Solved

BIND CHROOT DNS errors

Posted on 2014-01-08
12
794 Views
Last Modified: 2014-02-13
I am having errors on my BIND chrooted DNS environment, I have not yet deployed or implemented any form of DNS from Linux/UNIX except for Windows, but this is necessary in order for me to test TLS/certificate in our LDAP server . The only requirement I need is to be able to setup correctly a Master Name Server that would resolve my hosts inside the network(hostname to IP & IP to hostname). I am getting confused setting up the zones correctly, (including the named.conf) I just need help from all the expert DNS guys out there who could possibly help check and look into my configs as I am working in a very time constraint project that is killing me, since this takes a long time for me to nail down. any help would be appreciated. Thanks

initially I am having this error below:

zone localdomain/IN: loading master file localdomain.zone: file not found
localhost_resolver/localdomain/IN: file not found
zone localhost/IN: loading master file localhost.zone: file not found
localhost_resolver/localhost/IN: file not found
zone 0.0.127.in-addr.arpa/IN: loading master file named.local: file not found
localhost_resolver/0.0.127.in-addr.arpa/IN: file not found
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading master file 

named.ip6.local: file not found
localhost_resolver/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: file 

not found
zone 255.in-addr.arpa/IN: loading master file named.broadcast: file not found
localhost_resolver/255.in-addr.arpa/IN: file not found
zone 0.in-addr.arpa/IN: loading master file named.zero: file not found
localhost_resolver/0.in-addr.arpa/IN: file not found
zone my.internal.zone/IN: loading master file my.internal.zone.db: file not found
internal/my.internal.zone/IN: file not found
zone dns-srv/IN: loading master file dns-srv.db: file not found
internal/dns-srv/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found

Open in new window


=================
But then after scaling down little by little, errors thrown left 1 line

[root@localhost /]# service named configtest
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

restarting named yielded the same result:
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
                                                           [FAILED]

The funny thing is, this /var/named/chroot/etc/named.root.hints path is existing and contains this named.root.hints file 100%, I just don't know where I missed..


And when I check /var/logs this is what I get:
Jan  9 01:58:00 dns-srv named[30094]: loading configuration: file not found
Jan  9 01:58:00 dns-srv named[30094]: exiting (due to fatal error)
Jan  9 01:58:09 dns-srv named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
Jan  9 02:11:55 localhost named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

Open in new window


My named.conf configuration:

Note: location of my named.conf
find . -name named.conf -print  
./usr/share/doc/bind-9.3.6/sample/etc/named.conf
./usr/share/system-config-bind/profiles/default/named.conf
./usr/share/logwatch/default.conf/services/named.conf
./var/named/chroot/etc/named.conf
./etc/dbus-1/system.d/named.conf
./etc/named.conf

Open in new window


My named.conf file is obtained from /var/named/chroot/etc , everytime I modify it, I notice the main /etc/named.conf gets prompted as well, it seems that both this files share only the same configuration

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and 
// its manual.
//
options
{
        listen-on port 53 { 127.0.0.1; 192.168.40.129; };
	#listen-on-v6 port 53 { ::1; };
        // Those options should be used carefully because they disable port
        // randomization
	 query-source    port 53;	
	// query-source-v6 port 53;
	
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named"; // the default
	pid-file		"/var/run/named/named.pid";
        dump-file 		"/var/named/da/cache_dump.db";
        statistics-file 	"/var/named/data/named_stats.txt";
        memstatistics-file 	"/var/named/data/named_mem_stats.txt";
        allow-query	{ localhost; 192.168.0.0; };
};
logging 
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };	
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// 
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
	match-clients 		{ localhost; 192.168.0.0/24; };
	match-destinations	{ localhost; 192.168.0.0/24; };
	recursion yes;
	# all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";
                 
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
	 * ONLY be served to localhost clients:
	 */
	include "/var/named/chroot/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
	match-clients		{ localnets; };
	match-destinations	{ localnets; };
	recursion yes;
	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

        // include "named.rfc1912.zones";
	// you should not serve your rfc1912 names to non-localhost clients.
 
	// These are your "authoritative" internal zones, and would probably
	// also be included in the "localhost_resolver" view above :

	zone "my.internal.zone" { 
		type master;
		file "my.internal.zone.db";
	};
#	zone "my.slave.internal.zone" {
#		type slave;
#		file "slaves/my.slave.internal.zone.db";
#		masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
		// put slave zones in the slaves/ directory so named can update them
#	};	
	zone "dns-srv.zone" {
		type master;
		#allow-update { key ddns_key; };
		#file "slaves/my.ddns.internal.zone.db";
		 file "dns-srv.zone";
		// put dynamically updateable zones in the slaves/ directory so named can update them
	};			
};
#key ddns_key
#{
#	algorithm hmac-md5;
#	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
	match-clients		{ any; };
	match-destinations	{ any; };

	recursion no;
	// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

	allow-query-cache { none; };
	// Disable lookups for any cached data and root hints

	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

	// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#	zone "my.external.zone" { 
#		type master;
#		file "my.external.zone.db";
#	};
};

Open in new window

0
Comment
Question by:kamoteman2013
  • 6
  • 3
  • 2
12 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39766438
Get it working without chroot first
0
 

Author Comment

by:kamoteman2013
ID: 39767070
how do I do that exactly? I started without chroot originally but I never found any sample files and the named.conf was empty without chroot(where I copied sample files)
0
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39767470
I could give you my DNS configs if you like. Do you need the ones that do dynamic DNS updating (including dhcpd.conf) or do you have only static IPs? Either way, my setup queries other DNS servers for anything other than local hosts.
0
 

Author Comment

by:kamoteman2013
ID: 39768253
Thanks Duncan, I'm ok with that, but I don't know exactly what and whether I need DynDNS. I told my boss I am doing it inside a VM first before I make changes to the live server. But if anything helps to build a Master DNS and have all our servers resolved internally(hostname to IP & IP to hostname) I would appreciate it, since there is nothing hosted off the internet. I am not using static IP for my DNS VM since VM has its own built in DHCP where it obtains a range of Class C IP.
0
 

Author Comment

by:kamoteman2013
ID: 39768286
Do you need my email address? or would you post it here Duncan? Thanks. I have sleepless nightmares because of this hehe
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 34

Accepted Solution

by:
Duncan Roe earned 380 total points
ID: 39769410
This is for my little LAN on 10.255.255.0 netmask 255.255.255.0.
Remove the .txt extension from all files. named.conf goes in /etc, and the other 2 go in /var/named.
Add new hosts to each of local.net (regular lookup) and ten.lacol (reverse lookup).
In my network, dullstar was the name server - substitute yours.
Put external DNS servers in the forwarders line in named.conf (as many as you like). Add your nameserver IP address to /etc/resolv.conf on all systems
named.conf.txt
local.net.txt
ten.lacol.txt
0
 

Author Comment

by:kamoteman2013
ID: 39772243
thanks, I will do this right now and let you know the progress. I appreciate it
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39811680
to be very clear with you... install one more pkg and run it

#system-config-bind

will rollout all the issues in case your system has connectivity to internet.

TY/SA
0
 

Author Comment

by:kamoteman2013
ID: 39830769
I managed to get it up and running, Thanks for your Help Duncan & Sandeep, I appreciate it.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 120 total points
ID: 39831626
Your welcome... :)
0
 

Author Closing Comment

by:kamoteman2013
ID: 39832938
thanks all
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now