[This message has also been posted to linux.debian.user.] In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > > Michael Shuler wrote: >> On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote: >> >>> I need help setting up nameservers for my own domain. The IPs and >>> domains have been changed for privacy ;-) >>> >> >> ..which makes it difficult to properly troubleshoot. >> >> >>> $TTL 1h >>> @ SOA ns1.mydomain.com. root.mydomain.com. ( >>> 2007110805; Serial (date + two digit serial) >>> 10800 ; Refresh (3 hours) >>> 3600 ; Retry (1 hour) >>> 86400 ; Expire (1 day) >>> 60 ) ; Default TTL 1 min >>> NS ns1.mydomain.com. >>> MX mail.mydomain.com.
First of all, that is really dumb. Don't use name servers with the same second level domain as the one they are authoritative for. If you only have one domain in the whole world, let your registrar do your name service for you. Or use a service like zoneedit.com or dyndns.org. (But stay away from granitecanyon.com. It's been on autopilot for years and years. It's owners just don't have time for it.) >> If you are going to host authoritative DNS for mydomain.com. on a name >> server host under the same domain, for example ns1.mydomain.com., then >> you need to seed the process of finding your authoritative name server >> via a glue A record at your domain registrar - this A record for >> ns1.mydomain.com. gets pushed up to the com. TLD servers, so that >> recursive resolvers around the Internet can find the correct name server >> to ask, "where is mydomain.com.". Right, and with most registrars, especially low-ballers like Tucows/OpenSRS, it's not obvious how to do that, and they don't do it automatically. And with non-accredited resellers, it's even harder. You're at Register4less, apparently a Tucows customer. Guess what, your registrar isn't listed in http://www.icann.org/registrars/accredited-list.html Well-run registrars will have a separate form for registering a hostname. That's the "glue record" you're looking for. Unfortunately it pretty much never says "glue record" on the form. Which brings us back to don't put your name servers in their own domain. > Thanks for the reply! I've investigated this at my domain registrar, > and ns1.mydomain.com did get pushed to the .com TLD servers (or root > servers) Apparently so. One of them, anyway. This is b.gtld-servers.net, chosen at random. $ dig @192.33.14.30 NS1.CD-EXPRESS.COM a ;; ANSWER SECTION: NS1.CD-EXPRESS.COM. 172800 IN A 208.127.75.221 ;; AUTHORITY SECTION: CD-EXPRESS.COM. 172800 IN NS NS1.CD-EXPRESS.COM. 172800 is two days. > My domain registrar said that I need a primary and secondary server > assigned, Well, there is not really any such thing as primary and secondary. They're all the same. But you're supposed to have at least two of them. > so I created NS2.CD-EXPRESS.COM to point to the same IP > 208.127.75.221 Spammers do that a lot. Your two name servers are supposed to be on two independent networks. > my bind settings is as follows (I've removed comments with a "//"): > ********************** NAMED.CONF start > *********************************************************** > include "/etc/bind/named.conf.options"; [as shipped] > **********************NAMED.CONF.OPTIONS [as shipped] > > *****************************NAMED.CONF.LOCAL start > ************************************************* > // > // Do any local configuration here > zone "cd-express.com" { > type master; > file "/etc/bind/cd-express.db"; > }; Okay. > > zone "15.15.15.in-addr.arpa" { > type master; > file "/etc/bind/15.15.15.rev"; > }; What the heck is that? Are you in charge of reverse DNS for 15.15.15.0/24? I think Hewlett Packard would disagree. > *****************************NAMED.CONF.LOCAL end > ************************************************* > > ***************************** CD-EXPRESS.DB start > ************************************************* > ; BIND data file for cd-express.db > ; /var/named/cd-express.db > ; > $TTL 1h > @ SOA ns1.cd-express.com. root.cd-express.com. ( > 2007110805; Serial (date + two digit serial) > 10800 ; Refresh (3 hours) > 3600 ; Retry (1 hour) > 86400 ; Expire (1 day) > 60 ) ; Default TTL 1 min > NS ns1.cd-express.com. > MX mail.cd-express.com. > A 208.127.75.221 You might get away with those a/ns/mx records. The white space in column 1 implies the zone that was mentioned in the zone statement in the conf file. But it would be more readable if you used an @ sign there. I'm not sure if you can get away with omitting the class (INternet) value, either. Try it this way: @ IN NS ns1.cd-express.com. @ IN A 208.127.75.221 @ IN MX 5 mail.cd-express.com. Notice that the NS and MX records use names which I'll give A records to below. > ns1 A 208.127.75.221 That line makes no sense. You're saying there is an A record for cd-express.com, of class "ns1" (which doesn't exist), and its value is "ns1.cd-express.com." And your MX record was missing its priority number. Since you only have one, it doesn't matter what the number is, but it should be there. Do it the way I showed it. > mail A 208.127.75.221 > www A 208.127.75.221 I'm going to guess here that you are giving addresses to the hostnames ns1.cd-express.com, mail.cd-express.com, and www.cd-express.com. It didn't work because of the white space at the beginning of the line, and maybe the missing class name. You could use a wild card, but for readability do it this way: ns1 IN A 208.127.75.221 mail IN A 208.127.75.221 www IN A 208.127.75.221 > ***************************** 15.15.15.REV start > ************************************************* >: BIND reverse data file for 15.15.15.0 >: /etc/bind/15.15.15.db >: > @ IN SOA cd-express.com. root.cd-express.com. ( You might be authoritative for cd-express.com, but you are not authoritative for 15.15.15.in-addr.arpa. That privilege belongs to Hewlett Packard. So there is no point in you trying to define PTR records there. The guy at HP might write something like 15.in-addr.arpa IN SOA charon.core.hp.com. hostmaster.hp.com. ( 1010272 7200 3600 604800 600 ); to cover all of 15.0.0.0/8. And then he would write a bunch of PTR records. > IN NS ns1.cd-express.com. > 10 IN PTR www.cd-express.com. > 20 IN PTR dns.cd-express.com. > 30 IN PTR mail.mycompany.com. You don't get to do that. The only PTR record you might want in *your* DNS is 1.0.0.127.in-addr.arpa. IN PTR localhost.cd-express.com. in which case you should have localhost IN A 127.0.0.1 in your cd-express.com.db file. That might be useful for readability in your Postfix main.cf file or something. But the only zones you get to write PTR records for are 127.in-addr.arpa., 168.192.in-addr.arpa., 10.in-addr.arpa., and that one that starts with 172. You could to that for practice on your home LAN. Or you could get away without it by just putting the names you need in /etc/hosts There is already a PTR record for your public IP address. $ dig 221.75.127.208.in-addr.arpa. ptr ;; ANSWER SECTION: 221.75.127.208.in-addr.arpa. 86259 IN PTR netblock-208-127-75-221.dslextreme.com. So you have to call customer service at DSL Extreme, and say hey thanks for the static IP address, can I have a PTR record with my domain name in it? Ask for mail.cd-express.com. That way when your mail server connects to mine, its hostname will match its PTR and I'll accept the message. DSL Extreme will charge you twenty bucks, once. It keeps the riff raff away. > I'll be happy to get ANY HELP. Thanks a lot! Whoever told you you could just define PTR names in the middle of Hewlett Packard's ARIN allocation was way off! You'd better figure out where that came from and find a way to prevent further nonsense from there from polluting your brain. No doubt there are great DNS tutorials on the Web someplace. Try Ora.com or About.com. I learned this stuff from "the cricket book," _DNS and BIND_ by Albitz and Liu. Finally, your name server is responding, but it does not know what to do because it didn't load your broken zone file properly. $ host www.cd-express.com 208.127.75.221 Using domain server: Name: 208.127.75.221 Address: 208.127.75.221#53 Aliases: Host www.cd-express.com not found: 2(SERVFAIL) Open a terminal window (such as xterm) and do this: tail -f /var/log/daemon.log and leave it running. Then get another terminal, and be root, and go /etc/init.d/bind9 stop sleep 5 /etc/init.d/bind9 start and watch the messages in the log. BIND9 is pretty good about telling you what is wrong. Incidently, "host" is in the Debian package bind9-host and "dig" is in dnsutils. You should print and read their manpages. Here, have a nice looking PDF file. apt-get install groff gs-esp gsfonts whereis host zcat /usr/share/man/man1/host.1.gz | groff -Tps -mandoc - | \ gs -sDEVICE=pdfwrite -sOutputFile=host.1.pdf -dBATCH -dNOPAUSE - Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]