troubleshooting Question

BIND CHROOT DNS errors

Avatar of kamoteman2013
kamoteman2013 asked on
Linux
11 Comments2 Solutions1005 ViewsLast Modified:
I am having errors on my BIND chrooted DNS environment, I have not yet deployed or implemented any form of DNS from Linux/UNIX except for Windows, but this is necessary in order for me to test TLS/certificate in our LDAP server . The only requirement I need is to be able to setup correctly a Master Name Server that would resolve my hosts inside the network(hostname to IP & IP to hostname). I am getting confused setting up the zones correctly, (including the named.conf) I just need help from all the expert DNS guys out there who could possibly help check and look into my configs as I am working in a very time constraint project that is killing me, since this takes a long time for me to nail down. any help would be appreciated. Thanks

initially I am having this error below:

zone localdomain/IN: loading master file localdomain.zone: file not found
localhost_resolver/localdomain/IN: file not found
zone localhost/IN: loading master file localhost.zone: file not found
localhost_resolver/localhost/IN: file not found
zone 0.0.127.in-addr.arpa/IN: loading master file named.local: file not found
localhost_resolver/0.0.127.in-addr.arpa/IN: file not found
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading master file 

named.ip6.local: file not found
localhost_resolver/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: file 

not found
zone 255.in-addr.arpa/IN: loading master file named.broadcast: file not found
localhost_resolver/255.in-addr.arpa/IN: file not found
zone 0.in-addr.arpa/IN: loading master file named.zero: file not found
localhost_resolver/0.in-addr.arpa/IN: file not found
zone my.internal.zone/IN: loading master file my.internal.zone.db: file not found
internal/my.internal.zone/IN: file not found
zone dns-srv/IN: loading master file dns-srv.db: file not found
internal/dns-srv/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found

=================
But then after scaling down little by little, errors thrown left 1 line

[root@localhost /]# service named configtest
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

restarting named yielded the same result:
/etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
                                                           [FAILED]

The funny thing is, this /var/named/chroot/etc/named.root.hints path is existing and contains this named.root.hints file 100%, I just don't know where I missed..


And when I check /var/logs this is what I get:
Jan  9 01:58:00 dns-srv named[30094]: loading configuration: file not found
Jan  9 01:58:00 dns-srv named[30094]: exiting (due to fatal error)
Jan  9 01:58:09 dns-srv named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found
Jan  9 02:11:55 localhost named: /etc/named.conf:60: open: /var/named/chroot/etc/named.root.hints: file not found

My named.conf configuration:

Note: location of my named.conf
find . -name named.conf -print  
./usr/share/doc/bind-9.3.6/sample/etc/named.conf
./usr/share/system-config-bind/profiles/default/named.conf
./usr/share/logwatch/default.conf/services/named.conf
./var/named/chroot/etc/named.conf
./etc/dbus-1/system.d/named.conf
./etc/named.conf

My named.conf file is obtained from /var/named/chroot/etc , everytime I modify it, I notice the main /etc/named.conf gets prompted as well, it seems that both this files share only the same configuration

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and 
// its manual.
//
options
{
        listen-on port 53 { 127.0.0.1; 192.168.40.129; };
	#listen-on-v6 port 53 { ::1; };
        // Those options should be used carefully because they disable port
        // randomization
	 query-source    port 53;	
	// query-source-v6 port 53;
	
	// Put files that named is allowed to write in the data/ directory:
	directory 		"/var/named"; // the default
	pid-file		"/var/run/named/named.pid";
        dump-file 		"/var/named/da/cache_dump.db";
        statistics-file 	"/var/named/data/named_stats.txt";
        memstatistics-file 	"/var/named/data/named_mem_stats.txt";
        allow-query	{ localhost; 192.168.0.0; };
};
logging 
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };	
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// 
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
	match-clients 		{ localhost; 192.168.0.0/24; };
	match-destinations	{ localhost; 192.168.0.0/24; };
	recursion yes;
	# all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";
                 
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
	 * ONLY be served to localhost clients:
	 */
	include "/var/named/chroot/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
	match-clients		{ localnets; };
	match-destinations	{ localnets; };
	recursion yes;
	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

        // include "named.rfc1912.zones";
	// you should not serve your rfc1912 names to non-localhost clients.
 
	// These are your "authoritative" internal zones, and would probably
	// also be included in the "localhost_resolver" view above :

	zone "my.internal.zone" { 
		type master;
		file "my.internal.zone.db";
	};
#	zone "my.slave.internal.zone" {
#		type slave;
#		file "slaves/my.slave.internal.zone.db";
#		masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
		// put slave zones in the slaves/ directory so named can update them
#	};	
	zone "dns-srv.zone" {
		type master;
		#allow-update { key ddns_key; };
		#file "slaves/my.ddns.internal.zone.db";
		 file "dns-srv.zone";
		// put dynamically updateable zones in the slaves/ directory so named can update them
	};			
};
#key ddns_key
#{
#	algorithm hmac-md5;
#	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
	match-clients		{ any; };
	match-destinations	{ any; };

	recursion no;
	// you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

	allow-query-cache { none; };
	// Disable lookups for any cached data and root hints

	// all views must contain the root hints zone:
	include "/var/named/chroot/etc/named.root.hints";

	// These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#	zone "my.external.zone" { 
#		type master;
#		file "my.external.zone.db";
#	};
};
ASKER CERTIFIED SOLUTION
Duncan Roe
Software Developer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 11 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros