Re: Need Help W/ DNS Server

From: Hal Vaughan (hal_at_thresholddigital.com)
Date: 02/23/05

  • Next message: John: "Re: Need Help W/ DNS Server" 
    To: debian-user@lists.debian.org
Date: Wed, 23 Feb 2005 15:21:15 -0500

    On Wednesday 23 February 2005 03:10 pm, Alan Chandler wrote:
    > On Wed, 2005-02-23 at 14:18 -0500, Hal Vaughan wrote:
    > > I REALLY need some help with setting up a DNS server on Mepis. I've been
    > > working hard on this since Monday, I'm short on sleep, so I really feel
    > > like I'm not thinking clearly, but I need to get this (and NIS, which is
    > > fubar, too) working as quickly as possible, so I'd really appreciate help
    > > with this (since nobody on the Mepis IRC channels or forums seems to know
    > > what to do). I've tried other mailing lists, but I'm not getting any
    > > suggestions. Please don't hesitate to tell me if I'm missing the obvious,
    > > since, at this point, my brain feels like it's mud.
    > >
    > > I've been using the Debian reference manuals online, but even when I
    > > follow their instructions, it doesn't seem to be enough. I tried using
    > > Webmin to set this up, figuring that would ensure the config files were
    > > in proper shape, but it didn't help.
    > >
    > > I think there are several issues. The first is that everytime I try to
    > > start the dns with /etc/init.d/bind9, I get this:
    > >
    > > Stopping domain name service: namedrndc: connect failed: connection
    > > refused .
    > > Starting domain name service: namednamed: capset failed: Operation not
    > > permitted
    > > named: capset failed: Operation not permitted
    >
    > Its a bit difficult for me to answer you directly because I use the more
    > standard debian setup. However at least the first error message is
    > related to where it is looking for a key.
    >
    > You should have a file called rdnc.key inside /etc/bind directory. I
    > must admit I am a bit puzzled as what calls things to look in this
    > directory for it, but this is also where the named.conf file resides, so
    > it could just be related to that.

    I saw references to a key here and there, but the docs I looked at never
    mentioned it. So I guess that means a key is necessary, right? So I'll read
    up on that. It's been a few years since I set up a DNS, but I didn't
    remember ever dealing with a key.

    > > .
    > >
    > > I found a reference that capset is a module I can install in the kernel
    > > (Mepis is using 2.6.7). I'd rather not have to recompile the kernel, but
    > > I don't see the source on the install (I can't remember the directory,
    > > but I thought it was in /var/libs somewhere), and other than just running
    > > insmod, I can't remember how to get capset installed. (Note: I have not
    > > always been getting the error about capset.)
    >
    > Don't know the answer to the above - I haven't done anything special, I
    > am using a standard debian kernel, and I am not aware of the capset
    > module.

    What version of bind are you using?

    > > I used nslint and it thinks everything is okay. I run dnswalk, and I get
    > > the following:
    > >
    > > Checking thresh.loc.
    > > BAD: SOA record not found for thresh.loc.
    > > BAD: thresh.loc. has NO authoritative nameservers!
    > > BAD: All zone transfer attempts of thresh.loc. failed!
    > > 0 failures, 0 warnings, 3 errors.
    > >
    > > While all the Debian docs say the config is in /etc/named.conf, I've
    > > found /etc/init.d/bind9 references /etc/bind/named.conf, so I'm keeping
    > > both files the same. I have the zone files stored in /var/named.
    >
    > This, I think is the issue. All of my zone files are in /etc/bind, and
    > I do have a directory statement in the options section of
    > named.conf.options (debian splits named.conf into lots of smaller
    > files), but this is pointing at /var/cache/bind. I think there is bind
    > caches answers from othere nameservers, NOT where it looks for your zone
    > files.

    So it would be a good idea to change ALL the files to go in /etc/bind, right?

    > Should also note that in my named.conf file (the standard zones) and
    > named.conf.local (zones I am controlling from my nameserver) are
    > referenced by the full path , e.g.
    >
    > zone "localhost" {
    > type master;
    > file "/etc/bind/db.local";
    > };

    Okay, that's an easy change to make. I am so burned out I can barely follow
    what you're saying, so I'll make these changes after a nap.

    Thanks!

    Hal 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: John: "Re: Need Help W/ DNS Server"

    Relevant Pages

    • RE: pop wont authenticate my password
      ... >>Thanks so much, Rodolfo. ... I'll be happy to set up mccorduck.ws on my DNS server for testing ... the _Red Hat Linux Reference Guide_ answered that question, ... I also discovered that I apparently don't have BIND on my machine since ...
      (RedHat)
    • Re: pop wont authenticate my password
      ... I had kept the reference to your excellent site ... >> to it if I couldn't get everything working first by doing what Ben had ... > the angle that you want to install your own DNS server (or, ... I'll be happy to test-drive the zone myself if you like. ...
      (RedHat)
    • Re: Disconnected AD.
      ... each namespace on the same DNS server or with the use of forwarding. ... you mention domain.net is the root, ... the info for the root that domain.com MUST have reference to. ... course assuming you already know this and there are no outsiders in your ...
      (microsoft.public.win2000.active_directory)
    • RE: Question on FreeBSD name resolution
      ... which is my DNS server. ... and for reference nsswitch.conf has: ... > required information to be able to resolve ip addresses with FQDNs and ...
      (freebsd-questions)
    Loading