[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 883
  • Last Modified:

BIND CHROOT DNS errors

I am having errors on my BIND chrooted DNS environment, I have not yet deployed or implemented any form of DNS from Linux/UNIX except for Windows, but this is necessary in order for me to test TLS/certificate in our LDAP server . The only requirement I need is to be able to setup correctly a Master Name Server that would resolve my hosts inside the network(hostname to IP & IP to hostname). I am getting confused setting up the zones correctly, (including the named.conf) I just need help from all the expert DNS guys out there who could possibly help check and look into my configs as I am working in a very time constraint project that is killing me, since this takes a long time for me to nail down. any help would be appreciated. Thanks

initially I am having this error below:

zone localdomain/IN: loading master file localdomain.zone: file not found
localhost_resolver/localdomain/IN: file not found
zone localhost/IN: loading master file localhost.zone: file not found
localhost_resolver/localhost/IN: file not found
zone 0.0.127.in-addr.arpa/IN: loading master file named.local: file not found
localhost_resolver/0.0.127.in-addr.arpa/IN: file not found
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading master file 

named.ip6.local: file not found
localhost_resolver/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: file 

not found
zone 255.in-addr.arpa/IN: loading master file named.broadcast: file not found
localhost_resolver/255.in-addr.arpa/IN: file not found
zone 0.in-addr.arpa/IN: loading master file named.zero: file not found
localhost_resolver/0.in-addr.arpa/IN: file not found
zone my.internal.zone/IN: loading master file my.internal.zone.db: file not found
internal/my.internal.zone/IN: file not found
zone dns-srv/IN: loading master file dns-srv.db: file not found
internal/dns-srv/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found

Open in new window


=================
But then after scaling down little by little, errors thrown left 1 line

[root@localhost /]# service named configtest
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

restarting named yielded the same result:
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
                                                           [FAILED]

The funny thing is, this /var/named/chroot/etc/named.root.hints path is existing and contains this named.root.hints file 100%, I just don't know where I missed..


And when I check /var/logs this is what I get:
Jan  9 01:58:00 dns-srv named[30094]: loading configuration: file not found
Jan  9 01:58:00 dns-srv named[30094]: exiting (due to fatal error)
Jan  9 01:58:09 dns-srv named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
Jan  9 02:11:55 localhost named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

Open in new window


My named.conf configuration:

Note: location of my named.conf
find . -name named.conf -print  
./usr/share/doc/bind-9.3.6/sample/etc/named.conf
./usr/share/system-config-bind/profiles/default/named.conf
./usr/share/logwatch/default.conf/services/named.conf
./var/named/chroot/etc/named.conf
./etc/dbus-1/system.d/named.conf
./etc/named.conf

Open in new window


My named.conf file is obtained from /var/named/chroot/etc , everytime I modify it, I notice the main /etc/named.conf gets prompted as well, it seems that both this files share only the same configuration

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and 
// its manual.
//
options
{
        listen-on port 53 { 127.0.0.1; 192.168.40.129; };
	#listen-on-v6 port 53 { ::1; };
        // Those options should be used carefully because they disable port
        // randomization
	 query-source    port 53;	
	// query-source-v6 port 53;
	
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named"; // the default
	pid-file		"/var/run/named/named.pid";
        dump-file 		"/var/named/da/cache_dump.db";
        statistics-file 	"/var/named/data/named_stats.txt";
        memstatistics-file 	"/var/named/data/named_mem_stats.txt";
        allow-query	{ localhost; 192.168.0.0; };
};
logging 
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };	
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// 
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
	match-clients 		{ localhost; 192.168.0.0/24; };
	match-destinations	{ localhost; 192.168.0.0/24; };
	recursion yes;
	# all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";
                 
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
	 * ONLY be served to localhost clients:
	 */
	include "/var/named/chroot/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
	match-clients		{ localnets; };
	match-destinations	{ localnets; };
	recursion yes;
	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

        // include "named.rfc1912.zones";
	// you should not serve your rfc1912 names to non-localhost clients.
 
	// These are your "authoritative" internal zones, and would probably
	// also be included in the "localhost_resolver" view above :

	zone "my.internal.zone" { 
		type master;
		file "my.internal.zone.db";
	};
#	zone "my.slave.internal.zone" {
#		type slave;
#		file "slaves/my.slave.internal.zone.db";
#		masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
		// put slave zones in the slaves/ directory so named can update them
#	};	
	zone "dns-srv.zone" {
		type master;
		#allow-update { key ddns_key; };
		#file "slaves/my.ddns.internal.zone.db";
		 file "dns-srv.zone";
		// put dynamically updateable zones in the slaves/ directory so named can update them
	};			
};
#key ddns_key
#{
#	algorithm hmac-md5;
#	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
	match-clients		{ any; };
	match-destinations	{ any; };

	recursion no;
	// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

	allow-query-cache { none; };
	// Disable lookups for any cached data and root hints

	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

	// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#	zone "my.external.zone" { 
#		type master;
#		file "my.external.zone.db";
#	};
};

Open in new window

0
kamoteman2013
Asked:
kamoteman2013
  • 6
  • 3
  • 2
2 Solutions
 
Duncan RoeSoftware DeveloperCommented:
Get it working without chroot first
0
 
kamoteman2013Author Commented:
how do I do that exactly? I started without chroot originally but I never found any sample files and the named.conf was empty without chroot(where I copied sample files)
0
 
Duncan RoeSoftware DeveloperCommented:
I could give you my DNS configs if you like. Do you need the ones that do dynamic DNS updating (including dhcpd.conf) or do you have only static IPs? Either way, my setup queries other DNS servers for anything other than local hosts.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
kamoteman2013Author Commented:
Thanks Duncan, I'm ok with that, but I don't know exactly what and whether I need DynDNS. I told my boss I am doing it inside a VM first before I make changes to the live server. But if anything helps to build a Master DNS and have all our servers resolved internally(hostname to IP & IP to hostname) I would appreciate it, since there is nothing hosted off the internet. I am not using static IP for my DNS VM since VM has its own built in DHCP where it obtains a range of Class C IP.
0
 
kamoteman2013Author Commented:
Do you need my email address? or would you post it here Duncan? Thanks. I have sleepless nightmares because of this hehe
0
 
Duncan RoeSoftware DeveloperCommented:
This is for my little LAN on 10.255.255.0 netmask 255.255.255.0.
Remove the .txt extension from all files. named.conf goes in /etc, and the other 2 go in /var/named.
Add new hosts to each of local.net (regular lookup) and ten.lacol (reverse lookup).
In my network, dullstar was the name server - substitute yours.
Put external DNS servers in the forwarders line in named.conf (as many as you like). Add your nameserver IP address to /etc/resolv.conf on all systems
named.conf.txt
local.net.txt
ten.lacol.txt
0
 
kamoteman2013Author Commented:
thanks, I will do this right now and let you know the progress. I appreciate it
0
 
SandyCommented:
to be very clear with you... install one more pkg and run it

#system-config-bind

will rollout all the issues in case your system has connectivity to internet.

TY/SA
0
 
kamoteman2013Author Commented:
I managed to get it up and running, Thanks for your Help Duncan & Sandeep, I appreciate it.
0
 
SandyCommented:
Your welcome... :)
0
 
kamoteman2013Author Commented:
thanks all
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now