Solved

Centos Bind DNS Problem

Posted on 2009-05-10
12
2,122 Views
Last Modified: 2013-11-08
I'm having trouble setting up the Bind DNS server on a Centos 5 machine (Bind 9).
I've so far followed a guide in "O'Reilly: DNS & BIND 4th ed", and done a bit of web trawling. What i've go looks ok to me, but the bottom line is that it does not work!

Bind installed with "yum install bind" - all went in ok.
The router forwards UDP port 53 to the server.
I've put what I think is correct into /etc/named.conf and /var/named/db.domainname.org.uk.
db.cache is also in that folder.

where domainname.org.uk is the domain that i'm trying to set up.

I've copied and pasted (and replaced the actual name with domainname) these 2 files below.

I'd much appreciate some expert advice!
Thanks in advance,
Phil.


Also, if it helps, i've tried nslookup from the server itself I get this:
nslookup domainame.org.uk returns:
Server:       127.0.0.1
Address:     127.0.0.1#53

and nslookup www.domainname.org.uk returns:
Server:       127.0.0.1
Address:     127.0.0.1#53

Name:     www.domainname.org.uk
Address: 181.186.156.104
Name:     www.domainame.org.uk
Address:   192.168.2.200

From any other machine either on the local network, or remote, nslookup fails.
named.conf as follows:
----------------------------
options {
	directory "/var/named";
	//Place additional options here
};
 
zone "domainname.org.uk" in {
	type master;
	file "db.domainname.org.uk.";
};
 
zone "." in {
	type hint;
	file "db.cache";
};
 
-------------------------------------------
db.domainname.org.uk. as follows:
-------------------------------------------
$TTL 3h
domainame.org.uk. IN SOA ns1.domainname.org.uk. root.domainname.org.uk. (
	1	; Serial
	3h	; Refresh after 3 hours
	1h	; Retry after 1 hour
	1w	; Expire after 1 week
	1h )	; Negative caching TTL of 1 day	 
 
 
;
; Name Servers
;
domainame.org.uk.	IN NS	ns1.domainame.org.uk.
domainame.org.uk	IN NS	ns2.domainame.org.uk.
 
;
; Host Addresses
;
localhost.domainame.org.uk.	IN A	127.0.0.1
www.domainame.org.uk.	IN A	181.186.156.104
www.domainame.org.uk.	IN A	192.168.2.200
;
; Aliases
;
phil.domainname.org.uk.	IN CNAME domainname.org.uk.

Open in new window

0
Comment
Question by:phil8258
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24348272
did you create a reverse lookup domain for your server ip address?

What messages do you get when you start the named server?
0
 
LVL 26

Accepted Solution

by:
jar3817 earned 300 total points
ID: 24348541
When you say nslookup fails from other clients, do they return NXDOMAIN or just timeout?

Did you add an exception in iptables to let the DNS traffic in? Type "/sbin/iptables-save" as root and you'll see all the firewall rules. You SHOULD see something like:

-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

If you don't you can add it by typing:

/sbin/iptables -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

I don't use CentOS, but I know it's very similar to Redhat and Fedora, so you might be able to change the firewall settings by editing the /etc/sysconfig/iptables file. If you change the file, just restart iptables with a "/etc/rc.d/init.d/iptables restart"
0
 

Author Comment

by:phil8258
ID: 24348641
Thank you both for your help.
1) What is a reverse lookup domain? - I've not created one...
2) /etc/init.d/named restart produces:
         Stopping named:          [   OK   ]
         Starting named:            [   OK   ]
3) nslookup from another machine (a remote one) produces:
         ;; connection timed out; no servers could be reached
4) It seemed to accept the input of port 53 to the iptabes as you suggested, and restarted without any errors. But unfortunately, this does not seem to be the answer either (though i'm in no doubt was probably necessary).
Any other ideas?
Cheers,
Phil.
 
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:phil8258
ID: 24348647
Actually,
I've just checked /sbin/iptables-save again and the line that should have added is not in there.
Is there an alternative way to add it?
Cheers,
Phil.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 200 total points
ID: 24348850
a reverse lookup is a zone you create to map ip address to domain name. BIND will not star if there is no reverse zones for loopback address (127.0.0.1) , see how to create 0.0.127.in-addr.arpa zone:

http://en.kioskea.net/contents/intranet/resdns.php3
0
 

Author Comment

by:phil8258
ID: 24349077
Hi omarfarid,
I've tried to follow that guide, two zones "0.0.127.in-addr.arpa" and "2.168.192.in-addr.arpa"
Also created two new files in /var/named/: "named.local" and "domainname.org.uk.rev"
in the local files it seemed appropriate to use the name of the server in places, which is "volcano".
I've included the contents of the files, the error that I now get on starting the server is:
Error in named configuration:
zone 0.0.127.in-addr.arpa/IN: has no NS records
_default/0.0.127.in-addr.arpa/IN: bad zone
zone 2.168.192.in-addr.arpa/IN: loaded serial 1997022700
zone domainname.org.uk/IN: loaded serial 1
[   FAILED   ]
What's wrong??
Cheers,
Phil.

named.local is as follows:
-------------------------
$TTL 3h
@	IN	SOA	volcano.localhost. root.volcano.localhost. (
		1997022700	; Serial
		28800		; Refresh
		14400		; Retry
		3600000		; Expire
		86400 )		; Minimum
IN	NS	volcano.localhost.
1	IN	PTR	localhost.
 
---------------------------------------
domainname.org.uk.rev is as follows:
---------------------------------------
 
$TTL 3h
@	IN	SOA	domainname.org.uk. root.domainame.org.uk. (
		1997022700	; Serial
		28800		; Refresh
		14400		; Retry
		3600000		; Expire
		86400 )		; Minimum
		IN	NS		domainname.org.uk.
1	IN	PTR	domainname.org.uk.
20	IN	PTR	phil.domainname.org.uk.
 
-----------------------------------
the modifications to named.conf are as follows:
-----------------------------------
 
//
// Declaring the reverse lookup zone
//
zone "0.0.127.in-addr.arpa" {
 type master;
 file "named.local";
};
zone "2.168.192.in-addr.arpa"{
 notify no;
 type master;
 file "domainname.org.uk.rev";
};

Open in new window

0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24351208
Where is the A record for  volcano.localhost. in line below

                      IN      NS      volcano.localhost.

0
 
LVL 26

Assisted Solution

by:jar3817
jar3817 earned 300 total points
ID: 24353669
If you're getting ";; connection timed out; no servers could be reached" then the traffic is never actually getting to the named process. One of the problems is the firewall. Edit your /etc/sysconfig/iptables file and add
"-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT"
near the end before any REJECT or DROP lines and restart iptables.
0
 
LVL 19

Expert Comment

by:jools
ID: 24378907
Have you read one of the online tutorials?
something like; http://www.cyberciti.biz/faq/caching-dns-server/

0
 

Author Comment

by:phil8258
ID: 24379603
Hi All,
I think I've got it now... Thanks!
It started working after I got the port 53 added to the /etc/config/iptables file.
Though all the tutorials suggest the 0.0.127-in-arpa stuff, I don't understand what these really do, and the thing continues to work for domain name > IP address resolution after I comment out line 35 - 43 in the last posting of named.conf. Is there a reason why I should have these??
Thanks all!
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24381542
the named server when it runs it looks for the loop back address (127.0.0.1) reverse address and if it does not find it fails to start. So, please configure it as it is required.
0
 

Author Comment

by:phil8258
ID: 24387904
I've managed it at last!!
named.local looking like the attached.
Only thing I've not got now is the reverse zone for domainname.org.uk - but it all seems just fine without it.
Cheers,
Phil.

;
;  Database file 0.0.127.in-addr.arpa.dns for 0.0.127.in-addr.arpa zone.
;      Zone version:  1
;
 
@                       IN  SOA volcano.  hostmaster. (
                                1            ; serial number
                                900          ; refresh
                                600          ; retry
                                86400        ; expire
                                3600       ) ; default TTL
 
;
;  Zone NS records
;
 
@                       NS      volcano.
 
;
;  Zone records
;

Open in new window

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you sitting there reading this and wondering how to get started with Linux? It almost seems like picking the right Linux distribution is about like picking the right college or buying a new car if you read some of the article out there. Relax… l…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question