BIND doesnt work on my server

jspsandhu · 05-26-2005, 07:07 PM

MY domain i set is example.com

/etc/named.conf entries are

zone "example.com" IN {
type master;
file "example.com.zone";
};

zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.com.rr.zone";
};

/var/named/example.com.zone is as under

$TTL 86400
@ IN SOA server1.example.com root.example.com (
2005052501 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ) ;TTL

IN NS server1.example.com ; FQDN

IN MX 10 mail.example.com

server1 IN A 192.168.0.199
Lalu IN A 192.168.0.99

ftp IN CNAME server1
www IN CNAME server1
mail IN CNAME server1

/var/named/example.com.rr.zone

$TTL 86400

@ IN SOA server1.example.com root.example.com (
2005052501 ;Serial
28800 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ) ;TTL

IN NS server1.example.com ; FQDN

199 IN PTR server1.example.com.
99 IN PTR Lalu.example.com
[root@server1 named]#

I have just two computers connected to a router with the ip as 192.168.0.1 and the routers DHCP disabled my gateway to the internet is 192.168.0.1 and my internal DHCP server is also this linux machine at 192.168.0.199

[root@server1 etc]# named
[root@server1 etc]# rndc reload
[root@server1 etc]# named-checkconf
[root@server1 etc]# host -l example.com
Host example.com not found: 9(NOTAUTH)
; Transfer failed.

This is the error i get on my fedora core 1 with named

My firewall is stopped

I cannot resolve this domain on this small network.

My purpose is
192.168.0.199 can be resolved on any computer as server1.example.com
and
192.168.0.99 can be resolved on any computer as Lalu.example.com

I will be connecting three other computers and they should also resolve these names.

ANY help on this will be appreciated

Thanks and Regards

JAS

scowles · 05-26-2005, 07:36 PM

The NOTAUTH error means your named server does not consider itself authoritative. So its not going to transfer any zone files.

Please post or check the following:

1) named related startup entries in /var/log/messages

2) How is named started? chrooted?

2) Based on how named is started - where are your named.conf and zone files located? i.e. /var/named -or- /var/named/chroot

3) Start named using the redhat/fedora service command: service named start, service named stop, service named reload, etc...

4) Fix all the training dot problems in your zone files for any record that lists a fqdn

Example:

@ IN SOA server1.example.com root.example.com
IN NS server1.example.com
should be:
@ IN SOA server1.example.com. root.example.com.
IN NS server1.example.com.

If you don't add the training dot, then bind will append the zone name (example.com) to the end of the record when its parsed. i.e. server1.example.com.example.com

jspsandhu · 05-26-2005, 08:00 PM

1)
/var/log/messages

May 27 06:05:39 server1 named[3772]: starting BIND 9.2.2-P3
May 27 06:05:39 server1 named[3772]: using 1 CPU
May 27 06:05:39 server1 named[3772]: loading configuration from '/etc/named.conf
'
May 27 06:05:39 server1 named[3772]: no IPv6 interfaces found
May 27 06:05:39 server1 named[3772]: listening on IPv4 interface lo, 127.0.0.1#5
3
May 27 06:05:39 server1 named[3772]: binding TCP socket: address in use
May 27 06:05:39 server1 named[3772]: listening on IPv4 interface eth0, 192.168.0
.199#53
May 27 06:05:39 server1 named[3772]: binding TCP socket: address in use
May 27 06:05:39 server1 named[3772]: /etc/named.conf:25: couldn't add command ch
annel 127.0.0.1#953: address in use
May 27 06:05:39 server1 named[3772]: couldn't open pid file '/var/run/named/name
d.pid': Permission denied
May 27 06:05:39 server1 named[3772]: exiting (due to early fatal error)
May 27 06:05:43 server1 named[1771]: loading configuration from '/etc/named.conf
'
May 27 06:05:43 server1 named[1771]: no IPv6 interfaces found
May 27 06:05:51 server1 named[1771]: client 192.168.0.199#1054: bad zone transfe
r request: 'example.com/IN': non-authoritative zone (NOTAUTH)

I again reloaded rndc and restarted named

and above are the recent log messages

2)
I dnt know how named is started i just typed the command named

and to restart was service named restart

how to do chrooted?

3)
/etc/named.conf is the named.conf file
/var/named is the location for the zone and rr.zone files.

4)
Confirmed mistakes in the zone and rr.zone files and are edited with the . as you said for the FQDNs

Still the same error.

[root@server1 etc]# host -l example.com
Host example.com not found: 9(NOTAUTH)
; Transfer failed.

Thanks

JAS

scowles · 05-26-2005, 09:47 PM

I don't see any of your zone files loading. As a reference, the following is a copy/paste from /var/log/messages of DNS server:

Code:

May 26 21:22:07 excelsior named[27014]: starting BIND 9.2.5 -u named -t /var/named/chroot
May 26 21:22:07 excelsior named[27014]: using 1 CPU
May 26 21:22:07 excelsior named[27014]: loading configuration from '/etc/named.conf'
May 26 21:22:07 excelsior named[27014]: no IPv6 interfaces found
May 26 21:22:07 excelsior named[27014]: listening on IPv4 interface lo, 127.0.0.1#53
May 26 21:22:07 excelsior named[27014]: listening on IPv4 interface eth0, 192.168.8.2#53
May 26 21:22:07 excelsior named[27014]: command channel listening on 127.0.0.1#953
May 26 21:22:07 excelsior named[27014]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2003112801
May 26 21:22:07 excelsior named[27014]: zone 10.168.192.in-addr.arpa/IN: loaded serial 2004081001
May 26 21:22:07 excelsior named[27014]: zone 8.168.192.in-addr.arpa/IN: loaded serial 2004081001
May 26 21:22:07 excelsior named[27014]: zone 9.168.192.in-addr.arpa/IN: loaded serial 2005012501
May 26 21:22:07 excelsior named[27014]: zone mydomain.com/IN: loaded serial 2005012701
May 26 21:22:07 excelsior named[27014]: running
May 26 21:22:07 excelsior named: named startup succeeded

Note that 5 (authoritative) zone files are loaded. Also, I run named in a chroot'd environment (as the command syntax states above). See /etc/sysconfig/named

3)
etc/named.conf is the named.conf file
/var/named is the location for the zone and rr.zone files.

Based on how you started named (not chroot'd), the directories look standard. Although I don't see the directory statement in your named.conf file.

May 27 06:05:39 server1 named[3772]: couldn't open pid file '/var/run/named/name
d.pid': Permission denied

Does the above directory exist? Are the permissions correct?

jspsandhu · 05-27-2005, 11:44 AM

I am not at my lab am away but can u send me ur named.conf file and the zone and rr.zone files
so that I can try to compare and see what is the mistake I am making

What should be my ipaddress configuration

I configured

ipaddress as 192.168.0.199
sub mask class C
gateway is my router 192.168.0.1
AND DNS is the same as 192.168.0.199
IS this correct

My network

10.12.224.69-WAN port ROUTER-LAN port-192.168.0.1--two servers and other 3 client computers

First server is Fedora Core 1 192.168.0.199 also is the DHCP server with dhcpd

configured and working for all the computers also with fix ip for the second server on

Win2000 192.168.0.99 and DHCPD has address reservation for this with the MAC address

as far as i remember it is configured with the following options

ddns-update-style none;
{
option router 192.168.0.1;
option domain-name-server 192.168.0.199 ;
range dynamic-bootp 192.168.0.200 192.168.0.254;
};

I am not sure about the rest

Can I achieve what i want to: -

a)192.168.0.199 to be recognised by all the computers as server1.example.com
b)192.168.0.99 to be recognised by all the computers as lalu.example.com

3)
I am not sure about the directories as am away from my lab if they exist or not

var/run/named/named.pid

Will update you soon

Thanks

JAS

jspsandhu · 05-28-2005, 05:04 PM

I got it working today all i did was kept the zone and rr.zone files as it is as i think there were no errors in those files

I removed the caching-nameserver rpm and reinstalled it

I reconfigured the named.conf file as follows

// generated by named-bootconf.pl

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "example.com" IN {
type master;
file "example.com.zone";
allow-update { none; };
};

zone "0.168.192.in-addr.arpa" IN {
type master;
file "example.com.rr.zone";
allow-update { none; };
};

include "/etc/rndc.key";

This dnt work as did get connection refused errors

I stopped iptables

Reloaded named and rndc and still dnt worked

I just restarted the machine and then

[root@server1 root]# host -l example.com
example.com SOA server1.example.com. root.example.com.example.com. 2005052901 10
800 900 604800 86400
example.com name server server1.example.com.example.com.
ftp.example.com is an alias for server1.example.com.
Lalu.example.com has address 192.168.0.99
mail.example.com is an alias for server1.example.com.
server1.example.com has address 192.168.0.199
example.com SOA server1.example.com. root.example.com.example.com. 2005052901 10
800 900 604800 86400
[root@server1 root]#

It is working great

Thanks for ur help anyways

JAS