Bind9 not working reverse zone
Hello everybody, I recently change my OS to debian jessie and I can't make the server work properly.
/etc/resolv.conf ================ nameserver xxx.yyy.zzz.2 nameserver 8.8.8.8 nameserver 8.8.4.4 hosts ====== /hosts 127.0.0.1 localhost xxx.yyy.zzz.2 ns1.midominio.com ns1 named.conf.local ================ include "/etc/bind/named.conf.log"; //JUJUYTEL //directa zone "midominio.com" IN { type master; file "/etc/bind/directa/midominio.com1"; allow-query { any; }; }; //reversa zone "zzz.yyy.xxx.IN-ADDR.ARPA" { type master; file "/etc/bind/midominio.com.reversa"; allow-query { any; }; }; //WEBMAIL //directa zone "webmail.midominio.com" IN { type master; file "/etc/bind/webmail.midominio.com"; allow-query { any; }; }; //directa zone "mail.midominio.com" IN { type master; file "/etc/bind/mail.midominio.com"; allow-query { any; }; }; named.conf.options ================== options { directory "/var/cache/bind"; forwarders { 8.8.8.8; }; version "No version"; auth-nxdomain no; # conform to RFC1035 allow-query { any; }; rate-limit { responses-per-second 10; }; }; zone midominio.com ==================== $ORIGIN midominio.com. $TTL 1W @ IN SOA ns1.midominio.com. root.ns1.midominio.com. ( 2017022005 ; Serial 3600 ; Refresh 300 ; Retry 1209600 ; Expire 3600 ; Minimum ) IN NS ns1.midominio.com. IN NS web.midominio.com. IN NS ns1.arnet.com.ar. IN NS ns2.arnet.com.ar. IN MX 0 mail.midominio.com. ;-------------------------------------------------------------- localhost IN A 127.0.0.1 ns1 IN A xxx.yyy.zzz.2 IN HINFO DNS Server web IN A xxx.yyy.zzz.5 IN HINFO Web Server mail IN A xxx.yyy.zzz.6 IN HINFO Mail Server www IN CNAME web.midominio.com. webmail IN CNAME mail.midominio.com. proxy IN CNAME ns1.midominio.com. reverse zone ============ ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.midominio.com. root.midominio.com. ( 2017022002 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.midominio.com. 2 IN PTR ns1.midominio.com. 5 IN PTR web.midominio.com. 6 IN PTR mail.midominio.com. I get this error ============ nslookup > xxx.yyy.zzz.2 ;; Got SERVFAIL reply from xxx.yyy.zzz.2, trying next server ;; Got SERVFAIL reply from 8.8.8.8, trying next server Server: 8.8.4.4 Address: 8.8.4.4#53 ** server can't find 2.zzz.yyy.xxx.in-addr.arpa: SERVFAIL I hope someone can guide me with this. Best regards. |
Quote:
Quote:
Code:
named-checkzone zzz.yyy.xxx.IN-ADDR.ARPA /etc/bind/midominio.com.reversa |
Bathory thanks foy your reply, I found the error.
I have comments in my named.conf.local, I delete those lines and worked again. Thanks a lot. I have another issue, in my named.conf.option change recursion to NO, but now I get Status REFUSED. I have another question. I have a different domain that I need to delegate, how I can do that? Thanks Best Regards |
Quote:
Quote:
If you want to add a new domain (zone) for your dns to be authoritative of, just add the zone definition in named.conf and create the zonefile of the zone in question. If that's not what you're trying to do, please elaborate. Regards |
My named.conf.option is...
directory "/var/cache/bind"; forwarders { 8.8.8.8; }; //recursion no; auth-nxdomain no; # conform to RFC1035 allow-query { any; }; rate-limit { responses-per-second 10; }; |
Quote:
Code:
dig midominio.com @ns1.midominio.com |
Bathory, here is what you ask...
dig midominio.com @ns1.midominio.com ; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> midominio.com @ns1.midominio.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43297 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;midominio.com. IN A ;; AUTHORITY SECTION: midominio.com. 3600 IN SOA ns1.midominio.com. root.ns1.midominio.com. 2017024005 3600 300 1209600 3600 ;; Query time: 0 msec ;; SERVER: xxx.yyy.zzz.2#53(xxx.yyy.zzz.2) ;; WHEN: Wed Mar 01 16:24:17 ART 2017 ;; MSG SIZE rcvd: 92 With nslookyp I get this... root@ns1:/etc/bind# nslookup midominio.com Server: xxx.yyy.zzz.2 Address: xxx.yyy.zzz.2#53 *** Can't find midominio.com: No answer root@ns1:/etc/bind# nslookup www.midominio.com Server: xxx.yyy.zzz.2 Address: xxx.yyy.zzz.2#53 www.midominio.com canonical name = midominio.com. I still have something wrong. I change my named.conf.option file commenting forwarders and uncomment recursion like this... options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 8.8.8.8; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== //dnssec-validation no; recursion no; auth-nxdomain no; # conform to RFC1035 allow-query { any; }; //listen-on-v6 { any; }; rate-limit { responses-per-second 10; // log-only yes; //comentar }; }; But I get this error.... REFUSED 01-Mar-2017 16:35:39.662 query-errors: info: client aaa.bbb.ccc.123#17529 (clients4.google.com): rate limit drop REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:39.704 query-errors: info: client aaa.bbb.ccc.90#61512 (emupdate.avcdn.net): rate limit slip REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:39.837 query-errors: info: client aaa.bbb.ccc.130#14852 (www.facebook.com): rate limit drop REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:39.906 query-errors: info: client aaa.bbb.ccc.16#24348 (graph2.facebook.com): rate limit slip REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:39.982 rate-limit: info: limit REFUSED error responses to 192.168.20.0/24 01-Mar-2017 16:35:39.982 query-errors: info: client 192.168.20.151#23499 (apis.google.com): rate limit slip REFUSED error response to 192.168.20.0/24 01-Mar-2017 16:35:40.160 query-errors: info: client aaa.bbb.ccc.130#14852 (www.google.com.ar): rate limit drop REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:40.233 query-errors: info: client aaa.bbb.ccc.179#26182 (connectivitycheck.android.com): rate limit slip REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:40.238 query-errors: info: client aaa.bbb.ccc.179#26184 (connectivitycheck.android.com): rate limit drop REFUSED error response to aaa.bbb.ccc.0/24 01-Mar-2017 16:35:40.307 query-errors: info: client aaa.bbb.ccc.211#15764 (a.root-servers.net): rate limit slip REFUSED error response to aaa.bbb.ccc.0/24 |
Quote:
Code:
midominio.com. IN A xxx.yyy.zzz.2 Quote:
So in named.conf use: Code:
//recursion no; |
All times are GMT -5. The time now is 02:43 AM. |