need help with BIND9
Hello, I need help setting up nameservers for my own domain. The IPs and domains have been changed for privacy ;-) I have a static IP on an ADSL line (i.e public IP 1.1.1.1). I have a router that has a DMZ set up that is pointing to my deb box (local IP 10.10.10.10) I have a domain (mydomain.com) that I bought and I've set it up to point to NS1.MYDOMAIN.COM at the public IP 1.1.1.1 I want to set up my deb box as a web/ftp/nameserver server with MySQL/PHP on it. So far, I've configured LAMP on it. I'm having problems with BIND (or so I think). I've read all over that DNS IS A SIMPLE BUT EASILY MISCONFIGURED SYSTEM I've confirmed that NS1.MYDOMAIN.COM points to 1.1.1.1 as http://ns1.mydomain.com produces my apache page I'm using BIND9. named.conf has this line at the bottom: include /etc/bind/named.conf.local; my named.conf.local has this: zone mydomain.com { type master; file /etc/bind/mydomain.db; }; zone 10.10.10.in-addr.arpa { type master; file /etc/bind/10.10.10.rev; }; my mydomain.db has this: ; BIND data file for mydomain.db ; /var/named/mydomain.db ; $TTL 1h @ SOA ns1.mydomain.com. root.mydomain.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.mydomain.com. MX mail.mydomain.com. A 1.1.1.1 ns1 A 1.1.1.1 mailA 1.1.1.1 www A 1.1.1.1 It has been over 5 days, and www.mydomain.com still has not resolved to 1.1.1.1 What could be the problem? DIG only produces a QUESTION SECTION but no answers,etc: ; DiG 9.3.4 mydomain.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 36978 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydomain.com.IN A ;; Query time: 1151 msec ;; SERVER: 66.51.205.100#53(66.51.205.100) ;; WHEN: Wed Nov 14 00:49:53 2007 ;; MSG SIZE rcvd: 32 I've also done a zonecheck report, and right away it spits out Unable to find primary nameserver (SOA) Please help! Thank you very much! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: need help with BIND9
On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote: I need help setting up nameservers for my own domain. The IPs and domains have been changed for privacy ;-) ..which makes it difficult to properly troubleshoot. $TTL 1h @ SOA ns1.mydomain.com. root.mydomain.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.mydomain.com. MX mail.mydomain.com. A 1.1.1.1 ns1A1.1.1.1 mailA1.1.1.1 wwwA1.1.1.1 What could be the problem? If you are going to host authoritative DNS for mydomain.com. on a name server host under the same domain, for example ns1.mydomain.com., then you need to seed the process of finding your authoritative name server via a glue A record at your domain registrar - this A record for ns1.mydomain.com. gets pushed up to the com. TLD servers, so that recursive resolvers around the Internet can find the correct name server to ask, where is mydomain.com.. -- Kind Regards, Michael Shuler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: need help with BIND9
Michael Shuler wrote: On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote: I need help setting up nameservers for my own domain. The IPs and domains have been changed for privacy ;-) ..which makes it difficult to properly troubleshoot. $TTL 1h @ SOA ns1.mydomain.com. root.mydomain.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.mydomain.com. MX mail.mydomain.com. A 1.1.1.1 ns1A1.1.1.1 mailA1.1.1.1 wwwA1.1.1.1 What could be the problem? If you are going to host authoritative DNS for mydomain.com. on a name server host under the same domain, for example ns1.mydomain.com., then you need to seed the process of finding your authoritative name server via a glue A record at your domain registrar - this A record for ns1.mydomain.com. gets pushed up to the com. TLD servers, so that recursive resolvers around the Internet can find the correct name server to ask, where is mydomain.com.. Thanks for the reply! I've investigated this at my domain registrar, and ns1.mydomain.com did get pushed to the .com TLD servers (or root servers) Also, so that it'll be easier to troubleshoot, I will be using my actual info (oh no!) The domain is CD-EXPRESS.COM NS1.CD-EXPRESS.COM already resolves to my static IP of 208.127.75.221 My domain registrar said that I need a primary and secondary server assigned, so I created NS2.CD-EXPRESS.COM to point to the same IP 208.127.75.221 my bind settings is as follows (I've removed comments with a //): ** NAMED.CONF start *** include /etc/bind/named.conf.options; zone . { type hint; file /etc/bind/db.root; }; zone localhost { type master; file /etc/bind/db.local; }; zone 127.in-addr.arpa { type master; file /etc/bind/db.127; }; zone 0.in-addr.arpa { type master; file /etc/bind/db.0; }; zone 255.in-addr.arpa { type master; file /etc/bind/db.255; }; include /etc/bind/named.conf.local; ** NAMED.CONF end *** **NAMED.CONF.OPTIONS start* options { directory /var/cache/bind; auth-nxdomain no;# conform to RFC1035 listen-on-v6 { any; }; allow-recursion { localnets; }; }; **NAMED.CONF.OPTIONS end * *NAMED.CONF.LOCAL start * // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include /etc/bind/zones.rfc1918; zone cd-express.com { type master; file /etc/bind/cd-express.db; }; zone 15.15.15.in-addr.arpa { type master; file /etc/bind/15.15.15.rev; }; *NAMED.CONF.LOCAL end * * CD-EXPRESS.DB start * ; BIND data file for cd-express.db ; /var/named/cd-express.db ; $TTL 1h @ SOA ns1.cd-express.com. root.cd-express.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.cd-express.com. MX mail.cd-express.com. A 208.127.75.221 ns1 A 208.127.75.221 mailA 208.127.75.221 www A 208.127.75.221 * CD-EXPRESS.DB end * * 15.15.15.REV start * : BIND reverse data file for 15.15.15.0 : /etc/bind/15.15.15.db : @ IN SOA cd-express.com. root.cd-express.com. ( 2007110801; date creatd 10800; refresh (3 hours) 3600 ; retry (1 hour) 86400; expire (1 day) 60) ; TTL (1 minute) IN NS ns1.cd-express.com. 10 IN PTR www.cd-express.com. 20 IN PTR dns.cd-express.com. 30 IN PTR mail.mycompany.com. * 15.15.15.REV end * *QUESTION: Is the line comment for a bind configuration file, including the includes, a // or ; or :?? I've seen the semicolons and colons in some bind configurations as well I'll be happy to get ANY HELP. Thanks a lot!
Re: need help with BIND9
[This message has also been posted to linux.debian.user.] In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: Michael Shuler wrote: On 11/14/2007 02:53 AM, [EMAIL PROTECTED] wrote: I need help setting up nameservers for my own domain. The IPs and domains have been changed for privacy ;-) ..which makes it difficult to properly troubleshoot. $TTL 1h @ SOA ns1.mydomain.com. root.mydomain.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.mydomain.com. MX mail.mydomain.com. First of all, that is really dumb. Don't use name servers with the same second level domain as the one they are authoritative for. If you only have one domain in the whole world, let your registrar do your name service for you. Or use a service like zoneedit.com or dyndns.org. (But stay away from granitecanyon.com. It's been on autopilot for years and years. It's owners just don't have time for it.) If you are going to host authoritative DNS for mydomain.com. on a name server host under the same domain, for example ns1.mydomain.com., then you need to seed the process of finding your authoritative name server via a glue A record at your domain registrar - this A record for ns1.mydomain.com. gets pushed up to the com. TLD servers, so that recursive resolvers around the Internet can find the correct name server to ask, where is mydomain.com.. Right, and with most registrars, especially low-ballers like Tucows/OpenSRS, it's not obvious how to do that, and they don't do it automatically. And with non-accredited resellers, it's even harder. You're at Register4less, apparently a Tucows customer. Guess what, your registrar isn't listed in http://www.icann.org/registrars/accredited-list.html Well-run registrars will have a separate form for registering a hostname. That's the glue record you're looking for. Unfortunately it pretty much never says glue record on the form. Which brings us back to don't put your name servers in their own domain. Thanks for the reply! I've investigated this at my domain registrar, and ns1.mydomain.com did get pushed to the .com TLD servers (or root servers) Apparently so. One of them, anyway. This is b.gtld-servers.net, chosen at random. $ dig @192.33.14.30 NS1.CD-EXPRESS.COM a ;; ANSWER SECTION: NS1.CD-EXPRESS.COM. 172800 IN A 208.127.75.221 ;; AUTHORITY SECTION: CD-EXPRESS.COM. 172800 IN NS NS1.CD-EXPRESS.COM. 172800 is two days. My domain registrar said that I need a primary and secondary server assigned, Well, there is not really any such thing as primary and secondary. They're all the same. But you're supposed to have at least two of them. so I created NS2.CD-EXPRESS.COM to point to the same IP 208.127.75.221 Spammers do that a lot. Your two name servers are supposed to be on two independent networks. my bind settings is as follows (I've removed comments with a //): ** NAMED.CONF start *** include /etc/bind/named.conf.options; [as shipped] **NAMED.CONF.OPTIONS [as shipped] *NAMED.CONF.LOCAL start * // // Do any local configuration here zone cd-express.com { type master; file /etc/bind/cd-express.db; }; Okay. zone 15.15.15.in-addr.arpa { type master; file /etc/bind/15.15.15.rev; }; What the heck is that? Are you in charge of reverse DNS for 15.15.15.0/24? I think Hewlett Packard would disagree. *NAMED.CONF.LOCAL end * * CD-EXPRESS.DB start * ; BIND data file for cd-express.db ; /var/named/cd-express.db ; $TTL 1h @ SOA ns1.cd-express.com. root.cd-express.com. ( 2007110805; Serial (date + two digit serial) 10800 ; Refresh (3 hours) 3600 ; Retry (1 hour) 86400 ; Expire (1 day) 60 ) ; Default TTL 1 min NS ns1.cd-express.com. MX mail.cd-express.com. A 208.127.75.221 You might get away with those a/ns/mx records. The white space in column 1 implies the zone that was mentioned in the zone statement in the conf file. But it would be more readable if you used an @ sign there. I'm not sure if you can get away with omitting the class (INternet) value, either. Try it this way: @ IN NS ns1.cd-express.com. @ IN A 208.127.75.221 @ IN MX 5 mail.cd-express.com. Notice that the NS and MX records use names which I'll give A records to below. ns1 A 208.127.75.221 That line makes no sense. You're saying there is an A record for cd-express.com, of class ns1 (which doesn't exist), and its value is ns1.cd-express.com. And your MX record was missing
need help with bind9-host
Title: Message Hi, Something strange happens when i try to use "host" command: # host one.lthost: error while loading shared libraries: /usr/lib/libdns.so.11: cannot make segment writable for relocation: Permission denied # It also happens with "nslookup" and "dig" commands. # ldd /usr/bin/host libdns.so.11 = /usr/lib/libdns.so.11 (0x28d4d000) libisc.so.7 = /usr/lib/libisc.so.7 (0x28e7e000) libcrypto.so.0.9.7 = /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x28eb6000) libnsl.so.1 = /lib/libnsl.so.1 (0x28fb4000) libpthread.so.0 = /lib/libpthread.so.0 (0x28fc9000) libc.so.6 = /lib/libc.so.6 (0x2901a000) libdl.so.2 = /lib/libdl.so.2 (0x2914d000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x28d3) # # ls -ali /usr/lib/libdns.so.112289355 lrwxrwxrwx 1 root root 16 Jul 18 10:31 /usr/lib/libdns.so.11 - libdns.so.11.1.3# ls -ali /usr/lib/libdns.so.11.1.32289354 -rw-r--r-- 1 root root 1246960 Jun 18 10:39 /usr/lib/libdns.so.11.1.3# Thanks
Re: need help with bind9-host
Hi, what debian version (stable/testing/unstable/other) are you using; and what are the package version for all installed bind* packages; and which ever package provides libdns? What are the file permissions on /usr/lib/libdns.so.11? -- Jon Dowland [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]