Thread: DNS Borked?
View Single Post
  #9  
Old 27th August 2005, 06:34
Ringo Ringo is offline
Junior Member
 
Join Date: Aug 2005
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default info for dns

Quote:
Originally Posted by till
There are NO config files under /root/ispconfig for the daemons like bind, postfix and the main apache (See my post above).

Yes, I see that now - it replaces files in /etc/bind. Heres the problem I "think" Here is my orginial named.conf:
// prime the server with knowledge of the root servers
include "/etc/bind/named.conf.options";
=========================== this is actually in my options file which is included nc
options {
directory "/var/cache/bind";
version "[secured]";
allow-transfer { 216.240.130.2; };
statistics-file "/var/lib/named/named.stats";
dump-file "/var/lib/named/named.db";

//forwarders {
// 216.240.152.4;
// 216.240.130.2;
// };

//auth-nxdomain no; # conform to RFC1035

};

zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};


// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
include "/etc/bind/named.conf.local";
--------------------------------------------------------------------------------------------------
NEW named.conf:

options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;

zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};

zone "33.69.64.in-addr.arpa" {
type master;
file "pri.33.69.64.in-addr.arpa";
};


zone "ns.xaix.com" {
type master;
file "pri.ns.xaix.com";
};



//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

The items in RED are not what I would call "normal" DNS entries for SOA. Let me rephrase this. In the orginial "auth-nxdomain no;" is commented out. In ISPConfigs replacement it is "uncommented" My current understanding of this is: the AA bit is always set on NXDOMAIN responses, even if the server is not actually authoritative. The default is yes. This server is indeed a SOA (or was till the installation of ISPConfig). So I'm taking this to mean that there is a possible change (obviously) in configs in bind that have changed my setup FROM SOA to a NON SOA server. The problem I'm having is obviously fixing this. My real question is should I or can I change this in the files themselves even though there is a comment that says ///// make manual entries below this line! ////? If not where can I set it to be SOA again. Secondly the last item in RED states that ns.xaix.com as a zone is actually "xaix.com" and ns.xaix.com is the SOA as pointed out in the zone file itself. So this does not seem correct to me as far as how ISPConfig as reasoned my DNS server to be. How can I correct these issues?





What result did you get when you run.

Code:
dig @localhost xaix.com
I cannot use that to get an answer because BIND is NOW misconfigured and this as written above will in fact time out. However dig @localhost NOW shows:
; <<>> DiG 9.2.4 <<>> @localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54589
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
J.ROOT-SERVERS.NET. 84178 IN A 192.58.128.30

;; Query time: 69 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Aug 26 20:29:32 2005
;; MSG SIZE rcvd: 244



If the server is not authoritive for that domain, you have to add the domain in ISPConfig.
Again what I'm trying to say is -- THIS SERVER WAS SOA before the installation process -- so .. If I have missed something in the admin docs please point me to it. If not how can I set my server back to SOA through the ISPConfig panel.

Thanks
Ringo
Reply With Quote