I'm new to bind9. I've fixed a lot of issues, but now I need some help.
I basically just want to bind my domain magestionfacile.fr and some subdomains to 94.23.108.206.
Here's my configuration files:
named.conf.local
zone "magestionfacile.fr" {
type master;
allow-transfer {94.23.108.206;};
file "/etc/bind/db.magestionfacile.fr";
};
db.magestionfacile.fr
;
; BIND reverse data file for broadcast zone
;
; Time To Live
$TTL 604800
; General Informations
# IN SOA magestionfacile.fr. root.magestionfacile.fr. (
10 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; Domain TTL IN Type Value
IN NS ns354747.ovh.net.
IN NS sdns1.ovh.net.
IN NS sdns2.ovh.net.
# IN A 94.23.108.206
vmx IN A 94.23.108.206
vimexcom IN CNAME vmx.magestionfacile.fr.
ownercheck IN TXT "some_number"
The three NS directives, I'm not sure if it's the right values. I mean, I'm not even sure if only one DNS server is sufficient so...
Some tests:
odoo#yann-acer-portable:~$ nslookup magestionfacile.fr 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: magestionfacile.fr
Address: 94.23.108.206
odoo#yann-acer-portable:~$ nslookup magestionfacile.fr
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find magestionfacile.fr: SERVFAIL
odoo#yann-acer-portable:~$ ping magestionfacile.fr
ping: unknown host magestionfacile.fr
odoo#yann-acer-portable:~$ ping vmx.magestionfacile.fr
ping: unknown host vmx.magestionfacile.fr
I'm aware that usually, you need two DNS servers, right ? Can I do with one ? Thanks for the help !
SERVFAIL means that the nameserver for one reason or another could not produce a valid answer to the question. For more information, you need to look in the nameserver log file (although if what you posted up there is the entire zone file, the problem likely is a missing $ORIGIN).
Related
There is a cloud server with IP 51.254.79.239
tt1.domain.com and tt2.domain.com are the name servers.
these are the zone options used
zone "domain.com" {
type master;
file "/etc/bind/db.domain.com";
};
zone "79.254.51.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.51";
};
db.domain.com file
$TTL 14400
# IN SOA tt1.domain.com. root.domain.com. (
17
7200
3600
1209600
180 )
# 14400 IN NS tt1.domain.com.
# 14400 IN NS tt2.domain.com.
tt1 14400 IN A 51.254.79.239
tt2 14400 IN A 51.254.79.239
# 14400 IN A 51.254.79.239
mail 14400 IN A 51.254.79.239
www 14400 IN A 51.254.79.239
pop 14400 IN A 51.254.79.239
ftp 14400 IN A 51.254.79.239
# 14400 IN MX 10 mail.domain.com.
# 14400 IN TXT "v=spf1 a mx ip4:51.254.79.239 ?all"
_dmarc 14400 IN TXT "v=DMARC1; p=none"
and the rev
$TTL 604800
# IN SOA tt1.domain.com. root.domain.com. (
16 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS tt1.domain.com
IN NS tt2.domain.com.
79.254.51 IN PTR tt1.domain.com. ; 51.254.79.239
79.254.51 IN PTR tt2.domain.com. ; 51.254.79.239
and it's Active: active (running) since Mon !
what it could be the problem that there is no ping answer on domain.com?!
Ping, if you use it with a hostname, involves looking up the name, but what you check is connectivity not DNS.
From your example, I can see, that both of your supposed "nameservers" are in fact the same server, as the one they are resolving. So I strongly assume, this "name server" is not authoritative, which means, no other name server in the hierarchy cares for the information it has. Did you think, you can just setup a nameserver and it would be queried for the domain, you told it?
You can easily check for the primary name server, with:
dig +short SOA domain.com
Or for all authoritative name servers with:
dig +short NS domain.com
whois also gives you this information.
Usually your provider gives you some interface to the resource records pertaining to your domain and updates the authoritative name servers accordingly, so you should probably look for this first.
You can then check, if everything with your changes is ok, with many online tools, for example this:
http://viewdns.info/dnsreport/
I've accomplished the following easily on a unix system, but I don't manage to get the same configured on a MS Windows server:
subdomain.example.org is a zone, so that I can setup child hostnames like host.subdomain.example.org. Furthermore, subdomain.example.org is also an entry point to the subdomain and runs a webserver. For that purpose I create an A record that points to an IP address. That is, the hostname is identical with the subdomain name.
I don't seem to be able to reproduce this on the windows server. once I create the subdomain, I can't add the A record. What's the secret to getting this up and running?
When creating A records you can use the # symbol for the record name to indicate the parent record i.e. no record name. In your case this applies to subdomain zones (and beyond).
example.com = # IN A 1.2.3.4
www.example.com = www IN A 192.168.0.2
Example raw dns zone file:
$TTL 14400
$ORIGIN example.com.
# 1D IN SOA ns1.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
IN NS ns1.example.com. ; in the domain
IN NS ns2.smokeyjoe.com. ; external to domain
IN MX 10 mail.another.com. ; external mail provider
# IN A 1.2.3.4 ; root record here would be value for example.com
ns1 IN A 192.168.0.1 ;name server definition
www IN A 192.168.0.2 ;web server definition
ftp IN CNAME www.example.com. ;ftp server definition
bill IN A 192.168.0.3
fred IN A 192.168.0.4
Here is the main problem:
dig maktabkhooneh.info +trace
works perfectly fine and returns the right answer.
dig maktabkhooneh.info
(without +trace) returns:
; <<>> DiG 9.8.1-P1 <<>> maktabkhooneh.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
What could be the reason? I was reading this. Is it the only possible reason that I changed domain data 12hrs ago? Isn't there any other possible reason for SERVFAIL?
extra info:
I have two BIND servers working on 168.144.251.73 (master) and 168.144.92.50 (slave).
and on the master I have:
$TTL 300
maktabkhooneh.info. IN SOA ns1.maktabkhooneh.info.
admin.maktabkhooneh.info. (
2012060201 ; Serial
86400 ; Refresh
7200 ; Retry
3600000 ; Expire
300 ) ; Minimum
maktabkhooneh.info. IN A 168.144.97.83
maktabkhooneh.info. IN NS ns1.maktabkhooneh.info.
maktabkhooneh.info. IN NS ns2.maktabkhooneh.info.
ns1 IN A 168.144.251.73
ns2 IN A 168.144.92.50
www IN CNAME maktabkhooneh.info.
dig +trace follows the whole chain from the beginning - it queries root servers, then .info servers then your namservers. Thus it avoids any caching resolvers, and also avoids propagation issues.
dig +notrace (the default) queries your default DNS resolver (on Linux, whatever specified in /etc/resolv.conf).
There's some problem with that resolver - maybe it's misconfigured, maybe it has old data in its caches, maybe it can not reach your authoritative nameservers, etc.
In my case was a problem related to /etc/named.conf file. I could resolve this with the previous answer from Sandman and googling the way to fix a corrupted named.conf in cpanel. I had to access to shell console and type the following commands:
for backup the file
mv /etc/named.conf /etc/named.conf.bak
for rebuild the file
/usr/local/cpanel/scripts/rebuilddnsconfig
for restart the named service
/etc/init.d/named restart
ref: https://www.web24.com.au/tutorials/named-conf-fix-corrupted-named-conf-cpanel
My server is a Ubuntu, and I have installed webmin/virtualmin and I´m trying to create my NSRecord ns1 and ns2.
I run this command:
dig #localhost mydomain.info
; DiG 9.7.3 #localhost mydomain.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; HEADER opcode: QUERY, status: NOERROR, id: 64570
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.info. IN A
;; ANSWER SECTION:
mydomain.info. 38400 IN A 10.28.166.120
;; AUTHORITY SECTION:
mydomain.info. 38400 IN NS ns1.mydomain.info.
;; ADDITIONAL SECTION:
ns1.mydomain.info. 38400 IN A 10.28.166.120
But 10.28.166.120 it´s my local IP, I try to find any information on /var/log/syslog about Bind and I didn´t see anything.
In Firewall I configured the ports like this:
Incoming open ports:
TCP/53
UDP/53
Outgoing open ports:
TCP/53
UDP/53
TCP/1024-65535
UDP/1024-65535
So, know I put my complete dns record:
$ttl 38400
# IN SOA ns1.mydomain.info. root.ns1.mydomain.info. (
1342267814
10800
3600
604800
38400 )
# IN NS ns1.mydomain.info.
mydomain.info. IN A 10.28.166.120
www.mydomain.info. IN A 10.28.166.120
ftp.mydomain.info. IN A 10.28.166.120
m.mydomain.info. IN A 10.28.166.120
ns1.mydomain.info. IN A 999.999.999.999
localhost.mydomain.info. IN A 127.0.0.1
webmail.mydomain.info. IN A 10.28.166.120
admin.mydomain.info. IN A 10.28.166.120
mydomain.info. IN TXT "v=spf1 a mx a:mydomain.info ip4:10.28.166.120 ?all"
999.999.999.999 = my external IP
I´m tried post some questions like this and anyone help on other forums. If anyone don´t undestand something I will try to explain.
Thank´s.
BIND runs as named, so that is what you should look for in the logs. (Though nothing is actually wrong with this setup, so I doubt there would be anything in the logs).
I'm not sure how you've set up the records in your zone, but each NS record points to an A record. The NS record looks fine, but the A record is wrong. The other NS record and/or its corresponding A record are missing. You will have to change the A record for ns1.mydomain.info. to your external address. There is no simple way to use both an internal and external IP for a single machine (for a complicated way, see split-horizon views).
Okay, at the moment i have my domain's host file which was generated by the Webmin control panel. I have a box to myself with several IPs and i want to make use of more than one. I don't fully understand everything to do with host files but I know enough to get by.
Can anyone suggest how i would go about changing the below host file to make my two name servers and mail server have their own IPs and then my domains and sub domains share another?
$ttl 120
# IN SOA ns1.example.com. webmaster.example.com. (
1283718781
1D
120
7D
120 )
example.com. IN NS ns1.example.com.
example.com. IN A 192.168.0.1
www.example.com. IN A 192.168.0.1
ftp.example.com. IN A 192.168.0.1
m.example.com. IN A 192.168.0.1
localhost.example.com. IN A 127.0.0.1
webmail.example.com. IN A 192.168.0.1
admin.example.com. IN A 192.168.0.1
mail.example.com. IN A 192.168.0.1
example.com. IN MX 5 mail.example.com.
example.com. IN NS ns2.example.com.
[edit]
Just to add, can you also suggest any improvements because at present initial loading of the website is slow, i did a dns test from an online tool and resolving was taking a long while. After the first page load the site's home page then loads in less than 2 seconds, presumably because stuff has been cached after the first load.
please and thanks in advance for any help.
I'm not sure if I understood your question but I would use following zone file for example.com domain:
$ttl 120
# IN SOA ns1.example.com. webmaster.example.com. (
2010091401 ; Serial format YYYYmmddXX where XX is 01-99
1D
120
7D
120 )
IN NS ns1.example.com.
IN NS ns2.example.com.
IN MX 5 mail.example.com.
IN A 192.168.0.1
ns1 IN A 192.168.xxx.xxx ; ns1 ip
ns2 IN A 192.168.xxx.xxx ; ns2 ip
www IN A 192.168.0.1
ftp IN A 192.168.0.1
m IN A 192.168.0.1
webmail IN A 192.168.0.1
admin IN A 192.168.0.1
mail IN A 192.168.0.1
localhost IN A 127.0.0.1