Posted on 2014-01-08
Medium Priority
Last Modified: 2014-02-13
I am having errors on my BIND chrooted DNS environment, I have not yet deployed or implemented any form of DNS from Linux/UNIX except for Windows, but this is necessary in order for me to test TLS/certificate in our LDAP server . The only requirement I need is to be able to setup correctly a Master Name Server that would resolve my hosts inside the network(hostname to IP & IP to hostname). I am getting confused setting up the zones correctly, (including the named.conf) I just need help from all the expert DNS guys out there who could possibly help check and look into my configs as I am working in a very time constraint project that is killing me, since this takes a long time for me to nail down. any help would be appreciated. Thanks

initially I am having this error below:

zone localdomain/IN: loading master file localdomain.zone: file not found
localhost_resolver/localdomain/IN: file not found
zone localhost/IN: loading master file localhost.zone: file not found
localhost_resolver/localhost/IN: file not found
zone 0.0.127.in-addr.arpa/IN: loading master file named.local: file not found
localhost_resolver/0.0.127.in-addr.arpa/IN: file not found
zone loading master file 

named.ip6.local: file not found
localhost_resolver/ file 

not found
zone 255.in-addr.arpa/IN: loading master file named.broadcast: file not found
localhost_resolver/255.in-addr.arpa/IN: file not found
zone 0.in-addr.arpa/IN: loading master file named.zero: file not found
localhost_resolver/0.in-addr.arpa/IN: file not found
zone my.internal.zone/IN: loading master file my.internal.zone.db: file not found
internal/my.internal.zone/IN: file not found
zone dns-srv/IN: loading master file dns-srv.db: file not found
internal/dns-srv/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found

Open in new window

But then after scaling down little by little, errors thrown left 1 line

[root@localhost /]# service named configtest
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

restarting named yielded the same result:
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

The funny thing is, this /var/named/chroot/etc/named.root.hints path is existing and contains this named.root.hints file 100%, I just don't know where I missed..

And when I check /var/logs this is what I get:
Jan  9 01:58:00 dns-srv named[30094]: loading configuration: file not found
Jan  9 01:58:00 dns-srv named[30094]: exiting (due to fatal error)
Jan  9 01:58:09 dns-srv named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
Jan  9 02:11:55 localhost named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

Open in new window

My named.conf configuration:

Note: location of my named.conf
find . -name named.conf -print  

Open in new window

My named.conf file is obtained from /var/named/chroot/etc , everytime I modify it, I notice the main /etc/named.conf gets prompted as well, it seems that both this files share only the same configuration

// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and 
// its manual.
        listen-on port 53 {;; };
	#listen-on-v6 port 53 { ::1; };
        // Those options should be used carefully because they disable port
        // randomization
	 query-source    port 53;	
	// query-source-v6 port 53;
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named"; // the default
	pid-file		"/var/run/named/named.pid";
        dump-file 		"/var/named/da/cache_dump.db";
        statistics-file 	"/var/named/data/named_stats.txt";
        memstatistics-file 	"/var/named/data/named_mem_stats.txt";
        allow-query	{ localhost;; };
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
        channel default_debug {
                file "data/named.run";
                severity dynamic;
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
view "localhost_resolver"
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
	match-clients 		{ localhost;; };
	match-destinations	{ localhost;; };
	recursion yes;
	# all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
	 * ONLY be served to localhost clients:
	include "/var/named/chroot/etc/named.rfc1912.zones";
view "internal"
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
	match-clients		{ localnets; };
	match-destinations	{ localnets; };
	recursion yes;
	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

        // include "named.rfc1912.zones";
	// you should not serve your rfc1912 names to non-localhost clients.
	// These are your "authoritative" internal zones, and would probably
	// also be included in the "localhost_resolver" view above :

	zone "my.internal.zone" { 
		type master;
		file "my.internal.zone.db";
#	zone "my.slave.internal.zone" {
#		type slave;
#		file "slaves/my.slave.internal.zone.db";
#		masters { /* put master nameserver IPs here */; } ;
		// put slave zones in the slaves/ directory so named can update them
#	};	
	zone "dns-srv.zone" {
		type master;
		#allow-update { key ddns_key; };
		#file "slaves/my.ddns.internal.zone.db";
		 file "dns-srv.zone";
		// put dynamically updateable zones in the slaves/ directory so named can update them
#key ddns_key
#	algorithm hmac-md5;
#	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
view    "external"
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
	match-clients		{ any; };
	match-destinations	{ any; };

	recursion no;
	// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

	allow-query-cache { none; };
	// Disable lookups for any cached data and root hints

	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

	// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#	zone "my.external.zone" { 
#		type master;
#		file "my.external.zone.db";
#	};

Open in new window

Question by:kamoteman2013
  • 6
  • 3
  • 2
LVL 35

Expert Comment

by:Duncan Roe
ID: 39766438
Get it working without chroot first

Author Comment

ID: 39767070
how do I do that exactly? I started without chroot originally but I never found any sample files and the named.conf was empty without chroot(where I copied sample files)
LVL 35

Expert Comment

by:Duncan Roe
ID: 39767470
I could give you my DNS configs if you like. Do you need the ones that do dynamic DNS updating (including dhcpd.conf) or do you have only static IPs? Either way, my setup queries other DNS servers for anything other than local hosts.
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.


Author Comment

ID: 39768253
Thanks Duncan, I'm ok with that, but I don't know exactly what and whether I need DynDNS. I told my boss I am doing it inside a VM first before I make changes to the live server. But if anything helps to build a Master DNS and have all our servers resolved internally(hostname to IP & IP to hostname) I would appreciate it, since there is nothing hosted off the internet. I am not using static IP for my DNS VM since VM has its own built in DHCP where it obtains a range of Class C IP.

Author Comment

ID: 39768286
Do you need my email address? or would you post it here Duncan? Thanks. I have sleepless nightmares because of this hehe
LVL 35

Accepted Solution

Duncan Roe earned 1520 total points
ID: 39769410
This is for my little LAN on netmask
Remove the .txt extension from all files. named.conf goes in /etc, and the other 2 go in /var/named.
Add new hosts to each of local.net (regular lookup) and ten.lacol (reverse lookup).
In my network, dullstar was the name server - substitute yours.
Put external DNS servers in the forwarders line in named.conf (as many as you like). Add your nameserver IP address to /etc/resolv.conf on all systems

Author Comment

ID: 39772243
thanks, I will do this right now and let you know the progress. I appreciate it
LVL 13

Expert Comment

ID: 39811680
to be very clear with you... install one more pkg and run it


will rollout all the issues in case your system has connectivity to internet.


Author Comment

ID: 39830769
I managed to get it up and running, Thanks for your Help Duncan & Sandeep, I appreciate it.
LVL 13

Assisted Solution

Sandy earned 480 total points
ID: 39831626
Your welcome... :)

Author Closing Comment

ID: 39832938
thanks all

Featured Post

A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question