|
trying to create my own DNS with mandriva 2008 but I need ur help!!!
hi everybody, it's the first time I'm working with linux (mandriva 2008) I need to make my own DNS, so I edited and created some files, here they are:
(my domain is "dz" localhost is "machine" and my @IP is "10.10.128.118") I started with /var/named/named.ca ; Use "dig @A.ROOT-SERVERS.NET . ns" to update this file if it's outdated. ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.root ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jan 29, 2004 ; related version of root zone: 2004012900 ; ; ; formerly NS.INTERNIC.NET ; ; $Id: bind-named.root 80849 2007-09-06 11:56:48Z oden $ ; $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/ bind-named.root $ ; . 3600000 IN NS machine.dz. machine.dz. 3600000 A 10.10.128.118 ; /etc/named.conf // (oe) Loosely based on the document below and from production server configurations. // http://www.cymru.com/Documents/secur...-template.html // // $Id: named.conf 80849 2007-09-06 11:56:48Z oden $ // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/named.conf $ // secret must be the same as in /etc/rndc.conf include "/etc/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { mykey; }; }; // Access lists (ACL's) should be defined here include "/etc/bogon_acl.conf"; include "/etc/trusted_networks_acl.conf"; // Define logging channels include "/etc/logging.conf"; options { version ""; directory "/var/named"; dump-file "/var/tmp/named_dump.db"; pid-file "/var/run/named.pid"; statistics-file "/var/tmp/named.stats"; zone-statistics yes; // datasize 256M; coresize 100M; // fetch-glue no; // recursion no; // recursive-clients 10000; auth-nxdomain yes; query-source address * port *; listen-on port 53 { any; }; cleaning-interval 120; transfers-in 20; transfers-per-ns 2; lame-ttl 0; max-ncache-ttl 10800; // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; // allow-update { none; }; // allow-transfer { any; }; // Prevent DoS attacks by generating bogus zone transfer // requests. This will result in slower updates to the // slave servers (e.g. they will await the poll interval // before checking for updates). notify no; // notify explicit; // also-notify { secondary_name_server }; // Generate more efficient zone transfers. This will place // multiple DNS records in a DNS message, instead of one per // DNS message. transfer-format many-answers; // Set the maximum zone transfer time to something more // reasonable. In this case, we state that any zone transfer // that takes longer than 60 minutes is unlikely to ever // complete. WARNING: If you have very large zone files, // adjust this to fit your requirements. max-transfer-time-in 60; // We have no dynamic interfaces, so BIND shouldn't need to // poll for interface state {UP|DOWN}. interface-interval 0; // Uncoment these to enable IPv6 connections support // IPv4 will still work // listen-on { none; }; // listen-on-v6 { any; }; // allow-query { trusted_networks; }; allow-recursion { trusted_networks; }; // Deny anything from the bogon networks as // detailed in the "bogon" ACL. blackhole { bogon; }; }; // workaround stupid stuff... (OE: Wed 17 Sep 2003) zone "ac" { type delegation-only; }; zone "cc" { type delegation-only; }; zone "com" { type delegation-only; }; zone "cx" { type delegation-only; }; zone "lv" { type delegation-only; }; zone "museum" { type delegation-only; }; zone "net" { type delegation-only; }; zone "nu" { type delegation-only; }; zone "ph" { type delegation-only; }; zone "sh" { type delegation-only; }; zone "tm" { type delegation-only; }; zone "ws" { type delegation-only; }; zone "." IN { type hint; file "named.ca"; }; zone "dz" IN { type master; file "dz"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "reverse/named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "reverse/named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "reverse/named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "reverse/named.zero"; allow-update { none; }; }; /var/named/named.local $ORIGIN dz. $TTL 86400 ; 1 day @ IN SOA machine.dz. root.machine.dz. ( 1997022700 ; Serial 28800 ; Refresh (8 hours) 14400 ; Retry (4 hours) 3600000 ; Expire (5 weeks 6 days 16 hours) 86400 ) ; Minimum (1 day) IN NS machine.dz. 1 IN PTR localhost. I created an other file "dz" (with no extension is it ok?????) vi /var/named/dz :scratch: $ORIGIN dz. $TTL 86400 ; 1 day @ IN SOA machine.dz. root.machine.dz. ( 1997022700 ; Serial 28800 ; Refresh (8 hours) 14400 ; Retry (4 hours) 3600000 ; Expire (5 weeks 6 days 16 hours) 86400 ) ; Minimum (1 day) IN NS machine IN NS machine.dz. localhost IN A 127.0.0.1 machine IN A 10.10.128.118 www CNAME machine (for the web server with apache) I added this file: /var/named/dz.rev $ORIGIN dz. $TTL 86400 ; 1 day 128.10.10.in-addr.arpa IN SOA machine.dz. root.machine.dz. ( 1997022700 ; Serial 28800 ; Refresh (8 hours) 14400 ; Retry (4 hours) 3600000 ; Expire (5 weeks 6 days 16 hours) 86400 ) ; Minimum (1 day) IN NS machine.dz. $ORIGIN 128.10.10.in-addr.arpa. 118 PTR machine.dz. and the last one /etc/resolv.conf search dz nameserver 127.0.0.1 nameserver 10.10.128.118 the problem is : when I restart named with "service named restart" the result is "ok" :) but with "nslookup" "> q=any" the result is: Got servfail reply from 127.0.0.1 try next server connection timed out, no serrvers could be reached I don't understand, what's wrong :confused: I need ur help guys :cry: thanx! |
I don't see any immediate glaring error on looking over your setup. But I do see a problem with the command you gave to nslookup: there is no command "q=any". Perhaps you intended "set type=any", which should succeed. After that, you need to either give an IP address or a name to nslookup, and it will report back on what the DNS system replies.
Generally, when you see a SERVFAIL response, it means that your named process found some error; in that case, there should be more information in the logfiles. The location(s) will be defined per your config file in /etc/logging.conf. If something there does not make sense, please post the result, and maybe we can track the problem down further. |
thank you so much,I'm gonna try it and I'll tell you what I found later :-)
|
sorry but I can't find the file "/etc/logging.conf" I checked the file "/var/log/messages" there are many informations since April 26, so here is what I did:
# service named restart [ok] # nslookup > set type = any > dz Got servfail............(like what I said earlier) # vi /var/log/messages . . . . . May 1 21:30:40 machine named[7462]: starting BIND 9.4.1-P1 -u named -t /var/lib/named May 1 21:30:40 machine named[7462]: loading configuration from '/etc/named.conf' May 1 21:30:40 machine named[7462]: listening on IPv4 interface lo, 127.0.0.1#53 May 1 21:30:40 machine named[7462]: automatic empty zone: 127.IN-ADDR.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 254.169.IN-ADDR.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 2.0.192.IN-ADDR.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 255.255.255.255.IN-AD DR.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: D.F.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 8.E.F.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: 9.E.F.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: A.E.F.IP6.ARPA May 1 21:30:40 machine named[7462]: automatic empty zone: B.E.F.IP6.ARPA May 1 21:30:40 machine named[7462]: command channel listening on 127.0.0.1#953 does it mean something to you???? I don't know if it's the file you were talking about or not!! thanx. |
The messages in /var/log/messages are the normal ones that named posts when it starts up. If /etc/logging.conf does not exist, then you do not have any logging channels defined for named. This is probably an error. At a minimum, you ought to have something about like this
Code:
logging {Then, I am pretty sure that the last line in your /etc/resolv.conf file is unnecessary, and may be confusing things. It tells the resolver part of the DNS system to attempt a name resolution on 10.10.128.118 (your IP address). But your named daemon is only listening on 127.0.0.1, so it will never hear such a request. This also could be producing the servfail message. So I recommend that you delete that line from /etc/resolv.conf, and then retry the same experiment. Under normal circumstances, you will not need more than one nameserver line in this file. Let's see what happens then. |
I opened the file /etc/resolv.conf and guess what I found,nothing!!!
it seems like I have another problem here! when I first started to create and edit my files,the first time i opened resolv.conf I found something written : dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN but I deleted this and instead I've written: (remember??) search dz nameserver 127.0.0.1 nameserver 10.10.128.118 and now when I wanted to try what you told me i opened it and I found that again,it's like i never changed it, but i'm sure I did and I saved everything and when I used to open it before it was normal! I really don't understand!! whatever I've written just: search dz nameserver 127.0.0.1 and with : nslookup set type=any dz I got this: Server: 127.0.0.1 Address: 127.0.0.1#53 **server can't find dz: SERVFAIL do you think there's a problem with "/etc/resolv.conf"???? |
The problem of the missing /etc/resolv.conf is undoubtedly traceable to some GUI that you (inadvertantly) used to try to solve some problem in this area. My systems do not have a manpage for resolvconf(8), but yours may. It will probably tell you where the actual information is stored that generates a new /etc/resolv.conf when you update stuff.
Were you able to install the stuff in /etc/logging.conf? If so, there will be some more information in the logfiles, I hope. |
hi,yes I created a file /etc/logging.conf because it didn't exist in /etc,but where can I find the "log files"?????
about /etc/resolv.conf,yes I have a man page for resolvconf(8) but there's not just one file,in fact there are many that communicate together to regenerate the old resolv.conf at system reboot. to be honnest I didn't understand the man page completely! so I'm still making some research! I'm starting to.... :-( but I don't wanna give up! I really appreciate ur help,thanx. |
The logging stuff is very flexible, and correspondingly complicated. The code I posted will direct everything to the syslog facility. The way that is set up, in turn, is controlled by yet another file: /etc/syslog.conf. This usually results in the messages we are interested in being recorded in /var/log/messages; that is where I would look first. There are a number of web pages that you can find using Google that describe how syslog is configured, but if you can find the messages we want in /var/log/messages, you can defer that bit of research.
|
hi I'm so sorry I had no "internet", I just found out that I needed "ethernet driver" (in my other pc,where I wanted to create the DNS),so I just solved that problem,now I think something's wrong with the "dz file",because when I restart "name service", in the log messages there's: "zone dz/In :loading from master file dz failed,file not found"
so.... bye! |
| All times are GMT -5. The time now is 12:04 PM. |