|
BIND9 named conf error mesage
I have been trying to get BIND9 working on my Debian 4 installation and
have found the process frustrating. Right now, BIND refuses to load because it claims to find a syntax error in the named.conf file. The error message I get from /var/log daemon.log is "missing ';' before include statement. I have looked and look and cannot see where the error is. Maybe I need a new set of eyes. I have included the named.conf file below. Could someone please look at the file - perhaps I'm missing something. Also I would like to say that whoever designed the BIND9 inplementation in Debian made a mess of it. I use O'reilly's 5th edition of "DNS and BIND" and this implentation ignores or makes a complicated mess out what should be a fairly straight forward configuration and activation process. Anyway, below is the named.conf from my installation. Any help would be appreciated. ELPDave // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local // include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; // // prime the server with knowledge of the root servers // zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/localhost.zone"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/0.0.127.IN-ADDR.ARPA"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; // zone "com" { type delegation-only; }; // zone "net" { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the "root-delegations-only" feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including "MUSEUM" and "DE", and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { "DE"; "MUSEUM"; }; |
I don't see any problem down to the includes. In fact I copied what you wrote into a test named.conf on my DNS server and ran a check. It didn't complain until it got to the include but only because the file you include doesn't exist here.
That makes me wonder if your real issue isn't another include statement inside of one of the files you're including. Have you checked to see what is in?: /etc/bind/named.conf.options and /etc/bind/named.conf.local By the way - you don't have to start named to check the file. Look for the named-checkconf command. On my RedHat it is in /usr/sbin: /usr/sbin/named-checkconf In the directory where your named.conf is just type: /usr/sbin/named-checkconf named.conf |
BIND9 named conf error mesage
Thanks for your reply to my syntax problem. As you stated,
the problem was in the named.conf.options file. I was able to successfully start bind. It reads the zone files, but will not resolve any addresses. I suspect the problem is in the resolver. But here is where I run into problems trying to trouble shoot. My experience with BIND is in Red Hat and Fedora - which has a fairly straight forward structure. It's easy to configure BIND - you edit the files, start it and you're in business. But in Debian, files are scattered all over. Why do I need three conf files ? Why can't I just directly edit the resolv.conf file and be done with it ? Instead I find, for example, the resolv.conf file is three parts - /etc/resolvconf/resolv.conf/base head & tail Additionally, I get involved in trying to enter the 'dnsdomainname' because that fails to resolve. How do I enter the FQDN name ? So, do you have a procedure to troubleshoot the resolver ? Another question, in Fedora you can run the setup utility and tell the boot process what applications to start. In Debian, is this in /etc/default ? Is there a GUI app to manage that ? Thanks ELPDave |
Ok, the include is solved, so I'll help you with the other problems you're having.
The Debian way is just that, the Debian way. I agree that in principle, it should sync up with what the O'reilly says, but there are many possible reasons why it doesn't. The Debian BIND setup is probably unchanged in several years. Just because they tell you not to add zones directly to named.conf doesn't mean that you cannot, just that the package maintainer feels that you should not. It makes much sense across the board to tell people not to mess up their named.conf, and simply add zones to the included local file. Again, if you don't like that, cool, then add them directly to named.conf, and test it out with the aforementioned named-checkconf, which along with its sister named-checkzone, can find 99% of your problems. Secondly, if you're really unhappy with the Debian package, there is a simple fix. Move their named.conf somewhere just to be safe, and use one of the thousands of named.conf files that exist on the internet. An even better but more technical response would be to build your own BIND. To begin with, BIND 9.4.0 is now the official release from ISC, the makers of the BIND software. It has several great new features, like blocking access to the cache, and always improved functionality. Because of the way Debian works, it will probably be 6 months if not longer before BIND 9.4 makes it into stable. So download the tarball, ./configure, make, make install, and have at it. The Debian people tried to make a generic configuration that will work for most of the users most of the time, but not all of the people all of the time. If you don't like their setup, you're not dealing with Redmond WA people anymore, you can change everything as you see fit. It seems like you're a little confused as to what named.conf does. All that does is list the nameservers that your box should use. You can add a default domain to search incomplete domain names in, but there isn't much else it does. A simple /etc/resolv.conf on a nameserver could be as simple as Code:
search yourdomain.comAlso, I don't know where the "3 resolv.confs" are coming from. I have many servers running Etch stable, and they all have only /etc/resolv.conf, and my laptop and desktop (both Sid) have only /etc/resolv.conf. I'm guessing you added some package that did that for some reason, but that is just a suspicion, not something I can back up with hard fact. The FQDN for the nameserver would be set in the zonefile for the domain. Useing my earlier example of beavis.yourdomain.com, the way to do that would be to define beavis.yourdomain.com IN A 1.2.3.4 in the yourdomain.com file, and it isn't anything more than that. Troubleshooting the resolver would be as simple as doing digs pointed at the localhost from the nameserver. Something like: Code:
dig google.com @127.0.0.1Code:
ps aux| grep namedDebian's /etc/default is more a question of what users/processes should be linked, like BIND starting as root, but running as named instead of root. The list of possible startups is in /etc/init.d, and it is different for each runlevel, which can be found in /etc/rcX.d/, where X = 1,2,3,4,5. The command update-rc.d can be used to alter where things startup in the boot process. If you installed BIND from the apt-get or aptitude tools, it will have all that installed, and running without human intervention. I hope and pray that all servers are GUI free, but we have too many people who think looking at pictures somehow helps them to manage servers. I would hope there isn't a graphical way to manipulate the startup scripts, but there probably is. Peace, JimBass |
| All times are GMT -5. The time now is 12:06 AM. |