Navigation

arnaud · #1 12th January 2007, 16:18

Hello,
I've noticed that on Debian sarge, after configuring dns with ISPConfig web panel, the file /etc/bind/named.conf make an error when testing with zonecheck http://www.zonecheck.fr/
The /etc/bind/named.conf contain initially (from Debian) :
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

And after configuration with ISPConfig, beginning of file looks like this :
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
The problem is on the use of the file "db.local" (/etc/named/db.local) which is the file for zone "localhost" on Debian and the file for zone "0.0.127.in-addr.arpa" (ie : reverse zone) in ISPConfig.
The result is an error when testing with zonecheck and more important : without correction, we can't make some modification in the AFNIC's WHOIS which make use of zonecheck and deny modifications when the test result is not successful.

falko · #2 13th January 2007, 15:36

What's the exact error message you get?
What's in your (ISPConfig) /etc/bind/named.conf?

arnaud · #3 15th January 2007, 10:25

Error from http://www.zonecheck.fr/ (name and ip changed)
---- fatal ----
f: Loopback is not resolvable

* Ref: IETF RFC1912 (p.13 4.1. Boot file setup)

These are set up to either provide nameservice for "special" addresses, or to help eliminate accidental queries for broadcast or local address to be sent off to the root nameservers. All of these files will contain NS and SOA records just like the other zone files you maintain.

* site.exemple.net./192.168.0.1 (it'snot the real name/ip)

Final status
FAILURE
################
and the head of /etc/bind/named.conf is :
options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
################
To remove error from zonecheck.fr, I've commented
//zone "0.0.127.in-addr.arpa" {
// type master;
// file "db.local";
//};
and add this :
//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

falko · #4 16th January 2007, 15:09

Did you set up Bind as described here? http://www.howtoforge.com/perfect_setup_debian_sarge_p3

arnaud · #5 16th January 2007, 20:22

Yes.
The only difference is on some servers the use of
dpkg-reconfigure etherconf
for configuring the network interface.

falko · #6 17th January 2007, 21:22

So your Bind is running chrooted now, and you did all these steps?

Code:

[...]
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
[...]

arnaud · #7 31st January 2007, 15:42

Debian sarge set this at install time in named.conf :
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
notice that zone "localhost" => file db.local
and zone "127.in-addr.arpa" => file db.127
ISPConfig set this in named.conf after configuring some dns zone :
zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
notice it's a mix between the "127.in-addr.arpa" zone et the "localhost" zone, and when I perform zonecheck test which is very strict regarding rfc, it issue an error.
But everything is working but it break rfc according to zonecheck.

arnaud · #8 2nd March 2007, 16:47

Hello,

I found that I can make changes in /root/ispconfig/isp/conf/named.conf.master
(I don't know if it stays after ISPConfig's update).

For my configuration (I've another dns server which is master for reverse zone), I've made this change :
delete

Code:

zone "0.0.127.in-addr.arpa" {
         type master;
         file "db.local";
};

and for not to be master for reverse, delete

Code:

<!-- BEGIN DYNAMIC BLOCK: named_reverse -->
zone "{ZONE}.in-addr.arpa" {
        type master;
        file "pri.{ZONE}.in-addr.arpa";
};
<!-- END DYNAMIC BLOCK: named_reverse -->

and I've add this at end of /etc/bind/named.conf (for Debian sarge)

Code:

//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
// fin RFC 1912

It works !