22 Apr
2023
22 Apr
'23
7:33 p.m.
Hi Badli,
On Sat, Apr 22, 2023 at 06:46:10PM +0000, Badli Al Rashid via BitFolk Users wrote:
Is letting bind9 listening on all interfaces a good
practice? Or letting it listening on specific interface best ?
I think it's fine. Most of the time you're running a DNS server
because you want it to be globally reachable anyway. If it's a
resolver then it might make more sense to only have it listen on
certain interfaces.
If I set specific address listening, bind9 failed to
start and stops listening.
Logs will say why. Logs are really good. They save a lot of time
from posting messages about how "it failed" as they usually tell you
why "it failed".
If i set bind9 to listen to all and block using the
firewall the interface I do not it to listen to bind9 to powerdns replication did not
work. Powerdns as primary here.
It seems to be working if I set bind9 to listen to all interfaces and not block by the
firewall.
These just sound like misconfigurations.
- Decide what you want to do.
- Tackle one problem at a time.
- Show exact configuration, logs and/or copy of output showing what
it did, and explanation of what you actually wanted it to do.
You can test if an AXFR works, requesting from your BIND host to
your PowerDNS host, without even using BIND. You can test it with
just "dig":
$ dig -b 192.168.1.2 -t axfr example.com @10.10.1.2
Where:
- 192.168.1.2 is the source address you want the AXFR to come from
- example.com is the zone you want to transfer from PowerDNS
- 10.10.1.2 is the IP address of POwerDNS
Get that working first. Once it works, configure BIND to do the
same.
Cheers,
Andy