Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st September 2008, 23:55
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default DNS master server: bind9 issues

Hi,

basing my bind config on this howto: http://howtoforge.com/perfect_setup_debian_etch_p4

and this site: http://linux.justinhartman.com/DNS_I...up_using_BIND9

I am now really stuck as I'm having even more issues then my previous failed attempt at this.

A while back I tried to create a master DNS server that would work inside my LAN and provide local addresses with DNS lookups of my servers. It failed the first time since I didn't have a domain name but as now I have one it still isn't working and has got worse?

Well to start with I created 2 zone files; one for my domain and one for reverse. I have checked those with: named-checkzone
and I got the response OK!

However my server is not directing my local domain quieries to the proper hosts on the network. instead it seems to be using the domain servers provided by the domain company which when routed back into my network gives me "connection reffused"?

Since my first failed try of this I have been using my Cisco router as the local networks DNS server which provided lookups for mydomain.com internally and obviously external quieries google etc.

However I am trying to restore the original domain server now since my internet connection kept timing out due to too much load on the router.

I was told that the server needed to be authoritive if it was going to relay the domain lookups to my local subnet so after google'ing a while I found that bind with rndc needed to create a key.

I decided to create on like:
Code:
rndc-confgen -a -c /etc/namedb/rndc.conf -k dnsadmin -b 256
however I get the reply when running rndc update:
Code:
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
and have tried adjusting the permissions to 777 on both rndc.conf and rndc.key but to no effect

I don't know what to do now. Bind starts however rndc doesn't and I have no idea how to reset rndc after trying to remove the rndc.* files it complains that there is no key???

This problem is really complicated and I don't know if anyone has an idea of how to get rndc reload to work (with or without the key) and get my main server to perform active DNS is it zone transferrs so when I type in mydomain.com the IP address of my webserver gets resolved not my WAN IP????

Oh brother I think I've really gone and done it this time!
Reply With Quote
Sponsored Links
  #2  
Old 22nd September 2008, 06:56
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok so perhaps I need to take this slowly!

To start with I get an error of rndc when I try to use the reload command!

rndc.conf ile is as follows:

Code:
key "rndckey" {
        algorithm hmac-md5;
        secret "vL+4wnHLyR+o40KoB/uBug==";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
and I added this to named.conf

Code:
 key "rndckey" {
       algorithm hmac-md5;
       secret "vL+4wnHLyR+o40KoB/uBug==";
 };

 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndckey"; };
 };
however the reply I always get when trying to run rndc reload is:

Code:
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
As posted above I used the how to from this website adn am running bind9 chrooted!

Don't know if anyone knows what's going on??
Reply With Quote
  #3  
Old 22nd September 2008, 13:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Have you tried to tell your router to use your internal DNS server instead of the ones from your ISP? That way, all your clients would use the DNS server as well and should be able to resolve local addresses.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 23rd September 2008, 06:20
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Originally the way I set it up was that the router had NS records for all local hosts.

Therefore each host would resolve without a problem; just point each device to DNS name to gateway address and then full DNS would work.

This however keeps causing time outs on the router when the number of external connected hosts goes up.

I wanted to achieve the same effect with my main server so that I could point all the local hosts to that and get local domain resolution and external name resolution.

I have managed to sort out my key issue at least so bind is fully functional again.

External name resolution is working fine although I lost total DNS about an hour ago or maybe just over for some strange reason; I think because my server was running too many backup dumps and since it's only a PIII 733 with 256MB RAM I think it locked up.

However internal name resolution is still not functional? I turned my routers own DNS server off and pointed some machines to the main server but still no luck.

My main server seems to be resolving the DNS servers of the place where I got my domain from instead of doing what my router did by using its own entries????

I based my zone files exactly on your howto Falko which I posted above. The zone files look like this:

Code:
$TTL 1d ;
$ORIGIN 254.168.192.IN-ADDR.ARPA.
@       IN      SOA     ns1.optiplex-networks.com.   info.optiplex-networks.com. (
                                       2008092103
                                       7200
                                       120
                                       2419200
                                       604800
)
        IN      NS      ns1.optiplex-networks.com.
1       IN      PTR     ns1.optiplex-networks.com.
Code:
;
; BIND data file for example.com
;
$TTL    604800
@       IN      SOA     ns1.optiplex-networks.com. info.optiplex-networks.com. (                            2008092305         ; Serial
                                  7200         ; Refresh
                                   120         ; Retry
                               2419200         ; Expire
                                604800)        ; Default TTL
;
       IN      NS      ns1.optiplex-networks.com.
optiplex-networks.com.    IN      MX      10      mail.optiplex-networks.com.
optiplex-networks.com.    IN      A       192.168.1.50
gx110.optiplex-networks.com.    IN     A      192.168.1.51
ns1.optiplex-networks.com       IN      A       192.168.1.51
www.optiplex-networks.com       IN      A       192.168.1.50
mail.optiplex-networks.com              IN      A       192.168.1.50
ftp.optiplex-networks.com       IN      A       192.168.1.51
mail.gx110.optiplex-networks.com        IN      A       192.168.1.51
ferrari3200.optiplex-networks.com       IN      A       192.168.1.5
optiplex-networks.com.   IN      TXT     "v=spf1 ip4:192.168.1.50 a mx ~all"
mail                    IN      TXT     "v=spf1 a -all"
I called them in named.conf.local:

Code:
zone optiplex-networks.com {
   type master;
   notify no;
   allow-query { 192.168.1.0/24; };
   file /var/named/optiplex-networks.db;

};

zone 1.168.192.in-addr.arpa {
   type master;
   notify no;
   allow-query { 192.168.1.0/24; };
   file /var/named/192.168.1.rev;
};
All seems ok, I checked them with:
Code:
named-checkzone
and it came up with Ok.

rndc reload also works fine and 127.0.0.1 is placed as nameserver in resolv.conf.

I can't think of what else I am missing or could check?

Bind is definately listening on port 953 for rndc as the output of Netstat -tap shows.

Maybe you might have some suggestions???
Reply With Quote
  #5  
Old 23rd September 2008, 15:25
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

do you have an internal zone setup to handle requests from the local lan ?
Reply With Quote
  #6  
Old 24th September 2008, 00:33
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ok I managed to fix the issue!!

Problem was in named.conf I wasn't calling /etc/bind/named.conf.local so needed to use an include statement there.

My named.conf.local was fine but I took out:

Code:
   notify no;
   allow-query { 192.168.1.0/24; };
To make certain and changed the "" to ascii values as they seemed to be in html or non-ascii based code.

And my Zone files weren't using proper syntax as tehy had . missing after my call to domain IN A statements.

The final thing was relativity adn no not Einstein but the chroot wasn't finding /var/named directory since chroot started from /etc/lib/named.

So copyed /var/named into /etc/lib/named/var/named.

Then restarted bind9 and all was fine
Reply With Quote
  #7  
Old 24th September 2008, 00:34
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Basically a major headache but it's sorted now!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
What can be wrong martin_rudowicz Installation/Configuration 9 11th May 2008 19:42
Google Apps dayjahone General 19 29th March 2008 17:25
DNS Configuration Problems VMartins Installation/Configuration 10 24th July 2007 14:40
No SPF record. beryl Installation/Configuration 6 17th May 2007 19:52
Webmail Relay Error palkat General 17 23rd April 2006 18:12


All times are GMT +2. The time now is 16:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.