need help with BIND9
Hello,
I need help setting up nameservers for my own domain. The IPs and
domains have been changed for privacy ;-)
I have a static IP on an ADSL line (i.e public IP 1.1.1.1).
I have a router that has a DMZ set up that is pointing to my deb box
(local IP 10.10.10.10)
I have a domain (mydomain.com) that I bought and I've set it up to point
to NS1.MYDOMAIN.COM at the public IP 1.1.1.1
I want to set up my deb box as a web/ftp/nameserver server with
MySQL/PHP on it.
So far, I've configured LAMP on it. I'm having problems with BIND (or so
I think). I've read all over that DNS IS A SIMPLE BUT EASILY
MISCONFIGURED SYSTEM
I've confirmed that NS1.MYDOMAIN.COM points to 1.1.1.1 as
http://ns1.mydomain.com produces my apache page
I'm using BIND9.
named.conf has this line at the bottom:
include /etc/bind/named.conf.local;
my named.conf.local has this:
zone mydomain.com {
type master;
file /etc/bind/mydomain.db;
};
zone 10.10.10.in-addr.arpa {
type master;
file /etc/bind/10.10.10.rev;
};
my mydomain.db has this:
; BIND data file for mydomain.db
; /var/named/mydomain.db
;
$TTL 1h
@ SOA ns1.mydomain.com. root.mydomain.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.mydomain.com.
MX mail.mydomain.com.
A 1.1.1.1
ns1 A 1.1.1.1
mailA 1.1.1.1
www A 1.1.1.1
It has been over 5 days, and www.mydomain.com still has not resolved to
1.1.1.1
What could be the problem?
DIG only produces a QUESTION SECTION but no answers,etc:
; DiG 9.3.4 mydomain.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 36978
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomain.com.IN A
;; Query time: 1151 msec
;; SERVER: 66.51.205.100#53(66.51.205.100)
;; WHEN: Wed Nov 14 00:49:53 2007
;; MSG SIZE rcvd: 32
I've also done a zonecheck report, and right away it spits out Unable
to find primary nameserver (SOA)
Please help! Thank you very much!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: need help with BIND9
On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote: I need help setting up nameservers for my own domain. The IPs and domains have been changed for privacy ;-) ..which makes it difficult to properly troubleshoot. $TTL 1h @ SOA ns1.mydomain.com. root.mydomain.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.mydomain.com. MX mail.mydomain.com. A 1.1.1.1 ns1A1.1.1.1 mailA1.1.1.1 wwwA1.1.1.1 What could be the problem? If you are going to host authoritative DNS for mydomain.com. on a name server host under the same domain, for example ns1.mydomain.com., then you need to seed the process of finding your authoritative name server via a glue A record at your domain registrar - this A record for ns1.mydomain.com. gets pushed up to the com. TLD servers, so that recursive resolvers around the Internet can find the correct name server to ask, where is mydomain.com.. -- Kind Regards, Michael Shuler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: need help with BIND9
Michael Shuler wrote:
On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote:
I need help setting up nameservers for my own domain. The IPs and
domains have been changed for privacy ;-)
..which makes it difficult to properly troubleshoot.
$TTL 1h
@ SOA ns1.mydomain.com. root.mydomain.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.mydomain.com.
MX mail.mydomain.com.
A 1.1.1.1
ns1A1.1.1.1
mailA1.1.1.1
wwwA1.1.1.1
What could be the problem?
If you are going to host authoritative DNS for mydomain.com. on a name
server host under the same domain, for example ns1.mydomain.com., then
you need to seed the process of finding your authoritative name server
via a glue A record at your domain registrar - this A record for
ns1.mydomain.com. gets pushed up to the com. TLD servers, so that
recursive resolvers around the Internet can find the correct name server
to ask, where is mydomain.com..
Thanks for the reply! I've investigated this at my domain registrar,
and ns1.mydomain.com did get pushed to the .com TLD servers (or root
servers)
Also, so that it'll be easier to troubleshoot, I will be using my actual
info (oh no!)
The domain is CD-EXPRESS.COM
NS1.CD-EXPRESS.COM already resolves to my static IP of 208.127.75.221
My domain registrar said that I need a primary and secondary server
assigned, so I created NS2.CD-EXPRESS.COM to point to the same IP
208.127.75.221
my bind settings is as follows (I've removed comments with a //):
** NAMED.CONF start
***
include /etc/bind/named.conf.options;
zone . {
type hint;
file /etc/bind/db.root;
};
zone localhost {
type master;
file /etc/bind/db.local;
};
zone 127.in-addr.arpa {
type master;
file /etc/bind/db.127;
};
zone 0.in-addr.arpa {
type master;
file /etc/bind/db.0;
};
zone 255.in-addr.arpa {
type master;
file /etc/bind/db.255;
};
include /etc/bind/named.conf.local;
** NAMED.CONF end
***
**NAMED.CONF.OPTIONS
start*
options {
directory /var/cache/bind;
auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
allow-recursion { localnets; };
};
**NAMED.CONF.OPTIONS end
*
*NAMED.CONF.LOCAL start
*
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include /etc/bind/zones.rfc1918;
zone cd-express.com {
type master;
file /etc/bind/cd-express.db;
};
zone 15.15.15.in-addr.arpa {
type master;
file /etc/bind/15.15.15.rev;
};
*NAMED.CONF.LOCAL end
*
* CD-EXPRESS.DB start
*
; BIND data file for cd-express.db
; /var/named/cd-express.db
;
$TTL 1h
@ SOA ns1.cd-express.com. root.cd-express.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.cd-express.com.
MX mail.cd-express.com.
A 208.127.75.221
ns1 A 208.127.75.221
mailA 208.127.75.221
www A 208.127.75.221
* CD-EXPRESS.DB end
*
* 15.15.15.REV start
*
: BIND reverse data file for 15.15.15.0
: /etc/bind/15.15.15.db
:
@ IN SOA cd-express.com. root.cd-express.com. (
2007110801; date creatd
10800; refresh (3 hours)
3600 ; retry (1 hour)
86400; expire (1 day)
60) ; TTL (1 minute)
IN NS ns1.cd-express.com.
10 IN PTR www.cd-express.com.
20 IN PTR dns.cd-express.com.
30 IN PTR mail.mycompany.com.
* 15.15.15.REV end
*
*QUESTION:
Is the line comment for a bind configuration file, including the
includes, a // or ; or :?? I've seen the semicolons and colons in
some bind configurations as well
I'll be happy to get ANY HELP. Thanks a lot!
Re: need help with BIND9
[This message has also been posted to linux.debian.user.]
In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
Michael Shuler wrote:
On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote:
I need help setting up nameservers for my own domain. The IPs and
domains have been changed for privacy ;-)
..which makes it difficult to properly troubleshoot.
$TTL 1h
@ SOA ns1.mydomain.com. root.mydomain.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.mydomain.com.
MX mail.mydomain.com.
First of all, that is really dumb. Don't use name servers
with the same second level domain as the one they are
authoritative for. If you only have one domain in the
whole world, let your registrar do your name service
for you. Or use a service like zoneedit.com or dyndns.org.
(But stay away from granitecanyon.com. It's been on
autopilot for years and years. It's owners just don't
have time for it.)
If you are going to host authoritative DNS for mydomain.com. on a name
server host under the same domain, for example ns1.mydomain.com., then
you need to seed the process of finding your authoritative name server
via a glue A record at your domain registrar - this A record for
ns1.mydomain.com. gets pushed up to the com. TLD servers, so that
recursive resolvers around the Internet can find the correct name server
to ask, where is mydomain.com..
Right, and with most registrars, especially low-ballers
like Tucows/OpenSRS, it's not obvious how to do that, and
they don't do it automatically. And with non-accredited
resellers, it's even harder. You're at Register4less,
apparently a Tucows customer. Guess what, your registrar
isn't listed in
http://www.icann.org/registrars/accredited-list.html
Well-run registrars will have a separate form for
registering a hostname. That's the glue record
you're looking for. Unfortunately it pretty much never
says glue record on the form. Which brings us back
to don't put your name servers in their own domain.
Thanks for the reply! I've investigated this at my domain registrar,
and ns1.mydomain.com did get pushed to the .com TLD servers (or root
servers)
Apparently so. One of them, anyway. This is b.gtld-servers.net,
chosen at random.
$ dig @192.33.14.30 NS1.CD-EXPRESS.COM a
;; ANSWER SECTION:
NS1.CD-EXPRESS.COM. 172800 IN A 208.127.75.221
;; AUTHORITY SECTION:
CD-EXPRESS.COM. 172800 IN NS NS1.CD-EXPRESS.COM.
172800 is two days.
My domain registrar said that I need a primary and secondary server
assigned,
Well, there is not really any such thing as primary and secondary.
They're all the same. But you're supposed to have at least
two of them.
so I created NS2.CD-EXPRESS.COM to point to the same IP
208.127.75.221
Spammers do that a lot. Your two name servers are supposed to
be on two independent networks.
my bind settings is as follows (I've removed comments with a //):
** NAMED.CONF start
***
include /etc/bind/named.conf.options;
[as shipped]
**NAMED.CONF.OPTIONS
[as shipped]
*NAMED.CONF.LOCAL start
*
//
// Do any local configuration here
zone cd-express.com {
type master;
file /etc/bind/cd-express.db;
};
Okay.
zone 15.15.15.in-addr.arpa {
type master;
file /etc/bind/15.15.15.rev;
};
What the heck is that? Are you in charge of
reverse DNS for 15.15.15.0/24? I think Hewlett
Packard would disagree.
*NAMED.CONF.LOCAL end
*
* CD-EXPRESS.DB start
*
; BIND data file for cd-express.db
; /var/named/cd-express.db
;
$TTL 1h
@ SOA ns1.cd-express.com. root.cd-express.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.cd-express.com.
MX mail.cd-express.com.
A 208.127.75.221
You might get away with those a/ns/mx records.
The white space in column 1 implies the zone that
was mentioned in the zone statement in the conf file.
But it would be more readable if you used an @
sign there. I'm not sure if you can get away with
omitting the class (INternet) value, either.
Try it this way:
@ IN NS ns1.cd-express.com.
@ IN A 208.127.75.221
@ IN MX 5 mail.cd-express.com.
Notice that the NS and MX records use names which
I'll give A records to below.
ns1 A 208.127.75.221
That line makes no sense. You're saying there
is an A record for cd-express.com, of class ns1
(which doesn't exist), and its value is ns1.cd-express.com.
And your MX record was missing
need help with bind9-host
Title: Message Hi, Something strange happens when i try to use "host" command: # host one.lthost: error while loading shared libraries: /usr/lib/libdns.so.11: cannot make segment writable for relocation: Permission denied # It also happens with "nslookup" and "dig" commands. # ldd /usr/bin/host libdns.so.11 = /usr/lib/libdns.so.11 (0x28d4d000) libisc.so.7 = /usr/lib/libisc.so.7 (0x28e7e000) libcrypto.so.0.9.7 = /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x28eb6000) libnsl.so.1 = /lib/libnsl.so.1 (0x28fb4000) libpthread.so.0 = /lib/libpthread.so.0 (0x28fc9000) libc.so.6 = /lib/libc.so.6 (0x2901a000) libdl.so.2 = /lib/libdl.so.2 (0x2914d000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x28d3) # # ls -ali /usr/lib/libdns.so.112289355 lrwxrwxrwx 1 root root 16 Jul 18 10:31 /usr/lib/libdns.so.11 - libdns.so.11.1.3# ls -ali /usr/lib/libdns.so.11.1.32289354 -rw-r--r-- 1 root root 1246960 Jun 18 10:39 /usr/lib/libdns.so.11.1.3# Thanks
Re: need help with bind9-host
Hi, what debian version (stable/testing/unstable/other) are you using; and what are the package version for all installed bind* packages; and which ever package provides libdns? What are the file permissions on /usr/lib/libdns.so.11? -- Jon Dowland [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
