| View previous topic :: View next topic |
| Author |
Message |
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
 Posted: Wed Oct 27, 2004 12:25 pm Post subject: BIND don't want to answer |
 |
|
Hi i trie everything but the sver keep silence.
Situation:
I got a server running gentoo. This server got samba, ftp, dns, web, mail. This is on a simple network in the 192.168.0.0 range. I also got an other server for internet: firewall web caching and DHCP : a smoothwall ditro.
Here is my machine:
NT4 domain controler: master (PDC)
domain name: projet.qc.ca
server: gentoo
name: poney.projet.qc.ca
ip: 192.168.0.2
server: smoothwall
name: gate.projet.qc.ca
ip : 192.168.0.1
The problem is: my dns don't answer, it just mirror me the question.
here is the config:
named.conf:
| Code: | options {
directory "/var/bind";
// uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) :
//forward first;
//forwarders {
// 192.219.64.2;
// 123.123.123.123;
//};
//listen-on-v6 { none; };
//listen-on { 127.0.0.1;192.168.0.2;};
// to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "projet.qc.ca"{
type master;
file "named.ca.qc.projet";
};
zone "0.168.192.in-addr.arpa"{
type master;
file "revp.192.168.0";
};
|
named.ca.qc.projet
| Code: |
;$ORIGIN projet.qc.ca.
;$TTL 1D
@ IN SOA poney.projet.qc.ca. hostmaster.projet.qc.ca. (
2004101801 ; serial
8H ; refresh
4H ; entry
4W ; expire
1D ; minimum
)
IN NS poney.projet.qc.ca.
IN MX poney.projet.qc.ca.
www IN CNAME poney
mail IN CNAME poney
ftp IN CNAME poney
localhost IN A 127.0.0.1
gate IN A 192.168.0.1
poney IN A 192.168.0.2
|
revp.192.168.0
| Code: |
;$ORIGIN 0.168.192.in-addr.arpa.
;$TTL 1D
@ IN SOA poney.projet.qc.ca. hostmaster.projet.qc.ca.(
2004101801 ; serial
28800 ; refresh
14400 ; retry
2419200 ; expire
866400 ; minimum
)
IN NS poney.projet.qc.ca.
//chiffre dans l'Adresse 192.168.0.*
1 IN PTR gate.projet.qc.ca.
2 IN PTR poney.projet.qc.ca.
|
127.zone
| Code: |
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA poney.projet.qc.ca. root.poney.projet.qc.ca. (
2002081601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS poney.projet.qc.ca.
* 1D IN PTR localhost.
|
localhost.zone
| Code: |
$TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2002081601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns
localhost. IN A 127.0.0.1
|
Last edited by gabio on Wed Oct 27, 2004 1:55 pm; edited 1 time in total |
|
| Back to top |
|
 |
kashani
Veteran
Joined: 02 Sep 2002
Posts: 2022
Location: San Francisco
|
| Posted: Wed Oct 27, 2004 1:26 pm Post subject: |
|
|
Two questions.
1. Are you allowing incoming and outgoing DNS from the server? look for tcp/udp port 53
2. Is bind running on the external interface? netstat -ptln should show you which IP's it's bound to.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Wed Oct 27, 2004 1:54 pm Post subject: |
|
|
Yes everything is ok. Bind is set to listen on all interface.
And hrm ok It does respond in fact. sorry. my mistake: the anser is:
| Code: |
poney@root# dig @192.168.0.2 poney.projet.qc.ca
; <<>> DiG 9.2.4rc5 <<>> @192.168.0.2 poney.projet.qc.ca
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63341
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;poney.projet.qc.ca. IN A
;; Query time: 3 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Wed Oct 27 14:47:30 2004
;; MSG SIZE rcvd: 36
|
|
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Thu Oct 28, 2004 7:39 am Post subject: |
|
|
this is the DNS addresses my clients is having:
192.168.0.2
192.219.64.2 |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1314
Location: Manchester, UK
|
| Posted: Thu Oct 28, 2004 7:51 am Post subject: |
|
|
the bind log is usually pretty helpful in finding first time errors. What does it say when bind starts up?
Also where are your config files? are the zone files in /var/bind and /var/bind/pri like you have indicated?
Do you have a named.ca file with the root hint servers? |
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Thu Oct 28, 2004 9:31 am Post subject: |
|
|
| nobspangle wrote: | the bind log is usually pretty helpful in finding first time errors. What does it say when bind starts up?
Also where are your config files? are the zone files in /var/bind and /var/bind/pri like you have indicated?
Do you have a named.ca file with the root hint servers? |
there is no log in /var/log or i don't know at all where the logs is in bind9
Yes all the file is at the right place.
I did a named-checkconf : all ok. I did a named-checkzone and it says:
| Code: |
zone /var/bind/named.ca.qc.projet/IN: loading master file projet.qc.ca: file not found.
|
so why does it ask for a directory? does bind9 work with directory hierarchy to build the zone? cause all the doc i readed was just creating a file for the zone, not a directory with sub file. |
|
| Back to top |
|
|
kashani
Veteran
Joined: 02 Sep 2002
Posts: 2022
Location: San Francisco
|
| Posted: Thu Oct 28, 2004 9:55 am Post subject: |
|
|
I've been meaning to post this for awhile. Let's call it Kashani's Ultimate Bind Logging Config. This will do several things, namely keep a bunch of nonsense out of /var/log/messages, splits things up so you can find different logs easily, and auto rotates each log at 5MB, 5m, and keep three logs around, versions 3.
1. mkdir /var/log/named
2. chown named: /var/log/named/
3. Add the following to your /etc/bind/named.conf after the ending }; for the options part.
| Code: |
logging {
channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
|
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Thu Oct 28, 2004 12:19 pm Post subject: |
|
|
I added your config to named.conf.
not log file were created.
i modified my zone files to try some other syntax. Is there standard syntax in bind? everyone seem to write it differently. I'm all lost.
now it don't start. I think the problem is somewhere else. whene i do restart i got [!!] and an error: named already started. It don't answer anymore (timeout) and it's not listed in netstats since I have installed qmail following this guide: http://www.gentoo.org/doc/en/qmail-howto.xml
it was at least mirroring the question before.
here is the name info on the server:
dnsdomainname: projet.qc.ca
hostname: poney
resolv.conf: nameserver 192.168.0.2
named.ca.qc.projet
| Code: |
$TTL 1D
projet.qc.ca IN SOA poney. hostmaster.projet.qc.ca.
(
2004102801 ; serial
8H ; refresh
4H ; entry
4W ; expire
1D ; minimum
)
projet.qc.ca. IN NS poney.
projet.qc.ca. IN MX poney.
www IN CNAME poney
mail IN CNAME poney
ftp IN CNAME poney
localhost IN A 127.0.0.1
gate IN A 192.168.0.1
poney IN A 192.168.0.2
|
revp.0.168.192
| Code: |
$TTL 1D
0.168.192.in-addr.arpa. IN SOA poney. hostmaster.projet.qc.ca. (
2004102801 ; serial
28800 ; refresh
14400 ; retry
2419200 ; expire
866400 ; minimum
)
1.168.192.in-addr.arpa. IN NS poney.
1.0.168.192.in-addr.arpa. IN PTR gate.
2.0.168.192.in-addr.arpa. IN PTR poney.
|
|
|
| Back to top |
|
|
kashani
Veteran
Joined: 02 Sep 2002
Posts: 2022
Location: San Francisco
|
| Posted: Thu Oct 28, 2004 1:21 pm Post subject: |
|
|
Bind might have crashed at some point. Try this to make sure it's not running at all.
/etc/init.d/named stop
/etc/init.d/named zap
Now run this command to check your config
named-checkconf
Now run this to check each of your zones
named-checkzone zonename /path/to/filename
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Thu Oct 28, 2004 1:49 pm Post subject: |
|
|
ok everythink back to normal. server is starting as before. and listning on the interfaces. Just a reboot got it working. Working more on file syntax: i got the arpa to work. now i get an answer when i do "dig -x 192.168.0.2" which give "poney.". Isn't supposed to return poney.projet.qc.ca?
i runned checkconf. it's perefectly clean. however checkzone give lot of error. How can i fix that? This sort of config was work perfectly clean on other machine.
like where do i only write the name and where do i write de name.domain? where do i put a "." at the end?
checkzone result:
zone projet.qc.ca
| Code: | dns_rdata_fromtext: /var/bind/named.ca.qc.projet:2: near eol: unexpected end of input
dns_master_load: /var/bind/named.ca.qc.projet:4: unknown RR type '4H'
dns_rdata_fromtext: /var/bind/named.ca.qc.projet:11: near 'poney.': not a valid number
zone projet.qc.ca/IN: loading master file /var/bind/named.ca.qc.projet: unexpected end of input
|
zone 0.168.192.in-addr.arpa.
| Code: | dns_rdata_fromtext: /var/bind/revp.192.168.0:2: near eol: unexpected end of input
dns_master_load: /var/bind/revp.192.168.0:3: ignoring out-of-zone data (hostmaster.projet.qc.ca)
dns_master_load: /var/bind/revp.192.168.0:3: unknown RR type '28800'
zone 0.168.192.in-addr.arpa/IN: loading master file /var/bind/revp.192.168.0: unexpected end of input
|
ho and the log finally showed something. thanks to your little modif. it's cleanner to see.
general.log:
| Code: | Oct 28 10:32:09.495 zone 127.in-addr.arpa/IN: loaded serial 2002081601
Oct 28 10:32:09.495 dns_rdata_fromtext: revp.192.168.0:2: near eol: unexpected end of input
Oct 28 10:32:09.496 zone 0.168.192.in-addr.arpa/IN: loading master file revp.192.168.0: unexpected end of input
Oct 28 10:32:09.496 dns_rdata_fromtext: named.ca.qc.projet:2: near eol: unexpected end of input
Oct 28 10:32:09.496 zone projet.qc.ca/IN: loading master file named.ca.qc.projet: unexpected end of input
Oct 28 10:32:09.497 zone localhost/IN: loaded serial 2002081601
Oct 28 10:32:09.497 running
|
|
|
| Back to top |
|
|
pakman
Tux's lil' helper
Joined: 06 Jan 2004
Posts: 100
|
| Posted: Thu Oct 28, 2004 2:05 pm Post subject: |
|
|
| gabio wrote: | now i get an answer when i do "dig -x 192.168.0.2" which give "poney.". Isn't supposed to return poney.projet.qc.ca?
i runned checkconf. it's perefectly clean. however checkzone give lot of error. How can i fix that? This sort of config was work perfectly clean on other machine.
like where do i only write the name and where do i write de name.domain? where do i put a "." at the end?
|
Put a . on the end and put the full hostname in the reverse zonefile, revp.0.168.192. BIND just returns whatever is in that file, it doesn't even have to be a valid DNS name (although invalid characters will probably make it choke) so you need to put the full FQDN.
You might get rid of some errors by specifying the TTL in the SOA line like you do in the 127.zone file. BIND 9 onwards expect either to have the TTL here or a TTL in with every record (which you don't have).
| Code: |
@ 1D IN SOA poney.projet.qc.ca. root.poney.projet.qc.ca. (
|
Hope this helps! |
|
| Back to top |
|
|
gabio
n00b
Joined: 27 Oct 2004
Posts: 27
|
| Posted: Thu Oct 28, 2004 2:27 pm Post subject: |
|
|
Yes.
Now the only error remaning:
unexpected end of input
What does this mean. |
|
| Back to top |
|
|
pakman
Tux's lil' helper
Joined: 06 Jan 2004
Posts: 100
|
| Posted: Fri Oct 29, 2004 12:42 pm Post subject: |
|
|
Possible reason:
IN MX poney.projet.qc.ca.
The MX records need a priority number, so if you have several then it puts them in order of which should be tried first. Try changing that line to:
IN MX 10 poney.projet.qc.ca.
If that doesn't fix it can you post the entire zone-file the error is about. |
|
| Back to top |
|
|
|
Networking & Security
