LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-02-2014, 08:50 PM   #1
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Rep: Reputation: Disabled
Debian 7 bind9 problem


Hi,

I have setup a BIND server for Ubuntu 12.04, it was functioning.
So I tried to repeat it on Debian 7 Wheezy.

Let me show you my configuration files:

resolv.conf:

Code:
search virtual.lan
domain virtual.lan
nameserver 192.168.10.1 
nameserver 192.168.10.35
named.conf.local:

Code:
zone "vitronix.lan" {
        type master;
        file "/etc/bind/db.vitronix.lan";
};

zone "10.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.10.168.192";
};
named.conf.options:
Code:
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                192.168.10.1;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
db.virtual.lan:
Code:
;
; ZONE file for virtual.lan
;
$TTL    604800
@       IN      SOA     ns.virtual.lan. root.virtual.lan. (
                     2014040102         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.virtual.lan.
ns      IN      A       192.168.10.35
www     IN      A       192.168.10.35
db.10.168.192:

Code:
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.virtual.lan. root.virtual.lan. (
                     2013041502         ; Serial
                         604800         ; Refresh
                          86400         ; Retry  
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.
35      IN      PTR     ns.
35      IN      PTR     www.
now when I run host -l virtual.lan I get:
Code:
virtual.lan name server ns.
ns.virtual.lan has address 192.168.10.35
www.virtual.lan has address 192.168.10.35
but when I run host -l www.virtual.lan I get:
Code:
; Transfer failed.
Host www.virtual.lan.virtual.lan not found: 9(NOTAUTH)
; Transfer failed.
What should resolv in www.virtual.lan resolvs in www.virtual.lan.virtual.lan

Output of syslog:
Code:
ar  3 03:39:55 debian named[3704]: client 192.168.10.35#39135: transfer of 'virtual.lan/IN': AXFR started
Mar  3 03:39:55 debian named[3704]: client 192.168.10.35#39135: transfer of 'virtual.lan/IN': AXFR ended
Mar  3 03:41:48 debian named[3704]: client 192.168.10.35#50712: bad zone transfer request: 'www.virtual.lan/IN': non-authoritative zone (NOTAUTH)
Mar  3 03:41:49 debian named[3704]: client 192.168.10.35#59730: bad zone transfer request: 'www.virtual.lan.virtual.lan/IN': non-authoritative zone (NOTAUTH)
Please help.

Thanks in advance,

Jan Visser
 
Old 03-04-2014, 06:02 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,827

Rep: Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866
Quote:
but when I run host -l www.virtual.lan I get:
Code:

; Transfer failed.
Host www.virtual.lan.virtual.lan not found: 9(NOTAUTH)
; Transfer failed.
You cannot transfer a hostname. If you want to lookup www.virtual.lan, use:
Code:
dig www.virtual.lan
 
Old 03-07-2014, 07:50 AM   #3
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Jan Visser[/QUOTE]

I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.               IN      A

;; AUTHORITY SECTION:
.                       61807   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108


---------- Post added 03-07-14 at 02:51 PM ----------

[/QUOTE]

I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.               IN      A

;; AUTHORITY SECTION:
.                       61807   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108

Last edited by vitronix; 03-07-2014 at 12:46 PM. Reason: messed thing up
 
Old 03-07-2014, 07:52 AM   #4
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by vitronix View Post
I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.               IN      A

;; AUTHORITY SECTION:
.                       61807   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108


---------- Post added 03-07-14 at 02:51 PM ----------

I don't fully understand this but I think a should leave a reply here.

Anyway, output of
Code:
dig www.virtual.lan
is
Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.               IN      A

;; AUTHORITY SECTION:
.                       61807   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108
[/QUOTE]
 
Old 03-07-2014, 12:42 PM   #5
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Sorry, messed things up

I wanted to reply to my post but I made a mess of it.
Sorry for that, maybe someone can delete my own reply without the whole message as a quote.
It may be strange for a newbie like me to go and try to setup servers, but it facinates me.

Let me give tthe output of dig www.vitrual.lan again:

Code:
dig www.vitrual.lan

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.vitrual.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28215
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.vitrual.lan.               IN      A

;; AUTHORITY SECTION:
.                       61807   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014030700 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Wed Mar  5 11:43:07 2014
;; MSG SIZE  rcvd: 108
from what I can make of it is that dig reports that it's a none existing domain.

Where should I look for a Bind log file?

Contents of syslog:
Code:
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:1::803f:235#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 199.7.83.42#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:2d::d#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 199.7.83.42#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:2d::d#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 198.41.0.4#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:503:c27::2:30#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:2f::f#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 198.41.0.4#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Mar  5 12:02:51 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:2f::f#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.203.230.10#53
Mar  5 12:02:51 debian named[2067]: error (connection refused) resolving './NS/IN': 192.203.230.10#53
Mar  5 12:02:52 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:7fd::1#53
Mar  5 12:02:52 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
Mar  5 12:02:53 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.33.4.12#53
Mar  5 12:02:53 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:7fe::53#53
Mar  5 12:02:53 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
Mar  5 12:02:53 debian named[2067]: error (connection refused) resolving './NS/IN': 192.112.36.4#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:500:3::42#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53
Mar  5 12:02:54 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 199.7.91.13#53
Mar  5 12:02:54 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:503:ba3e::2:30#53
Mar  5 12:02:55 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Mar  5 12:02:55 debian named[2067]: error (connection refused) resolving './NS/IN': 192.58.128.30#53
Mar  5 12:02:56 debian named[2067]: error (network unreachable) resolving 'debian/AAAA/IN': 2001:dc3::35#53
Mar  5 12:02:56 debian named[2067]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Mar  5 12:02:57 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 192.36.148.17#53
Mar  5 12:02:57 debian named[2067]: error (received FORMERR) resolving 'debian/AAAA/IN': 192.168.10.1#53
Mar  5 12:02:57 debian named[2067]: error (connection refused) resolving 'debian/AAAA/IN': 128.63.2.53#53
Mar  5 12:02:57 debian named[2067]: success resolving './NS' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
What I don't understand is that my local dns sever worked fine under Ubuntu, so what's the difference with Debian.
I'm not lazy, but some hints or good links would be great.

Thanx,

Vitronix
 
Old 03-07-2014, 03:10 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,827

Rep: Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866
Quote:
from what I can make of it is that dig reports that it's a none existing domain.
Indeed. You should query your dns at 192.168.10.35 and not the one at 192.168.10.1
Code:
dig www.vitrual.lan @192.168.10.35
 
Old 03-07-2014, 05:50 PM   #7
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Progress

Hello again,

I wondered what the difference was between Ubuntu and debian.
From what I can make of it now, is that things go wrong with te naming of www.

here's the output of named-checkzone virtual.lan db.virtual.lan
Code:
named-checkzone virtual.lan db.virtual.lan
zone virtual.lan/IN: loaded serial 2014040102
OK
Output of dig debian.virtual.lan:

Code:
dig debian.virtual.lan @192.168.10.35

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> debian.virtual.lan @192.168.10.35
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16212
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;debian.virtual.lan.            IN      A

;; ANSWER SECTION:
debian.virtual.lan.     604800  IN      A       192.168.10.35

;; AUTHORITY SECTION:
virtual.lan.            604800  IN      NS      ns.virtual.lan.

;; ADDITIONAL SECTION:
ns.virtual.lan.         604800  IN      A       192.168.10.35

;; Query time: 2 msec
;; SERVER: 192.168.10.35#53(192.168.10.35)
;; WHEN: Fri Mar  7 19:26:12 2014
;; MSG SIZE  rcvd: 85
this looks promising, from within my virtual server I can now ping debian.virtual.lan

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=1 ttl=64 time=0.066 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=2 ttl=64 time=0.045 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=3 ttl=64 time=0.043 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=4 ttl=64 time=0.047 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=5 ttl=64 time=0.046 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=6 ttl=64 time=0.132 ms
^C
--- debian.virtual.lan ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 4997ms
rtt min/avg/max/mdev = 0.043/0.063/0.132/0.032 ms
 
Old 03-07-2014, 06:27 PM   #8
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Success :-)

Hello once again.

It is solved more or less.

I needed to reconfigure Kubuntu so that it uses 192.168.10.35 as a DNS server.

Now I can ping debian.virtual.lan, but there is a catch, let me show you:

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=1 ttl=64 time=0.203 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_seq=2 ttl=64 time=0.197 ms
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=3 ttl=64 time=0.199 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_seq=4 ttl=64 time=0.174 ms
64 bytes from ns.virtual.lan (192.168.10.35): icmp_seq=5 ttl=64 time=0.205 ms
^C
--- debian.virtual.lan ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.174/0.195/0.205/0.018 ms
 
Old 03-07-2014, 07:02 PM   #9
vitronix
Member
 
Registered: Dec 2012
Posts: 56

Original Poster
Rep: Reputation: Disabled
Wink Solved

It's me again,

The problem lies definitly in using the www. prefix, I think that because it's a name intended for the web it get's forwarded.

Anyway let me show the content of the configuration files I've got.

Code:
named.conf.local:

zone "virtual.lan" {
        type master;
        file "/etc/bind/db.virtual.lan";
};

zone "10.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.10.168.192";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
Code:
db.virtual.lan:

;
; ZONE file for virtual.lan
;
$TTL    604800
@       IN      SOA     debian.virtual.lan. root.virtual.lan. (
                     2014040102         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      debian.virtual.lan.
debian  IN      A       192.168.10.35
Code:
db.10.168.192:

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.virtual.lan. root.virtual.lan. (
                     2013041502         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      virtual.
35      IN      PTR     debian.virtual.lan.
I can now ping debian.virtual.lan

Code:
ping debian.virtual.lan
PING debian.virtual.lan (192.168.10.35) 56(84) bytes of data.
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=1 ttl=64 time=0.055 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=2 ttl=64 time=0.036 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=3 ttl=64 time=0.037 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=4 ttl=64 time=0.039 ms
64 bytes from debian.virtual.lan (192.168.10.35): icmp_req=5 ttl=64 time=0.058 ms
^C
--- debian.virtual.lan ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3997ms
rtt min/avg/max/mdev = 0.036/0.045/0.058/0.009 ms
The lesson learned don't use www in your local domain!

Thanks for the replies, they are much appreciated.

Last edited by vitronix; 03-07-2014 at 07:07 PM. Reason: wrong layout
 
Old 03-08-2014, 01:56 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,827

Rep: Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866Reputation: 1866
Quote:
The lesson learned don't use www in your local domain!
Not at all. Add an A record for www and it will resolve.
The catch is to use the dns that is authoritative for the domain virtual.lan (that is 192.168.10.35). You should add it first in /etc/resolv.conf


Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Slave bind9 problem with external views. Debian Wheezy llu Linux - Networking 2 10-27-2013 04:36 AM
bind9 on debian JJX Debian 3 04-11-2013 02:10 PM
BIND9 and Debian cshiers Linux - Newbie 15 11-10-2010 01:52 PM
Bind9 with OpenLDAP on Debian etch slp1992 Linux - Server 5 10-23-2008 12:11 AM
is my bind9 on debian box vulnerable? mvidberg Linux - Security 4 08-01-2008 11:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration