Solved

DNS need help

Posted on 2004-10-21
437 Views
Last Modified: 2008-01-09
How can I submit a similar question along this thread of "Split_Brain DNS?"

http://www.experts-exchange.com/Operating_Systems/Q_21092366.html

I'm having a similar problem and using some software to set up DNS, to get the values, to then transfer to Bind shortly thereafter.

Using Simple DNS Plus first, and afterwards Bind 8.2.4

Real Domain, Musics.com whose records should be correct at the ISP Primary.  Now, I want to run my own DNS Server and use it for "Split Brain DNS."
0
Question by:GinEric
    41 Comments
     
    LVL 70

    Expert Comment

    by:Chris Dent

    You need 2 (or more) DNS servers to run the Split Brain Model.

    What is causing a problem though?
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    You should only add A records at your ISP's DNS for servers who need to be contacted from the internet.
    A own DNS is needed for internal resolution.
    Configure the internal dns with your ISP's DNS as a forwarder.
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    The use of Split Brain DNS is situational. But I'm not quite sure what's going wrong, so this is a little bit of guesswork.

    The most common requirement for Split Brain DNS is when a public server exists on the Internal Network with Network Address Translation from Public to Private on a Firewall / Router.

    For Example:

    Private Address: www.mydomain.com is 192.168.0.10
    Public Address: www.mydomain.com is 213.234.23.2 (not a real address)

    Clients asking the DNS will get the 213.234.23.2 address, which won't route correctly through the Router or Firewall.

    To work around this, a version of the Public DNS Zone is added to an Internal Server with the correct internal Addressing. That allows Internal Clients to resolve to the Internal Addresses, and External Clients to resolve to the External Addresses.

    Forwarders don't work for this mode of DNS since both servers (Internal and ISP) are Start of Authority for the Zone (they know everything about the zone, so no need to forward queries).

    So we have two servers that believe they know everything about one zone, this is Split Brain. The downside of the Split Brain model is the additional administrative overhead of keeping the zones up to date.

    In the question above this means creating Zone Files for Musics.com and setting the A Records to the alternate IP.

    As an example, in the end that gives you:

    ISPs DNS: Start of Authority for Musics.com, www.musics.com IN A 213.234.23.2
    Your DNS: Start of Authority for Musics.com, www.musics.com IN A 192.168.0.10

    Let me know if you need specific instructions, or further information in general.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Gee, I wish I had more points to give, the answers are greatly appreciated.

    If you look at the records for Musics.com, there are two Name Servers from the ISP.  Yes, I want to keep them there.

    But I want to add Name Servers internally.  The reason being that later I will be serving more domains, clients, etc., and I really want full control of the DNS'ing, instead of having to call for a record update or some such.

    The pipe is Static from the WAN.  It goes through a simple Westell 2200 modem and a Linksys BEFW11S4 router, for now; upgrade to Cisco when this all works.  Probably another learning experience.

    Internally, Apache, Perl, PHP, and MySQL are being served, but any browse to the domain shows up with a DNS error, page won't load.

    It also seems to be happening externally since a reinstall of the above, for the purposes of changing directories, security, etc..

    I am back to basics, needing to know the basic configuration for who is the Master, who is the slave, who has Musics.com and who has Musics.local, and trying to figure an example of the appropriate records.

    The static Public IP can be got from any nameserver as 68.162.85.5

    The router is 192.168.1.1

    The first server is 192.168.1.106

    Let me browse the links you posted.   Any further advice is still greatly appreciated.


    0
     
    LVL 11

    Expert Comment

    by:WeHe
    I think you want the following:
    Install DNS at 192.168.1.106.
    Forward Traffic on Port 53 coming from Internet, to Server 192.168.1.106. This has to be done on the Linksys-Router.
    Configure on 192.168.1.106 your musics.com zone.
    Tell you ISP to convert the zones on his dns server into secondary zones. master for them is 68.162.85.5 (DNS Traffic(Port 53) is forwarded to the internal dns)
    add a additional dns server for your internal dns resolution. this dns hosts music.local.
    configure the additional dns to use a forwarder and point it to 192.168.1.106.

    If you want to host the webserver internaly, you have to forward port 80 on your Linksys to the internal webserver.
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    If you really want to learn how to set up the DNS I highly recommend "DNS and BIND" by Paul Albitz and Cricket Liu (Published by O'Reilly). That will cover everything you want / need to know about setting up, configuring and troubleshooting BIND and DNS in general.

    Anyway,

    The secondary zone would work if the ISP will play along. But WeHe's configuration is incomplete at present.

    For internally hosted servers there's the NAT problem. External clients can see the addresses fine, but internal ones can't see anything, it refuses to route back into the network. Forwarders will do nothing at all to get rid of that issue - and then we're back to Split Brain.

    So, the Internal version of www.musics.com must be different from the external version. That can be achieved as follows:

    1. Configure the Primary Name Server for musics.com as above (contains Public IP Information)

    2. Set up a Slave Name Server for musics.com, either the ISPs or your own.

    3. Configure another Primary Name Server for musics.com. You can either make this a different "View" on the existing server or put it on a seperate server. Windows isn't too happy supporting different Views it seems, although BIND 9+ and Linux / Unix are.

    4. Configure the Primary Name Server for musics.local (this should reside on the same server as the Internal version of your musics.com Domain from Step 3).

    If you need more information on how to configure BIND (named.conf) and it's Zone files please post back. But I strongly recommend you pick up that book instead, much more depth.

    If you host your own Public Name Servers and other Services you should definately bet a nice strong Firewall (PIX for Cisco, but those aren't cheap or easy to configure).
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    I forgot to add a note.

    "Views" are part of BIND configuration (in named.conf) that allows you to present a different zone file to a client based on the IP it connects using.

    From another post on these forums it doesn't seem to work too well with Windows clients.
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    there is nothing like views in windows dns.
    but thanks for the simple explanation of bind views.
    btw, Chris-Dent is right, a internal musics.com is needed and should be hosted in my example at the additional server.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    So far, I follow what you're saying:

    DNS is installed on 192.168.1.106
    Port 53 is forwarded on router to .106
    I'm a little stuck on making Musics.com zone on .106, won't that conflict with ISP's Musics.com?
    Telling ISP to make their zones secondary, not sure here either, I have to put in an "order" for that stuff which takes days!  Also, there are other servers, not just .106, and if .106 goes down, wouldn't I lose the whole set up?
    So the other server is 192.168.1.101, dual boot - Linux server, otherwise Windows NT Server 4.0 SP6a, it's easier to configure the NT box.  I haven't brought up the third server yet, but it will be 192.168.1.111
    Router can forward to one box, .106, not sure how to forward to other boxes yet for Port 53, which is why I'm considering a Cisco router.

    So, two boxes will have DNS on them, .106 and .101

    One of these is the Internal DNS, yes?  Can't decide which one,

    Apache is running on 192.168.1.106 currently and Port 80 is forwarded via the router configuration.

    Is there no way that the ISP can remain a Master?

    Apache was working before I reinstalled it.  People are now reporting a DNS error.  I do have Bind running on .106, and either it's misconfigured, or because .106 is an XP machines, chmod doesn't apply and permissions are a problem.

    You can go to the site and see what you get.  Then, simply add Westell/ to the url to see the directory.  

    If you then click on Parent Directory, you get to the main site.  Why this happens I'm not sure.

    You can also use Westell/test.php to see the configuration.

    Any document in that Westell/2200/ has a problem displaying the images, which get the DNS Error, can't load page.

    But enough refreshes and show pictures, and eventually they show up.  I've no idea why, but the only error report I have is the DNS Error Can't Display Page.

    From here, I am ready to setup some zone files, but I'd rather use the Simple DNS Plus program, unless I have some good examples for Bind 8.2.4, maybe the Bind will be actually easier to understand with the proper configuration.  I have to know every bit of syntax in the configuration, and because it's on an XP [NT] box, some statements are different than for a Unix or Linux box.

    I'd love to have step by step help until I get the hang of this.

    Thanks.









    0
     
    LVL 12

    Author Comment

    by:GinEric
    Let me add I'm already reading Liu and the others.  Very busy reading all of this stuff!

    Bind, it can be run on both servers, right? .106 and .101?  As the two Name Servers, so, the forwarded one, .106, can only be the Master?

    I appreciate your seeing the problem behind this NAT, not forwarding internally.  I'll shut up and listen now.
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    Am i right with the following overview?

       Internet
          |
    Router Outside (68.162.85.5) Port 53,80 forwarded to Server1
               Inside (192.168.1.1)
          |
          --------------------------
          |                               |
       Server1                       Server2
    (192.168.1.106)             (192.168.1.101)
     External DNS                 Internal DNS (forwards requests for other zones to 192.168.1.106)
     music.com Master         music.com for internal use (hosts have 192.168 adresses)
     Webserver                   music.local
                             
    Portforwarding can ionly be done to 1 target ip.
    If you want more, you need more outside ip's (68.162.85.???) to forward.
    If your 192.168.1.106 fails, the secondary dns servers of your isp will still serve for the internet.
    What i know is, that there can only be 1 master and many secondarys in a dns hirarchy.
    And the master is the only one, where changes can be done.
    btw, at the moment your site is working fine for me :)
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    WeHe has it really.

    If you do upgrade to a more capable router / firewall then you can do more in terms of handling internal servers. In an ideal world your Public DNS and Web Servers should run in a DMZ rather than on your private network. That is purely to protect your internal network from attack.

    Just to clarify a few terms.

    Primary Name Server - This one is the Name Server in the Start of Authority Record. It is likely this is the server at your ISP.

    Secondary Name Server - In the Name Servers list for the zone, but not the Start of Authority. This will be the second name server at your ISP.

    Master - A zone file type normally used on the Start of Authority. This one is statically configured on the server, any Dynamic or Manual Updates will be done to a file of this type.

    Slave - A zone file type normally used on the Secondary NS. This one pulls it's data from the Master, no updates will be made directly to this file.

    Technically speaking there should only be one Start of Authority, Split Brain tends to ignore that because of the problems it's intended to fix. There can be many Secondaries, although it's rare to see more than one or two.
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    I'd upgrade to BIND 9 if I were you... otherwise, here's some samples (no abreviations or shortcuts yet):

    I'm going to assume, for the moment, that your Primary and Secondary Name Servers are called ns1 and ns2.

    Private Name Server

    We'll start with the Internal Server, that one is nice and simple, you own everything there, besides, it might relax you a bit before you get to the mess of the public server ;)

    Forward Lookup Zones:

    #db.musics.local#

    musics.local. IN SOA ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day

    musics.local.  IN NS  ns1.musics.local.

    ns1.musics.local.     IN A    192.168.0.10
    www.musics.local.   IN A    192.168.0.20


    #db.musics.com#

    musics.com. IN SOA ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day

    musics.com.  IN NS  ns1.musics.local.

    www.musics.com.    IN A    192.168.0.20


    Reverse Lookup Zone:

    #db.192.168.0#

    0.168.192.in-addr.arpa. IN SOA ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day

    0.168.192.in-addr.arpa    IN NS    ns1.musics.local.

    10.0.168.192.in-addr.arpa.      IN PTR    ns1.musics.local.

    ; You should choose if you want www to Reverse lookup as .local or .com

    20.0.168.192.in-addr.arpa.      IN PTR    www.musics.local.


    Finally, the named.conf file.

    #named.conf#

    zone "." {
              type hint;
              file "db.cache";
      };

      zone "0.0.127.in-addr.arpa" {
            type master;
            file "db.127.0.0";
            allow-update { none; };
      };

      zone "musics.local" {
            type master;
            file "db.musics.local";
            allow-update { any; };
            allow-transfer { any; };
            allow-query { "any"; };
            notify yes;
      };

      zone "musics.com" {
            type master;
            file "db.musics.com";
            allow-update { any; };
            allow-transfer { any; };
            allow-query { "any"; };
            notify yes;
      };

     zone "0.168.192.in-addr.arpa" {
          type master;
          file "db.192.168.0";
          allow-update {any; };
          allow-transfer { any; };
          allow-query { "any"; };
     };




    Public Name Server

    Now this one gets complicated, and you need to make sure it's correct.

    Forward Lookup Zone:

    Like above, this one doesn't cause much of a problem you own the entire domain name after all.

    #db.musics.com#

    musics.com. IN SOA ns1.musics.com. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day

    musics.com.  IN NS  ns1.musics.com.
    musics.com.  IN NS  ns2.musics.com.

    ns1.musics.com.      IN A    <Primary NS Public IP>
    ns2.musics.com.      IN A    <Secondary NS Public IP>

    www.musics.com.    IN A    <Public Web Server Public IP>


    Reverse Lookup Zone:

    This is actually quite tricky for Classless subnets (aka not a full subnet such as the 24 bit). You won't make yourself too popular though if you set yourself up as Start of Authority for a set of 255 addresses if you only own 6 of them though.

    I'll just make up a couple of public IPs for you to use, otherwise it looks too abstract.

    This method is described by RFC 2317, "Classless IN-ADDR.ARPA Delegation". You'll need to check this bit really carefully. You will probably need to speak with your ISP about it.

    #db.212.123.23.1-6#

    1-6.23.123.212.in-addr.arpa    IN NS    ns1.musics.com.

    1.23.123.212.in-addr.arpa       IN CNAME    1.1-6.23.123.212.in-addr.arpa.
    2.23.123.212.in-addr.arpa       IN CNAME    2.1-6.23.123.212.in-addr.arpa.

    Now that's just confusing, but what it does is reads in the Alias and looks for a Name Server to ask, which is happily provided at the top of the file as ns1.musics.com.

    Finally, the named.conf file.

    zone "." {
              type hint;
              file "db.cache";
      };

      zone "0.0.127.in-addr.arpa" {
            type master;
            file "db.127.0.0";
            allow-update { none; };
      };

      zone "musics.com" {
            type master;
            file "db.musics.com";
            allow-update { none; };
            allow-transfer { any; };
            allow-query { "any"; };
            notify yes;
      };

     zone "1-6.23.123.212.in-addr.arpa" {
          type master;
          file "db.212.123.23.1-6";
          allow-update { none; };
          allow-transfer { any; };
          allow-query { "any"; };
     };

    That should work, but I haven't tested it. So if you do add the zones and conf files only do so on a test server so it won't harm your live environment or anyone else.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    These are really great answers!

    I'm not sure what happens if I hit the "Accept" button; does that give someone the points?  You've both been so great, I don't know who to "Accept" the answer from.

    Does it matter to you two?

    I am reading and copying all of it, great work!

    0
     
    LVL 11

    Expert Comment

    by:WeHe
    yes it does matter.
    you can split your points. look here: http://www.experts-exchange.com/help.jsp#hi69
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    Here's the instructions for closing questions:

    http://www.experts-exchange.com/help.jsp#hs5

    There's apparently a split points button at the bottom.

    Beyond that it's entirely up to you ;)
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Oops!  I have two routers, so if it would help, I can put the other online.  Maybe this will change what WeHe posted above:

       Internet
          |
    Router Outside (68.162.85.5) Port 53,80 forwarded to Server1
               Inside (192.168.1.1)
          |
          --------------------------
          |                               |
       Server1                       Server2
    (192.168.1.106)             (192.168.1.101)
     External DNS                 Internal DNS (forwards requests for other zones to 192.168.1.106)

    I don't know.

    And, I chose Bind 8.2.4 because versions above 9 did not include the handy little BindControl gui.  I think I can upgrade though and still use it.

    Thanks, and I'll be doing a lot of reading and configuring today.

    Who do I hit the "Accept" button for?
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Lastly, after I read, I will go to the split points thing.  I would like to see if it all works before accepting, if that's okay with you, okay?

    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    Fine with me.

    I never knew BIND 8 had a GUI, I always did it from the command prompt with vi.

    The second router might change how you get traffic into your network. But it shouldn't really change anything in the way of DNS configuration.

    Still, hosting lots of servers internally should be planned carefully, and personally I wouldn't really recommend hosting your own external DNS with the Linksys Router - or really with anything but a private circuit (leased line / dedicated internet connection).
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    fine with me too.

    i would put the 2nd router as following:

       Internet
          |
    Router Outside (68.162.85.5) Port 53,80 forwarded to Server1
               DMZside (192.168.1.1)
          |
       Server1
    (192.168.1.106)
     External DNS
          |
    Router2 DMZside (192.168.1.2)
                Inside (10.1.1.1)
          |
      Server2
    (10.1.1.101)
    Internal DNS (forwards requests for other zones to 192.168.1.106)

    The internal net has to be changed to reflect the new address range.
    but you can also use the 10.x.x.x addresses in the network of server1 and leave the internal network untouched.
    this kind of network is called a DMZ (Server1 is isolated from the internal net, if the routers can do firewalling too)
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Thanks.  Give me about a day to absorb all of this and I will get back to you both.

    I am in the planning phase right now.  There is a distinct possibility of fiber being ready by the time I'm done.  So that's what I'm considering, moreso than a leased line.  Right now, I'm on a Business Plan.  I agree about the external DNS servers, and am considering registering Name Servers with NSI.

    I have to know, really, what I'm doing before I do all of this.  That espeically applies to adding substantial gearboxes like modules, Cisco's, hubs, ATM's, DSLAM's, etc.  Right now, even after too many years in computers, I still feel like an amateur!

    Be back tomorrow.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    First file, before I link or cascade routers: Let me see if I can get one file right before tomorrow, then tackle the others.

    stored temporarily as named.local.master.conf

    change to named.conf when working?

    File:

    /*
    BIND8 main confiuration file with master zone statements: named.conf
    */


    acl mynameservers {ip_list;};
    acl myrecursers {ip_list;};
    acl myqueriers {ip_list;};


    options
    {
    directory "c:\winnt\system32\dns\etc";
    allow-transfer {mynameservers;};
    allow-recursion {myrecursers;};
    fetch-glue no;
    version "";
    use-id-pool yes;
    };

    /* remove/add the comment delimiters below to activate/disactivate logging */
    /*
    logging
    {
     channel my_file {file "c:\winnt\system32\dns\etc\named.run"; severity debug; print-time yes; };
     category default {my_file;};
     category panic {my_file;};
     category packet {my_file;};
     category eventlib {my_file;};
     category queries {my_file;};
     category lame-servers { null;};
     category cname { null;};
    };
    */

    zone "." {
              type hint;
              file "db.cache";
      };

    /*  Is this okay?  Comments okay here?  Is the zone correct? */

    zone "Musics.com" {
           type master;
           file "db.Musics.com";
      };

      zone "1.168.192.IN-ADDR.ARPA" {
           type master;
           file "db.192.168.1";
      };

      zone "0.0.127.in-addr.arpa" {
           type master;
           file "db.127.0.0";
           allow-update { none; };
      };

      zone "musics.local" {
           type master;
           file "db.musics.local";
           allow-update { any; };
           allow-transfer { any; };
           allow-query { "any"; };
           notify yes;
      };


    0
     
    LVL 12

    Author Comment

    by:GinEric
    Also, thinking about buying some points.  What are they worth to you?  I don't know how points work, but I'm sure you both deserve more.  Will it help any to keep getting more answers on this question/thread?
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    Don't worry about the points from my point of view.

    The file looks fine. Remember that it'll be case sensitive for the zone file names.

    I don't think:

           allow-update { any; };

    Is supported in anything less than BIND 9, that's the dynamic update statement.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Okay. So now I have to do the db's etc., let me try to configure them also and get back to this question.

    When I'm done, I think I can just update to Bind 9 and still keep the BindControl, I don't see why it wouldn't work.

    Will take a few hours, meanwhile, a good program to check the DNS configuration?
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    nslookup

    There are some other mentioned in the book, but nslookup is still probably the most important.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Ack!  First set of errors: changed path to correct one.

    Bind start control: unknown ACL 'ip_list
    oops!  Is this only in Bind 9?  I can't find anything on a search for "ip_list" or "ACL ip_list" I know it's an Access Control List and filters for bad IP's or something, but all I can find is the C Source code.

    Do I need to either install Bind 9 or get a copy of ip_list somewhere?

    I can try to comment out for now.  Nope, it's in the file as:

    acl mynameservers {ip_list;};
    acl myrecursers {ip_list;};
    acl myqueriers {ip_list;};

    What to do here?  Actually put in the server IP's, or create a variable or file?  Or just upgrade to Bind 9?

    But Bind 8.2.4 runs after I fixed the directories.

    Maybe it found ip_list?

    Okay, now have to wait a bit for DNS update, is there a good program to test the DNS configuration by query as I go along with this new configuration?




    0
     
    LVL 12

    Author Comment

    by:GinEric
    Errors and corrections:

    1.
    Zone "musics.local" (file db.musics.local): No default TTL ($TTL <value>) set, using SOA minimum instead
    2.
    master zone "musics.local" (IN) rejected due to errors (serial 2001060106)
    oops!  I thought serials had to have this format?
    3.
    Forwarding source address is [0.0.0.0].4064
    Is this wrong?
    4.
    check_hints: A records for B.ROOT-SERVERS.NET class 1 do not match hint records
    5.
    check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records

    Well, while I look for info, and how to include spf in records [from DNSStuff suggestion], how is the "private" dns looking?




    0
     
    LVL 12

    Author Comment

    by:GinEric
    Well, break time.  Bind runs, but getting about 20 errors, the three for the 3 lines for ACL 'ip_list' and db.192.168.1:1: Database error near ()

    Also, I do not use this IP, so I don't know where this is coming from:

    db.192.168.1:3: SOA for "musics.com" not at zone top "1.168.192.IN-ADDR.ARPA"

    Maybe I should post the files?
    0
     
    LVL 12

    Author Comment

    by:GinEric
    db.192.168.1

    /*db.musics.com*/

    musics.com. IN SOA ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day

    musics.com.  IN NS  ns1.musics.local.

    www.musics.com.    IN A    192.168.1.106
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    change it to:
    db.192.168.1

    /*db.musics.com*/

    musics.com. IN SOA ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day
                              IN A 192.168.1.106
    musics.com.  IN NS  ns1.musics.local.
    www.musics.com.    IN A    192.168.1.106
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    oops i see. you tooke a forward zone file and changed it to a reverse zone file. bad idea.

    db.192.168.1

    @              IN SOA          ns1.musics.local. root.musics.com. (
                              1        ; Serial
                              10800    ; Refresh after 3 hours
                              3600     ; Retry after 1 hour
                              604800   ; Expire after 1 week
                              86400 )  ; Minimum TTL of 1 day
    106     IN A musics.com
    106     IN A www.musics.com
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    for sure you need a ending point behind the fqdn's (www.musics.com.)
    0
     
    LVL 11

    Expert Comment

    by:WeHe
    i am so confused today.
    it must be:
    106   PTR  musics.com.
    106   PTR  www.music.com.

    1. Zone "musics.local" (file db.musics.local): No default TTL ($TTL <value>) set, using SOA minimum instead
    put "$TTL 1W" as your first row in the zone file. (1 Week default Time-To-Live)
    2. master zone "musics.local" (IN) rejected due to errors (serial 2001060106)
    it means, there is a error in the zone file with this serial
    3. Forwarding source address is [0.0.0.0].4064
    I dont know at the moment. but usualy 0.0.0.0 means every address.
    4. check_hints: A records for B.ROOT-SERVERS.NET class 1 do not match hint records
    5. check_hints: A records for J.ROOT-SERVERS.NET class 1 do not match hint records
    update your root hint file
    0
     
    LVL 12

    Author Comment

    by:GinEric
    Say I didn't do that; take a forward zone and change it to a reverse zone . . . :(
    Ok.  Here is the real db.Musics.com

    ;example of forward zone file: Musics.com
    ;
    $TTL 86400
    @ SOA Beethoven.Musics.com. domain-admin.Musics.com. (
     2001060107      ; zone serial number in ccyymmddxx format
     3600            ; slave polls master for SOA/serial number
     1800            ; slave re-polls unreachable master
     864000            ; slave expires zone after master unreachable
     3600             ; TTL for negative answers
     )
    ;
    ;nameservers
    @ NS      Bigguy.gte.net.
    @ NS      Otherguy.gte.net.
    @NS      Beethoven.Musics.com.
    @NS      James.Musics.com
    ;
    localhost A 127.0.0.1
    ;
    ;mail
    @ MX 10 smtp.Musics.com.     ; internet sends mail here
    @ MX 20 Beethoven.Musics.com.   ; LAN sends mail here [put here by me]
    ;
    ;
    @ A      192.168.1.106     ; for URL without www prefix
    www      A 192.168.1.106   ;
    ftp A 192.168.1.106   ; maintain HTML docs
    ;
    pop A 192.168.1.106     ; users' mail program reads mail frompop server
    smtp A 192.168.1.106    ; users' mail program sends to SMTP (AUTH) server
    webmail A 68.162.85.5 ; on-line mail
    ;

    -------------------------------

    Next file:

    /*db.192.168.1*/

    @              IN SOA          Beethoven.musics.local. root.musics.com. (
                              1              ; Serial
                              10800          ; Refresh after 3 hours
                              3600           ; Retry after 1 hour
                              604800         ; Expire after 1 week
                              86400 )        ; Minimum TTL of 1 day
    106     IN A musics.com
    106     IN A www.musics.com

    -------------------------

    After this, I have to look at and compare all of the other files.

    I went by your advice on the db.192.168.1 on db.Musics.com I don't remember where I came up with that!

    Getting something to eat and think with again.

    I certainly appreciate this.  If you guys get tired of it, just let me know.

     
    0
     
    LVL 11

    Assisted Solution

    by:WeHe
    it should look like this (watch the PTR instead the A)
    /*db.192.168.1*/

    $TTL 1W
    @              IN SOA          Beethoven.musics.local. root.musics.com. (
                              1             ; Serial
                              10800         ; Refresh after 3 hours
                              3600          ; Retry after 1 hour
                              604800        ; Expire after 1 week
                              86400 )       ; Minimum TTL of 1 day
    106     PTR musics.com.
    106     PTR www.musics.com.
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    To get rid of the Hints errors update the Root Hints file. Here's some instructions for that:

    http://www.educ.umu.se/~bjorn/linux/howto/DNS-HOWTO-6.html

    You can also pick up the file via FTP from Internic. I think the FTP method is described in the book.

    The Musics.com zone file is missing a dot:

    @NS     James.Musics.com

    If you don't include a dot it appends the Origin to the address.

    I would include the IN statement just to make it all neater, so IN NS, IN A etc. Just aesthetics though.
    0
     
    LVL 70

    Expert Comment

    by:Chris Dent

    For these...

    www     A 192.168.1.106   ;
    ftp A 192.168.1.106   ; maintain HTML docs
    ;
    pop A 192.168.1.106     ; users' mail program reads mail frompop server
    smtp A 192.168.1.106    ; users' mail program sends to SMTP (AUTH) server

    You should really use CNAME values:

    www    IN A            192.168.1.106

    ftp        IN CNAME    192.168.1.106
    pop      IN CNAME     192.168.1.106
    smtp     IN CNAME    192.168.1.106
    0
     
    LVL 12

    Author Comment

    by:GinEric
    What file for the CNAME above?

    I am almost done.  Here are the main files.  See if you see any problems.  Also, the log file is at the end "named.run"  The only thing left is the variable "ACL namservers {ip_list}" and the two others, which get "unknown acl list" would that require Bind 9?

    Here goes:

    ; db.Musics.com
    ; example of forward(?) zone file: Musics.com
    ;
    $TTL 86400
    @ SOA Beethoven.Musics.com. domain-admin.Musics.com. (
     2001060107      ; zone serial number in ccyymmddxx format
     3600            ; slave polls master for SOA/serial number
     1800            ; slave re-polls unreachable master
     864000            ; slave expires zone after master unreachable
     3600             ; TTL for negative answers
     )
    ;
    ;nameservers
    @ IN NS      Bigguy.gte.net.
    @ IN NS      Otherguy.gte.net.
    @ IN NS      Beethoven.Musics.com.
    @ IN NS      James.Musics.com.
    ;
    localhost A 127.0.0.1
    ;
    ;mail
    @ IN MX 10 smtp.Musics.com.           ; internet sends mail here
    @ IN MX 20 Beethoven.Musics.com.         ; LAN sends mail here [put here by me]
    ;
    ;
    @ IN A      192.168.1.106          ; for URL without www prefix
    www      A 192.168.1.106         ;
    ftp A 192.168.1.106   ; maintain HTML docs
    ;
    pop A 192.168.1.106     ; users' mail program reads mail frompop server
    smtp A 192.168.1.106    ; users' mail program sends to SMTP (AUTH) server
    webmail A 68.162.85.5 ; on-line mail
    ;
    ________________________________________
    ; db.192.168.1
    ;
    $TTL 86400
    $ORIGIN 1.168.192.IN-ADDR.ARPA.
    @ SOA      Beethoven.Musics.local. root.Musics.com. (
     2001060107      ; zone serial number in ccyymmddxx format
     3600            ; slave polls master for SOA/serial number
     1800            ; slave re-polls unreachable master
     864000            ; slave expires zone after master unreachable
     3600             ; TTL for negative answers
     )
    ;nameservers
    @ IN      NS      Beethoven.Musics.com.
    @ IN      NS      James.Musics.com.
    ;
    $ORIGIN 1.168.192.IN-ADDR.ARPA.
    106      PTR       musics.com.
    106      PTR       www.musics.com.

    ;      PTR      smtp.musics.com.
    101      PTR      James.musics.com.
    ;      PTR      Beethoven.musics.com.
    ;      PTR      musics.net.
    ;10 PTR      smtp.musics.net.
    ;11 PTR      ftp.musics.net.
    ______________________________________
    ;;;;;;;;;;; db.127.0.0 file by Len Conrad
    $TTL 86400
    $ORIGIN 0.0.127.IN-ADDR.ARPA.
    @ SOA            Bigguy.gte.net. dnsadmin.gte.net. (
     2001060105      ; zone serial number in ccyymmddxx format
     3600            ; slave polls master for SOA/serial number
     1800            ; slave re-polls unreachable master
     864000            ; slave expires zone after master unreachable
     3600             ; TTL for negative answers
     )
    ;nameservers
    @ NS      Bigguy.gte.net.
    @ NS      Otherguy.gte.net.
    @ NS      Beethoven.Musics.com.
    ;
    1 PTR      localhost.
    ___________________________________
    /*
    BIND8 main confiuration file with master zone statements: named.conf
    from /named.local.master.conf
    */


    acl mynameservers {ip_list;};
    acl myrecursers {ip_list;};
    acl myqueriers {ip_list;};


    options
    {
    directory "c:\Windows\system32\dns\etc";
    allow-transfer {mynameservers;};
    allow-recursion {myrecursers;};
    fetch-glue no;
    version "";
    use-id-pool yes;
    };

    /* remove/add the comment delimiters below to activate/disactivate logging */

    logging
    {
     channel my_file {file "c:\Windows\system32\dns\etc\named.run"; severity debug; print-time yes; };
     category default {my_file;};
     category panic {my_file;};
     category packet {my_file;};
     category eventlib {my_file;};
     category queries {my_file;};
     category lame-servers { null;};
     category cname { null;};
    };


    zone "." {
              type hint;
              file "db.cache";
      };

    /*  Is this okay?  Comments okay here?  Is the zone correct? */

    zone "Musics.com" {
           type master;
           file "db.Musics.com";
      };

      zone "1.168.192.IN-ADDR.ARPA" {
           type master;
           file "db.192.168.1";
      };

      zone "0.0.127.in-addr.arpa" {
           type master;
           file "db.127.0.0";
           allow-update { none; };
      };

      zone "musics.local" {
           type master;
           file "db.musics.local";
           allow-update { any; };
           allow-transfer { any; };
           allow-query { "any"; };
           notify yes;
      };

    ____________________________________
    Bind 8.2.4 log file


    24-Oct-2004 17:58:32.000 hint zone "" (IN) loaded (serial 0)
    24-Oct-2004 17:58:32.000 master zone "Musics.com" (IN) loaded (serial 2001060107)
    24-Oct-2004 17:58:32.000 master zone "1.168.192.IN-ADDR.ARPA" (IN) loaded (serial 2001060107)
    24-Oct-2004 17:58:32.000 master zone "0.0.127.in-addr.arpa" (IN) loaded (serial 2001060105)
    24-Oct-2004 17:58:32.000 dynamic zone file 'db.musics.local' is writable
    24-Oct-2004 17:58:32.000 master zone "musics.local" (IN) loaded (serial 2001060106)
    24-Oct-2004 17:58:32.000 listening on [127.0.0.1].53 (Loopback Interface (interface 1))
    24-Oct-2004 17:58:32.000 listening on [192.168.1.106].53 (TCP/IP Interface 2)
    24-Oct-2004 17:58:32.000 Forwarding source address is [0.0.0.0].4500
    24-Oct-2004 17:58:32.000 Ready to answer queries.
    ________________________________________


    That's it.  I fixed the named.cache and the db.cache for the root servers.  The log file above is what I get, the only errors being the "acl ip_list unknown" which is in the event log, and not in the named.run log.

    Almost done.  Anyway, this thread is getting long, so if I start a new one I'll get some more points and let you both know.

    Have I almost got it?
    0
     
    LVL 70

    Accepted Solution

    by:
    These:

    www    IN A            192.168.1.106

    ftp        IN CNAME    192.168.1.106
    pop      IN CNAME     192.168.1.106
    smtp     IN CNAME    192.168.1.106

    Were posted as a tentative replacement for:

    www     A 192.168.1.106        ;
    ftp A 192.168.1.106   ; maintain HTML docs
    ;
    pop A 192.168.1.106     ; users' mail program reads mail frompop server
    smtp A 192.168.1.106    ; users' mail program sends to SMTP (AUTH) server
    webmail A 68.162.85.5 ; on-line mail

    In db.musics.com.

    Not too important though if it's working.

    The ACL command you have in named.conf is BIND 9 or higher only.

    Looking pretty good all in all though.
    0
     
    LVL 12

    Author Comment

    by:GinEric
    I think I got the point split right.

    Thanks a lot.  If I have another question, it will probably be "DNS need help 2"

    I will be on the lookout for both of your helpful works.

    Musics.com
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: Foundations of Front-End Development

    Jump-start a lucrative career in front-end web development, with zero previous coding experience required. This course covers the basic programming concepts and languages required for creating engaging websites from scratch.

    Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
    Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now