hi everybody, it's the first time I'm working with linux (mandriva 2008) I need to make my own DNS, so I edited and created some files, here they are:
(my domain is "dz" localhost is "machine" and my @IP is "10.10.128.118")
I started with
/var/named/named.ca
; Use "dig @A.ROOT-SERVERS.NET . ns" to update this file if it's outdated.
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
; $Id: bind-named.root 80849 2007-09-06 11:56:48Z oden $
; $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/
bind-named.root $
;
. 3600000 IN NS machine.dz.
machine.dz. 3600000 A 10.10.128.118
;
/etc/named.conf
// (oe) Loosely based on the document below and from production server configurations.
//
http://www.cymru.com/Documents/secur...-template.html
//
// $Id: named.conf 80849 2007-09-06 11:56:48Z oden $
// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/named.conf $
// secret must be the same as in /etc/rndc.conf
include "/etc/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { mykey; };
};
// Access lists (ACL's) should be defined here
include "/etc/bogon_acl.conf";
include "/etc/trusted_networks_acl.conf";
// Define logging channels
include "/etc/logging.conf";
options {
version "";
directory "/var/named";
dump-file "/var/tmp/named_dump.db";
pid-file "/var/run/named.pid";
statistics-file "/var/tmp/named.stats";
zone-statistics yes;
// datasize 256M;
coresize 100M;
// fetch-glue no;
// recursion no;
// recursive-clients 10000;
auth-nxdomain yes;
query-source address * port *;
listen-on port 53 { any; };
cleaning-interval 120;
transfers-in 20;
transfers-per-ns 2;
lame-ttl 0;
max-ncache-ttl 10800;
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
// allow-update { none; };
// allow-transfer { any; };
// Prevent DoS attacks by generating bogus zone transfer
// requests. This will result in slower updates to the
// slave servers (e.g. they will await the poll interval
// before checking for updates).
notify no;
// notify explicit;
// also-notify { secondary_name_server };
// Generate more efficient zone transfers. This will place
// multiple DNS records in a DNS message, instead of one per
// DNS message.
transfer-format many-answers;
// Set the maximum zone transfer time to something more
// reasonable. In this case, we state that any zone transfer
// that takes longer than 60 minutes is unlikely to ever
// complete. WARNING: If you have very large zone files,
// adjust this to fit your requirements.
max-transfer-time-in 60;
// We have no dynamic interfaces, so BIND shouldn't need to
// poll for interface state {UP|DOWN}.
interface-interval 0;
// Uncoment these to enable IPv6 connections support
// IPv4 will still work
// listen-on { none; };
// listen-on-v6 { any; };
// allow-query { trusted_networks; };
allow-recursion { trusted_networks; };
// Deny anything from the bogon networks as
// detailed in the "bogon" ACL.
blackhole { bogon; };
};
// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "lv" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };
zone "." IN {
type hint;
file "named.ca";
};
zone "dz" IN {
type master;
file "dz";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "reverse/named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "reverse/named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "reverse/named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "reverse/named.zero";
allow-update { none; };
};
/var/named/named.local
$ORIGIN dz.
$TTL 86400 ; 1 day
@ IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)
IN NS machine.dz.
1 IN PTR localhost.
I created an other file "dz"
(with no extension is it ok?????)
vi /var/named/dz
$ORIGIN dz.
$TTL 86400 ; 1 day
@ IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)
IN NS machine
IN NS machine.dz.
localhost IN A 127.0.0.1
machine IN A 10.10.128.118
www CNAME machine
(for the web server with apache)
I added this file: /var/named/dz.rev
$ORIGIN dz.
$TTL 86400 ; 1 day
128.10.10.in-addr.arpa IN SOA machine.dz. root.machine.dz. (
1997022700 ; Serial
28800 ; Refresh (8 hours)
14400 ; Retry (4 hours)
3600000 ; Expire (5 weeks 6 days 16 hours)
86400 ) ; Minimum (1 day)
IN NS machine.dz.
$ORIGIN 128.10.10.in-addr.arpa.
118 PTR machine.dz.
and the last one /etc/resolv.conf
search dz
nameserver 127.0.0.1
nameserver 10.10.128.118
the problem is : when I restart named with "service named restart" the result is "ok"
but with "nslookup" "> q=any" the result is:
Got servfail reply from 127.0.0.1 try next server
connection timed out, no serrvers could be reached
I don't understand, what's wrong
I need ur help guys
thanx!