Trouble with setting up bind on Debian etch

Discussion in 'Installation/Configuration' started by Myth, Jan 13, 2008.

  1. Myth

    Myth New Member

    I'm trying to set up a Debian Etch webserver on my LAN. This is meant as a practise as I will soon rent a dedicated server and am using my local machine as a testbox. I have completed my Debian Etch installation as told on the perfect installation guide on this website. I choose however to not use ISPconfig.

    A little bit of background info first:
    All my pc's at home are connected through a router. My router ip is 192.168.1.1 . The ip i'm giving my server is 192.168.1.100 .

    The hostname is neo, and lets say the domain name is example.com.
    example.com does however already exist and bound to a rented webserver (which i'll soon host on my own rented dedicated server). To get past this i've set up my client pc to use my server as primary dns, and my router as secondary (because my server isn't always online).

    However, if i try to ping to neo.example.com from my client pc, it returns the ip from my rented webserver instead of my own local debian server. If i do the same from my on the server, it returns 192.168.1.100, as it should. If i try to ping www.example.com however (also from on my server, and which is also configured in my zone files) it returns "ping: unknown host www.example.com".

    What could be causing this?

    Here's a list of the files i reckon are involved with this configuration:

    /etc/bind/named.conf - I didn't really change anything here. The changes i made are in named.conf.local
    Code:
    // This is the primary configuration file for the BIND DNS server named.
    //
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    //
    // If you are just adding zones, please do that in /etc/bind/named.conf.local
    
    include "/etc/bind/named.conf.options";
    
    // prime the server with knowledge of the root servers
    zone "." {
            type hint;
            file "/etc/bind/db.root";
    };
    
    // be authoritative for the localhost forward and reverse zones, and for
    // broadcast zones as per RFC 1912
    
    zone "localhost" {
            type master;
            file "/etc/bind/db.local";
    };
    
    zone "127.in-addr.arpa" {
            type master;
            file "/etc/bind/db.127";
    };
    
    zone "0.in-addr.arpa" {
            type master;
            file "/etc/bind/db.0";
    };
    
    zone "255.in-addr.arpa" {
            type master;
            file "/etc/bind/db.255";
    };
    
    // zone "com" { type delegation-only; };
    // zone "net" { type delegation-only; };
    
    // From the release notes:
    //  Because many of our users are uncomfortable receiving undelegated answers
    //  from root or top level domains, other than a few for whom that behaviour
    //  has been trusted and expected for quite some length of time, we have now
    //  introduced the "root-delegations-only" feature which applies delegation-only
    //  logic to all top level domains, and to the root domain.  An exception list
    //  should be specified, including "MUSEUM" and "DE", and any other top level
    //  domains from whom undelegated responses are expected and trusted.
    // root-delegation-only exclude { "DE"; "MUSEUM"; };
    
    include "/etc/bind/named.conf.local";
    /etc/bind/named.conf.local
    Code:
    //
    // Do any local configuration here
    //
    
    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    //include "/etc/bind/zones.rfc1918";
    
    zone "example.com" {
            type master;
            file "neo.example.com";
    };
    
    zone "1.168.192.in-addr.arpa" {
         type master;
         file "neo.1.168.192.in-addr.arpa";
    };
    
    neo.example.com
    Code:
    ;neo.example.com
    $TTL    604800
    
    @                       IN      SOA     neo.example.com. root.localhost. (
                                            2008011301; serial
                                            28800; refresh, seconds
                                            7200; retry, seconds
                                            604800; expire, seconds
                                            86400 ); minimum, seconds
    ;
    
                                    NS              ns1.example.com
                                    NS              ns2.example.com
                                    MX      10      mail.example.com
    
    example.com.                     A               192.168.1.100
    neo                             A               192.168.1.100
    www                             A               192.168.1.100
    ns1                             A               192.168.1.100
    ns2                             A               192.168.1.1
    mail                            A               192.168.1.100
    
    ftp                             CNAME           neo
    
    neo.1.168.192.in-addr.arpa
    Code:
    @ IN SOA neo.example.com. root.localhost. (
                            2008011301; serial
                            28800; refresh, seconds
                            7200; retry, seconds
                            604800; expire, seconds
                            86400 ); minimum, seconds
    
                            NS              ns1.example.com.;
                            NS              ns2.example.com.
    
    1                       PTR             ns2.example.com.
    100                     PTR             example.com.
    
    /etc/bind/named.conf.options
    Code:
    options {
            directory "/var/cache/bind";
    
            // If there is a firewall between you and nameservers you want
            // to talk to, you might need to uncomment the query-source
            // directive below.  Previous versions of BIND always asked
            // questions using port 53, but BIND 8.1 and later use an unprivileged
            // port by default.
    
            // query-source address * port 53;
    
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
    
            forwarders {
                    192.168.1.1;
            };
    
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
            listen-on {
                    127.0.0.1;
                    192.168.1.100;
            };
    };
    
     
    Last edited: Jan 14, 2008
  2. Myth

    Myth New Member

    Things tried since this post was made without luck:

    in neo.example.com i changed:
    Code:
                                    NS              ns1.example.com
                                    NS              ns2.example.com
                                    MX      10      mail.example.com
    
    to
    Code:
                                    NS              ns1
                                    NS              ns2
                                    MX      10      mail
    
     
  3. falko

    falko Super Moderator ISPConfig Developer

    Do
    Code:
    dig @localhost neo.example.com
    or
    Code:
    dig @localhost www.example.com
    work (on the server)?

    Do you use the DNS server as the primary DNS on your clients?
     
  4. Myth

    Myth New Member

    dig @localhost neo.example.com
    Code:
    ; <<>> DiG 9.3.4 <<>> @localhost neo.example.com
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36175
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;neo.example.com.                        IN      A
    
    ;; Query time: 2 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Jan 15 15:40:21 2008
    ;; MSG SIZE  rcvd: 32
    
    dig @localhost www.example.com
    Code:
    ; <<>> DiG 9.3.4 <<>> @localhost www.example.com
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46463
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.example.com.                        IN      A
    
    ;; Query time: 2 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Jan 15 15:42:02 2008
    ;; MSG SIZE  rcvd: 32
    

    So i guess it's not working.
    And yes, my server is configured as primary DNS on my client.
     
  5. falko

    falko Super Moderator ISPConfig Developer

    You've forgotten some dots in your zone file:

    Code:
    ;neo.example.com
    $TTL    604800
    
    @                       IN      SOA     neo.example.com. root.localhost. (
                                            2008011301; serial
                                            28800; refresh, seconds
                                            7200; retry, seconds
                                            604800; expire, seconds
                                            86400 ); minimum, seconds
    ;
    
                                    NS              ns1.example.com[B][COLOR="Red"].[/COLOR][/B]
                                    NS              ns2.example.com[B][COLOR="Red"].[/COLOR][/B]
                                    MX      10      mail.example.com[B][COLOR="Red"].[/COLOR][/B]
    
    example.com.                     A               192.168.1.100
    neo                             A               192.168.1.100
    www                             A               192.168.1.100
    ns1                             A               192.168.1.100
    ns2                             A               192.168.1.1
    mail                            A               192.168.1.100
    
    ftp                             CNAME           neo
     
  6. Myth

    Myth New Member

    Hmm, still no luck. But at the moment my dedicated server is online and i'm waiting for the dns to be changed to the new server. So i'll just wait until that has happend and see if the problem also occurs on that system. Won't have t o mess around with my dns server settings of my client then.
     
  7. devnull3d

    devnull3d New Member

    Your named.conf seems messy to me, why all the includes? Guess they were there by default, let me show you how things work on my server perhaps it will help you out
    /etc/bind/named.conf
    Code:
    options {
            pid-file "/var/run/bind/run/named.pid";
            directory "/etc/bind";
            auth-nxdomain no;
            recursion no;
            /*
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
             */
            // query-source address * port 53;
    };
    zone "example-domain.com" {
            type master;
            file "example-domain.com";
    };
    
    /etc/bind/example-domain.com
    Code:
    $TTL        86400
    @       IN      SOA     ns1.example-domain.com. admin.example-domain.com. (
                            2007121809       ; serial, todays date + todays serial #
                            28800              ; refresh, seconds
                            7200              ; retry, seconds
                            604800              ; expire, seconds
                            86400 )            ; minimum, seconds
    
                    NS      ns1.my-ns.com.              
                    NS      ns2.my-ns.com.              
    
    
      MX      10 example-domain.com.
    
    example-domain.com.      A        127.0.0.1
    webmail       A       127.0.0.1
    www       A       127.0.0.1
    example-domain.com.        IN      TXT     "v=spf1 a mx ip4:127.0.0.1 ~all"
    
    That's it you don't need anything else.
    BTW do you run chrooted bind? If so make sure your zone files are inside the chrooted directory. Hope it helps.
     
  8. Myth

    Myth New Member

    It is chrooted, but the files are inside that directory. The perfect setup thingy made a symlink. so actually if i go to /etc/bind it goes to /var/lib/named/etc/bind

    and it's chrooted in /var/lib/named

    The includes thing is standard, but i do kinda like it. having the options and my own made zones in custom files.

    Not sure if the standard zones actually should be there, but they look harmless
    Code:
    zone "localhost" {
            type master;
            file "/etc/bind/db.local";
    };
    
    zone "127.in-addr.arpa" {
            type master;
            file "/etc/bind/db.127";
    };
    
    zone "0.in-addr.arpa" {
            type master;
            file "/etc/bind/db.0";
    };
    
    zone "255.in-addr.arpa" {
            type master;
            file "/etc/bind/db.255";
    };
    I do see some differences in your options file though. like the pid thing. gonna have a look into what it does and see if it helps.
     

Share This Page