HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   ISPConfig and BIND on Debian sarge (rfc1912 : failed on zonecheck) (http://www.howtoforge.com/forums/showthread.php?t=9749)

arnaud 12th January 2007 17:18

ISPConfig and BIND on Debian sarge (rfc1912 : failed on zonecheck)
 
Hello,
I've noticed that on Debian sarge, after configuring dns with ISPConfig web panel, the file /etc/bind/named.conf make an error when testing with zonecheck http://www.zonecheck.fr/
The /etc/bind/named.conf contain initially (from Debian) :
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

And after configuration with ISPConfig, beginning of file looks like this :
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
The problem is on the use of the file "db.local" (/etc/named/db.local) which is the file for zone "localhost" on Debian and the file for zone "0.0.127.in-addr.arpa" (ie : reverse zone) in ISPConfig.
The result is an error when testing with zonecheck and more important : without correction, we can't make some modification in the AFNIC's WHOIS which make use of zonecheck and deny modifications when the test result is not successful.

falko 13th January 2007 16:36

What's the exact error message you get?
What's in your (ISPConfig) /etc/bind/named.conf?

arnaud 15th January 2007 11:25

Error from http://www.zonecheck.fr/ (name and ip changed)
---- fatal ----
f: Loopback is not resolvable

* Ref: IETF RFC1912 (p.13 4.1. Boot file setup)

These are set up to either provide nameservice for "special" addresses, or to help eliminate accidental queries for broadcast or local address to be sent off to the root nameservers. All of these files will contain NS and SOA records just like the other zone files you maintain.

* site.exemple.net./192.168.0.1 (it'snot the real name/ip)


Final status
FAILURE
################
and the head of /etc/bind/named.conf is :
options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
################
To remove error from zonecheck.fr, I've commented
//zone "0.0.127.in-addr.arpa" {
// type master;
// file "db.local";
//};
and add this :
//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

falko 16th January 2007 16:09

Did you set up Bind as described here? http://www.howtoforge.com/perfect_setup_debian_sarge_p3

arnaud 16th January 2007 21:22

Yes.
The only difference is on some servers the use of
dpkg-reconfigure etherconf
for configuring the network interface.

falko 17th January 2007 22:22

So your Bind is running chrooted now, and you did all these steps?

Code:

[...]
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
[...]


arnaud 19th January 2007 13:03

Yes :
# ls -ld /var/lib/named/etc
drwxr-xr-x 3 root root 4096 2006-05-04 16:21 /var/lib/named/etc
# ls -ld /var/lib/named/dev
drwxr-xr-x 2 root root 4096 2007-01-09 19:24 /var/lib/named/dev
# ls -ld /var/lib/named/var/cache/bind
drwxr-xr-x 2 bind bind 4096 2006-05-04 16:20 /var/lib/named/var/cache/bind
# ls -ld /var/lib/named/var/run/bind/run
drwxr-xr-x 2 bind bind 4096 2007-01-12 16:25 /var/lib/named/var/run/bind/run
# ls -ld /etc/bind
lrwxrwxrwx 1 root root 23 2006-05-04 16:21 /etc/bind -> /var/lib/named/etc/bind
# ls -ld /var/lib/named/etc/*
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind
# ls -ld /var/lib/named/etc/bind/
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind/
# ls -ld /var/lib/named/etc/bind/*
drwxr-sr-x 2 root bind 4096 2006-11-22 14:52
-rw-r--r-- 1 bind bind 237 2004-09-23 17:25 /var/lib/named/etc/bind/db.0
-rw-r--r-- 1 bind bind 271 2004-09-23 17:25 /var/lib/named/etc/bind/db.127
-rw-r--r-- 1 bind bind 237 2004-09-23 17:25 /var/lib/named/etc/bind/db.255
-rw-r--r-- 1 bind bind 353 2004-09-23 17:25 /var/lib/named/etc/bind/db.empty
-rw-r--r-- 1 bind bind 256 2004-09-23 17:25 /var/lib/named/etc/bind/db.local
-rw-r--r-- 1 bind bind 1507 2004-09-23 17:25 /var/lib/named/etc/bind/db.root
-rw-r--r-- 1 root root 3131 2007-01-12 15:14 /var/lib/named/etc/bind/named.conf
-rw-r--r-- 1 bind bind 165 2004-09-23 17:25 /var/lib/named/etc/bind/named.conf.local
-rw-r--r-- 1 bind bind 672 2004-09-23 17:25 /var/lib/named/etc/bind/named.conf.options
-rw-r----- 1 bind bind 77 2006-05-04 16:19 /var/lib/named/etc/bind/rndc.key
-rw------- 1 bind bind 895 2007-01-19 09:43 /var/lib/named/etc/bind/sec.xxxxxxxxxx.in-addr.arpa
-rw------- 1 bind bind 494 2007-01-19 09:58 /var/lib/named/etc/bind/sec.xxxxxxxxxxx
-rw-r--r-- 1 bind bind 1317 2004-09-23 17:25 /var/lib/named/etc/bind/zones.rfc1918
# ls -ld /var/lib/named/dev/null
crw-rw-rw- 1 root root 1, 3 2006-05-04 16:21 /var/lib/named/dev/null
# ls -ld /var/lib/named/dev/random
crw-rw-rw- 1 root root 1, 8 2006-05-04 16:21 /var/lib/named/dev/random
# ls -ld /var/lib/named/var/*
drwxr-xr-x 3 bind bind 4096 2006-05-04 16:20 /var/lib/named/var/cache
drwxr-xr-x 3 bind bind 4096 2006-05-04 16:21 /var/lib/named/var/run
# ls -ld /var/lib/named/etc/bind
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind

falko 20th January 2007 19:36

And did you modify /etc/default/bind9 and /etc/init.d/sysklogd?

What's the output of
Code:

ls -la /var/lib/named
?

arnaud 29th January 2007 13:49

# cat /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"

##############################

# head -14 /etc/init.d/sysklogd
#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd

test -x $binpath || exit 0

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

##############################
# ls -la /var/lib/named
total 20
drwxr-xr-x 5 root root 4096 2006-05-04 16:20 .
drwxr-xr-x 26 root root 4096 2006-12-20 12:16 ..
drwxr-xr-x 2 root root 4096 2007-01-19 18:55 dev
drwxr-xr-x 3 root root 4096 2006-05-04 16:21 etc
drwxr-xr-x 4 root root 4096 2006-05-04 16:21 var

##############################
Thank you for your attention.

falko 30th January 2007 12:32

Looks ok. :confused:


All times are GMT +2. The time now is 04:49.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.