[SOLVED] BIND9 conf and zone files

felipefv · 09-20-2010, 12:16 PM

Hello! I'm trying to configure one Linux Server at our family business, but I'm facing some problems with the DNS server (BIND9).

The thing is, I've created a new local zone here (called "local.lan"), and, aparently, it is working fine, and DHCP3-SERVER is updating DNS info through the controls.

But sometimes I get some strange answers from the server, like when I do the "arp" command in one of the clients, and get the server's hostname "mixed" with it's own reverse, like this: "dns.local.lan.2.168. | ether | 00:02:1e:f5:61:74 | C | eth0". Other thing is that sometimes my DNS don't update when a computer "enters" the lan. In the /var/log/syslog the DHCPOFFER appears, but the information about the DNS update isn't there.

So, I would like to show you my named.conf file and my local zone db file, and get some feedback from you (what would you change... what is wrong...).

Thanks!

# ------------------- #
* named.conf:
# ------------------- #

include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "local.lan" {
type master;
file "/etc/bind/db.local.lan";
notify no;
allow-update { key mykey; };
};
zone "2.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.rev.local.lan";
notify no;
allow-update { key mykey; };
};
key mykey {
algorithm hmac-md5;
secret "X";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; 192.168.1.10; }
keys {"mykey"; };
};

# *** END OF "named.conf" *** #

# ------------------- #
* db.local.lan:
# ------------------- #

$ORIGIN .
$TTL 3600 ; 1 hour
local.lan IN SOA dns.local.lan. admin.local.lan. (
2010092011 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS dns.local.lan.
A 192.168.2.1
$ORIGIN local.lan.
dns A 192.168.2.1
$TTL 300 ; 5 minutes
john A 192.168.2.15
TXT "313fc9a991d0581a7f353c5d1f234789b9"

# *** END OF "db.local.lan" *** #

# ------------------- #
* db.rev.local.lan:
# ------------------- #

$ORIGIN .
$TTL 3600 ; 1 hour
2.168.192.in-addr.arpa IN SOA local.lan. admin.local.lan. (
201009198 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
3600000 ; expire (5 weeks 6 days 16 hours)
3600 ; minimum (1 hour)
)
NS local.lan.
$ORIGIN 2.168.192.in-addr.arpa.
1 PTR dns.local.lan
$TTL 300 ; 5 minutes
15 PTR john.local.lan.

# *** END OF "db.rev.local.lan" *** #

bathory · 09-20-2010, 12:36 PM

You have a couple of errors in the reverse zone, if I can read it correctly as you don't use "CODE" tags:

You have a wrong NS record (NS local.lan.), because local.lan does not have an A RR

You miss the trailing dot for "1 PTR dns.local.lan

Code:

# ------------------- #
* db.rev.local.lan:
# ------------------- #

$ORIGIN .
$TTL 3600 ; 1 hour
2.168.192.in-addr.arpa IN SOA local.lan. admin.local.lan. (
201009198 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
3600000 ; expire (5 weeks 6 days 16 hours)
3600 ; minimum (1 hour)
)
   NS dns.local.lan.
$ORIGIN 2.168.192.in-addr.arpa.
1 PTR dns.local.lan.
$TTL 300 ; 5 minutes
15 PTR john.local.lan.

# *** END OF "db.rev.local.lan" *** #

Increase serial and reload bind to see if it works as expected.

Cheers

felipefv · 09-20-2010, 01:07 PM

bathory, thanks for the reply!

The db files that are on the first topic are not the files that I created. They have been modified [I think] by BIND9 (or dhcp3-server) after the first update of the DNS. The files (original) are these:

-

db.local.lan

Code:

@       IN      SOA     dns.local.lan.       admin.local.lan.     (
        2010092010 ; serial
        3600       ; refresh (1 hour)
        900        ; retry (15 minutes)
        604800     ; expire (1 week)
        3600       ; minimum (1 hour)
        )

@       IN      NS      dns.local.lan.
                A       192.168.2.1
dns     IN      A       192.168.2.1

-

db.rev.local.lan

Code:

@       IN      SOA     local.lan.   admin.local.lan.     (
        201009197  ; serial
        3600       ; refresh (1 hour)
        900        ; retry (15 minutes)
        3600000    ; expire (5 weeks 6 days 16 hours)
        3600       ; minimum (1 hour)
        )

        IN      NS      local.lan.

1       PTR             dns.local.lan

-

So, the only thing I have to do is add the suffix "dns" where you did?

bathory · 09-20-2010, 01:36 PM

Quote:

So, the only thing I have to do is add the suffix "dns" where you did?

And the trailing dot in PTR record (I guess the red dot is not very visible in the previous post)

Code:

1       PTR             dns.local.lan.

If you want you can take a look at this tutorial written for debian.

Regards

felipefv · 09-20-2010, 02:18 PM

bathory,

Thanks! I'll do that later (today) and tell you about the result here.

felipefv · 09-21-2010, 08:04 AM

bathory,

Why, in the dhcpd.conf, he repeats the zone "dyn.example.com" two times (one with the 127.0.0.1 and another with 172.30.200.254)?

Code:

zone dyn.example.org. {
primary 127.0.0.1;
key "rndc-key";
}

(...)

zone dyn.example.org. {
primary 172.30.200.254;
key "rndc-key";
}

bathory · 09-21-2010, 03:23 PM

Hi,

I cannot tell why. I guess you can omit the 1st one.

Regards

felipefv · 10-07-2010, 11:43 AM

bathory,

Thanks for the help!
I'm sorry about the delay on giving the feedback.

I would like to show you my confs and zone files. It is working beautifully.
You can change the domain name or IP range, and adapt it to your needs.

(It is in portuguese. "rede.interna" stands for "internal.network").

dhcpd.conf

Code:

ddns-update-style interim;
include "/etc/bind/rndc.key";

option domain-name "rede.interna";
option domain-name-servers 192.168.2.1, 200.175.5.139, 200.175.89.139, 8.8.8.8, 8.8.4.4;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
option netbios-name-servers 192.168.2.1;

default-lease-time 86400;
max-lease-time 86400;

authoritative;

subnet 192.168.2.0 netmask 255.255.2.0 {
	range 192.168.2.10 192.168.2.20;
	next-server 192.168.2.1;
}

zone rede.interna. {
	primary 192.168.2.1;
	key "rndc-key";
}

zone 2.168.192.in-addr.arpa. {
	primary 192.168.2.1;
	key "rndc-key";
}

named.conf

Code:

I didn't change this file.
Just take a look to verify if the "includes" are not commented.

named.conf.local

Code:

# Opções (Options)

include "/etc/bind/rndc.key";
controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; }
        keys { "rndc-key"; };
};

#----------------------------------------
#
# Zona local: rede.interna
#

zone "rede.interna" {
	type master;
	file "db.rede.interna";
        notify no;
        allow-update { key "rndc-key"; };
};

zone "2.168.192.in-addr.arpa" {
	type master;
	file "db.rev.rede.interna";
        notify no;
        allow-update { key "rndc-key"; };
};
#----------------------------------------

named.conf.options

Code:

options {
	directory "/var/cache/bind";
	version "REFUSED";

forwarders {
	192.168.2.1;
	200.175.5.139;
	8.8.8.8;
	200.175.89.139;
	8.8.4.4;
};

	auth-nxdomain no;    # conform to RFC1035
	listen-on { 192.168.2.1; };
	# listen-on-v6 { any; };
};

db.rede.interna

Code:

$ORIGIN .
$TTL 86400
rede.interna	IN	SOA	dns.rede.interna.	admin.rede.interna.	(
	201009201
	28800
	7200
	2419200
	86400
	)

		NS	dns.rede.interna.
		A	192.168.2.1

$ORIGIN rede.interna.
server		A	192.168.2.1
dns		A	192.168.2.1
www		A	192.168.2.1
wireless	A	192.168.2.2

* wireless is my wireless router's fixed IP address.

db.rev.rede.interna

Code:

$ORIGIN .
$TTL 86400
2.168.192.in-addr.arpa	IN	SOA	rede.interna.	admin.rede.interna.	(
	201009201
	28800
	7200
	2419200
	86400
	)

		NS	dns.rede.interna.

$ORIGIN 2.168.192.in-addr.arpa.
1	IN	PTR	server.rede.interna.
2	IN	PTR	wireless.rede.interna.

If you are reading this and want any help on how to do it step by step, I can help.

I would like to thank you all!