I am having errors on my BIND chrooted DNS environment, I have not yet deployed or implemented any form of DNS from Linux/UNIX except for Windows, but this is necessary in order for me to test TLS/certificate in our LDAP server . The only requirement I need is to be able to setup correctly a Master Name Server that would resolve my hosts inside the network(hostname to IP & IP to hostname). I am getting confused setting up the zones correctly, (including the named.conf) I just need help from all the expert DNS guys out there who could possibly help check and look into my configs as I am working in a very time constraint project that is killing me, since this takes a long time for me to nail down. any help would be appreciated. Thanks

initially I am having this error below:

zone localdomain/IN: loading master file file not found
localhost_resolver/localdomain/IN: file not found
zone localhost/IN: loading master file file not found
localhost_resolver/localhost/IN: file not found
zone loading master file named.local: file not found
localhost_resolver/ file not found
zone loading master file 

named.ip6.local: file not found
localhost_resolver/ file 

not found
zone loading master file named.broadcast: file not found
localhost_resolver/ file not found
zone loading master file file not found
localhost_resolver/ file not found
zone loading master file file not found
internal/ file not found
zone dns-srv/IN: loading master file dns-srv.db: file not found
internal/dns-srv/IN: file not found
zone loading master file file not found
external/ file not found

Open in new window

But then after scaling down little by little, errors thrown left 1 line

[root@localhost /]# service named configtest
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

restarting named yielded the same result:
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

The funny thing is, this /var/named/chroot/etc/named.root.hints path is existing and contains this named.root.hints file 100%, I just don't know where I missed..

And when I check /var/logs this is what I get:
Jan  9 01:58:00 dns-srv named[30094]: loading configuration: file not found
Jan  9 01:58:00 dns-srv named[30094]: exiting (due to fatal error)
Jan  9 01:58:09 dns-srv named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
Jan  9 02:11:55 localhost named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

Open in new window

My named.conf configuration:

Note: location of my named.conf
find . -name named.conf -print  

Open in new window

My named.conf file is obtained from /var/named/chroot/etc , everytime I modify it, I notice the main /etc/named.conf gets prompted as well, it seems that both this files share only the same configuration

// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and 
// its manual.
        listen-on port 53 {;; };
	#listen-on-v6 port 53 { ::1; };
        // Those options should be used carefully because they disable port
        // randomization
	 query-source    port 53;	
	// query-source-v6 port 53;
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named"; // the default
	pid-file		"/var/run/named/";
        dump-file 		"/var/named/da/cache_dump.db";
        statistics-file 	"/var/named/data/named_stats.txt";
        memstatistics-file 	"/var/named/data/named_mem_stats.txt";
        allow-query	{ localhost;; };
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the '' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
        channel default_debug {
                file "data/";
                severity dynamic;
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
view "localhost_resolver"
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
	match-clients 		{ localhost;; };
	match-destinations	{ localhost;; };
	recursion yes;
	# all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
	 * ONLY be served to localhost clients:
	include "/var/named/chroot/etc/named.rfc1912.zones";
view "internal"
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
	match-clients		{ localnets; };
	match-destinations	{ localnets; };
	recursion yes;
	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

        // include "named.rfc1912.zones";
	// you should not serve your rfc1912 names to non-localhost clients.
	// These are your "authoritative" internal zones, and would probably
	// also be included in the "localhost_resolver" view above :

	zone "" { 
		type master;
		file "";
#	zone "" {
#		type slave;
#		file "slaves/";
#		masters { /* put master nameserver IPs here */; } ;
		// put slave zones in the slaves/ directory so named can update them
#	};	
	zone "" {
		type master;
		#allow-update { key ddns_key; };
		#file "slaves/";
		 file "";
		// put dynamically updateable zones in the slaves/ directory so named can update them
#key ddns_key
#	algorithm hmac-md5;
#	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
view    "external"
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
	match-clients		{ any; };
	match-destinations	{ any; };

	recursion no;
	// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

	allow-query-cache { none; };
	// Disable lookups for any cached data and root hints

	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

	// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#	zone "" { 
#		type master;
#		file "";
#	};

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Duncan RoeSoftware DeveloperCommented:
Get it working without chroot first
kamoteman2013Author Commented:
how do I do that exactly? I started without chroot originally but I never found any sample files and the named.conf was empty without chroot(where I copied sample files)
Duncan RoeSoftware DeveloperCommented:
I could give you my DNS configs if you like. Do you need the ones that do dynamic DNS updating (including dhcpd.conf) or do you have only static IPs? Either way, my setup queries other DNS servers for anything other than local hosts.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

kamoteman2013Author Commented:
Thanks Duncan, I'm ok with that, but I don't know exactly what and whether I need DynDNS. I told my boss I am doing it inside a VM first before I make changes to the live server. But if anything helps to build a Master DNS and have all our servers resolved internally(hostname to IP & IP to hostname) I would appreciate it, since there is nothing hosted off the internet. I am not using static IP for my DNS VM since VM has its own built in DHCP where it obtains a range of Class C IP.
kamoteman2013Author Commented:
Do you need my email address? or would you post it here Duncan? Thanks. I have sleepless nightmares because of this hehe
Duncan RoeSoftware DeveloperCommented:
This is for my little LAN on netmask
Remove the .txt extension from all files. named.conf goes in /etc, and the other 2 go in /var/named.
Add new hosts to each of (regular lookup) and ten.lacol (reverse lookup).
In my network, dullstar was the name server - substitute yours.
Put external DNS servers in the forwarders line in named.conf (as many as you like). Add your nameserver IP address to /etc/resolv.conf on all systems

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kamoteman2013Author Commented:
thanks, I will do this right now and let you know the progress. I appreciate it
to be very clear with you... install one more pkg and run it


will rollout all the issues in case your system has connectivity to internet.

kamoteman2013Author Commented:
I managed to get it up and running, Thanks for your Help Duncan & Sandeep, I appreciate it.
Your welcome... :)
kamoteman2013Author Commented:
thanks all
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.