Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Updated Bind. Domain doesn't work (SOLVED)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Mon Nov 22, 2010 7:34 pm    Post subject: Updated Bind. Domain doesn't work (SOLVED) Reply with quote

Hello everyone,

I just updated to Bind 9.7.1 and my domain no longer works and I am not receiving email.

I noticed that there is a new way of configuring things in the named.conf file so I am probably doing something wrong. It seems that Bind is listening on the right address and port but it is not processing queries properly. Here is my named.conf file, stuff added by me is in bold...

Quote:
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-9 for more details.
* Online versions of the documentation can be found here:
* http://www.isc.org/software/bind/documentation
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/

acl xfer {
none;
};

/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl trusted {
192.168.0.0/24;
127.0.0.0/8;
::1/128;
};

options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";

/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
// bindkeys-file "/etc/bind/bind.keys";

listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
listen-on { 192.168.0.1; };
listen-on { 69.196.152.151; };


allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};

allow-query-cache {
/* Use the cache for the "trusted" ACL. */
trusted;
};

allow-transfer {
/*
* Zone tranfers limited to members of the
* "xfer" ACL (e.g. secondary nameserver).
*/
xfer;
};

/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
/*
forward first;
forwarders {
// 123.123.123.123; // Your ISP NS
// 124.124.124.124; // Your ISP NS
4.2.2.1; // Level3 Public DNS
4.2.2.2; // Level3 Public DNS
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};

*/

// dnssec-enable yes;
// dnssec-validation yes;

/* if you have problems and are behind a firewall: */
query-source address * port 53;
};

logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};

category default { default_log; };
category general { default_log; };
};

include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};


view "internal" in {
/*
* Our internal (trusted) view. We permit the internal networks
* to freely access this view. We perform recursion for our
* internal hosts, and retrieve data from the cache for them.
*/

match-clients { trusted; };
recursion no;
additional-from-auth yes;
additional-from-cache yes;

zone "." in {
type hint;
file "/var/bind/root.cache";
};

zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
allow-query { any; };
allow-transfer { none; };
};

zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
allow-query { any; };
allow-transfer { none; };
};

/*
* NOTE: All zone blocks for "public" view should be listed here in "internal"
* too! Otherwise you'll have trouble to resolv the public zones properly.
* That affects all hosts from the "trusted" ACL.
* A separate config, which contains all zone blocks, might be better in
* this case. Then you can simply add:
* include "/etc/bind/zones.cfg";
* for "internal" and "public" view.
*/

/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/

//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
zone "151.152.196.69.in-addr.arpa" {
type master;
file "/var/bind/69.196.152.151.internal.rev";
allow-query { any; };
allow-transfer { xfer; };
};
zone "penguin.jasoncarson.ca" {
type master;
file "/var/bind/penguin.jasoncarson.ca.internal.hosts";
allow-query { any; };
allow-transfer { xfer; };
};
zone "jasoncarson.ca" {
type master;
file "/var/bind/jasoncarson.ca.internal.hosts";
allow-query { any; };
allow-transfer { xfer; };
};

};

view "public" in {
/*
* Our external (untrusted) view. We permit any client to access
* portions of this view. We do not perform recursion or cache
* access for hosts using this view.
*/

match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;

zone "." in {
type hint;
file "/var/bind/root.cache";
};

//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};

//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };

// /* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };

// /* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};
zone "151.152.196.69.in-addr.arpa" {
type master;
file "/var/bind/69.196.152.151.public.rev";
allow-query { any; };
allow-transfer { xfer; };
};
zone "penguin.jasoncarson.ca" {
type master;
file "/var/bind/penguin.jasoncarson.ca.public.hosts";
allow-query { any; };
allow-transfer { xfer; };
};
zone "jasoncarson.ca" {
type master;
file "/var/bind/jasoncarson.ca.public.hosts";
allow-query { any; };
allow-transfer { xfer; };
};

};

/* Hide the bind version */
/*
view "chaos" chaos {
match-clients { any; };
allow-query { none; };
zone "." {
type hint;
file "/dev/null"; // or any empty file
};
};
*/


Last edited by JC99 on Thu Nov 25, 2010 1:37 am; edited 13 times in total
Back to top
View user's profile Send private message
gentoo_ram
Guru
Guru


Joined: 25 Oct 2007
Posts: 418
Location: San Diego, California USA

PostPosted: Mon Nov 22, 2010 10:16 pm    Post subject: Reply with quote

My BIND is run in a separate root. It chroots to /chroot/dns. Check your /etc/conf.d/named file for that. It would change where you put your zone files which is what may be going on in your case.
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Tue Nov 23, 2010 12:38 am    Post subject: Reply with quote

I checked /etc/conf.d/named and all mention of chroot is commented out. I do not want to run Bind in a chroot (right now anyways).
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Tue Nov 23, 2010 4:30 am    Post subject: Reply with quote

I checked my /etc/bind/named.conf file with "named-checkconf -z" and here was the output...

Quote:
zone localhost/IN: loaded serial 2008122601
zone 127.in-addr.arpa/IN: loaded serial 2008122601
zone 151.152.196.69.in-addr.arpa/IN: loaded serial 1290474966
zone penguin.jasoncarson.ca/IN: loaded serial 1290475004
zone jasoncarson.ca/IN: NS 'penguin.jasoncarson.ca' has no address records (A or AAAA)
zone jasoncarson.ca/IN: not loaded due to errors.
internal/jasoncarson.ca/in: bad zone
zone 151.152.196.69.in-addr.arpa/IN: loaded serial 1290474982
zone penguin.jasoncarson.ca/IN: loaded serial 1290475023
zone jasoncarson.ca/IN: NS 'penguin.jasoncarson.ca' has no address records (A or AAAA)
zone jasoncarson.ca/IN: not loaded due to errors.
public/jasoncarson.ca/in: bad zone


So it is telling me that there is no A record and that is why it isn't working. However, my zone files (example: /var/bind/jasoncarson.ca.public.hosts) DO have an A record. Looking at my configuration in my original post does anyone know what I am doing wrong?
Back to top
View user's profile Send private message
gentoo_ram
Guru
Guru


Joined: 25 Oct 2007
Posts: 418
Location: San Diego, California USA

PostPosted: Tue Nov 23, 2010 5:25 pm    Post subject: Reply with quote

You'd have to show us the zone files. Without them it's all speculation.
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Wed Nov 24, 2010 1:41 am    Post subject: Reply with quote

All my zone files worked fine with Bind 9.4.3.

These zone files where created by Webmin. Here they are...

69.196.152.151.public.rev
Code:
$ttl 38400
151.152.196.69.in-addr.arpa.    IN      SOA     penguin.jasoncarson.ca. jason.jasoncarson.ca. (
                        1290474982
                        10800
                        3600
                        604800
                        38400 )
151.152.196.69.in-addr.arpa.    IN      NS      penguin.jasoncarson.ca.
151.152.196.69.in-addr.arpa.    IN      PTR     penguin.jasoncarson.ca.


penguin.jasoncarson.ca.public.hosts
Code:
$ttl 38400
penguin.jasoncarson.ca. IN      SOA     penguin.jasoncarson.ca. jason.jasoncarson.ca. (
                        1290475023
                        10800
                        3600
                        604800
                        38400 )
penguin.jasoncarson.ca. IN      NS      penguin.jasoncarson.ca.
penguin.jasoncarson.ca. IN      A       69.196.152.151


jasoncarson.ca.public.hosts
Code:
$ttl 38400
jasoncarson.ca. IN      SOA     penguin.jasoncarson.ca. jason.jasoncarson.ca. (
                        1290475069
                        10800
                        3600
                        604800
                        38400 )
jasoncarson.ca. IN      NS      penguin.jasoncarson.ca.
jasoncarson.ca. IN      A       69.196.152.151
Back to top
View user's profile Send private message
gentoo_ram
Guru
Guru


Joined: 25 Oct 2007
Posts: 418
Location: San Diego, California USA

PostPosted: Wed Nov 24, 2010 7:29 am    Post subject: Reply with quote

Very odd. I assume "penguin" is supposed to be a single host. Not sure why a whole zone file was made for it. Looks very odd. Get rid of the whole "penguin.jasoncarson.ca." zone file and entry in your named.conf.

Modify the jasoncarson.ca. zone file:

Code:

jasoncarson.ca. IN      SOA     jasoncarson.ca. jason.jasoncarson.ca. (
                        1290475069
                        10800
                        3600
                        604800
                        38400 )
jasoncarson.ca. IN      NS      penguin.jasoncarson.ca.
jasoncarson.ca. IN      A       69.196.152.151

$ORIGIN jasoncarson.ca.

penguin            IN      A       69.196.152.151


See if that works better. Different versions of named probably have different checks which is why it's coming up now.
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Thu Nov 25, 2010 1:35 am    Post subject: Reply with quote

That did it. Everything is working now. Thanks a bunch. :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum