>> >>>> >>>> -- >>>> Eliezer Croitoru >>>> https://www1.ngtech.co.il >>>> IT consulting for Nonprofit organizations >>>> eliezer<at> ngtech.co.il >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF email is sponsosred by: >>>> Try Windows Azure free for 90 days Click Here >>>> http://p.sf.net/sfu/sfd2d-msazure >>>> - >>>> Forwarded by the Webmin mailing list at web...@li... >>>> To remove yourself from this list, go to >>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>> >>> ------------------------------------------------------------------------------ >>> This SF email is sponsosred by: >>> Try Windows Azure free for 90 days Click Here >>> http://p.sf.net/sfu/sfd2d-msazure >>> - >>> Forwarded by the Webmin mailing list at web...@li... >>> To remove yourself from this list, go to >>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >> >> >> -- >> Eliezer Croitoru >> https://www1.ngtech.co.il >> IT consulting for Nonprofit organizations >> eliezer<at> ngtech.co.il >> >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> - >> Forwarded by the Webmin mailing list at web...@li... >> To remove yourself from this list, go to >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il |