Trying for the life of me to get a freakin DNS server setup. I have never done this before and i am about to pull my hair out. I have went over 10 tutorials for bind 9 and not one can help me configure this crap correctly.

All the tutorials assume a 192.168.0.1 for instance ip address, but im not needing to foward requests internally to my network after there coming through my router.

My idea is i have the server in a DMZ, i need the server to be open to the internet to be run as a firewall to the perimeter of my network. Then any requests directly goto my ip address but not a 192.168.x.x, but my ISP assigned one. All the other pc's on my network use the 192.168.x.x.

named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

# Domain Name

zone "pakalolo420.us" {
type master;
file "/etc/bind/zones/pakalolo420.us.db";
};

# Reverse DNS

zone "185.217.58.68.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.185.217.58.68.in-addr.arpa";
};
--------------------------------------------------------------
named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
68.87.66.196;68.87.64.196
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
-------------------------------------------------------------
Zone Def File (pakalolo420.us.db)
// replace example.com with your domain name. do not forget the . after the domain name!
// Also, replace ns1 with the name of your DNS server
pakalolo420.us. IN SOA ns1.pakalolo420.us. admin.pakalolo420.us. (
// Do not modify the following lines!
2006081401
28800
3600
604800
38400
)

// Replace the following line as necessary:
// ns1 = DNS Server name
// mta = mail server name
// example.com = domain name
pakalolo420.us. IN NS ns1.pakalolo420.us.
pakalolo420.us. IN MX 10 mta.pakalolo420.us.

// Replace the IP address with the right IP addresses.
www IN A 68.58.217.185
mta IN A 68.58.217.185
ns1 IN A 68.58.217.185
-----------------------------------------------------------------
Reverse DNS Zone File (rev.185.217.58.68.in-addr.arpa)
//replace example.com with your domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server. in my case, it's 1, as $
@ IN SOA ns1.example.com. admin.example.com. (
2006081401;
28800;
604800;
604800;
86400
)

IN NS ns1.pakalolo420.us.
1 IN PTR pakalolo420.us
--------------------------------------------------------------
* Stopping domain name service... bind9 rndc: connect failed: 127.0.0.1#953: connection refused
[ OK ]
* Starting domain name service... bind9 [fail]

That is all i get when i execute a restart for bind 9. Help. I have no idea how to make this work. Been over everything 10 times.

I can see that you miss a ";" after the 2nd IP.
You should also take a look at the logs and run named-checkconf to check your bind configuration.

Regards

In addition
means iptables is blocking port 953 on ip 127.0.0.1 ie localhost.
You need to open that port to use rndc key option.
http://www.linuxtopia.org/online_boo...bind-rndc.html

Fixed both of those problems. Added the semicolon and unblocked bind9 from iptable.

However i do not understand what to do from now. I can pop my ip address into my web browser and i get the "it works" from apache on my server. What in the hell do i need to do from here to make pakalolo420.us say "it works", like when i type in my normal IP. Cause stuff still is not working. I think my DNS server is set properly. However my domain is registered with godaddy.com. I don't understand the whole ns1 server crap. I changed it to ns1.pakalolo420.us on godaddy.com and it didn't change. What do i need to do on there website to make the domain hosted on my server. where do the random domain server names come from the ns1.domain.com. Is this just a name you fabricate or what.

Godaddy keeps telling me Name server pending addition is not registered: NS1.PAKALOLO420.US

68.178.232.100 = Some godaddy.com related address

Dig results, i don't understand any of it. Good or bad.

; <<>> DiG 9.5.1-P2 <<>> pakalolo420.us
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61482
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pakalolo420.us. IN A

;; ANSWER SECTION:
pakalolo420.us. 80 IN A 68.178.232.100

;; Query time: 263 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue Sep 8 17:29:45 2009
;; MSG SIZE rcvd: 48

From the above it looks that your server is not authoritative for the domain pakalolo420.us. The authoritative servers are ns10.domaincontrol.com, ns09.domaincontrol.com.
I guess you have to contact your domain registrar to change authoritative name servers.

LOL yes i understand they need to be changed from godaddy.com's server to point to my server. i made up the random name for my server as ns1.pakalolo420.us. i assume that the name server derives it's name from the domain name, is that correct?

Once i login i can point to a different name server, but when i put in my ns1.pakalolo420.us, Godaddy keeps telling me Name server pending addition is not registered: NS1.PAKALOLO420.US.

What do i have to do to get my server registered, and what exactly is it suppose to be registered with?

The name is OK as far as it can be resolved. What gives:
I assume that you're going to run the above from the name server. If you want to run it from a different box use the IP of your dns. You should also add an entry for the domain itself, so it's resolvable:
Don't forget to increase serial and restart bind

Watching this video, I see that's the way to change dns.
Just one question: Could you use the public IP of your server insted of the FQDN?

i don't have a clue as to what the serial is for. I know it's a number in one of the many bind config files, that is a pretty large (seamingly random) looking number. I don't know what to correctly change it to or what it does. I don't want that variable to be broke and have to figure out how to refix it.

Yes, go type in 68.58.217.185, and you will access my server. Simply displays a "it works" screen in web browser.

Yes the youtube video is exactly what i was doing on godaddy, but i keep getting the error as i mentioned.

What are you referring to that i need to add a entry for the domain, where should the "pakalolo420.us. IN A 68.58.217.185" go? as in what file?

cegha@KyleBritton:~$ host pakalolo420.us localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

Host pakalolo420.us not found: 3(NXDOMAIN)
cegha@KyleBritton:~$ dig ns1.pakalolo420.us @localhost

; <<>> DiG 9.5.1-P2 <<>> ns1.pakalolo420.us @localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30832
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.pakalolo420.us. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 8 18:18:33 2009
;; MSG SIZE rcvd: 36

-------------------------------------------------------------------------------

EDIT: Now some other shit broke. I had bind9 actually freakin running. I would execute the restart command and got no errors and 2 ok's. What the hell did i break. Now i get.

/etc/init.d/bind9 restart
* Stopping domain name service... bind9 rndc: error: none:0: open: /etc/bind/rndc.key: permission denied
rndc: could not load rndc configuration
[ OK ]
* Starting domain name service... bind9 chmod: changing permissions of `/var/run/bind/run': Operation not permitted
named: setgid(): Operation not permitted
[fail]

Regarding the error you get, you must be sure that the directory /var/run/bind is owned by the user/group that runs bind

bah, i wasn't under root when i was trying to restart. Epic Fail for me. lol

I get this when i dig my (public) ip. Settings are definitely not right someplace. Where is that someplace that needs settings changed.

dig 68.58.217.185

; <<>> DiG 9.5.1-P2 <<>> 68.58.217.185
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54265
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;68.58.217.185. IN A

;; AUTHORITY SECTION:
. 895 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009090800 1800 900 604800 86400

;; Query time: 250 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue Sep 8 19:16:29 2009
;; MSG SIZE rcvd: 106
-----------------------------------------------------------
Edit: looked in my /etc/bind/db.root file and found this information, among a ton of other settings that look like this. Do these settings need to be changed?

. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
----------------------------------------------------------------
My ip address flipped on me. I went and signed up at no-ip but don't know how to link it together with bind9. Says i have to have some client installed on my linux box i guess to send them the update for my ip address. Help please.

You should use -x to resolve IPs:
Here is what I get for your IP:
I guess you have to talk also to comcast, if you want them to delegate you the IPs (the subnet) you own.