How to make DNS master server?? Problems!!!
 

Hi,

I am a new member and this is my first time posting here so hello to everyone!

Ok now for my issue; Uptill yesterday I was using my Cisco router as a DNS server for my local network, however it put too much stress on the system as CPU usage went skye high and eventually the whole system started timing out. So I decided to create a DNS master from my main server.

I am running Debian Etch with Bind9 for this and so far passive DNS transferrs work fine, fast and smoothe.

Now I don't claim to be an expert at DNS but after Google'ing around a bit and the use of HowtoForge as refference I managed to create a local zone file.

This page was were I began: http://howtoforge.com/perfect_setup_debian_etch_p4

and this page: http://linux.justinhartman.com/DNS_I...up_using_BIND9

I've checked the zone files using: named-checkzone and they all come out as ok.

However from the result of other tests my server keeps trying to use the domain servers from my domain provider and ofcourse my router doesn't let me access my internal domain that way. "Connection Refused" Error comes up.

I have tried creating a key by using this command I got from:http://www.tacktech.com/display.cfm?ttid=323 since I thought it would turn my server into an authoritive server.

rndc-confgen -a -c /etc/namedb/rndc.conf -k dnsadmin -b 256

However it is for BSD and not sure if linux is a bit different even though it did create the correct files. But now I get an error when trying to reload rndc:

rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

I am really stuck now as I have no idea what I am doing anymore!!!

I wonder if anyone can help me out at all, I would really apprieciate it. Thanks

I don't know if theres any additional information I can provide so that someone can help me with this issue?

Zone files, rndc.conf file?? I can provide it all as long as it helps!

In the mean time I configured my router back to master dns so now I have 2 masters on my network and my machines obviously are getting confused. :((

Windows doesn't seem to care (typically) as long as router IP goes as primary DNS and server as secondary.

Linux systems are struggling though since they can either access the internet or the intranet but not both, and this is very bad news since I am running 3 servers.

Also my workstation now is using secondary DNS from the primary in the router and browsing is becoming painfull! Speed is rediculously slow.

Uh what to do what to do???

Let's step back - there is too much going on at once. It is best to take one step at a time.

Show your named.conf and zone files. Once we get named working, we'll test it with dig.

Thanks MR C. :) for replying to start with!

ZONE FILES

File 192.168.1.rev

File optiplex-networks.db

------------------------------------------------------------------

NAMED conf file

--------------------------------------------------------------------

NAMED LOCAL file

-----------------------------------------------------------------------

I have file rndc.conf and rndc.key too!!!!

output of dig @localhost optiplex-networks.com is:

Typo in named.conf:

file "/var/named/optiplex-netowrks.db";

Btw. dig indicating in the AUTHORITY SECTION that all the root servers are authoritative is a clue that your server does not think it is authoritative for a domain.

Yeah I figured but why I wonder? I am no expert with bind or DNS but it should be authoritive by default no?

Typo fixed and bind restarted:

If I am understanding your question... Querying the root server's will be the default until you setup your server to be authoritative for a domain. Then the root servers will not be queried, as bind knows which zones for which it is authoritative.

We'll assume your key is invalid. Until you get bind working, use stop/start and not restart, or start named manually. Then work on the key issues.

My question to put it in basic terms is that before I used my Cisco router as a DNS server so any local domain queries were done from there, still with the master DNS servers of my domain vendor providing DNS for WAN.

However I would like to use my main server for this as too much load is being put on the router and CPU usage going high to time the machine out.

With regards to the key I have no idea what or how to do as I've changed permissions to 777 even but still it's coming up with the same thing.

I tried removing the key and rndc complained that there was no key?? However before there was no key and rndc worked fine??????

I am lost!

Also if I try to stop bind by running /etc/init.d/bind9 stop

I get the same result:

Again, one step at a time. You're drinking through a fire hose!

Until the name server is functioning properly, it cannot be used for queries. Forget about the Cisco box for now, and other systems using your new DNS.

Are you able to bring up named and run dig successfully, with dig both returning the correct results, and showing your server as authoritative?

See this thread to resolve your key problem: http://www.linuxquestions.org/questi...light=bind+key

Hehe sorry I guess I am a bit excited now that you're helping me!!!

Thanks for the link!!!

Right ok started DNS /etc/init.d/bind9 start and no problems at all

So far dig shows:

And that is correct active-dns.com is DNS for WAN side, no problems there.

Hmm wierd thing is if I try to reload rndc; I get:

Bind managed to start without any errors and I did everything to the Ubuntu users post??

cat rndc.key shows

Maybe this should be in rndc.conf?? or at least just the options part?

I tried to stop bind to see what happens and again produced this error:

However there is no problem to start the service??