From: Eliezer C. <el...@ng...> - 2012-03-28 23:10:10
|
hey list, i was having issues with webmin 1.580 on gentoo linux. the problems are that webmin wont recognize in named.conf the "forwarders" part. also on the new bind, acls are added with quotes and webmin wont use them at all. is there any way to just show the "listen-on" part but to not change it? cause it will benefit all. Thanks, Eliezer this is my named.conf that webmin wont recognize the forwarders servers. #start of named.conf acl "xfer" { none; }; acl "trusted" { 127.0.0.0/8; ::1/128; 192.168.10.0/24; }; options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ //bindkeys-file "/etc/bind/bind.keys"; listen-on-v6 { any; }; listen-on { any; }; allow-query { /* * Accept queries from our "trusted" ACL. We will * allow anyone to query our master zones below. * This prevents us from becoming a free DNS server * to the masses. */ trusted; }; forwarders { 195.60.233.136; 147.235.250.2; }; allow-query-cache { /* Use the cache for the "trusted" ACL. */ trusted; }; allow-recursion { /* Only trusted addresses are allowed to use recursion. */ trusted; }; allow-transfer { /* Zone tranfers are denied by default. */ none; }; allow-update { /* Don't allow updates, e.g. via nsupdate. */ none; }; //dnssec-enable yes; //dnssec-validation yes; /* * As of bind 9.8.0: * "If the root key provided has expired, * named will log the expiration and validation will not work." */ //dnssec-validation auto; /* if you have problems and are behind a firewall: */ //query-source address * port 53; }; /* logging { channel default_log { file "/var/log/named/named.log" versions 5 size 50M; print-time yes; print-severity yes; print-category yes; }; category default { default_log; }; category general { default_log; }; }; */ include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; }; zone "." in { type hint; file "/var/bind/root.cache"; }; zone "localhost" IN { type master; file "pri/localhost.zone"; notify no; }; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; notify no; }; zone "10.168.192.in-addr.arpa" { type master; file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; }; zone "lan" { type master; file "/var/bind/lan.hosts"; }; #end of named.conf -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il |
From: Jamie C. <jca...@we...> - 2012-03-29 04:26:02
|
That config should be handles by Webmin .. what do you mean when you say the forwarders aren't recognized exactly? On 28/Mar/2012 15:43 Eliezer Croitoru <el...@ng...> wrote .. > hey list, > > i was having issues with webmin 1.580 on gentoo linux. > the problems are that webmin wont recognize in named.conf the > "forwarders" part. > > also on the new bind, acls are added with quotes and webmin wont use > them at all. > is there any way to just show the "listen-on" part but to not change it? > cause it will benefit all. > > Thanks, > Eliezer > > this is my named.conf that webmin wont recognize the forwarders servers. > > #start of named.conf > > acl "xfer" { > none; > }; > > > acl "trusted" { > 127.0.0.0/8; > ::1/128; > 192.168.10.0/24; > }; > > options { > directory "/var/bind"; > pid-file "/var/run/named/named.pid"; > > /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ > //bindkeys-file "/etc/bind/bind.keys"; > > listen-on-v6 { any; }; > listen-on { any; }; > > allow-query { > /* > * Accept queries from our "trusted" ACL. We will > * allow anyone to query our master zones below. > * This prevents us from becoming a free DNS server > * to the masses. > */ > trusted; > }; > > forwarders { > 195.60.233.136; > 147.235.250.2; > }; > > > allow-query-cache { > /* Use the cache for the "trusted" ACL. */ > trusted; > }; > > allow-recursion { > /* Only trusted addresses are allowed to use recursion. */ > trusted; > }; > > allow-transfer { > /* Zone tranfers are denied by default. */ > none; > }; > > allow-update { > /* Don't allow updates, e.g. via nsupdate. */ > none; > }; > > > //dnssec-enable yes; > //dnssec-validation yes; > > /* > * As of bind 9.8.0: > * "If the root key provided has expired, > * named will log the expiration and validation will not work." > */ > //dnssec-validation auto; > > /* if you have problems and are behind a firewall: */ > //query-source address * port 53; > }; > > /* > logging { > channel default_log { > file "/var/log/named/named.log" versions 5 size 50M; > print-time yes; > print-severity yes; > print-category yes; > }; > > category default { default_log; }; > category general { default_log; }; > }; > */ > > include "/etc/bind/rndc.key"; > controls { > inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { > "rndc-key"; }; > }; > > zone "." in { > type hint; > file "/var/bind/root.cache"; > }; > > zone "localhost" IN { > type master; > file "pri/localhost.zone"; > notify no; > }; > > zone "127.in-addr.arpa" IN { > type master; > file "pri/127.zone"; > notify no; > }; > > zone "10.168.192.in-addr.arpa" { > type master; > file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; > }; > > zone "lan" { > type master; > file "/var/bind/lan.hosts"; > }; > > #end of named.conf > > > > > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Eliezer C. <el...@ng...> - 2012-03-29 16:44:23
|
On 29/03/2012 06:25, Jamie Cameron wrote: > That config should be handles by Webmin .. what do you mean when > you say the forwarders aren't recognized exactly? > as you can see in the named.conf file.. these lines are exists forwarders { 195.60.233.136; 147.235.250.2; }; but in the webmin bind "forwarders and transfers" page the list of forwarders is empty. Thanks. Eliezer > On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. >> hey list, >> >> i was having issues with webmin 1.580 on gentoo linux. >> the problems are that webmin wont recognize in named.conf the >> "forwarders" part. >> >> also on the new bind, acls are added with quotes and webmin wont use >> them at all. >> is there any way to just show the "listen-on" part but to not change it? >> cause it will benefit all. >> >> Thanks, >> Eliezer >> >> this is my named.conf that webmin wont recognize the forwarders servers. >> >> #start of named.conf >> >> acl "xfer" { >> none; >> }; >> >> >> acl "trusted" { >> 127.0.0.0/8; >> ::1/128; >> 192.168.10.0/24; >> }; >> >> options { >> directory "/var/bind"; >> pid-file "/var/run/named/named.pid"; >> >> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >> //bindkeys-file "/etc/bind/bind.keys"; >> >> listen-on-v6 { any; }; >> listen-on { any; }; >> >> allow-query { >> /* >> * Accept queries from our "trusted" ACL. We will >> * allow anyone to query our master zones below. >> * This prevents us from becoming a free DNS server >> * to the masses. >> */ >> trusted; >> }; >> >> forwarders { >> 195.60.233.136; >> 147.235.250.2; >> }; >> >> >> allow-query-cache { >> /* Use the cache for the "trusted" ACL. */ >> trusted; >> }; >> >> allow-recursion { >> /* Only trusted addresses are allowed to use recursion. */ >> trusted; >> }; >> >> allow-transfer { >> /* Zone tranfers are denied by default. */ >> none; >> }; >> >> allow-update { >> /* Don't allow updates, e.g. via nsupdate. */ >> none; >> }; >> >> >> //dnssec-enable yes; >> //dnssec-validation yes; >> >> /* >> * As of bind 9.8.0: >> * "If the root key provided has expired, >> * named will log the expiration and validation will not work." >> */ >> //dnssec-validation auto; >> >> /* if you have problems and are behind a firewall: */ >> //query-source address * port 53; >> }; >> >> /* >> logging { >> channel default_log { >> file "/var/log/named/named.log" versions 5 size 50M; >> print-time yes; >> print-severity yes; >> print-category yes; >> }; >> >> category default { default_log; }; >> category general { default_log; }; >> }; >> */ >> >> include "/etc/bind/rndc.key"; >> controls { >> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { >> "rndc-key"; }; >> }; >> >> zone "." in { >> type hint; >> file "/var/bind/root.cache"; >> }; >> >> zone "localhost" IN { >> type master; >> file "pri/localhost.zone"; >> notify no; >> }; >> >> zone "127.in-addr.arpa" IN { >> type master; >> file "pri/127.zone"; >> notify no; >> }; >> >> zone "10.168.192.in-addr.arpa" { >> type master; >> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; >> }; >> >> zone "lan" { >> type master; >> file "/var/bind/lan.hosts"; >> }; >> >> #end of named.conf >> >> >> >> >> >> >> -- >> Eliezer Croitoru >> https://www1.ngtech.co.il >> IT consulting for Nonprofit organizations >> eliezer<at> ngtech.co.il >> >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> - >> Forwarded by the Webmin mailing list at web...@li... >> To remove yourself from this list, go to >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il |
From: Jamie C. <jca...@we...> - 2012-03-30 06:19:40
|
Odd, Webmin should show those IPs.. If you use Webmin to add another forwarder address, where doe it get put in your config file? On 29/Mar/2012 09:17 Eliezer Croitoru <el...@ng...> wrote .. > On 29/03/2012 06:25, Jamie Cameron wrote: > > That config should be handles by Webmin .. what do you mean when > > you say the forwarders aren't recognized exactly? > > > as you can see in the named.conf file.. these lines are exists > forwarders { > 195.60.233.136; > 147.235.250.2; > }; > > but in the webmin bind "forwarders and transfers" page the list of > forwarders is empty. > > Thanks. > Eliezer > > > On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. > >> hey list, > >> > >> i was having issues with webmin 1.580 on gentoo linux. > >> the problems are that webmin wont recognize in named.conf the > >> "forwarders" part. > >> > >> also on the new bind, acls are added with quotes and webmin wont use > >> them at all. > >> is there any way to just show the "listen-on" part but to not change it? > >> cause it will benefit all. > >> > >> Thanks, > >> Eliezer > >> > >> this is my named.conf that webmin wont recognize the forwarders servers. > >> > >> #start of named.conf > >> > >> acl "xfer" { > >> none; > >> }; > >> > >> > >> acl "trusted" { > >> 127.0.0.0/8; > >> ::1/128; > >> 192.168.10.0/24; > >> }; > >> > >> options { > >> directory "/var/bind"; > >> pid-file "/var/run/named/named.pid"; > >> > >> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ > >> //bindkeys-file "/etc/bind/bind.keys"; > >> > >> listen-on-v6 { any; }; > >> listen-on { any; }; > >> > >> allow-query { > >> /* > >> * Accept queries from our "trusted" ACL. We will > >> * allow anyone to query our master zones below. > >> * This prevents us from becoming a free DNS server > >> * to the masses. > >> */ > >> trusted; > >> }; > >> > >> forwarders { > >> 195.60.233.136; > >> 147.235.250.2; > >> }; > >> > >> > >> allow-query-cache { > >> /* Use the cache for the "trusted" ACL. */ > >> trusted; > >> }; > >> > >> allow-recursion { > >> /* Only trusted addresses are allowed to use recursion. */ > >> trusted; > >> }; > >> > >> allow-transfer { > >> /* Zone tranfers are denied by default. */ > >> none; > >> }; > >> > >> allow-update { > >> /* Don't allow updates, e.g. via nsupdate. */ > >> none; > >> }; > >> > >> > >> //dnssec-enable yes; > >> //dnssec-validation yes; > >> > >> /* > >> * As of bind 9.8.0: > >> * "If the root key provided has expired, > >> * named will log the expiration and validation will not work." > >> */ > >> //dnssec-validation auto; > >> > >> /* if you have problems and are behind a firewall: */ > >> //query-source address * port 53; > >> }; > >> > >> /* > >> logging { > >> channel default_log { > >> file "/var/log/named/named.log" versions 5 size 50M; > >> print-time yes; > >> print-severity yes; > >> print-category yes; > >> }; > >> > >> category default { default_log; }; > >> category general { default_log; }; > >> }; > >> */ > >> > >> include "/etc/bind/rndc.key"; > >> controls { > >> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { > >> "rndc-key"; }; > >> }; > >> > >> zone "." in { > >> type hint; > >> file "/var/bind/root.cache"; > >> }; > >> > >> zone "localhost" IN { > >> type master; > >> file "pri/localhost.zone"; > >> notify no; > >> }; > >> > >> zone "127.in-addr.arpa" IN { > >> type master; > >> file "pri/127.zone"; > >> notify no; > >> }; > >> > >> zone "10.168.192.in-addr.arpa" { > >> type master; > >> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; > >> }; > >> > >> zone "lan" { > >> type master; > >> file "/var/bind/lan.hosts"; > >> }; > >> > >> #end of named.conf > >> > >> > >> > >> > >> > >> > >> -- > >> Eliezer Croitoru > >> https://www1.ngtech.co.il > >> IT consulting for Nonprofit organizations > >> eliezer<at> ngtech.co.il > >> > >> ------------------------------------------------------------------------------ > >> This SF email is sponsosred by: > >> Try Windows Azure free for 90 days Click Here > >> http://p.sf.net/sfu/sfd2d-msazure > >> - > >> Forwarded by the Webmin mailing list at web...@li... > >> To remove yourself from this list, go to > >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > > Try Windows Azure free for 90 days Click Here > > http://p.sf.net/sfu/sfd2d-msazure > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Eliezer C. <el...@ng...> - 2012-03-30 21:47:38
|
On 30/03/2012 09:19, Jamie Cameron wrote: > Odd, Webmin should show those IPs.. > > If you use Webmin to add another forwarder address, where doe it get > put in your config file? in the allow-query part as shown: options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ //bindkeys-file "/etc/bind/bind.keys"; listen-on-v6 { any; }; listen-on { any; }; allow-query { /* * Accept queries from our "trusted" ACL. We will * allow anyone to query our master zones below. * This prevents us from becoming a free DNS server * to the masses. */ trusted; forwarders { 8.8.8.8; }; }; forwarders { 195.60.233.136; 147.235.250.2; }; allow-query-cache { /* Use the cache for the "trusted" ACL. */ trusted; }; allow-recursion { /* Only trusted addresses are allowed to use recursion. */ trusted; }; allow-transfer { /* Zone tranfers are denied by default. */ none; }; allow-update { /* Don't allow updates, e.g. via nsupdate. */ none; }; /* * If you've got a DNS server around at your upstream provider, enter its * IP address here, and enable the line below. This will make you benefit * from its cache, thus reduce overall DNS traffic in the Internet. * * Uncomment the following lines to turn on DNS forwarding, and change * and/or update the forwarding ip address(es): */ /* forward first; forwarders { // 123.123.123.123; // Your ISP NS // 124.124.124.124; // Your ISP NS // 4.2.2.1; // Level3 Public DNS // 4.2.2.2; // Level3 Public DNS 8.8.8.8; // Google Open DNS 8.8.4.4; // Google Open DNS }; */ //dnssec-enable yes; //dnssec-validation yes; /* * As of bind 9.8.0: * "If the root key provided has expired, * named will log the expiration and validation will not work." */ //dnssec-validation auto; /* if you have problems and are behind a firewall: */ //query-source address * port 53; }; > > On 29/Mar/2012 09:17 Eliezer Croitoru<el...@ng...> wrote .. >> On 29/03/2012 06:25, Jamie Cameron wrote: >>> That config should be handles by Webmin .. what do you mean when >>> you say the forwarders aren't recognized exactly? >>> >> as you can see in the named.conf file.. these lines are exists >> forwarders { >> 195.60.233.136; >> 147.235.250.2; >> }; >> >> but in the webmin bind "forwarders and transfers" page the list of >> forwarders is empty. >> >> Thanks. >> Eliezer >> >>> On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. >>>> hey list, >>>> >>>> i was having issues with webmin 1.580 on gentoo linux. >>>> the problems are that webmin wont recognize in named.conf the >>>> "forwarders" part. >>>> >>>> also on the new bind, acls are added with quotes and webmin wont use >>>> them at all. >>>> is there any way to just show the "listen-on" part but to not change it? >>>> cause it will benefit all. >>>> >>>> Thanks, >>>> Eliezer >>>> >>>> this is my named.conf that webmin wont recognize the forwarders servers. >>>> >>>> #start of named.conf >>>> >>>> acl "xfer" { >>>> none; >>>> }; >>>> >>>> >>>> acl "trusted" { >>>> 127.0.0.0/8; >>>> ::1/128; >>>> 192.168.10.0/24; >>>> }; >>>> >>>> options { >>>> directory "/var/bind"; >>>> pid-file "/var/run/named/named.pid"; >>>> >>>> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >>>> //bindkeys-file "/etc/bind/bind.keys"; >>>> >>>> listen-on-v6 { any; }; >>>> listen-on { any; }; >>>> >>>> allow-query { >>>> /* >>>> * Accept queries from our "trusted" ACL. We will >>>> * allow anyone to query our master zones below. >>>> * This prevents us from becoming a free DNS server >>>> * to the masses. >>>> */ >>>> trusted; >>>> }; >>>> >>>> forwarders { >>>> 195.60.233.136; >>>> 147.235.250.2; >>>> }; >>>> >>>> >>>> allow-query-cache { >>>> /* Use the cache for the "trusted" ACL. */ >>>> trusted; >>>> }; >>>> >>>> allow-recursion { >>>> /* Only trusted addresses are allowed to use recursion. */ >>>> trusted; >>>> }; >>>> >>>> allow-transfer { >>>> /* Zone tranfers are denied by default. */ >>>> none; >>>> }; >>>> >>>> allow-update { >>>> /* Don't allow updates, e.g. via nsupdate. */ >>>> none; >>>> }; >>>> >>>> >>>> //dnssec-enable yes; >>>> //dnssec-validation yes; >>>> >>>> /* >>>> * As of bind 9.8.0: >>>> * "If the root key provided has expired, >>>> * named will log the expiration and validation will not work." >>>> */ >>>> //dnssec-validation auto; >>>> >>>> /* if you have problems and are behind a firewall: */ >>>> //query-source address * port 53; >>>> }; >>>> >>>> /* >>>> logging { >>>> channel default_log { >>>> file "/var/log/named/named.log" versions 5 size 50M; >>>> print-time yes; >>>> print-severity yes; >>>> print-category yes; >>>> }; >>>> >>>> category default { default_log; }; >>>> category general { default_log; }; >>>> }; >>>> */ >>>> >>>> include "/etc/bind/rndc.key"; >>>> controls { >>>> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { >>>> "rndc-key"; }; >>>> }; >>>> >>>> zone "." in { >>>> type hint; >>>> file "/var/bind/root.cache"; >>>> }; >>>> >>>> zone "localhost" IN { >>>> type master; >>>> file "pri/localhost.zone"; >>>> notify no; >>>> }; >>>> >>>> zone "127.in-addr.arpa" IN { >>>> type master; >>>> file "pri/127.zone"; >>>> notify no; >>>> }; >>>> >>>> zone "10.168.192.in-addr.arpa" { >>>> type master; >>>> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; >>>> }; >>>> >>>> zone "lan" { >>>> type master; >>>> file "/var/bind/lan.hosts"; >>>> }; >>>> >>>> #end of named.conf >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Eliezer Croitoru >>>> https://www1.ngtech.co.il >>>> IT consulting for Nonprofit organizations >>>> eliezer<at> ngtech.co.il >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF email is sponsosred by: >>>> Try Windows Azure free for 90 days Click Here >>>> http://p.sf.net/sfu/sfd2d-msazure >>>> - >>>> Forwarded by the Webmin mailing list at web...@li... >>>> To remove yourself from this list, go to >>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>> >>> ------------------------------------------------------------------------------ >>> This SF email is sponsosred by: >>> Try Windows Azure free for 90 days Click Here >>> http://p.sf.net/sfu/sfd2d-msazure >>> - >>> Forwarded by the Webmin mailing list at web...@li... >>> To remove yourself from this list, go to >>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >> >> >> -- >> Eliezer Croitoru >> https://www1.ngtech.co.il >> IT consulting for Nonprofit organizations >> eliezer<at> ngtech.co.il >> >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> - >> Forwarded by the Webmin mailing list at web...@li... >> To remove yourself from this list, go to >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il |
From: Jamie C. <jca...@we...> - 2012-03-31 19:12:31
|
Ok, I see the issue now .. Webmin isn't properly parsing the comments in the line : /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ which completely breaks it's parsing of the file. If you remove that line, the problem will go away. The next Webmin release will include a proper fix for this. - Jamie On 30/Mar/2012 14:20 Eliezer Croitoru <el...@ng...> wrote .. > On 30/03/2012 09:19, Jamie Cameron wrote: > > Odd, Webmin should show those IPs.. > > > > If you use Webmin to add another forwarder address, where doe it get > > put in your config file? > in the allow-query part as shown: > > options { > directory "/var/bind"; > pid-file "/var/run/named/named.pid"; > > /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ > //bindkeys-file "/etc/bind/bind.keys"; > > listen-on-v6 { any; }; > listen-on { any; }; > > allow-query { > /* > * Accept queries from our "trusted" ACL. We will > * allow anyone to query our master zones below. > * This prevents us from becoming a free DNS server > * to the masses. > */ > trusted; > forwarders { > 8.8.8.8; > }; > }; > > forwarders { > 195.60.233.136; > 147.235.250.2; > }; > > > allow-query-cache { > /* Use the cache for the "trusted" ACL. */ > trusted; > }; > > allow-recursion { > /* Only trusted addresses are allowed to use recursion. */ > trusted; > }; > > allow-transfer { > /* Zone tranfers are denied by default. */ > none; > }; > > allow-update { > /* Don't allow updates, e.g. via nsupdate. */ > none; > }; > > /* > * If you've got a DNS server around at your upstream provider, enter its > * IP address here, and enable the line below. This will make you benefit > * from its cache, thus reduce overall DNS traffic in the Internet. > * > * Uncomment the following lines to turn on DNS forwarding, and change > * and/or update the forwarding ip address(es): > */ > /* > forward first; > forwarders { > // 123.123.123.123; // Your ISP NS > // 124.124.124.124; // Your ISP NS > // 4.2.2.1; // Level3 Public DNS > // 4.2.2.2; // Level3 Public DNS > 8.8.8.8; // Google Open DNS > 8.8.4.4; // Google Open DNS > }; > > */ > > //dnssec-enable yes; > //dnssec-validation yes; > > /* > * As of bind 9.8.0: > * "If the root key provided has expired, > * named will log the expiration and validation will not work." > */ > //dnssec-validation auto; > > /* if you have problems and are behind a firewall: */ > //query-source address * port 53; > }; > > > > On 29/Mar/2012 09:17 Eliezer Croitoru<el...@ng...> wrote .. > >> On 29/03/2012 06:25, Jamie Cameron wrote: > >>> That config should be handles by Webmin .. what do you mean when > >>> you say the forwarders aren't recognized exactly? > >>> > >> as you can see in the named.conf file.. these lines are exists > >> forwarders { > >> 195.60.233.136; > >> 147.235.250.2; > >> }; > >> > >> but in the webmin bind "forwarders and transfers" page the list of > >> forwarders is empty. > >> > >> Thanks. > >> Eliezer > >> > >>> On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. > >>>> hey list, > >>>> > >>>> i was having issues with webmin 1.580 on gentoo linux. > >>>> the problems are that webmin wont recognize in named.conf the > >>>> "forwarders" part. > >>>> > >>>> also on the new bind, acls are added with quotes and webmin wont use > >>>> them at all. > >>>> is there any way to just show the "listen-on" part but to not change it? > >>>> cause it will benefit all. > >>>> > >>>> Thanks, > >>>> Eliezer > >>>> > >>>> this is my named.conf that webmin wont recognize the forwarders servers. > >>>> > >>>> #start of named.conf > >>>> > >>>> acl "xfer" { > >>>> none; > >>>> }; > >>>> > >>>> > >>>> acl "trusted" { > >>>> 127.0.0.0/8; > >>>> ::1/128; > >>>> 192.168.10.0/24; > >>>> }; > >>>> > >>>> options { > >>>> directory "/var/bind"; > >>>> pid-file "/var/run/named/named.pid"; > >>>> > >>>> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ > >>>> //bindkeys-file "/etc/bind/bind.keys"; > >>>> > >>>> listen-on-v6 { any; }; > >>>> listen-on { any; }; > >>>> > >>>> allow-query { > >>>> /* > >>>> * Accept queries from our "trusted" ACL. We will > >>>> * allow anyone to query our master zones below. > >>>> * This prevents us from becoming a free DNS server > >>>> * to the masses. > >>>> */ > >>>> trusted; > >>>> }; > >>>> > >>>> forwarders { > >>>> 195.60.233.136; > >>>> 147.235.250.2; > >>>> }; > >>>> > >>>> > >>>> allow-query-cache { > >>>> /* Use the cache for the "trusted" ACL. */ > >>>> trusted; > >>>> }; > >>>> > >>>> allow-recursion { > >>>> /* Only trusted addresses are allowed to use recursion. > */ > >>>> trusted; > >>>> }; > >>>> > >>>> allow-transfer { > >>>> /* Zone tranfers are denied by default. */ > >>>> none; > >>>> }; > >>>> > >>>> allow-update { > >>>> /* Don't allow updates, e.g. via nsupdate. */ > >>>> none; > >>>> }; > >>>> > >>>> > >>>> //dnssec-enable yes; > >>>> //dnssec-validation yes; > >>>> > >>>> /* > >>>> * As of bind 9.8.0: > >>>> * "If the root key provided has expired, > >>>> * named will log the expiration and validation will not work." > >>>> */ > >>>> //dnssec-validation auto; > >>>> > >>>> /* if you have problems and are behind a firewall: */ > >>>> //query-source address * port 53; > >>>> }; > >>>> > >>>> /* > >>>> logging { > >>>> channel default_log { > >>>> file "/var/log/named/named.log" versions 5 size 50M; > >>>> print-time yes; > >>>> print-severity yes; > >>>> print-category yes; > >>>> }; > >>>> > >>>> category default { default_log; }; > >>>> category general { default_log; }; > >>>> }; > >>>> */ > >>>> > >>>> include "/etc/bind/rndc.key"; > >>>> controls { > >>>> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { > >>>> "rndc-key"; }; > >>>> }; > >>>> > >>>> zone "." in { > >>>> type hint; > >>>> file "/var/bind/root.cache"; > >>>> }; > >>>> > >>>> zone "localhost" IN { > >>>> type master; > >>>> file "pri/localhost.zone"; > >>>> notify no; > >>>> }; > >>>> > >>>> zone "127.in-addr.arpa" IN { > >>>> type master; > >>>> file "pri/127.zone"; > >>>> notify no; > >>>> }; > >>>> > >>>> zone "10.168.192.in-addr.arpa" { > >>>> type master; > >>>> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; > >>>> }; > >>>> > >>>> zone "lan" { > >>>> type master; > >>>> file "/var/bind/lan.hosts"; > >>>> }; > >>>> > >>>> #end of named.conf > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Eliezer Croitoru > >>>> https://www1.ngtech.co.il > >>>> IT consulting for Nonprofit organizations > >>>> eliezer<at> ngtech.co.il > >>>> > >>>> ------------------------------------------------------------------------------ > >>>> This SF email is sponsosred by: > >>>> Try Windows Azure free for 90 days Click Here > >>>> http://p.sf.net/sfu/sfd2d-msazure > >>>> - > >>>> Forwarded by the Webmin mailing list at web...@li... > >>>> To remove yourself from this list, go to > >>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list > >>> > >>> ------------------------------------------------------------------------------ > >>> This SF email is sponsosred by: > >>> Try Windows Azure free for 90 days Click Here > >>> http://p.sf.net/sfu/sfd2d-msazure > >>> - > >>> Forwarded by the Webmin mailing list at web...@li... > >>> To remove yourself from this list, go to > >>> http://lists.sourceforge.net/lists/listinfo/webadmin-list > >> > >> > >> -- > >> Eliezer Croitoru > >> https://www1.ngtech.co.il > >> IT consulting for Nonprofit organizations > >> eliezer<at> ngtech.co.il > >> > >> ------------------------------------------------------------------------------ > >> This SF email is sponsosred by: > >> Try Windows Azure free for 90 days Click Here > >> http://p.sf.net/sfu/sfd2d-msazure > >> - > >> Forwarded by the Webmin mailing list at web...@li... > >> To remove yourself from this list, go to > >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > > Try Windows Azure free for 90 days Click Here > > http://p.sf.net/sfu/sfd2d-msazure > > - > > Forwarded by the Webmin mailing list at web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > -- > Eliezer Croitoru > https://www1.ngtech.co.il > IT consulting for Nonprofit organizations > eliezer <at> ngtech.co.il > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Eliezer C. <el...@ng...> - 2012-04-01 04:31:41
|
Thanks On 31/03/2012 22:12, Jamie Cameron wrote: > Ok, I see the issue now .. Webmin isn't properly parsing the comments > in the line : > > /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ > > which completely breaks it's parsing of the file. If you remove that > line, the problem will go away. > > The next Webmin release will include a proper fix for this. > > - Jamie > > On 30/Mar/2012 14:20 Eliezer Croitoru<el...@ng...> wrote .. >> On 30/03/2012 09:19, Jamie Cameron wrote: >>> Odd, Webmin should show those IPs.. >>> >>> If you use Webmin to add another forwarder address, where doe it get >>> put in your config file? >> in the allow-query part as shown: >> >> options { >> directory "/var/bind"; >> pid-file "/var/run/named/named.pid"; >> >> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >> //bindkeys-file "/etc/bind/bind.keys"; >> >> listen-on-v6 { any; }; >> listen-on { any; }; >> >> allow-query { >> /* >> * Accept queries from our "trusted" ACL. We will >> * allow anyone to query our master zones below. >> * This prevents us from becoming a free DNS server >> * to the masses. >> */ >> trusted; >> forwarders { >> 8.8.8.8; >> }; >> }; >> >> forwarders { >> 195.60.233.136; >> 147.235.250.2; >> }; >> >> >> allow-query-cache { >> /* Use the cache for the "trusted" ACL. */ >> trusted; >> }; >> >> allow-recursion { >> /* Only trusted addresses are allowed to use recursion. */ >> trusted; >> }; >> >> allow-transfer { >> /* Zone tranfers are denied by default. */ >> none; >> }; >> >> allow-update { >> /* Don't allow updates, e.g. via nsupdate. */ >> none; >> }; >> >> /* >> * If you've got a DNS server around at your upstream provider, enter its >> * IP address here, and enable the line below. This will make you benefit >> * from its cache, thus reduce overall DNS traffic in the Internet. >> * >> * Uncomment the following lines to turn on DNS forwarding, and change >> * and/or update the forwarding ip address(es): >> */ >> /* >> forward first; >> forwarders { >> // 123.123.123.123; // Your ISP NS >> // 124.124.124.124; // Your ISP NS >> // 4.2.2.1; // Level3 Public DNS >> // 4.2.2.2; // Level3 Public DNS >> 8.8.8.8; // Google Open DNS >> 8.8.4.4; // Google Open DNS >> }; >> >> */ >> >> //dnssec-enable yes; >> //dnssec-validation yes; >> >> /* >> * As of bind 9.8.0: >> * "If the root key provided has expired, >> * named will log the expiration and validation will not work." >> */ >> //dnssec-validation auto; >> >> /* if you have problems and are behind a firewall: */ >> //query-source address * port 53; >> }; >>> >>> On 29/Mar/2012 09:17 Eliezer Croitoru<el...@ng...> wrote .. >>>> On 29/03/2012 06:25, Jamie Cameron wrote: >>>>> That config should be handles by Webmin .. what do you mean when >>>>> you say the forwarders aren't recognized exactly? >>>>> >>>> as you can see in the named.conf file.. these lines are exists >>>> forwarders { >>>> 195.60.233.136; >>>> 147.235.250.2; >>>> }; >>>> >>>> but in the webmin bind "forwarders and transfers" page the list of >>>> forwarders is empty. >>>> >>>> Thanks. >>>> Eliezer >>>> >>>>> On 28/Mar/2012 15:43 Eliezer Croitoru<el...@ng...> wrote .. >>>>>> hey list, >>>>>> >>>>>> i was having issues with webmin 1.580 on gentoo linux. >>>>>> the problems are that webmin wont recognize in named.conf the >>>>>> "forwarders" part. >>>>>> >>>>>> also on the new bind, acls are added with quotes and webmin wont use >>>>>> them at all. >>>>>> is there any way to just show the "listen-on" part but to not change it? >>>>>> cause it will benefit all. >>>>>> >>>>>> Thanks, >>>>>> Eliezer >>>>>> >>>>>> this is my named.conf that webmin wont recognize the forwarders servers. >>>>>> >>>>>> #start of named.conf >>>>>> >>>>>> acl "xfer" { >>>>>> none; >>>>>> }; >>>>>> >>>>>> >>>>>> acl "trusted" { >>>>>> 127.0.0.0/8; >>>>>> ::1/128; >>>>>> 192.168.10.0/24; >>>>>> }; >>>>>> >>>>>> options { >>>>>> directory "/var/bind"; >>>>>> pid-file "/var/run/named/named.pid"; >>>>>> >>>>>> /* https://www.isc.org/solutions/dlv>=bind-9.7.x only */ >>>>>> //bindkeys-file "/etc/bind/bind.keys"; >>>>>> >>>>>> listen-on-v6 { any; }; >>>>>> listen-on { any; }; >>>>>> >>>>>> allow-query { >>>>>> /* >>>>>> * Accept queries from our "trusted" ACL. We will >>>>>> * allow anyone to query our master zones below. >>>>>> * This prevents us from becoming a free DNS server >>>>>> * to the masses. >>>>>> */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> forwarders { >>>>>> 195.60.233.136; >>>>>> 147.235.250.2; >>>>>> }; >>>>>> >>>>>> >>>>>> allow-query-cache { >>>>>> /* Use the cache for the "trusted" ACL. */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> allow-recursion { >>>>>> /* Only trusted addresses are allowed to use recursion. >> */ >>>>>> trusted; >>>>>> }; >>>>>> >>>>>> allow-transfer { >>>>>> /* Zone tranfers are denied by default. */ >>>>>> none; >>>>>> }; >>>>>> >>>>>> allow-update { >>>>>> /* Don't allow updates, e.g. via nsupdate. */ >>>>>> none; >>>>>> }; >>>>>> >>>>>> >>>>>> //dnssec-enable yes; >>>>>> //dnssec-validation yes; >>>>>> >>>>>> /* >>>>>> * As of bind 9.8.0: >>>>>> * "If the root key provided has expired, >>>>>> * named will log the expiration and validation will not work." >>>>>> */ >>>>>> //dnssec-validation auto; >>>>>> >>>>>> /* if you have problems and are behind a firewall: */ >>>>>> //query-source address * port 53; >>>>>> }; >>>>>> >>>>>> /* >>>>>> logging { >>>>>> channel default_log { >>>>>> file "/var/log/named/named.log" versions 5 size 50M; >>>>>> print-time yes; >>>>>> print-severity yes; >>>>>> print-category yes; >>>>>> }; >>>>>> >>>>>> category default { default_log; }; >>>>>> category general { default_log; }; >>>>>> }; >>>>>> */ >>>>>> >>>>>> include "/etc/bind/rndc.key"; >>>>>> controls { >>>>>> inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { >>>>>> "rndc-key"; }; >>>>>> }; >>>>>> >>>>>> zone "." in { >>>>>> type hint; >>>>>> file "/var/bind/root.cache"; >>>>>> }; >>>>>> >>>>>> zone "localhost" IN { >>>>>> type master; >>>>>> file "pri/localhost.zone"; >>>>>> notify no; >>>>>> }; >>>>>> >>>>>> zone "127.in-addr.arpa" IN { >>>>>> type master; >>>>>> file "pri/127.zone"; >>>>>> notify no; >>>>>> }; >>>>>> >>>>>> zone "10.168.192.in-addr.arpa" { >>>>>> type master; >>>>>> file "/var/bind/10.168.192.in-addr.arpa.local.hosts"; >>>>>> }; >>>>>> >>>>>> zone "lan" { >>>>>> type master; >>>>>> file "/var/bind/lan.hosts"; >>>>>> }; >>>>>> >>>>>> #end of named.conf >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Eliezer Croitoru >>>>>> https://www1.ngtech.co.il >>>>>> IT consulting for Nonprofit organizations >>>>>> eliezer<at> ngtech.co.il >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> This SF email is sponsosred by: >>>>>> Try Windows Azure free for 90 days Click Here >>>>>> http://p.sf.net/sfu/sfd2d-msazure >>>>>> - >>>>>> Forwarded by the Webmin mailing list at web...@li... >>>>>> To remove yourself from this list, go to >>>>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> This SF email is sponsosred by: >>>>> Try Windows Azure free for 90 days Click Here >>>>> http://p.sf.net/sfu/sfd2d-msazure >>>>> - >>>>> Forwarded by the Webmin mailing list at web...@li... >>>>> To remove yourself from this list, go to >>>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>>> >>>> >>>> -- >>>> Eliezer Croitoru >>>> https://www1.ngtech.co.il >>>> IT consulting for Nonprofit organizations >>>> eliezer<at> ngtech.co.il >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF email is sponsosred by: >>>> Try Windows Azure free for 90 days Click Here >>>> http://p.sf.net/sfu/sfd2d-msazure >>>> - >>>> Forwarded by the Webmin mailing list at web...@li... >>>> To remove yourself from this list, go to >>>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >>> >>> ------------------------------------------------------------------------------ >>> This SF email is sponsosred by: >>> Try Windows Azure free for 90 days Click Here >>> http://p.sf.net/sfu/sfd2d-msazure >>> - >>> Forwarded by the Webmin mailing list at web...@li... >>> To remove yourself from this list, go to >>> http://lists.sourceforge.net/lists/listinfo/webadmin-list >> >> >> -- >> Eliezer Croitoru >> https://www1.ngtech.co.il >> IT consulting for Nonprofit organizations >> eliezer<at> ngtech.co.il >> >> ------------------------------------------------------------------------------ >> This SF email is sponsosred by: >> Try Windows Azure free for 90 days Click Here >> http://p.sf.net/sfu/sfd2d-msazure >> - >> Forwarded by the Webmin mailing list at web...@li... >> To remove yourself from this list, go to >> http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il |