LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-30-2009, 01:53 PM   #1
bentman78
Member
 
Registered: Mar 2003
Location: Washington DC, USA
Distribution: Redhat
Posts: 212

Rep: Reputation: 30
CentOS BIND CHROOT problem.


Hello all,
I'm having a problem with a chroot bind config from this site
http://www.wains.be/index.php/2007/1...dns-with-bind/

Basically I have my named.com in /var/named/chroot/etc and it looks like this":
// we include the rndckey (copy-paste from rndc.key created earlier)

key "rndckey" {
algorithm hmac-md5;
secret "wouldn't you like to know;
};

controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; };
#inet xxx.xxx.xxx.xxx allow { any; } keys { "rndckey"; };
};

options {
directory "/var/named";
pid-file "/var/run/named/named.pid";

recursion yes;

allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
};

// these are the opendns servers (optional)
forwarders {
208.67.222.222;
208.67.220.220;
};

listen-on {
127.0.0.1;
xxx.xxx.xxx.xxx;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
#query-source address * port 53;

// so people can't try to guess what version you're running
version "REFUSED";

allow-query {
127.0.0.1;
xxx.xxx.xxx.xxx;
};
};

server xxx.xxx.xxx.xxx {
keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";

// we assume we have a slave dns server with the IP 192.168.254.101
#zone "test.be" IN {
# type master;
# file "data/test.be.zone";
# allow-update { none; };
# allow-transfer { 192.168.254.101; };
# };


My zone files look like so in /var/named/chroot/var/named/data/my.domain.zone:

$ttl 38400
mydomain.com. IN SOA ns.mydomain.com. admin.mydomain.com. (
200904291437 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day

mydomain.com. IN NS ns1.mydomain.com.

mydomain.com. IN MX 1 mx.mydomain.com.

www.mydomain.com. IN A xxx.xxx.xxx.xxx
ns1.mydomain.com. IN A xxx.xxx.xxx.xxx
ns2.mydomain.com. IN A xxx.xxx.xxx.xxx
mx.mydomain.com. IN A xxx.xxx.xxx.xxx
mail.mydomain.com. IN CNAME mx.mydomain.com.

My problem is with the rndc status command it doesn't show any zones listed.
[root@xxxx data]# rndc status
number of zones: 0
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Bind is working and the process is there, doing ps aucx | grep named shows the PID.

Is there something I'm missing? I've looked over the conf and can't find a thing. Also, no errors in /var/log/messages.

Also, when I query my domains using nslookup www.mydomain.com 127.0.0.1 I can't get a response. I can query sites like google, howtoforge..etc..etc

IT seems my zone files aren't loading? But then again I can't tell because I have no errors in the logs.

Thanks in advance, any help is appreciated, I'm pulling my hair out.
 
Old 04-30-2009, 02:10 PM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Are you looking at logs in the chrooted environment or out of it?

Forrest
 
Old 04-30-2009, 02:13 PM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
IT seems my zone files aren't loading? But then again I can't tell because I have no errors in the logs.
That's because you don't have any zones you're authoritative for, in named.conf.
Run
Code:
named-checkconf -z -t /var/named/chroot
to see it.
You need to add in named.conf:
Quote:
zone "mydomain.com" IN {
type master;
file "data/my.domain.zone";
};

Last edited by bathory; 04-30-2009 at 02:18 PM.
 
Old 04-30-2009, 02:39 PM   #4
bentman78
Member
 
Registered: Mar 2003
Location: Washington DC, USA
Distribution: Redhat
Posts: 212

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by bathory View Post
That's because you don't have any zones you're authoritative for, in named.conf.
Run
Code:
named-checkconf -z -t /var/named/chroot
to see it.
You need to add in named.conf:
geeezus

I should have caught that. I guess trying to configure servers at late at night after 12 hours of work will do that.
Thanks man.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot and bind rickl Linux - General 2 01-12-2011 03:21 PM
bind-chroot problem rahilmaknojia Linux - Server 1 04-22-2008 11:57 AM
bind-chroot install problem bolvangar Linux - Software 1 12-23-2006 07:18 AM
Bind chroot problem dementiaa Linux - Software 3 12-26-2004 05:14 AM
Bind 9 - Chroot problems Nauseous Linux - Networking 2 11-01-2003 05:51 AM


All times are GMT -5. The time now is 02:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration