trying to create my own DNS with mandriva 2008 but I need ur help!!!

ssarrinah · 05-01-2008, 06:15 AM

hi everybody, it's the first time I'm working with linux (mandriva 2008) I need to make my own DNS, so I edited and created some files, here they are:

(my domain is "dz" localhost is "machine" and my @IP is "10.10.128.118")

I started with /var/named/named.ca

; Use "dig @A.ROOT-SERVERS.NET . ns" to update this file if it's outdated.
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
; $Id: bind-named.root 80849 2007-09-06 11:56:48Z oden $
; $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/
bind-named.root $
;
. 3600000 IN NS machine.dz.
machine.dz. 3600000 A 10.10.128.118
;

/etc/named.conf

// (oe) Loosely based on the document below and from production server configurations.
// http://www.cymru.com/Documents/secur...-template.html
//
// $Id: named.conf 80849 2007-09-06 11:56:48Z oden $
// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/named.conf $

// secret must be the same as in /etc/rndc.conf
include "/etc/rndc.key";

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { mykey; };
};

// Access lists (ACL's) should be defined here
include "/etc/bogon_acl.conf";
include "/etc/trusted_networks_acl.conf";

// Define logging channels
include "/etc/logging.conf";

options {
version "";
directory "/var/named";
dump-file "/var/tmp/named_dump.db";
pid-file "/var/run/named.pid";
statistics-file "/var/tmp/named.stats";
zone-statistics yes;
// datasize 256M;
coresize 100M;
// fetch-glue no;
// recursion no;
// recursive-clients 10000;
auth-nxdomain yes;
query-source address * port *;
listen-on port 53 { any; };
cleaning-interval 120;
transfers-in 20;
transfers-per-ns 2;
lame-ttl 0;
max-ncache-ttl 10800;

// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };

// allow-update { none; };
// allow-transfer { any; };

// Prevent DoS attacks by generating bogus zone transfer
// requests. This will result in slower updates to the
// slave servers (e.g. they will await the poll interval
// before checking for updates).
notify no;
// notify explicit;
// also-notify { secondary_name_server };

// Generate more efficient zone transfers. This will place
// multiple DNS records in a DNS message, instead of one per
// DNS message.
transfer-format many-answers;

// Set the maximum zone transfer time to something more
// reasonable. In this case, we state that any zone transfer
// that takes longer than 60 minutes is unlikely to ever
// complete. WARNING: If you have very large zone files,
// adjust this to fit your requirements.
max-transfer-time-in 60;

// We have no dynamic interfaces, so BIND shouldn't need to
// poll for interface state {UP|DOWN}.
interface-interval 0;

// Uncoment these to enable IPv6 connections support
// IPv4 will still work
// listen-on { none; };
// listen-on-v6 { any; };

// allow-query { trusted_networks; };
allow-recursion { trusted_networks; };

// Deny anything from the bogon networks as
// detailed in the "bogon" ACL.
blackhole { bogon; };
};

// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "lv" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };

zone "." IN {
type hint;
file "named.ca";
};

zone "dz" IN {
type master;
file "dz";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "reverse/named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "reverse/named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "reverse/named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "reverse/named.zero";
allow-update { none; };
};

/var/named/named.local

$ORIGIN dz.
$TTL 86400 ; 1 day
@ IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)

IN NS machine.dz.

1 IN PTR localhost.

I created an other file "dz" (with no extension is it ok?????)

vi /var/named/dz

$ORIGIN dz.
$TTL 86400 ; 1 day
@ IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)

IN NS machine
IN NS machine.dz.

localhost IN A 127.0.0.1
machine IN A 10.10.128.118

www CNAME machine (for the web server with apache)

I added this file: /var/named/dz.rev

$ORIGIN dz.
$TTL 86400 ; 1 day
128.10.10.in-addr.arpa IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)

IN NS machine.dz.

$ORIGIN 128.10.10.in-addr.arpa.
118 PTR machine.dz.

and the last one /etc/resolv.conf

search dz
nameserver 127.0.0.1
nameserver 10.10.128.118

the problem is : when I restart named with "service named restart" the result is "ok"

but with "nslookup" "> q=any" the result is:

Got servfail reply from 127.0.0.1 try next server
connection timed out, no serrvers could be reached

I don't understand, what's wrong

I need ur help guys

thanx!

dkm999 · 05-01-2008, 01:27 PM

I don't see any immediate glaring error on looking over your setup. But I do see a problem with the command you gave to nslookup: there is no command "q=any". Perhaps you intended "set type=any", which should succeed. After that, you need to either give an IP address or a name to nslookup, and it will report back on what the DNS system replies.

Generally, when you see a SERVFAIL response, it means that your named process found some error; in that case, there should be more information in the logfiles. The location(s) will be defined per your config file in /etc/logging.conf. If something there does not make sense, please post the result, and maybe we can track the problem down further.

ssarrinah · 05-01-2008, 01:55 PM

thank you so much,I'm gonna try it and I'll tell you what I found later :-)

ssarrinah · 05-01-2008, 02:48 PM

sorry but I can't find the file "/etc/logging.conf" I checked the file "/var/log/messages" there are many informations since April 26, so here is what I did:
# service named restart
[ok]

# nslookup
> set type = any
> dz

Got servfail............(like what I said earlier)

# vi /var/log/messages

.
.
.
.
.
May 1 21:30:40 machine named[7462]: starting BIND 9.4.1-P1 -u named -t /var/lib/named
May 1 21:30:40 machine named[7462]: loading configuration from '/etc/named.conf'
May 1 21:30:40 machine named[7462]: listening on IPv4 interface lo, 127.0.0.1#53
May 1 21:30:40 machine named[7462]: automatic empty zone: 127.IN-ADDR.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 254.169.IN-ADDR.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 255.255.255.255.IN-AD
DR.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: D.F.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 8.E.F.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: 9.E.F.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: A.E.F.IP6.ARPA
May 1 21:30:40 machine named[7462]: automatic empty zone: B.E.F.IP6.ARPA
May 1 21:30:40 machine named[7462]: command channel listening on 127.0.0.1#953

does it mean something to you????
I don't know if it's the file you were talking about or not!!

thanx.

dkm999 · 05-02-2008, 12:30 AM

The messages in /var/log/messages are the normal ones that named posts when it starts up. If /etc/logging.conf does not exist, then you do not have any logging channels defined for named. This is probably an error. At a minimum, you ought to have something about like this

Code:

logging {
  channel "my_syslog" {
    syslog daemon;
    severity info;
    print-category yes;
    print-severity yes;
  };
  category default { my_syslog; };
};

I would recommend installing this text in /etc/logging.conf, and retrying the same experiment that you have reported on.

Then, I am pretty sure that the last line in your /etc/resolv.conf file is unnecessary, and may be confusing things. It tells the resolver part of the DNS system to attempt a name resolution on 10.10.128.118 (your IP address). But your named daemon is only listening on 127.0.0.1, so it will never hear such a request. This also could be producing the servfail message. So I recommend that you delete that line from /etc/resolv.conf, and then retry the same experiment. Under normal circumstances, you will not need more than one nameserver line in this file.

Let's see what happens then.

ssarrinah · 05-02-2008, 08:17 AM

I opened the file /etc/resolv.conf and guess what I found,nothing!!!
it seems like I have another problem here!

when I first started to create and edit my files,the first time i opened resolv.conf I found something written :

dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

but I deleted this and instead I've written: (remember??)

search dz
nameserver 127.0.0.1
nameserver 10.10.128.118

and now when I wanted to try what you told me i opened it and I found that again,it's like i never changed it, but i'm sure I did and I saved everything and when I used to open it before it was normal!

I really don't understand!!

whatever
I've written just:
search dz
nameserver 127.0.0.1

and with :
nslookup
set type=any
dz

I got this:

Server: 127.0.0.1
Address: 127.0.0.1#53

**server can't find dz: SERVFAIL

do you think there's a problem with "/etc/resolv.conf"????

dkm999 · 05-02-2008, 09:36 PM

The problem of the missing /etc/resolv.conf is undoubtedly traceable to some GUI that you (inadvertantly) used to try to solve some problem in this area. My systems do not have a manpage for resolvconf(8), but yours may. It will probably tell you where the actual information is stored that generates a new /etc/resolv.conf when you update stuff.

Were you able to install the stuff in /etc/logging.conf? If so, there will be some more information in the logfiles, I hope.

ssarrinah · 05-03-2008, 05:55 PM

hi,yes I created a file /etc/logging.conf because it didn't exist in /etc,but where can I find the "log files"?????
about /etc/resolv.conf,yes I have a man page for resolvconf(8) but there's not just one file,in fact there are many that communicate together to regenerate the old resolv.conf at system reboot. to be honnest I didn't understand the man page completely! so I'm still making some research!

I'm starting to.... :-( but I don't wanna give up!

I really appreciate ur help,thanx.

dkm999 · 05-03-2008, 07:05 PM

The logging stuff is very flexible, and correspondingly complicated. The code I posted will direct everything to the syslog facility. The way that is set up, in turn, is controlled by yet another file: /etc/syslog.conf. This usually results in the messages we are interested in being recorded in /var/log/messages; that is where I would look first. There are a number of web pages that you can find using Google that describe how syslog is configured, but if you can find the messages we want in /var/log/messages, you can defer that bit of research.

ssarrinah · 05-11-2008, 05:36 PM

hi I'm so sorry I had no "internet", I just found out that I needed "ethernet driver" (in my other pc,where I wanted to create the DNS),so I just solved that problem,now I think something's wrong with the "dz file",because when I restart "name service", in the log messages there's: "zone dz/In :loading from master file dz failed,file not found"
so....
bye!