Hi all,

I am having trouble getting DNS going on a web server I am setting up. This is SUSE Linux 9.1 with Apache, MySQL, PHP/Perl used to teach Web Design & Hosting.

I received my "zone file" from my DNS host - Domain Names changed but consistent throughout:

$ttl 18400
@ IN SOA ns1.mydnshost.com.au. postmaster.mydnshost.com.au. (
2004091301
10800
3600
304800
18400 )

NS ns1.mydnshost.com.au.
NS ns2.mydnshost.com.au.

and this is what we (a couple of colleagues and me) came up with:

$TTL 2D
mydomain.com.au. IN SOA ns1.mydnshost.com.au. postmaster.mydnshost.com.au. (
2004091600 ; serial
3H ; refresh
1H ; retry
1W ; expiry
18400 ) ; minimum

@ IN NS ns1.mydnshost.com.au.
@ IN NS ns2.mydnshost.com.au.
localhost IN A 127.0.0.1
computername IN A 192.168.0.2
www IN CNAME 192.168.0.2
www IN CNAME computername.mydomain.com.au.
ftp IN CNAME 192.168.0.2
ftp IN CNAME computername.mydomain.com.au.

saved as /var/lib/named/mydomainname.zone and:

# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

# The directory statement defines the name server's working directory

directory "/var/lib/named";

# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.

dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";

# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.

forwarders { name-server-ip-address1; name-server-ip-address2; my-isp-dns-ip; };

# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.

#forward first;

# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.

#listen-on port 53 { 127.0.0.1; };

# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.

listen-on-v6 { any; };

# The next three statements may be needed if a firewall stands between
# the local server and the internet.

query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;

# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.

#allow-query { 127.0.0.1; };

# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.

notify no;
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};

# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

# Include the meta include file generated by SuSEconfig.named. This includes
# all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SuSE for more details.

zone "mydomain.com.au" in {
type master;
file "mydomain.com.au";
};

saved as /etc/named.conf.

From all our reading - SUSE Administration Guide, online, debian, FreeBSD, and others - this should now work. The one problem we have found is if we use nslookup we only get:

nslookup mydomain.com.au -sil
Server: 192.231.203.132
Address: 192.231.203.132#53

Non-authoritative answer:
*** Can't find mydomain.com.au: No answer

And if we whois the IP address we get details for our DNS Host/ISP.

Have we got this setup right?

Is the ISP at fault?

Thanks In Advance.

The zone file for your domain must be named "/var/lib/named/mydomain.com.au" and not "/var/lib/named/mydomainname.zone" .
Also in that file you must have the A records for your NS1 and NS2. Make the changes, increase the serial and restart named.

In addition to what Bathory mentioned...

1) Where is the reverse lookup zone being loaded? i.e. in-addr.arpa

2) You have CNAME's pointing to IP address. Address records (A) point to IP's, CNAME records should point to names. Like the name of a previously defined address record.

3) Based on my interpretation of your forwarders statement, you are forwarding queries to your own name server, then your ISP's name server. huh?

4) You mentioned "Is the ISP at fault?" in your post. Why would they be at fault if you are configuring your own name server to be a Start of Authority (SOA)? Are they responsible for SOA delgation to your server in some way? I'm confused as to where you are setting up this name server.

BTW: The whois command does not query name servers. If I remeber correctly, whois is a database maintained by all the differenet TLD registrar's.

Also, are you getting any errors logged when you start named? i.e. /var/log/messages on redhat. I don't know how SUSE distro's configure syslog. Named typically logs some descriptive errors on startup to help pinpoint zone file problems.

Thanks for your help - it was a combination of all three things.

I fixed up the NameServer as an A record, dropped the CNAMES pointing at IP addresses and the ISP, who are the Authoritative Name Server as they are hosting my DNS for the static IP ADSL connection used for this web server, did not have an A record for my domain name pointing to the IP address.

Thanks for your quick accurate comments.

I've been searching google all day today trying to figure out how to setup bind in it's own jail on a Mandrake 10.1 box.

Well, I searched and searched, but still haven't stumbled across any answers on how to jail Mandrake 10.1's default bind 9.3.0 rpm install.

I guess my question is, how do I edit the init scripts in Mandrake 10.1 to start bind in my jail?

I mostly have been following the following how-to
http://www.losurs.org/docs/howto/Chr...D-4.html#ss4.2

I added ROOTDIR="/chroot/named/" to /etc/sysconfig/named
but bind still doesn't run inside the jail. It runs great from /var/named

I must be missing something.
If anyone can point me into the right location, I would be greatfull.

Have you tried The Linux Documentation Project? The following howto would seem to address your problems:

http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html

Hope this helps!

That's the exact same documentation, just posted in a different place.

My questions is related to section 4.2

"..As with syslogd, as of Red Hat 7.2 this process is now even easier. There is a file called /etc/sysconfig/named in which extra parameters for syslogd can be defined. The default /etc/rc.d/init.d/named on Red Hat 7.2, however, will check for the existance of /etc/named.conf before starting. You will need to correct this path..."

I added the extra parameters in /etc/sysconfig/named as I stated above, but Bind still looks for it's config file in /etc

I added the extra parameters in /etc/sysconfig/named as I stated above, but Bind still looks for it's config file in /etc

Is your named init script "also" adding the -t /chroot... command line parameter when it checks for the ROOTDIR variable sourced from /etc/sysconfig/named?

When you say... "also" adding the -t /chroot...
I guess I don't know what you mean. Do I have to edit the /etc/rc.d/init.d/named script as well?

I'm just assuming that once I set the varable ROOTDIR in /etc/sysconfig/named, it should get defined in /etc/rc.d/init.d/named, and Bind now starts from somewhere else.

ROOTDIR="/chroot/named/"

I have never used slackware or mandrake distro's, so I don't know if you need to add the -t parameter to the init script. If they have done their homework, then the supplied init script should be adding the -t parameter when it sees the ROOTDIR variable that was sourced from /etc/sysconfig/named.

There's an easy way to check if named is being started in a chroot'd environment:

# ps auwx | grep named

You should see the -t /chroot.... shown on the command line. If not... then your init script needs to be modified.

In Mandrake's named init scrit, the -t parameter is being used.
OPTIONS="${OPTIONS} -t ${ROOTDIR}"

Is there any way that I can check to see what ROOTDIR is when named is running? Or double check to see if /etc/sysconfig/named is being used at all?

The following is in my init script.
[ -f /etc/sysconfig/named ] && . /etc/sysconfig/named

I don't think ROOTDIR is getting defined.

Also,
There's an easy way to check if named is being started in a chroot'd environment:

Shouldn't I just be able to rename or remove /etc/named.conf and named still work if it's running from inside /chroot/named ?

And this is what I get after doing a # ps auwx | grep named

root 9537 0.0 0.3 6544 896 pts/2 S+ Nov16 0:00 vim /etc/sysconfig/named
root 11711 0.0 0.2 1460 580 ? Ss 08:15 0:00 syslogd -m 0 -a /chroot/named/dev/log
named 11861 0.0 1.2 30216 3256 ? Ssl 08:19 0:00 named -u named
root 14037 0.0 0.2 1764 596 pts/4 R+ 09:42 0:00 grep named

And thank-you guys for your help.