# Strange BIND9 issue.



## jasonmit (Apr 4, 2009)

Here's what I'm looking at.

I set up a new DNS server running 7.1. All pretty basic.

It'll find our domains as well as external domains using its LAN IP.
It'll find our domains but not external domains using its WAN IP.

We have two older DNS boxes running 6.2 (I think) and they work fine. We have all the clients in our office set up to use our DNS servers via their WAN IP's. 

I am using all the same Master files and simply copy and pasted the reference to them in the new named.conf file.

In other words, the only thing that is different is the FreeBSD and BIND version. Has there been a change I don't know about and is there a way to correct this?

Thanks


----------



## jasonmit (Apr 4, 2009)

Correction: Our active DNS servers are running 6.1.


----------



## DutchDaemon (Apr 4, 2009)

Newer BINDs disallow recursive queries by default, so you'll have to define things like


```
allow-recursion { some_acl; };
        allow-query { some_acl; };
        allow-query-cache { some_acl; };
```

explicitly.


----------



## jasonmit (Apr 5, 2009)

Awesome, it worked perfectly.

Figured it was something like that. Now I know this works, I'll set it up to only allow trusted network.

Thank you very much for your help!


----------



## SirDice (Apr 6, 2009)

To reduce the load on the root dns servers somewhat you should forward your requests to your ISP's DNS servers.


```
forward only;
  forwarders {
        1.2.3.4;
        2.3.4.5;
  };
```


----------

