I want to create dns server on my VPS and add a domain to it from another provider. Domain is set in provider's panel to VPS as dns1 and sdns2.ovh.net as dns2. I'm getting SERVFAIL from dig over and over again and since I'm new to this I'm out of moves. What is wrong?
my zone file for domain.com:
$TTL 604800
# IN SOA ns1.domain.com. root.ns1.domain.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS ns1.domain.com.
# IN NS ns2.domain.com.
# IN A 176.31.189.10
ns1 IN A 176.31.189.10
ns2 IN A 213.251.188.141
named-checkzone shows OK
named.conf entry:
zone "domain.com" {
type master;
file "db.domain.com";
};
named.conf.options:
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 port 53 {
any;
};
listen-on port 53 {
any;
};
};
Port 53 is allowed by firewall in/out. Bind service is active.
I'm getting dig SERVFAIL all the time.
My dns2 provider requires "ownercheck" but i cant do it since it looks like the zone file is not being read anyhow.
Please help.
problem solved
server was failing to load zone file - lack of full address
What helped in my case was to ensure that /etc/bind was actually writable by the bind user, since bind tries to place a compiled *.jnl file of the zone file there.
Also, enabling full logging helps to spot newbie errors like this easily... :)
Related
BIND9 have very good function RPZ.
You can create DNS zone (like malware) and add malicious domains in it.
DNS server in response is giving my defined IP address aka DNS Firewall
[zone file]
...
$ORIGIN com.malware.
$TTL 5 ; 5 seconds
example A 127.0.0.1
[request]
$ dig example.com +short
127.0.0.1
[log]
(example.com): rpz QNAME Local-Data rewrite example.com/A/IN via example.com.malware
I wondering, if Windows Server 2019 DNS have the same native functionality?
I read all documentation regarding DNS Policy without any luck
I am using Debian server 10 and bind9 for my DNS server network, I want very simple working with DNS server, my topology is like below:
client <-> DNS <-> voip.example.com
client IP: 172.17.106.9
client DNS primary: 172.17.106.15
client DNS secondary: 8.8.8.8
DNS IP: 172.17.106.15
voip.example.com IP: 172.17.106.12
I want to check the DNS records when each request is received from the client, and if it does not match, go to the secondary DNS stored in the client's secondary DNS(8.8.8.8)
I get this error on client cmd:
C:\Users\Farhad>nslookup voip.example.com
Server: ns1.example.com
Address: 172.17.106.15
*** ns1.example.com can't find voip.example.com: Server failed
my bind9 configuration is here:
/etc/bind/named.conf.local
zone "example.com" {
type master;
file "/etc/bind/db.example.com"; # zone file path
};
zone "17.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.17"; # 172.17.0.0/16 subnet
};
/etc/bind/named.conf.options
acl "trusted" {
172.17.106.15; # ns1
172.17.106.9; # client
172.17.106.12; # VoIP
};
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 172.17.106.15; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
forwarders {
8.8.8.8;
8.8.4.4;
};
};
/etc/bind/db.example.com
$TTL 604800
# IN SOA ns1.example.com. f.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.example.com.
; name servers - A records
ns1.example.com. IN A 172.17.106.15
; 172.16.0.0/16 - A records
voip.example.com. IN A 172.17.106.12
/etc/bind/db.172.17
$TTL 604800
# IN SOA ns1.example.com. f.example.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers
IN NS ns1.example.com.
; PTR Records
15.106 IN PTR ns1.example.com. ; 172.17.106.15
12.106 IN PTR voip.example.com. ; 172.17.106.12
now it works fine with changed db.example.com and delete ns2 record and resolve exactly IP address of voip.example.com
but my primary issue still exist:
I want to check the DNS records when each request is received from the client, and if it does not match, go to the secondary DNS stored in the client's secondary DNS(8.8.8.8)
for example some client request to reach test.com , and client have primary dns 172.17.106.15 and secondary dns 8.8.8.8
query reviced from client to my dns server 172.17.106.15, but did not go to 8.8.8.8
I have bind9 setup on my old DO droplet (Debian 7.11) and everything was working great. I decided to setup a new droplet (Debian 8.7) and configure bind9 today.
On the old Debian 7 droplet I had it configured to be authoritative name server with the following names, ns1.example.com and ns2.example.com.
I registered the example.com domainname through GoDaddy, and set it point to my external name servers ns1.example.com ns2.example.com using their web interface.
However, DNS does not appear to be working on the Debian 8.7 droplet when I tried to set it up.
named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// 107.170.40.252 <= public IP v4
zone "example.com" {
type master;
file "/etc/bind/zones/master/db.example.com";
};
zone "252.40.170.107.in-addr.arpa" {
type master;
file "/etc/bind/zones/master/db.107.170.40";
};
db.example.com
;
; BIND data file for example.com
;
$TTL 86400
# IN SOA ns1.example.com. chris.example.com. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
# IN NS ns1.example.com.
# IN NS ns2.example.com.
example.com. IN MX 10 mail.example.com.
example.com. IN A 107.170.40.252
ns1 IN A 107.170.40.252
ns2 IN A 107.170.40.252
www IN CNAME example.com.
db.107.170.40
;
; Addresses and other host information
;
$TTL 86400
# IN SOA example.local. hostmaster.example.local. (
2013090501 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000) ; Minimum
40.170.107.in-addr.arpa. IN NS dns.example.local.
252 IN PTR mail.example.local.
252 IN PTR ns1.example.local.
252 IN PTR ns2.example.local.
Any help on this matter would greatly be appreciated.
It ended up being a setting in the GoDaddy web interface.
I've tried several times to add a new domain to my server. I have the main domain working properly which I added via BIND
/etc/bind/named.conf.local for the main domain:
zone "maindomain.com" {
type master;
file "/etc/bind/zones/maindomain.com.db";
};
The domain has the following nameservers: ns1.maindomain.com and ns2.maindomain.com (self-appointed, work fine so far)
The zone configuration for this domain:
$TTL 1500
# IN SOA maindomain.com. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
# IN A 92.114.82.208
maindomain.com. IN NS ns1.maindomain.com.
ns1 IN A 92.114.82.208
ns2 IN A 92.114.82.208
ns3 IN A 92.114.82.208
Anyhow, I have not managed to add a new domain on the same server with the following configuration:
/etc/bind/named.conf.local now has:
zone "maindomain.com" {
type master;
file "/etc/bind/zones/maindomain.com.db";
};
zone "maindomain2.com" {
type master;
file "/etc/bind/zones/maindomain2.com.db";
};
maindomain2.conf zone:
$TTL 1500
# IN SOA maindomain2.com. root (
2007062703 ;serial
28800 ;refresh
3600 ;retry
604800 ;expire
38400 ) ;minimum 25 minutes
# IN A 92.114.82.208
ns IN A 92.114.82.208
ns2 IN A 92.114.82.208
Through this configuration I have appointed the NS to maindomain2.com via the NameServer edit function:
ns.maindomain2.com
ns2.maindomain2.com
Appointed them to 92.114.82.208
Having done this the domain has not linked with the server, tried several restarts, several other configurations which were not successful - the NS do not solve, the domain does not solve to DNS.
Any ideas, please?
I have an EC2 instance (Amazon AMI) on AWS and I have a purchased a domaine name on Gandi.net.
Let's imagine my domain name is "teaorcoffee.com".
On Gandi, I have set up a sub-domain name "dev" to delegate DNS to my EC2 instance. Here is the configuration in the zone file on Gandi :
dev 10800 IN NS ec2-22-222-222-22.eu-west-1.compute.amazonaws.com.
I would like to configure sub-domain of "dev.teaorcoffee.com" on my EC2 instance, like "sql.dev.teaorcoffee.com".
I am trying to do that with :
the "bind" util
the file "named.conf.local" wich is included in the file "named.conf"
and a "dev.teaorcoffee.com" zone file
but without success.
Here is the "named.conf.local" file :
zone "dev.teaorcoffee.com" IN {
type master;
file "/var/named/dev.teaorcoffee.com";
allow-update { none; };
};
Here is the "dev.teaorcoffee.com" zone file :
$TTL 60
# IN SOA master.dev.teaorcoffee.com. support.teaorcoffee.com. (
2013030300
60
60
60
38400 )
dev.teaorcoffee.com. IN NS master
master.dev.teaorcoffee.com. IN A 127.0.0.1
sql IN CNAME master
I can restart the dns without any error with the command :
sudo /etc/init.d/named restart
But when I am trying to do a nslookup on "dev.teaorcoffee.com" and its sub-domain, I get the following error :
nslookup dev.teaorcoffee.com
Server: 127.0.0.1
Address: 127.0.0.1#53
* Can't find dev.teaorcoffee.com: No answer
What can I change to make it work ?
Thanks in advance for any help.
Once you have created an A record for your subdomain poiting to your EC2 server you are good to go.
If you're going to use Apache just configure the virtual host in your apache httpd.conf http://httpd.apache.org/docs/2.2/vhosts/examples.html
If you are going to use like a mysql server, there is nothing to do.
Just make sure the port of the services you are going to use are opened in your EC2's security group.
And an advice, migrate your domain zone to route 53 - is much easier to admin.
HTH