LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Debian 7 bind9 problem (https://www.linuxquestions.org/questions/linux-server-73/debian-7-bind9-problem-4175496800/)

vitronix 03-02-2014 08:50 PM
Debian 7 bind9 problem
 
Hi,

I have setup a BIND server for Ubuntu 12.04, it was functioning.
So I tried to repeat it on Debian 7 Wheezy.

Let me show you my configuration files:

resolv.conf:

Code:
search virtual.lan
domain virtual.lan
nameserver 192.168.10.1
nameserver 192.168.10.35
named.conf.local:

Code:
zone "vitronix.lan" {
        type master;
        file "/etc/bind/db.vitronix.lan";
};

zone "10.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.10.168.192";
};
named.conf.options:
Code:
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                192.168.10.1;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
db.virtual.lan:
Code:
;
; ZONE file for virtual.lan
;
$TTL    604800
@      IN      SOA    ns.virtual.lan. root.virtual.lan. (
                    2014040102        ; Serial
                        604800        ; Refresh
                          86400        ; Retry
                        2419200        ; Expire
                        604800 )      ; Negative Cache TTL
;
@      IN      NS      ns.virtual.lan.
ns      IN      A      192.168.10.35
www    IN      A      192.168.10.35
db.10.168.192:

Code:
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@      IN      SOA    ns.virtual.lan. root.virtual.lan. (
                    2013041502        ; Serial
                        604800        ; Refresh
                          86400        ; Retry 
                        2419200        ; Expire
                        604800 )      ; Negative Cache TTL
;
@      IN      NS      ns.
35      IN      PTR    ns.
35      IN      PTR    www.
now when I run host -l virtual.lan I get:
Code:
virtual.lan name server ns.
ns.virtual.lan has address 192.168.10.35
www.virtual.lan has address 192.168.10.35
but when I run host -l www.virtual.lan I get:
Code:
; Transfer failed.
Host www.virtual.lan.virtual.lan not found: 9(NOTAUTH)
; Transfer failed.
What should resolv in www.virtual.lan resolvs in www.virtual.lan.virtual.lan

Output of syslog:
Code:
ar  3 03:39:55 debian named[3704]: client 192.168.10.35#39135: transfer of 'virtual.lan/IN': AXFR started
Mar  3 03:39:55 debian named[3704]: client 192.168.10.35#39135: transfer of 'virtual.lan/IN': AXFR ended
Mar  3 03:41:48 debian named[3704]: client 192.168.10.35#50712: bad zone transfer request: 'www.virtual.lan/IN': non-authoritative zone (NOTAUTH)
Mar  3 03:41:49 debian named[3704]: client 192.168.10.35#59730: bad zone transfer request: 'www.virtual.lan.virtual.lan/IN': non-authoritative zone (NOTAUTH)
Please help.

Thanks in advance,

Jan Visser

bathory 03-04-2014 06:02 AM
Quote:
but when I run host -l www.virtual.lan I get:
Code:

; Transfer failed.
Host www.virtual.lan.virtual.lan not found: 9(NOTAUTH)
; Transfer failed.
You cannot transfer a hostname. If you want to lookup www.virtual.lan, use:
Code:
dig www.virtual.lan

vitronix 03-07-2014 07:50 AM
Jan Visser[/QUOTE]

I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.              IN      A

;; AUTHORITY SECTION:
.                      61807  IN      SOA    a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108


---------- Post added 03-07-14 at 02:51 PM ----------

[/QUOTE]

I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.              IN      A

;; AUTHORITY SECTION:
.                      61807  IN      SOA    a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108

vitronix 03-07-2014 07:52 AM
Quote:
Originally Posted by vitronix (Post 5130506)
I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.              IN      A

;; AUTHORITY SECTION:
.                      61807  IN      SOA    a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108


---------- Post added 03-07-14 at 02:51 PM ----------
I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.              IN      A

;; AUTHORITY SECTION:
.                      61807  IN      SOA    a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108
[/QUOTE]

vitronix 03-07-2014 12:42 PM
Sorry, messed things up
 
I wanted to reply to my post but I made a mess of it.
Sorry for that, maybe someone can delete my own reply without the whole message as a quote.
It may be strange for a newbie like me to go and try to setup servers, but it facinates me.

Let me give tthe output of dig www.vitrual.lan again:

Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.              IN      A

;; AUTHORITY SECTION:
.                      61807  IN      SOA    a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108
from what I can make of it is that dig reports that it's a none existing domain.

Where should I look for a Bind log file?

Contents of syslog:
Code:
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:1::803f:235#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 199.7.83.42#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:2d::d#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 199.7.83.42#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:2d::d#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 198.41.0.4#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:503:c27::2:30#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:2f::f#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 198.41.0.4#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.203.230.10#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 192.203.230.10#53
Mar  5 12:02:52 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:7fd::1#53
Mar  5 12:02:52 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
Mar  5 12:02:53 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.33.4.12#53
Mar  5 12:02:53 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:7fe::53#53
Mar  5 12:02:53 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
Mar  5 12:02:53 debian named[2067]: error (connection refused) resolving './NS/IN': 192.112.36.4#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:3::42#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53
Mar  5 12:02:54 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 199.7.91.13#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:503:ba3e::2:30#53
Mar  5 12:02:55 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Mar  5 12:02:55 debian named[2067]: error (connection refused) resolving './NS/IN': 192.58.128.30#53
Mar  5 12:02:56 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:dc3::35#53
Mar  5 12:02:56 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Mar  5 12:02:57 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.36.148.17#53
Mar  5 12:02:57 debian named[2067]: error (received FORMERR) resolving 'debian/AAAA/IN': 192.168.10.1#53
Mar  5 12:02:57 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 128.63.2.53#53
Mar  5 12:02:57 debian named[2067]: success resolving './NS' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
What I don't understand is that my local dns sever worked fine under Ubuntu, so what's the difference with Debian.
I'm not lazy, but some hints or good links would be great.

Thanx,

Vitronix

bathory 03-07-2014 03:10 PM
Quote:
from what I can make of it is that dig reports that it's a none existing domain.
Indeed. You should query your dns at 192.168.10.35 and not the one at 192.168.10.1
Code:
dig www.vitrual.lan @192.168.10.35

vitronix 03-07-2014 05:50 PM
Progress
 
Hello again,

I wondered what the difference was between Ubuntu and debian.
From what I can make of it now, is that things go wrong with te naming of www.

here's the output of named-checkzone virtual.lan db.virtual.lan
Code:
named-checkzone virtual.lan db.virtual.lan
zone virtual.lan/IN: loaded serial 2014040102
OK
Output of dig debian.virtual.lan:

Code:
dig debian.virtual.lan @192.168.10.35

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> debian.virtual.lan @192.168.10.35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16212
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;debian.virtual.lan.            IN      A

;; ANSWER SECTION:
debian.virtual.lan.    604800  IN      A      192.168.10.35

;; AUTHORITY SECTION:
virtual.lan.            604800  IN      NS      ns.virtual.lan.

;; ADDITIONAL SECTION:
ns.virtual.lan.        604800  IN      A      192.168.10.35

;; Query time: 2 msec
;; SERVER: 192.168.10.35#53(192.168.10.35)
;; WHEN: Fri Mar  7 19:26:12 2014
;; MSG SIZE  rcvd: 85
this looks promising, from within my virtual server I can now ping debian.virtual.lan

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=1 ttl=64 time=0.066 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=2 ttl=64 time=0.045 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=3 ttl=64 time=0.043 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=4 ttl=64 time=0.047 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=5 ttl=64 time=0.046 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=6 ttl=64 time=0.132 ms
^C
--- debian.virtual.lan ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4997ms
rtt min/avg/max/mdev = 0.043/0.063/0.132/0.032 ms

vitronix 03-07-2014 06:27 PM
Success :-)
 
Hello once again.

It is solved more or less.

I needed to reconfigure Kubuntu so that it uses 192.168.10.35 as a DNS server.

Now I can ping debian.virtual.lan, but there is a catch, let me show you:

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=1 ttl=64 time=0.203 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_seq=2 ttl=64 time=0.197 ms
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=3 ttl=64 time=0.199 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_seq=4 ttl=64 time=0.174 ms
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=5 ttl=64 time=0.205 ms
^C
--- debian.virtual.lan ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.174/0.195/0.205/0.018 ms

vitronix 03-07-2014 07:02 PM
Solved
 
It's me again,

The problem lies definitly in using the www. prefix, I think that because it's a name intended for the web it get's forwarded.

Anyway let me show the content of the configuration files I've got.

Code:
named.conf.local:

zone "virtual.lan" {
        type master;
        file "/etc/bind/db.virtual.lan";
};

zone "10.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.10.168.192";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
Code:
db.virtual.lan:

;
; ZONE file for virtual.lan
;
$TTL    604800
@      IN      SOA    debian.virtual.lan. root.virtual.lan. (
                    2014040102        ; Serial
                        604800        ; Refresh
                          86400        ; Retry
                        2419200        ; Expire
                        604800 )      ; Negative Cache TTL
;
@      IN      NS      debian.virtual.lan.
debian  IN      A      192.168.10.35
Code:

db.10.168.192:

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@      IN      SOA    ns.virtual.lan. root.virtual.lan. (
                    2013041502        ; Serial
                        604800        ; Refresh
                          86400        ; Retry
                        2419200        ; Expire
                        604800 )      ; Negative Cache TTL
;
@      IN      NS      virtual.
35      IN      PTR    debian.virtual.lan.
I can now ping debian.virtual.lan

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=1 ttl=64 time=0.055 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=2 ttl=64 time=0.036 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=3 ttl=64 time=0.037 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=4 ttl=64 time=0.039 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=5 ttl=64 time=0.058 ms
^C
--- debian.virtual.lan ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 0.036/0.045/0.058/0.009 ms
The lesson learned don't use www in your local domain!

Thanks for the replies, they are much appreciated.

bathory 03-08-2014 01:56 AM
Quote:
The lesson learned don't use www in your local domain!
Not at all. Add an A record for www and it will resolve.
The catch is to use the dns that is authoritative for the domain virtual.lan (that is 192.168.10.35). You should add it first in /etc/resolv.conf


Regards


All times are GMT -5. The time now is 01:50 PM.