Bind9 Installation Questions

deibertine · 08-11-2009, 09:58 PM

I'm trying to install BIND9 in my Ubuntu server ver 8.

I already have an existing secondary dns server running BIND8 and the primary one which is almost failing and needs to be retired. The primary dns is also running an old version of BIND8.

By setting up a new dns server using BIND9, will it be possible to just copy all of the old configs from the old primary dns server and place them into the new server? Will this work?

Can I have a primary server running BIND9 then the secondary running BIND8 will work fine?

I need expert advise please.

Thank you!

DB

vishesh · 08-11-2009, 11:59 PM

Your don't need to edit your bind 8 configuartion file to work with bind 9. However BIND 9 name servers don't support some configuration options that BIND 8 name servers support. For a list, see the file doc/misc/options in the BIND 9 distribution. Options marked as "obsolete" or "not [yet] implemented" aren't supported. In most cases, you either won't need the old option or can make do with functionality provided by a newer option.

One major change in the configuration file is the controls statement. BIND 8 name servers support both inet and unix control channels. BIND 9, however, only supports a new type of inet control channel, so you'll probably need to modify the name server's controls statement and create an rndc.conf file.

The zone data file format is also the same in BIND 8 and BIND 9.

There are aspects of the name server's operation that change in BIND 9. For example, BIND 8 name servers will start even if there are (minor) syntax errors in the named.conf file. A BIND 9 name server won't. This forces you to fix any syntax errors before the name server will start, which is probably a good thing.

BIND 8 name servers will also load zone data files even if they contain (minor) errors. A BIND 9 name server won't. Again, this forces you to fix any errors in the data file before the name server will respond to any queries

Thanks

deibertine · 08-12-2009, 12:07 AM

That's good to know that they will take both config files just fine.

Well I just did copy all old configs on to the new BIND9 server, however I get this error when starting BIND:
/etc/init.d/bind9 start
* Starting domain name service... bind [fail]
/etc/init.d/bind9 restart
rndc: connect failed: 127.0.0.1#953: connection refused

I made sure I renewed my key by doing this:
rndc-confgen

I also have "named" as owner of the /etc/bind dir. ( -rwxr-x--- 1 named named)

Even reload fails:
* Reloading domain name service... bind rndc: connect failed: 127.0.0.1#953: connection refused [fail]

Can you please tell me on why BIND is failing?

Cheers,
DB

vishesh · 08-12-2009, 01:05 AM

Try to start named in higher debug level and check /var/named/named.run(or /var/named/data/named.run)
#service named stop (if running)
#named -d 2
#more /var/named/data/named.run

It seems that there in some control statement for rndc in not appropiate, just check named.run and control statement of rndc.

Thanks

deibertine · 08-12-2009, 01:28 AM

Quote:

Originally Posted by vishesh

Try to start named in higher debug level and check /var/named/named.run(or /var/named/data/named.run)
#service named stop (if running)
#named -d 2
#more /var/named/data/named.run

It seems that there in some control statement for rndc in not appropiate, just check named.run and control statement of rndc.

Thanks

Thanks for the post mate!

I tried your suggestions and here's what occured:

root@csdnssvr:/etc/bind# service named stop
named: unrecognized service
root@csdnssvr:/etc/bind# service bind9 stop
* Stopping domain name service... bind rndc: connect failed: 127.0.0.1#953: connection refused [fail]
root@csdnssvr:/etc/bind# named -d 2
root@csdnssvr:/etc/bind# more /var/named/data/named.run
/var/named/data/named.run: No such file or directory

Here's my named.conf file:

options {
directory "/etc/bind";
dump-file "/etc/bind/data/cache_dump.db";
statistics-file "/etc/bind/data/named_stats.txt";
allow-transfer { 10.10.1.4; };
/*
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "csaa.com" IN {
type master;
file "pri.csaa.com";
allow-update { none; };
};

zone "nv.csaa.com" IN {
type master;
file "pri.nv.csaa.com";
allow-update { none; };
};

zone "sf.csaa.com" IN {
type master;
file "pri.sf.csaa.com";
allow-update { none; };
};

zone "ca.csaa.com" IN {
type master;
file "pri.ca.csaa.com";
allow-update { none; };
};

zone "vpn.csaa.com" IN {
type master;
file "pri.vpn.csaa.com";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "1.11.10.in-addr.arpa" IN {
type master;
file "pri.1.10.10.in-addr.arpa";
allow-update { none; };
};

zone "12.10.10.in-addr.arpa" IN {
type master;
file "pri.12.10.10.in-addr.arpa";
allow-update { none; };
};

zone "10.10.10.in-addr.arpa" IN {
type master;
file "pri.10.10.10.in-addr.arpa";
allow-update { none; };
};

zone "13.10.10.in-addr.arpa" IN {
type master;
file "pri.13.10.10.in-addr.arpa";
allow-update { none; };
};

zone "11.10.10.in-addr.arpa" IN {
type master;
file "pri.11.10.10.in-addr.arpa";
allow-update { none; };
};

zone "8.10.10.in-addr.arpa" IN {
type master;
file "pri.8.10.10.in-addr.arpa";
allow-update { none; };
};

zone "6.10.10.in-addr.arpa" IN {
type master;
file "pri.6.10.10.in-addr.arpa";
allow-update { none; };
};

zone "7.10.10.in-addr.arpa" IN {
type master;
file "pri.7.10.10.in-addr.arpa";
allow-update { none; };
};

include "/etc/bind/rndc.key";

Cheers,
DB

vishesh · 08-12-2009, 01:43 AM

You have not mentioned logging section in bind configuration. i think your logging file will be /etc/bind/data/named.run

try to replace following line
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
with

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { rndckey; };
};

thanks

deibertine · 08-12-2009, 12:07 PM

Quote:

Originally Posted by vishesh

You have not mentioned logging section in bind configuration. i think your logging file will be /etc/bind/data/named.run

try to replace following line
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
with

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { rndckey; };
};

thanks

Hmm, I dont have named.run anywhere, but here's the contents of my /etc/bind/data:

root@csdnssvr:/etc/bind/data# ls
named_stats.txt

I also tried your suggestion mate, but no luck.

I forgot to mention, this new DNS server is a virtual machine running a bridged network (static ip). Dont you think it had somwething to do with this being on a vm environment?

Here's my new named.conf file:

options {
directory "/etc/bind";
dump-file "/etc/bind/data/cache_dump.db";
statistics-file "/etc/bind/data/named_stats.txt";
allow-transfer { 10.10.1.4; };
/*
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "csaa.com" IN {
type master;
file "pri.csaa.com";
allow-update { none; };
};

zone "nv.csaa.com" IN {
type master;
file "pri.nv.csaa.com";
allow-update { none; };
};

zone "sf.csaa.com" IN {
type master;
file "pri.sf.csaa.com";
allow-update { none; };
};

zone "ca.csaa.com" IN {
type master;
file "pri.ca.csaa.com";
allow-update { none; };
};

zone "vpn.csaa.com" IN {
type master;
file "pri.vpn.csaa.com";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "1.11.10.in-addr.arpa" IN {
type master;
file "pri.1.10.10.in-addr.arpa";
allow-update { none; };
};

zone "12.10.10.in-addr.arpa" IN {
type master;
file "pri.12.10.10.in-addr.arpa";
allow-update { none; };
};

zone "10.10.10.in-addr.arpa" IN {
type master;
file "pri.10.10.10.in-addr.arpa";
allow-update { none; };
};

zone "13.10.10.in-addr.arpa" IN {
type master;
file "pri.13.10.10.in-addr.arpa";
allow-update { none; };
};

zone "11.10.10.in-addr.arpa" IN {
type master;
file "pri.11.10.10.in-addr.arpa";
allow-update { none; };
};

zone "8.10.10.in-addr.arpa" IN {
type master;
file "pri.8.10.10.in-addr.arpa";
allow-update { none; };
};

zone "6.10.10.in-addr.arpa" IN {
type master;
file "pri.6.10.10.in-addr.arpa";
allow-update { none; };
};

zone "7.10.10.in-addr.arpa" IN {
type master;
file "pri.7.10.10.in-addr.arpa";
allow-update { none; };
};

include "/etc/bind/rndc.key";

Cheers,
DB

deibertine · 08-12-2009, 04:48 PM

I got this up and running!

After rigorous testing and researching, turned out to be a permissions issue.

Anyway I got the new DNS running now however for some reason it wont serve up to multiple subnets.

I have a test windows xp machine that I have assigned a static IP and DNS on using the parameters of this new DNS server. The test xp worked fine and can browse the internet/extranet - however it would not resolve names internally.

Im also unable to ping names internally but if i ping yahoo/google.com success!

Anything else I need to do to correct this?

Thanks!