Re: need help with BIND9
- From: cls@xxxxxxxxxxxxxxxxx
- Date: Wed, 14 Nov 2007 18:11:44 -0800
[This message has also been posted to linux.debian.user.]
In article <9pA01-5DJ-11@xxxxxxxxxxxxxxxx>, lists@xxxxxxxxxxxx wrote:
Michael Shuler wrote:
On 11/14/2007 02:53 AM, lists@xxxxxxxxxxxx wrote:
I need help setting up nameservers for my own domain. The IPs and
domains have been changed for privacy ;-)
..which makes it difficult to properly troubleshoot.
$TTL 1h
@ SOA ns1.mydomain.com. root.mydomain.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.mydomain.com.
MX mail.mydomain.com.
First of all, that is really dumb. Don't use name servers
with the same second level domain as the one they are
authoritative for. If you only have one domain in the
whole world, let your registrar do your name service
for you. Or use a service like zoneedit.com or dyndns.org.
(But stay away from granitecanyon.com. It's been on
autopilot for years and years. It's owners just don't
have time for it.)
If you are going to host authoritative DNS for mydomain.com. on a name
server host under the same domain, for example ns1.mydomain.com., then
you need to seed the process of finding your authoritative name server
via a glue A record at your domain registrar - this A record for
ns1.mydomain.com. gets pushed up to the com. TLD servers, so that
recursive resolvers around the Internet can find the correct name server
to ask, "where is mydomain.com.".
Right, and with most registrars, especially low-ballers
like Tucows/OpenSRS, it's not obvious how to do that, and
they don't do it automatically. And with non-accredited
resellers, it's even harder. You're at Register4less,
apparently a Tucows customer. Guess what, your registrar
isn't listed in
http://www.icann.org/registrars/accredited-list.html
Well-run registrars will have a separate form for
registering a hostname. That's the "glue record"
you're looking for. Unfortunately it pretty much never
says "glue record" on the form. Which brings us back
to don't put your name servers in their own domain.
Thanks for the reply! I've investigated this at my domain registrar,
and ns1.mydomain.com did get pushed to the .com TLD servers (or root
servers)
Apparently so. One of them, anyway. This is b.gtld-servers.net,
chosen at random.
$ dig @192.33.14.30 NS1.CD-EXPRESS.COM a
;; ANSWER SECTION:
NS1.CD-EXPRESS.COM. 172800 IN A 208.127.75.221
;; AUTHORITY SECTION:
CD-EXPRESS.COM. 172800 IN NS NS1.CD-EXPRESS.COM.
172800 is two days.
My domain registrar said that I need a primary and secondary server
assigned,
Well, there is not really any such thing as primary and secondary.
They're all the same. But you're supposed to have at least
two of them.
so I created NS2.CD-EXPRESS.COM to point to the same IP
208.127.75.221
Spammers do that a lot. Your two name servers are supposed to
be on two independent networks.
my bind settings is as follows (I've removed comments with a "//"):[as shipped]
********************** NAMED.CONF start
***********************************************************
include "/etc/bind/named.conf.options";
**********************NAMED.CONF.OPTIONS[as shipped]
*****************************NAMED.CONF.LOCAL start
*************************************************
//
// Do any local configuration here
zone "cd-express.com" {
type master;
file "/etc/bind/cd-express.db";
};
Okay.
zone "15.15.15.in-addr.arpa" {
type master;
file "/etc/bind/15.15.15.rev";
};
What the heck is that? Are you in charge of
reverse DNS for 15.15.15.0/24? I think Hewlett
Packard would disagree.
*****************************NAMED.CONF.LOCAL end
*************************************************
***************************** CD-EXPRESS.DB start
*************************************************
; BIND data file for cd-express.db
; /var/named/cd-express.db
;
$TTL 1h
@ SOA ns1.cd-express.com. root.cd-express.com. (
2007110805; Serial (date + two digit serial)
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
86400 ; Expire (1 day)
60 ) ; Default TTL 1 min
NS ns1.cd-express.com.
MX mail.cd-express.com.
A 208.127.75.221
You might get away with those a/ns/mx records.
The white space in column 1 implies the zone that
was mentioned in the zone statement in the conf file.
But it would be more readable if you used an @
sign there. I'm not sure if you can get away with
omitting the class (INternet) value, either.
Try it this way:
@ IN NS ns1.cd-express.com.
@ IN A 208.127.75.221
@ IN MX 5 mail.cd-express.com.
Notice that the NS and MX records use names which
I'll give A records to below.
ns1 A 208.127.75.221
That line makes no sense. You're saying there
is an A record for cd-express.com, of class "ns1"
(which doesn't exist), and its value is "ns1.cd-express.com."
And your MX record was missing its priority number.
Since you only have one, it doesn't matter what
the number is, but it should be there.
Do it the way I showed it.
mail A 208.127.75.221
www A 208.127.75.221
I'm going to guess here that you are giving addresses
to the hostnames ns1.cd-express.com, mail.cd-express.com,
and www.cd-express.com. It didn't work because
of the white space at the beginning of the line,
and maybe the missing class name. You could use a wild
card, but for readability do it this way:
ns1 IN A 208.127.75.221
mail IN A 208.127.75.221
www IN A 208.127.75.221
***************************** 15.15.15.REV start
*************************************************
: BIND reverse data file for 15.15.15.0
: /etc/bind/15.15.15.db
:
@ IN SOA cd-express.com. root.cd-express.com. (
You might be authoritative for cd-express.com, but
you are not authoritative for 15.15.15.in-addr.arpa.
That privilege belongs to Hewlett Packard.
So there is no point in you trying to define
PTR records there. The guy at HP might write
something like
15.in-addr.arpa IN SOA charon.core.hp.com. hostmaster.hp.com. (
1010272
7200
3600
604800
600
);
to cover all of 15.0.0.0/8.
And then he would write a bunch of PTR records.
IN NS ns1.cd-express.com.
10 IN PTR www.cd-express.com.
20 IN PTR dns.cd-express.com.
30 IN PTR mail.mycompany.com.
You don't get to do that. The only PTR
record you might want in *your* DNS is
1.0.0.127.in-addr.arpa. IN PTR localhost.cd-express.com.
in which case you should have
localhost IN A 127.0.0.1
in your cd-express.com.db file. That might be useful for
readability in your Postfix main.cf file or something.
But the only zones you get to write PTR records
for are 127.in-addr.arpa., 168.192.in-addr.arpa.,
10.in-addr.arpa., and that one that starts with 172.
You could to that for practice on your home LAN.
Or you could get away without it by just putting the
names you need in /etc/hosts
There is already a PTR record for your public IP address.
$ dig 221.75.127.208.in-addr.arpa. ptr
;; ANSWER SECTION:
221.75.127.208.in-addr.arpa. 86259 IN PTR netblock-208-127-75-221.dslextreme.com.
So you have to call customer service at DSL Extreme,
and say hey thanks for the static IP address,
can I have a PTR record with my domain name in it?
Ask for mail.cd-express.com. That way when your
mail server connects to mine, its hostname will
match its PTR and I'll accept the message.
DSL Extreme will charge you twenty bucks, once.
It keeps the riff raff away.
I'll be happy to get ANY HELP. Thanks a lot!
Whoever told you you could just define PTR names in
the middle of Hewlett Packard's ARIN allocation was
way off! You'd better figure out where that came
from and find a way to prevent further nonsense
from there from polluting your brain.
No doubt there are great DNS tutorials on the Web
someplace. Try Ora.com or About.com.
I learned this stuff from "the cricket book,"
_DNS and BIND_ by Albitz and Liu.
Finally, your name server is responding, but it
does not know what to do because it didn't load
your broken zone file properly.
$ host www.cd-express.com 208.127.75.221
Using domain server:
Name: 208.127.75.221
Address: 208.127.75.221#53
Aliases:
Host www.cd-express.com not found: 2(SERVFAIL)
Open a terminal window (such as xterm) and do this:
tail -f /var/log/daemon.log
and leave it running. Then get another terminal,
and be root, and go
/etc/init.d/bind9 stop
sleep 5
/etc/init.d/bind9 start
and watch the messages in the log. BIND9 is pretty
good about telling you what is wrong.
Incidently, "host" is in the Debian package bind9-host
and "dig" is in dnsutils. You should print and read their
manpages. Here, have a nice looking PDF file.
apt-get install groff gs-esp gsfonts
whereis host
zcat /usr/share/man/man1/host.1.gz | groff -Tps -mandoc - | \
gs -sDEVICE=pdfwrite -sOutputFile=host.1.pdf -dBATCH -dNOPAUSE -
Cameron
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Prev by Date: What is the debian way to configure raw device?
- Next by Date: ftp.debian.org
- Previous by thread: Re: need help with BIND9
- Next by thread: Squid with Dansguardian problem.
- Index(es):
Relevant Pages
|
