I'm running bind 9 in a CentOS 6.3 machine and trying do setup and internal DNS server.
I'm really new to this and need to set this up for my company, the guy responsible for this just quited and I'm my own for a while. Thanks in advance.
I've tried a few tutorials and so far this is what I have:
named.conf file
options {
listen-on port 53 { 127.0.0.1; 192.168.0.24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "local.logits.me" IN {
type master;
file "fwd.local.logits.me";
allow-update {none;};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "rev.local.logits.me";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
fwd.local.logits.me file
$TTL 86400
# IN SOA web.local.logits.me. root.local.logits.me. (
2013102113 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum Time to Lie (TTL)
)
# IN NS web.local.logits.me.
# IN A 192.168.0.24
web IN A 192.168.0.24
rev.local.logits.me file
$TTL 86400
# IN SOA web.local.logits.me. root.local.logits.me. (
2013102113 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum time to live (TTL)
)
# IN NS web.local.logits.me.
# IN PTR local.logits.me.
web IN A 192.168.0.24
24 IN PTR web.local.logits.me.
And this is what I get when I try nslookup
[root#localhost ~]# nslookup local.logits.me
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find local.logits.me: NXDOMAIN
[root#localhost ~]# nslookup web.local.logits.me
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find web.local.logits.me: NXDOMAIN
[root#localhost ~]# nslookup 192.168.0.24
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find 24.0.168.192.in-addr.arpa.: NXDOMAIN
What is wrong?
I figured it out. Someone (either me or the guy before me) put the files on the wrong folder.
So I was editing files on '/' instead of the named root path given in '/etc/sysconfig/named'.
The root path is '/var/named/chroot', so I moved the config files there and everything works fine.
Related
I have a linux machine with a WiFi Hotspot assigning IP's in the 172.30.108.0/24 network.
I have bind 9 installed.
my named.conf only includes "include "/etc/bind/named.conf.local";", everything else is disabled.
My named.conf.local has:
options {
listen-on port 53 { 0.0.0.0; };
listen-on-v6 port 53 { ::1; };
directory "/var/cache/bind";
allow-query { localhost; };
recursion yes;
querylog yes;
};
acl clients {
172.30.108.0/24;
};
view "internal-view" {
match-clients { internal; };
allow-query { internal; };
allow-query-cache { internal; };
zone "limit.com." {
type master;
file "/etc/bind/db.limit.com";
};
# Mapping: Everything else to 127.0.0.1
zone "." {
type master;
file "/etc/bind/db.mapping";
};
};
view "external-view" {
match-clients { any; };
allow-query { any; };
allow-recursion { any; };
allow-query-cache { any; };
zone "wiincon.de." {
type master;
file "/etc/bind/db.limit.com";
};
include "/etc/bind/named.conf.default-zones";
};
My db.limit.com:
; BIND reverse data file for broadcast zone
;
$TTL 180
# IN SOA localhost. root.localhost. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS localhost.
# IN A 192.168.5.5
www IN A 192.168.5.5
and finally my db.mapping:
; BIND reverse data file for broadcast zone
;
$TTL 3600
# IN SOA localhost. root.localhost. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS localhost.
* IN A 127.0.0.1
My problem is now: the clients in 172.30.108.0/24 can query anything BUT www.limit.com
Actually: Clients from 172.30.108.0/24 should be able to resolve limit.com and www.limit.com, everything else should respond with 127.0.0.1.
When doing a nslookup I get
Non-authoraive answer:
*** can't find limit.com: no answer
I'm sure I'm missing something very obvious here. Any help is highly appreciated.
Found it. The problem was that the "SYSTEM" itself had 8.8.8.8 as the name server, hence bypassing everything local.
I'm trying to setup a DNS Server using Debian but I keep getting errors when I do nslookup like SERVFAIL or REFUSED.
I want to use 3 virtual machines (VM1, VM2 and VM3) and call them that by those names in the DNS Server, I'm using VMWare Workstation 11.
Here is my configuration:
named.conf.options
options {
directory "/var/cache/bind";
additional-from-auth no;
additional-from-cache no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
192.168.207.2;
192.168.207.133;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation yes;
allow-recursion{127.0.0.1;};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
zone "linux.local"{
type master;
file "etc/bind/db.linux.local";
};
zone "207.168.192-in-addr.arpa"{
type master;
file "etc/bind/db.207.168.192";
};
db.linux.local
;
; SOA
;
$TTL 1h
# IN SOA vm1.linux.local. root.linux.local. (
1 ; Serial number (YYYYMMDDnn)
1h ; Slave refresh
15m ; Slave retry
2w ; Slave expire
1h ; Cache TTL
)
;
; NS RECORDS
;
# IN NS vm1.linux.local.
;
; A RECORDS
;
linux.local. IN A 192.168.207.133
# IN A 192.168.207.133
vm1 IN A 192.168.207.133
vm3 IN A 192.168.207.135
vm2 IN A 192.168.207.130
vmware iN A 192.168.207.2
db.207.168.192
$TTL 1h
# IN SOA vm1.linux.local. root.linux.local. (
1;
1h;
15m;
2w;
1h;
)
IN NS vm1.linux.local.
133 IN PTR linux.local.
133 IN PTR vm1.linux.local.
135 IN PTR vm2.linux.local.
130 IN PTR vm3.linux.local.
2 IN PTR vmware.linux.local.
Here is the nslookup for VM1 and linux.local:
root#debian:/etc/bind# nslookup vm1
Server: 192.168.207.133
Address: 192.168.207.133#53
** server can't find vm1: REFUSED
root#debian:/etc/bind# nslookup linux.local
Server: 192.168.207.133
Address: 192.168.207.133#53
** server can't find linux.local.linux.local: SERVFAIL
maybe the access is limited. try edit the file named.conf, change or add options allow-query { any;};
run
rndc-confgen >> /etc/named.conf
This should fix the issue.
I've just installed Bind9 and Webmin on my VPS to manage a DNS server. Domain of the nameserver is ns1.primesystems.ch.
I created a new master zone (forward) for smartvend.ch through webmin. This works just fine, ip is resolved correctly. See configuration.
$ttl 38400
smartvend.ch. IN SOA ns1.primesystems.ch. john.doe.domain.ch. (
1399011114
10800
3600
604800
38400 )
smartvend.ch. IN NS ns1.primesystems.ch.
smartvend.ch. IN A 185.16.173.71
But when I create a new master zone for primesystems.ch (TLD of nameserver, maybe problem?) through webmin, an error occurs.
Config:
$ttl 38400
primesystems.ch. IN SOA ns1.primesystems.ch. john.doe.domain.ch. (
1399028931
10800
3600
604800
38400 )
primesystems.ch. IN NS ns1.primesystems.ch.
primesystems.ch. IN A 185.16.173.71
Error message:
The following errors were found in the records file /var/lib/bind/primesystems.ch.hosts ..
zone primesystems.ch/IN: NS 'ns1.primesystems.ch' has no address records (A or AAAA)
zone primesystems.ch/IN: not loaded due to errors.
The /etc/bin/named.conf.local looks like this:
zone "smartvend.ch" {
type master;
file "/var/lib/bind/smartvend.ch.hosts";
};
zone "primesystems.ch" {
type master;
file "/var/lib/bind/primesystems.ch.hosts";
};
So primesystems.ch can not be resolved by dig or host command - but smartvend.ch can.
So in my point of view, there must be a problem with primesystems.ch because it's also the nameserver. What i want is to route the url primesystems.ch to a webserver. Has anyone a idea?
UPDATE:
After adding 'ns1 IN A 185.16.173.70', the error disappeared. But when I run 'host primesystems.ch' no IP is returned. And 'dig primesystems.ch' returs this:
; <<>> DiG 9.8.3-P1 <<>> primesystems.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;primesystems.ch. IN A
;; AUTHORITY SECTION:
primesystems.ch. 424 IN SOA ns1.primesystems.ch. kevin\.kirn.kdsolutions.ch. 1399027394 10800 3600 604800 38400
;; Query time: 23 msec
;; SERVER: 62.2.17.61#53(62.2.17.61)
;; WHEN: Fri May 2 13:43:49 2014
;; MSG SIZE rcvd: 96
I've scoured through so many HOWTO pages on DDNS to try and fix this... I'm at a loss.
WorkstationX = CentOS 6.2 x64
ServerX = Ubuntu 12.04 LTS x64
I don't understand why it's not working... I'm literally out of ideas. I have regenerated and reconfigured everything several times.
I've made sure:
Running NTPD on both hosts, I have verified NTP is working
TZ is correct for both nodes (Hardware is UTC)
I've followed these guides:
http://linux.yyz.us/nsupdate/
http://agiletesting.blogspot.com.au/2012/03/dynamic-dns-updates-with-nsupdate-and.html
http://www.cheshirekow.com/wordpress/?p=457
https://www.erianna.com/nsupdate-dynamic-dns-updates-with-bind9
http://consultancy.edvoncken.net/index.php/HOWTO_Manage_Dynamic_DNS_with_nsupdate
http://blog.philippklaus.de/2013/01/updating-dns-entries-with-nsupdate-or-alternative-implementations-your-own-ddns/
Some of them have varying ways of generating the key, but the rest is the same... and still, when I try nsupdate - even on the server where dnssec-keygen was run (and where bind is), I get the same log entries:
Aug 14 11:20:38 vps named[31247]: 14-Aug-2013 11:20:38.032 security: error: client 127.0.0.1#29403: view public: request has invalid signature: TSIG domain2.com.au.: tsig verify failure (BADKEY)
from this nsupdate:
nsupdate -k Kdomain2.com.au.+157+35454.key
server localhost
zone domain2.com.au.
update add test.domain2.com.au. 86400 IN A 10.20.30.40
show
send
What I gather is the CORRECT generated method:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST domain2.com.au.
named.conf (IPs have been changed for privacy):
acl ipv4 { 0.0.0.0/0; };
acl ipv6 { 2000::/3; ::1; fe80::/10; fec0::/10; };
acl safehosts { 127.0.0.0/8; 3.2.2.40; 44.44.14.12; };
include "/etc/bind/rndc.key";
controls {
inet * port 953
allow { safehosts; } keys { "rndc-key"; };
};
options
{
auth-nxdomain yes;
empty-zones-enable no;
zone-statistics yes;
dnssec-enable yes;
listen-on { any; };
listen-on-v6 { any; };
directory "/etc/bind/db";
managed-keys-directory "/etc/bind/keys";
memstatistics-file "/etc/bind/data/bind.memstats";
statistics-file "/etc/bind/data/bind.qstats";
};
logging
{
## CUT ##
};
view "public"
{
recursion yes;
allow-query-cache { safehosts; };
allow-recursion { safehosts; };
zone "." IN {
type hint;
file "root.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
allow-update { none; };
allow-transfer { none; };
file "0.0.127.in-addr.arpa.zone";
};
zone "localhost" {
type master;
allow-update { none; };
allow-transfer { none; };
file "localhost.zone";
};
zone "3.2.2.in-addr.arpa" {
type master;
allow-update { none; };
allow-transfer { none; };
file "3.2.2.in-addr.arpa.zone";
};
zone "domain1.com.au" {
type master;
notify yes;
allow-update { key "rndc-key"; };
allow-transfer { key "rndc-key"; };
file "domain1.com.au.zone";
};
zone "domain2.com.au" {
type master;
notify yes;
allow-update { key "rndc-key"; };
allow-transfer { key "rndc-key"; };
file "doomain2.com.au.zone";
};
};
/etc/bind/rndc.key:
key "rndc-key" {
algorithm hmac-md5;
secret "vZwCYBx4OAOsBrbdlooUfBaQx+kwEi2eLDXdr+JMs4ykrwXKQTtDSg/jp7eHnw39IehVLMtuVECTqfOwhXBm0A==";
};
Kdomain1.com.au.+157+35454.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: vZwCYBx4OAOsBrbdlooUfBaQx+kwEi2eLDXdr+JMs4ykrwXKQTtDSg/jp7eHnw39IehVLMtuVECTqfOwhXBm0A==
Bits: AAA=
Created: 20130814144733
Publish: 20130814144733
Activate: 20130814144733
SOLUTION:
I have no idea why, but it is now working. The only things I did is the following:
# chown -R named:named /var/named
# find . -type d -exec chmod 770 {} \;
# find . -type f -exec chmod 660 {} \;
I can't understand why my dns server won't work.
i get this, when i testing with "dig"
; <<>> DiG 9.7.3 <<>> connectioon.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54973
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;connectioon.eu. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.33#53(192.168.1.33)
;; WHEN: Fri Dec 9 20:14:07 2011
;; MSG SIZE rcvd: 32
named.conf.local:
zone "connectioon.eu" {
type master;
file "/etc/bind/zones/connectioon.eu";
};
zone "21.100.91.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
I have tried with:
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
and
zone "192.168.1.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
the connectioon.eu conf file:
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA connectioon.eu. voice12345678910.hotmail.com. (
09122011180545 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS connectioon.eu.
# IN 91.100.21.28
the 192.168.1 file:
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA connectioon.eu. voice12345678910.hotmail.com. (
09122011184553 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS connectioon.eu.
28 PTR connectioon.eu.
my public ip is: 91.100.21.28 and local ip to dns: 192.168.1.33
ps. i using bind9 on ubuntu 11.04
This command :
dig connectioon.eu #91.100.21.28
shows
; <<>> DiG 9.7.3 <<>> connectioon.eu #91.100.21.28
;; global options: +cmd
;; connection timed out; no servers could be reached
Are you sure a name server is listening on port 53 (and is not restricted to local requests) ?
I assume 91.100.21.28 is where your DNS server is meant to be.
(edit: Actually a quick dig connectioon.eu +norecurse #x.nic.eu shows that the primary NS is 91.100.21.28.hostname-generic.arrownet.dk which resolves to 91.100.21.28)
PS: +1 for ziesemer's serverfault-related comment