|
dns server not able to resolve local domain names
I recently installed bind9 on mandriva 2008.1, after having done the necessary configuration.. I still can't find my domain I configured cant ping on other machines on the LAN but can actually ping on any other website on the internet even though name server is configured to point to local machine..... I dont understand what I'm doing wrong.... can anyone please help me....
here are the configurationg files /etc/named.conf // (oe) Loosely based on the document below and from production server configurations. // http://www.cymru.com/Documents/secur...-template.html // // $Id: named.conf 80849 2007-09-06 11:56:48Z oden $ // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/named.conf $ // secret must be the same as in /etc/rndc.conf include "/etc/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { mykey; }; }; // Access lists (ACL's) should be defined here include "/etc/bogon_acl.conf"; include "/etc/trusted_networks_acl.conf"; // Define logging channels include "/etc/logging.conf"; options { version ""; directory "/var/named"; dump-file "/var/tmp/named_dump.db"; pid-file "/var/run/named.pid"; statistics-file "/var/tmp/named.stats"; zone-statistics yes; // datasize 256M; coresize 100M; // fetch-glue no; // recursion no; // recursive-clients 10000; auth-nxdomain yes; query-source address * port *; listen-on port 53 { any; }; cleaning-interval 120; transfers-in 20; transfers-per-ns 2; lame-ttl 0; max-ncache-ttl 10800; // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; // allow-update { none; }; // allow-transfer { any; }; // Prevent DoS attacks by generating bogus zone transfer // requests. This will result in slower updates to the // slave servers (e.g. they will await the poll interval // before checking for updates). notify no; // notify explicit; // also-notify { secondary_name_server }; // Generate more efficient zone transfers. This will place // multiple DNS records in a DNS message, instead of one per // DNS message. transfer-format many-answers; // Set the maximum zone transfer time to something more // reasonable. In this case, we state that any zone transfer // that takes longer than 60 minutes is unlikely to ever // complete. WARNING: If you have very large zone files, // adjust this to fit your requirements. max-transfer-time-in 60; // We have no dynamic interfaces, so BIND shouldn't need to // poll for interface state {UP|DOWN}. interface-interval 0; // Uncoment these to enable IPv6 connections support // IPv4 will still work // listen-on { none; }; // listen-on-v6 { any; }; // allow-query { trusted_networks; }; allow-recursion { trusted_networks; }; // Deny anything from the bogon networks as // detailed in the "bogon" ACL. blackhole { bogon; }; }; // workaround stupid stuff... (OE: Wed 17 Sep 2003) zone "ac" { type delegation-only; }; zone "cc" { type delegation-only; }; zone "com" { type delegation-only; }; zone "cx" { type delegation-only; }; zone "lv" { type delegation-only; }; zone "museum" { type delegation-only; }; zone "net" { type delegation-only; }; zone "nu" { type delegation-only; }; zone "ph" { type delegation-only; }; zone "sh" { type delegation-only; }; zone "tm" { type delegation-only; }; zone "ws" { type delegation-only; }; zone "0.0.127.in-addr.arpa" IN { type master; file "reverse/named.local"; }; zone "1.168.192.in-addr.arpa" in { notify no; type master; file "master/femirule"; }; zone "femirule.com" in { notify no; type master; file "master/femirule.com"; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "master/localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "master/localhost.zone"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "reverse/named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "reverse/named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "reverse/named.zero"; allow-update { none; }; }; master/femirule.com @ IN SOA femi.femirule.com. root.femi.femirule.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS femi.femirule.com. localhost IN A 127.0.0.1 femi IN A 192.168.1.20 www CNAME femi pop CNAME femi news CNAME femi Lin A 192.168.1.30 win A 192.168.1.40 ... master/femirule @ IN SOA femi.femirule.com. root.femi.femirule.com. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS femi.femirule.com. 1 IN PTR femi.femirule.com. 30 IN PTR Lin.femirule.com. 40 IN PTR win.femirule.com. ... /etc/resolv.conf nameserver 127.0.0.1 everything looks ok to me but somehow i can comunicate with the outside world which is not what I intended when i started.... can someone please help... [root@femi femi]# dig femirule.com ; <<>> DiG 9.5.0-P1 <<>> femirule.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;femirule.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Mar 19 12:29:04 2009 ;; MSG SIZE rcvd: 30 [root@femi femi]# nslookup femirule.com Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find femirule.com: SERVFAIL tail -n 100 /var/log/syslog I restarted named and got this from syslog Mar 19 12:54:15 femi named[8877]: starting BIND 9.5.0-P1 -u named -t /var/lib/named Mar 19 12:54:15 femi named[8877]: loading configuration from '/etc/named.conf' Mar 19 12:54:15 femi named[8877]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 19 12:54:15 femi named[8877]: listening on IPv4 interface eth0, 192.168.1.20#53 Mar 19 12:54:15 femi named[8877]: default max-cache-size (33554432) applies Mar 19 12:54:15 femi named[8877]: automatic empty zone: 127.IN-ADDR.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 254.169.IN-ADDR.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: D.F.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 8.E.F.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: 9.E.F.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: A.E.F.IP6.ARPA Mar 19 12:54:15 femi named[8877]: automatic empty zone: B.E.F.IP6.ARPA Mar 19 12:54:15 femi named[8877]: default max-cache-size (33554432) applies: view _bind Mar 19 12:54:15 femi named[8877]: command channel listening on 127.0.0.1#953 it looks like the zone files could not be loaded.... I'm so confused now pls help! |
According to your bind configuration:
You should check the logfile defined in /etc/logging.conf. You need a ORIGIN record if you want to resolve the domain name: Code:
@ A 192.168.1.20Regards |
Quote:
where should I put the Code:
@ A 192.168.1.20 |
also I cant find any log file /etc/logging.conf
my distribution is mandriva 2008.1 |
You have to put the ORIGIN record in the zone file of your domain. That is master/femirule.com according /etc/named.conf.
Code:
$TTL 86400 <----NeededFor the same reason as above, logging.conf should be in /var/lib/named/etc/logging.conf |
I've done all that ... still not working.... I get servfail each time i try nslookup femirule.com
[root@femi femi]# nslookup femirule.com Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find femirule.com.femirule.com: SERVFAIL it says server cant find femirule.com.femirule.com this doesnt look right.. supposed to be just femirule.com heres what /var/lib/named/etc/logging.conf says [root@femi femi]# cat /var/lib/named//etc/logging.conf // $Id: logging.conf 80849 2007-09-06 11:56:48Z oden $ // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/logging.conf $ logging { channel security_channel { file "/var/log/security.log" versions 4 size 10m; print-category yes; print-severity yes; print-time yes; severity info; }; channel default_channel { file "/var/log/default.log" versions 4 size 10m; print-category yes; print-severity yes; print-time yes; }; channel xfer-in_channel { file "/var/log/xfer-in.log" versions 4 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; channel xfer-out_channel { file "/var/log/xfer-out.log" versions 4 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; channel update_channel { file "/var/log/update.log" versions 4 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; channel notify_channel { file "/var/log/notify.log" versions 4 size 10m; severity info; print-category yes; print-severity yes; print-time yes; }; channel "querylog" { file "/var/log/query.log" versions 4 size 10m; print-time yes; }; category queries { querylog; }; category security { security_channel; }; category default { default_channel; }; category xfer-in { xfer-in_channel; }; category xfer-out { xfer-out_channel; }; category notify { notify_channel; }; category update { null; }; category lame-servers { null; }; category "delegation-only" { "null" ; }; }; |
Add
Code:
$ORIGIN femirule.com.Or replace the "@" symbol with femirule.com. Note the dot "." at the end of the domain name since it's important. |
still not working
[root@femi femi]# nslookup femirule.com Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find femirule.com.femirule.com: SERVFAIL [root@femi femi]# dig femirule.com ; <<>> DiG 9.5.0-P1 <<>> femirule.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13954 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;femirule.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 20 13:17:12 2009 ;; MSG SIZE rcvd: 30 |
Have you put the dot at the end of the domain name? And also did you remember to increase the serial?
Anyway use this zone file (I've use the today's date for serial): Code:
$TTL 86400 |
i have tried everything else
still not working is there a way to run it in a non chrooted environment? where can i get previous versions of bind for mandriva |
You can run bind in a non chroot jaib by removing the "-t /var/lib/named" from the bind startup script. But for security reasons it's not recommended.
There is no need to downgrade bind, as this P1 release fixes various security problems. Instead it's better to upgrade to bind 9.5.1-P1 Now about your problem, are you able to resolve a hostname, e.g. Code:
dig www.femirule.com |
no I cant ...
I must be doing something wrong but I can communicate with the outside world even though my nameserver is 127.0.0.1 maybe it forwards everything to the isp server thats why I can't resole internal hosts.... but I never put in any other address in the config file ... and my gateway 192.168.1.1 which also serves as the dns server...... maybe I should post all the files again so you can check them out for me again.............................. thanks |
[root@femi femi]# dig www.femirule.com
; <<>> DiG 9.5.0b2 <<>> www.femirule.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4903 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.femirule.com. IN A ;; Query time: 13 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Mar 21 00:47:47 2009 ;; MSG SIZE rcvd: 34 when I start name here's what syslog says Mar 21 00:47:25 femi named[5059]: starting BIND 9.5.0b2 -u named -t /var/lib/named Mar 21 00:47:25 femi named[5059]: loading configuration from '/etc/named.conf' Mar 21 00:47:25 femi named[5059]: listening on IPv4 interface lo, 127.0.0.1#53 Mar 21 00:47:25 femi named[5059]: listening on IPv4 interface eth0, 192.168.1.20#53 Mar 21 00:47:25 femi named[5059]: default max-cache-size (33554432) applies Mar 21 00:47:25 femi named[5059]: automatic empty zone: 127.IN-ADDR.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 254.169.IN-ADDR.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: D.F.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 8.E.F.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: 9.E.F.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: A.E.F.IP6.ARPA Mar 21 00:47:25 femi named[5059]: automatic empty zone: B.E.F.IP6.ARPA Mar 21 00:47:25 femi named[5059]: default max-cache-size (33554432) applies: view _bind Mar 21 00:47:25 femi named[5059]: command channel listening on 127.0.0.1#953 the zone I created was never loaded.... shouldn't there be a message like zone: femirule.com loaded |
The logs about loading your zones are more likely written in default.log according to logging.conf.
What is the output of the following 2 commands: Code:
named-checkconf -z /etc/named.conf |
named-checkconf -z /etc/named.conf
/etc/named.conf:17: open: /etc/bogon_acl.conf: file not found named-checkzone -d -t /var/lib/named femirule.com master/femirule.com loading "femirule.com" from "master/femirule.com" class "IN" zone femirule.com/IN: loading from master file master/femirule.com failed: file not found |
| All times are GMT -5. The time now is 08:28 PM. |