Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm migrating to a new server, so I need the new server to take over the responsibilities the old one had. For now I have to run BIND with master/slave all by itself (while later the old server is slated to become the slave), but I've been hitting quite a few roadblocks along the way. First and foremost, I cannot resolve anything using my nameserver. I have it set up to run on two ip's (not internal ones - all ip's are external), and while named seems to run fine and produces no apparent errors related to this issue, it won't resolve google.com for example.
My second problem is that while the first zonefile I added seemed to work nicely, others I've added have seemingly broke everything. Now none of the domains is resolving at all.
I've run iptables -F in desperation, but that didn't do anything.
I'm a little paranoid, so I prefer masking my ip's and domains. Hopefully that won't be problematic! ip1.ip1.ip1.ip1 is the ip of ns1, ip2.ip2.ip2.ip2 is the ip of ns2, ip3.ip3.ip3.ip3 is the main ip of my server, ip4.ip4.ip4.ip4 is my mailserver ip. They are all attached to the new server. mymaindomain.net is the domain which the nameservers "belong" to.
# named-checkconf -p
options {
directory "/var/cache/bind";
listen-on port 53 {
ip1.ip1.ip1.ip1/32;
ip2.ip2.ip2.ip2/32;
};
listen-on-v6 {
"none";
};
version "none";
allow-recursion {
"any";
};
auth-nxdomain no;
allow-query {
"any";
};
};
view "internal" {
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
};
view "external" {
match-clients {
"any";
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "mymaindomain.net" {
type master;
file "/etc/bind/domains/mymaindomain.net";
};
zone "someotherdomain.net" {
type master;
file "/etc/bind/domains/someotherdomain.net";
};
zone "lastdomain.org" {
type master;
file "/etc/bind/domains/lastdomain.org";
};
};
server 0.0.0.0/0 {
edns no;
};
; ^- allow-recursion, allow-query, server have been added for debugging purposes
Code:
# cat /etc/bind/db.root
; <<>> DiG 9.7.3 <<>> @192.33.4.12 . ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25104
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS b.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS i.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3600000 IN A 198.41.0.4
a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3600000 IN A 192.228.79.201
c.root-servers.net. 3600000 IN A 192.33.4.12
d.root-servers.net. 3600000 IN A 128.8.10.90
d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
e.root-servers.net. 3600000 IN A 192.203.230.10
f.root-servers.net. 3600000 IN A 192.5.5.241
f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
g.root-servers.net. 3600000 IN A 192.112.36.4
h.root-servers.net. 3600000 IN A 128.63.2.53
h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3600000 IN A 192.36.148.17
i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
;; Query time: 15 msec
;; SERVER: 192.33.4.12#53(192.33.4.12)
;; WHEN: Mon Nov 12 16:48:34 2012
;; MSG SIZE rcvd: 512
# cat /etc/bind/domains/mymaindomain.net
$TTL 86400
@ IN SOA ns1.mymaindomain.net. admin.mymaindomain.net. (
2012111202 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
2D ; Minimum
)
; Include NS and MX record
$INCLUDE /etc/bind/domains/share/NSMX-records
@ IN A ip3.ip3.ip3.ip3
; Server main hostnames
newserver IN A ip3.ip3.ip3.ip3
ns1 IN A ip1.ip1.ip1.ip1
ns2 IN A ip2.ip2.ip2.ip2
; Canonicals
www IN CNAME newserver
bind9test IN CNAME newserver
Code:
# cat /etc/bind/domains/someotherdomain.net
$TTL 86400
@ IN SOA ns1.mymaindomain.net. admin.mymaindomain.net. (
2012111202 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
2D ; Minimum
)
; Include NS and MX record
$INCLUDE /etc/bind/domains/share/NSMX-records
@ IN A ip3.ip3.ip3.ip3
; Canonicals
www IN CNAME @
resources IN CNAME @
beta IN CNAME @
forumbeta IN CNAME @
xs IN CNAME @
Code:
# cat /etc/bind/domains/share/NSMX-records
@ IN NS ns1.mymaindomain.net.
IN NS ns2.mymaindomain.net.
IN MX 10 mail
mail IN A ip4.ip4.ip4.ip4
And finally:
Code:
# named-checkzone someotherdomain.net /etc/bind/domains/someotherdomain.net
zone someotherdomain.net/IN: loaded serial 2012111201
OK
As you can see, I'm experimenting a bit with these zonefiles. Another question while I'm on the subject, is IN CNAME @ allowed at all?
Any help appreciated! I've fallen and I can't get up!
First and foremost, I cannot resolve anything using my nameserver. I have it set up to run on two ip's (not internal ones - all ip's are external), and while named seems to run fine and produces no apparent errors related to this issue, it won't resolve google.com for example.
What you get when you run:
Code:
dig google.com @ ip1.ip1.ip1.ip1
Quote:
My second problem is that while the first zonefile I added seemed to work nicely, others I've added have seemingly broke everything. Now none of the domains is resolving at all.
Again try to dig those domain(s) and post the results
# dig google.com @ ip1.ip1.ip1.ip1
dig: couldn't get address for '': not found
# dig mymaindomain.net @ ip1.ip1.ip1.ip1
dig: couldn't get address for '': not found
# dig google.com @ ip1.ip1.ip1.ip1
dig: couldn't get address for '': not found
# dig mymaindomain.net @ ip1.ip1.ip1.ip1
dig: couldn't get address for '': not found
Oups sorry. The dns ip must come right after the '@". Don't know how the blank space came out. This is the correct syntax:
Not that I use dig that often, but I should have been able to see that mistake myself, especially after getting an obvious error like that
Here's the correct output:
Code:
# dig google.com @ip1.ip1.ip1.ip1
; <<>> DiG 9.7.3 <<>> google.com @ip1.ip1.ip1.ip1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48300
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 173.194.32.7
google.com. 300 IN A 173.194.32.8
google.com. 300 IN A 173.194.32.9
google.com. 300 IN A 173.194.32.14
google.com. 300 IN A 173.194.32.0
google.com. 300 IN A 173.194.32.1
google.com. 300 IN A 173.194.32.2
google.com. 300 IN A 173.194.32.3
google.com. 300 IN A 173.194.32.4
google.com. 300 IN A 173.194.32.5
google.com. 300 IN A 173.194.32.6
;; AUTHORITY SECTION:
google.com. 93189 IN NS ns2.google.com.
google.com. 93189 IN NS ns4.google.com.
google.com. 93189 IN NS ns3.google.com.
google.com. 93189 IN NS ns1.google.com.
;; Query time: 37 msec
;; SERVER: ip1.ip1.ip1.ip1#53(ip1.ip1.ip1.ip1)
;; WHEN: Wed Nov 14 21:45:27 2012
;; MSG SIZE rcvd: 276
Code:
# dig mymaindomain.net @ip1.ip1.ip1.ip1
; <<>> DiG 9.7.3 <<>> mymaindomain.net @ip1.ip1.ip1.ip1
;; global options: +cmd
;; connection timed out; no servers could be reached
Doesn't make sense.
You can connect to your dns to resolve google. but you can't connect when you're trying to resolve your domain!!!
Are you sure your network is ok and there is no firewall blocking udp/tcp port 53? You could also try the 2nd ip of your dns, to see what you get.
# dig google.com @ip2.ip2.ip2.ip2
; <<>> DiG 9.7.3 <<>> google.com @ip2.ip2.ip2.ip2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49656
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 59 IN A 173.194.32.6
google.com. 59 IN A 173.194.32.7
google.com. 59 IN A 173.194.32.8
google.com. 59 IN A 173.194.32.9
google.com. 59 IN A 173.194.32.14
google.com. 59 IN A 173.194.32.0
google.com. 59 IN A 173.194.32.1
google.com. 59 IN A 173.194.32.2
google.com. 59 IN A 173.194.32.3
google.com. 59 IN A 173.194.32.4
google.com. 59 IN A 173.194.32.5
;; AUTHORITY SECTION:
google.com. 172559 IN NS ns1.google.com.
google.com. 172559 IN NS ns4.google.com.
google.com. 172559 IN NS ns3.google.com.
google.com. 172559 IN NS ns2.google.com.
;; Query time: 0 msec
;; SERVER: ip2.ip2.ip2.ip2#53(ip2.ip2.ip2.ip2)
;; WHEN: Thu Nov 15 00:34:34 2012
;; MSG SIZE rcvd: 276
Code:
# dig mymaindomain.net @ip2.ip2.ip2.ip2
; <<>> DiG 9.7.3 <<>> mymaindomain.net @ip2.ip2.ip2.ip2
;; global options: +cmd
;; connection timed out; no servers could be reached
Code:
# nslookup google.com
;; connection timed out; no servers could be reached
While restarting named:
Code:
# tail -f /var/log/syslog
Nov 15 00:40:17 server named[21250]: received control channel command 'stop -p'
Nov 15 00:40:17 server named[21250]: shutting down: flushing changes
Nov 15 00:40:17 server named[21250]: stopping command channel on 127.0.0.1#953
Nov 15 00:40:17 server named[21250]: stopping command channel on ::1#953
Nov 15 00:40:17 server named[21250]: no longer listening on ip1.ip1.ip1.ip1#53
Nov 15 00:40:17 server named[21250]: no longer listening on ip2.ip2.ip2.ip2#53
Nov 15 00:40:17 server named[21250]: exiting
Nov 15 00:40:18 server named[22068]: starting BIND 9.7.3 -u bind
Nov 15 00:40:18 server named[22068]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Nov 15 00:40:18 server named[22068]: adjusted limit on open files from 1024 to 1048576
Nov 15 00:40:18 server named[22068]: found 2 CPUs, using 2 worker threads
Nov 15 00:40:18 server named[22068]: using up to 4096 sockets
Nov 15 00:40:18 server named[22068]: loading configuration from '/etc/bind/named.conf'
Nov 15 00:40:18 server named[22068]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Nov 15 00:40:18 server named[22068]: using default UDP/IPv4 port range: [1024, 65535]
Nov 15 00:40:18 server named[22068]: using default UDP/IPv6 port range: [1024, 65535]
Nov 15 00:40:18 server named[22068]: listening on IPv4 interface eth0:2, ip1.ip1.ip1.ip1#53
Nov 15 00:40:18 server named[22068]: listening on IPv4 interface eth0:3, ip2.ip2.ip2.ip2#53
Nov 15 00:40:18 server named[22068]: generating session key for dynamic DNS
Nov 15 00:40:18 server named[22068]: set up managed keys zone for view internal, file '3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 254.169.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 2.0.192.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 100.51.198.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 113.0.203.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 255.255.255.255.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: D.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 8.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 9.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: A.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: B.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view internal: 8.B.D.0.1.0.0.2.IP6.ARPA
Nov 15 00:40:18 server named[22068]: set up managed keys zone for view external, file '3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 0.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 127.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 254.169.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 2.0.192.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 100.51.198.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 113.0.203.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 255.255.255.255.IN-ADDR.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: D.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 8.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 9.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: A.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: B.E.F.IP6.ARPA
Nov 15 00:40:18 server named[22068]: automatic empty zone: view external: 8.B.D.0.1.0.0.2.IP6.ARPA
Nov 15 00:40:18 server named[22068]: command channel listening on 127.0.0.1#953
Nov 15 00:40:18 server named[22068]: command channel listening on ::1#953
Nov 15 00:40:18 server named[22068]: zone 0.in-addr.arpa/IN/internal: loaded serial 1
Nov 15 00:40:18 server named[22068]: zone 127.in-addr.arpa/IN/internal: loaded serial 1
Nov 15 00:40:18 server named[22068]: zone 255.in-addr.arpa/IN/internal: loaded serial 1
Nov 15 00:40:18 server named[22068]: zone localhost/IN/internal: loaded serial 2
Nov 15 00:40:18 server named[22068]: managed-keys-zone ./IN/internal: loading from master file 3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys failed: file not found
Nov 15 00:40:18 server named[22068]: managed-keys-zone ./IN/internal: loaded serial 0
Nov 15 00:40:18 server named[22068]: zone someotherdomain.net/IN/external: loaded serial 2012111201
Nov 15 00:40:18 server named[22068]: zone mymaindomain.net/IN/external: loaded serial 2012111501
Nov 15 00:40:18 server named[22068]: zone lastdomain.org/IN/external: loaded serial 2012111201
Nov 15 00:40:18 server named[22068]: managed-keys-zone ./IN/external: loading from master file 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys failed: file not found
Nov 15 00:40:18 server named[22068]: managed-keys-zone ./IN/external: loaded serial 0
Nov 15 00:40:18 server named[22068]: zone mymaindomain.net/IN/external: sending notifies (serial 2012111501)
Nov 15 00:40:18 server named[22068]: zone someotherdomain.net/IN/external: sending notifies (serial 2012111201)
Nov 15 00:40:18 server named[22068]: zone lastdomain.org/IN/external: sending notifies (serial 2012111201)
Nov 15 00:40:18 server named[22068]: running
Nov 15 00:40:18 server named[22068]: client ip2.ip2.ip2.ip2#9094: view internal: received notify for zone 'mymaindomain.net': not authoritative
Nov 15 00:40:18 server named[22068]: client ip2.ip2.ip2.ip2#59646: view internal: received notify for zone 'someotherdomain.net': not authoritative
Nov 15 00:40:18 server named[22068]: client ip2.ip2.ip2.ip2#59646: view internal: received notify for zone 'lastdomain.org': not authoritative
Why would it say not authoritative? Also, those master files does indeed not exist and I cannot find where they are called from. Could these messages prove useful? For some reason bind has not outputted anything to syslog until just now
nslookup google.com
;; connection timed out; no servers could be reached
What's in /etc/resolv.conf?
Quote:
Nov 15 00:40:18 server named[22068]: client ip2.ip2.ip2.ip2#9094: view internal: received notify for zone 'mymaindomain.net': not authoritative
...
It says not authoritative, because you don't have anything about your zones in the internal view. Also thee is no ACL for the hosts that belong to this view (usually they are on the same network as the server). Maybe you need to add something like:
Nov 15 19:12:57 server named[28945]: client ip2.ip2.ip2.ip2#25627: view internal: received notify for zone 'mymaindomain.net': not authoritative
Nov 15 19:12:58 server named[28945]: client ip2.ip2.ip2.ip2#33224: view internal: received notify for zone 'someotherdomain.net': not authoritative
Nov 15 19:12:58 server named[28945]: client ip2.ip2.ip2.ip2#33224: view internal: received notify for zone 'lastdomain.org': not authoritative
# nslookup mymaindomain.net
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached
And now I get new messages in my syslog:
Code:
Nov 15 19:23:41 server named[29157]: lame server resolving 'mymaindomain.net' (in 'mymaindomain.net'?): ip1.ip1.ip1.ip1#53
Nov 15 19:23:41 server named[29157]: lame server resolving 'mymaindomain.net' (in 'mymaindomain.net'?): ip2.ip2.ip2.ip2#53
Nov 15 19:23:42 server named[29157]: lame server resolving 'ns1.mymaindomain.net' (in 'mymaindomain.net'?): ip1.ip1.ip1.ip1#53
Nov 15 19:23:42 server named[29157]: lame server resolving 'ns1.mymaindomain.net' (in 'mymaindomain.net'?): ip2.ip2.ip2.ip2#53
Nov 15 19:23:42 server named[29157]: lame server resolving 'ns2.mymaindomain.net' (in 'mymaindomain.net'?): ip2.ip2.ip2.ip2#53
Nov 15 19:23:42 server named[29157]: lame server resolving 'ns2.mymaindomain.net' (in 'mymaindomain.net'?): ip1.ip1.ip1.ip1#53
Maybe there's something very wrong with my config files?
Code:
# cat /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.internal-zones";
include "/etc/bind/named.conf.external-zones";
Code:
# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
// listen-on port 53 { ip1.ip1.ip1.ip1; ip2.ip2.ip2.ip2; };
listen-on port 53 { any; };
allow-query { any; };
allow-recursion { any; };
version "none";
};
You can ditch the internal view and the related zones as they are superfluous with your current config.
Quote:
Right now I can resolve google.com, as 127.0.0.1 is automatically the server queried:
How is it possible to use 127.0.0.1 as the default resolver, when you're supposed to have ns1 and ns2 in /etc/resolv.conf? And still the question remains: why it can't resolve its own domains?
Quote:
Nov 15 19:23:41 server named[29157]: lame server resolving 'mymaindomain.net' (in 'mymaindomain.net'?): ip1.ip1.ip1.ip1#53
...
The client (server) asked ns1 for mymaindomain.net thinking it's authoritative for that domain, but ns1 answered not authoritatively.
You can run
You can ditch the internal view and the related zones as they are superfluous with your current config.
Okay, I commented the include out of named.conf. As you could probably guess, I'm not that familiar with BIND configuration. The views setup was something I picked up from a website a few weeks ago.
But! As I commented that line out and restarted the server, it's now resolving as expected!
However, I'm a sucker for details. It seems that if I have listen-on port 53 { any; }; every time I run an nslookup something overrides /etc/resolv.conf and queries 127.0.0.1. If I uncomment listen-on port 53 { ip1.ip1.ip1.ip1; ip2.ip2.ip2.ip2; }; I cannot resolve anything locally, though I can still resolve hostnames belonging to either mymaindomain.net, someotherdomain.net and lastdomain.org externally. From my laptop:
# named-checkconf -z
zone mymaindomain.net/IN: loaded serial 2012111501
zone someotherdomain.net/IN: loaded serial 2012111201
zone lastdomain.org/IN: loaded serial 2012111201
It doesn't seem like I'm getting any not-authoritative messages anymore. It might have been the internal view causing trouble there, as well.
But! As I commented that line out and restarted the server, it's now resolving as expected!
Cool. It's the internal view that was useless in your case, that was the culprit.
Quote:
It doesn't seem like I'm getting any not-authoritative messages anymore. It might have been the internal view causing trouble there, as well.
Same here. You were getting no authoritative (lame) messages any more, because they were for the internal view.
Quote:
. It seems that if I have listen-on port 53 { any; }; every time I run an nslookup something overrides /etc/resolv.conf and queries 127.0.0.1. If I uncomment listen-on port 53 { ip1.ip1.ip1.ip1; ip2.ip2.ip2.ip2; }; I cannot resolve anything locally, though I can still resolve hostnames belonging to either mymaindomain.net, someotherdomain.net and lastdomain.org externally.
Note that /etc/resolv.conf is overwritten when the box get its IP by dhcp, that I don't it's the case here.
Also when using the default "any", named listens also on the local loopback interface.
My server doesn't use DHCP, though. Do you have any ideas why it will only resolve on 127.0.0.1 - and NOT the specified ips in /etc/resolv.conf? For some reason it seems to ignore it altogether. I'm completely in the dark on that one.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.