jerminate
asked on
BIND 8 problem
Hello,
I have set up 2 FREEBSD BIND v8 DNS servers. BIND is running on both of them, and they both respond to nslookup queries, for any domain except the one I'm trying to be authoritative for (i.e. the one that I have in named.conf and have zone files for - colorforprinters.com).
Here's the named.conf
// $FreeBSD$
//
// Refer to the named(8) manual page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
<ip removed>;
};
*/
/*
* If there is a firewall between you and name servers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0
type master;
file "localhost-v6.rev";
};
//RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0
type master;
file "localhost-v6.rev";
};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentatio
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs BIND in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to BIND. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind:bind /etc/namedb/s
// chmod 750 /etc/namedb/s
For more information on running BIND in a sandbox, see Running named in a sandbox.
/*
zone "colorforprinters.com" {
type master;
file "db.colorforprinters.com";
};
zone "<ip removed>.in-addr.arpa" {
type master;
file "rev.<name removed>.com";
};
*/
And here's the zone file - db.<name removed>.com
$TTL 1D
<name removed>.com. IN SOA ns1.<name removed>.com. (
postmaster.<name removed>.com.
2004100601
21600
3600
604800
86400
)
@ IN NS ns1.<name removed>.com.
@ IN NS ns2.<name removed>.com.
@ IN A <ip removed>
@ IN MX 10 mx1.<name removed>.com.
ns1.<name removed>.com. IN A <ip removed>
ns2.<name removed>.com. IN A <ip removed>
mx1.<name removed>.com. IN A <ip removed>
The zone file resides in the etc/namedb folder. The name servers are registered with the registrar for colorforprinters.com. It doesn't look like zone transfers are working either, as there are no .bak files showing up on the slave name server.
I've been struggling to get these up for a while now, with no luck. Any idea why this isn't working for me?
I have set up 2 FREEBSD BIND v8 DNS servers. BIND is running on both of them, and they both respond to nslookup queries, for any domain except the one I'm trying to be authoritative for (i.e. the one that I have in named.conf and have zone files for - colorforprinters.com).
Here's the named.conf
// $FreeBSD$
//
// Refer to the named(8) manual page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
<ip removed>;
};
*/
/*
* If there is a firewall between you and name servers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0
type master;
file "localhost-v6.rev";
};
//RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0
type master;
file "localhost-v6.rev";
};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentatio
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs BIND in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to BIND. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind:bind /etc/namedb/s
// chmod 750 /etc/namedb/s
For more information on running BIND in a sandbox, see Running named in a sandbox.
/*
zone "colorforprinters.com" {
type master;
file "db.colorforprinters.com";
};
zone "<ip removed>.in-addr.arpa" {
type master;
file "rev.<name removed>.com";
};
*/
And here's the zone file - db.<name removed>.com
$TTL 1D
<name removed>.com. IN SOA ns1.<name removed>.com. (
postmaster.<name removed>.com.
2004100601
21600
3600
604800
86400
)
@ IN NS ns1.<name removed>.com.
@ IN NS ns2.<name removed>.com.
@ IN A <ip removed>
@ IN MX 10 mx1.<name removed>.com.
ns1.<name removed>.com. IN A <ip removed>
ns2.<name removed>.com. IN A <ip removed>
mx1.<name removed>.com. IN A <ip removed>
The zone file resides in the etc/namedb folder. The name servers are registered with the registrar for colorforprinters.com. It doesn't look like zone transfers are working either, as there are no .bak files showing up on the slave name server.
I've been struggling to get these up for a while now, with no luck. Any idea why this isn't working for me?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In db.<name removed>.com:
<name removed>.com. IN SOA ns1.bilt<name removed>moreit.com. (
postmaster.<name removed>.com.
is wrong and should be:
<name removed>.com. IN SOA ns1.<name removed>.com. postmaster.<name removed>.com. (
And you can't have names for a different domain in the zone file for this domain, like:
ns1.<name removed>.com. IN A <ip removed>
ns2.biltmo<name removed>reit.com. IN A <ip removed>
mx1.<name removed>.com. IN A <ip removed>
You didn't show us what rev.<name removed>.com contains, but based on the forward file it should look like:
$TTL 1D
<name removed>.com. IN SOA ns1.<name removed>.com. postmaster.<name removed>.com. (
2004100601
21600
3600
604800
86400
)
@ IN NS ns1.<name removed>.com.
@ IN NS ns2.<name removed>.com.
Since there were no host's defined within the forward zone taht's all there'd be.