DNS error

bathory · 05-25-2009, 04:33 AM

Quote:

Mats:/home/ssu# ps -ef | grep named
root 3488 3081 0 12:10 pts/0 00:00:00 grep named

From this, it seems that named is not running. Check the logs for the reason of this.
Regarding the the cat output, did you look the quoted text I've posted? You are running the same "cat db.vun.lan" from the same directory "/var/chroot/bind9/etc/bind" and you get 2 different results!!!!

matsyuf · 05-25-2009, 11:18 AM

aah yes i get, it becoz I had changed something with the file and got previous post and put it together with surrent one i think that why.

True Bind wasnt running i had to start it again and below are the results

Mats:/home/ssu# /etc/init.d/bind9 start
Starting domain name service...: bind9.
Mats:/home/ssu# ps -ef | grep named
bind 5594 1 0 19:17 ? 00:00:00 /usr/sbin/named -u bind -t /var/chroot/bind9
root 5665 3081 0 19:17 pts/0 00:00:00 grep named
Mats:/home/ssu#

matsyuf · 05-25-2009, 11:18 AM

aah yes i get, it becoz I had changed something with the file and got previous post and put it together with surrent one i think that why.

True Bind wasnt running i had to start it again and below are the results

Mats:/home/ssu# /etc/init.d/bind9 start
Starting domain name service...: bind9.
Mats:/home/ssu# ps -ef | grep named
bind 5594 1 0 19:17 ? 00:00:00 /usr/sbin/named -u bind -t /var/chroot/bind9
root 5665 3081 0 19:17 pts/0 00:00:00 grep named
Mats:/home/ssu#

bathory · 05-25-2009, 12:23 PM

Quote:

aah yes i get, it becoz I had changed something with the file and got previous post and put it together with surrent one i think that why.

And which is the correct one? I think that you've done a big mess with your configuration.
Do me a favour and post (or attach here the current config and zone files) and most important the log file(s) when named starts, so we can see from where it reads the zone files.

Or better yet start from scratch using this tutorial.

matsyuf · 05-25-2009, 02:43 PM

When I read my logs, it wasn't finding the zone files yet i have them there

My Current Configs

Mats:/var/chroot/bind9/etc/bind# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
#192.168.1.43 Mats.vun.lan Mats
127.0.1.1 Mats.vun.lan Mats
#127.0.1.1 Mats.WORKGROUP Mats

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.43
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.43, 196.0.3.70
search vun.lan
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat /etc/hostname
Mats.vun.lan
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# ls
db.0 db.255 db.root named.conf.local zones.rfc1918
db.1.168.192.rev db.empty db.vun.lan named.conf.options
db.127 db.local named.conf rndc.key
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "vun.lan" {
type master;
file "/var/chroot/bind9/etc/bind/db.vun.lan";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "/var/chroot/bind9/etc/bind/db.1.168.192.rev";
};

Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
;
; BIND data file for vun.lan
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
7200 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
@ IN NS Mats.vun.lan.
@ IN NS Mon.vun.lan.
@ IN A 192.168.1.15
@ IN A 192.168.1.43
@ IN MX 10 Mats.vun.lan.
Mats IN A 192.168.1.43
vun.lan.IN A 192.168.1.43
Mon IN A 192.168.1.15
www IN CNAME Mats
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.rev
;
; BIND data file for 1.168.192
;
$TTL 604800
$ORIGIN 1.1.168.192.in-addr-arpa.
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
604800 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
IN NS Mats.vun.lan.
IN NS Mon.vun.lan.
43 IN PTR Mats.vun.lan.
43 IN PTR vun.lan.
15 IN PTR Mon.vun.lan.
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
// listen-on port 53 {192.168.1.0;}
allow-query {192.168.1.0/24;127.0.0.1;};

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
196.0.3.70;
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Mats:/var/chroot/bind9/etc/bind#

LOGS

May 25 22:40:00 Mats named[6478]: loading configuration from '/etc/bind/named.conf'
May 25 22:40:00 Mats named[6478]: max open files (1024) is smaller than max sockets (4096)
May 25 22:40:00 Mats named[6478]: using default UDP/IPv4 port range: [1024, 65535]
May 25 22:40:00 Mats named[6478]: using default UDP/IPv6 port range: [1024, 65535]
May 25 22:40:00 Mats named[6478]: listening on IPv6 interfaces, port 53
May 25 22:40:00 Mats named[6478]: listening on IPv4 interface lo, 127.0.0.1#53
May 25 22:40:00 Mats named[6478]: listening on IPv4 interface eth0, 192.168.1.43#53
May 25 22:40:00 Mats named[6478]: automatic empty zone: 254.169.IN-ADDR.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: D.F.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 8.E.F.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: 9.E.F.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: A.E.F.IP6.ARPA
May 25 22:40:00 Mats named[6478]: automatic empty zone: B.E.F.IP6.ARPA
May 25 22:40:00 Mats named[6478]: command channel listening on 127.0.0.1#953
May 25 22:40:00 Mats named[6478]: command channel listening on ::1#953
May 25 22:40:00 Mats named[6478]: zone 0.in-addr.arpa/IN: loaded serial 1
May 25 22:40:00 Mats named[6478]: zone 127.in-addr.arpa/IN: loaded serial 1
May 25 22:40:00 Mats named[6478]: zone 1.168.192.in-addr.arpa/IN: loading from master file /var/chroot/bind9/etc/bind/db.1.168.192.rev failed: file not found
May 25 22:40:00 Mats named[6478]: zone 255.in-addr.arpa/IN: loaded serial 1
May 25 22:40:00 Mats named[6478]: zone vun.lan/IN: loading from master file /var/chroot/bind9/etc/bind/db.vun.lan failed: file not found
May 25 22:40:00 Mats named[6478]: zone localhost/IN: loaded serial 2
May 25 22:40:00 Mats named[6478]: running
May 25 22:40:01 Mats named[6478]: network unreachable resolving 'local/SOA/IN': 2001:7fd::1#53
May 25 22:40:02 Mats named[6478]: network unreachable resolving 'local/SOA/IN': 2001:dc3::35#53
May 25 22:40:02 Mats named[6478]: network unreachable resolving 'local/SOA/IN': 2001:500:1::803f:235#53
May 25 22:40:05 Mats postfix/master[2526]: reload configuration /etc/postfix
Mats:/var/chroot/bind9/etc/bind# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

bathory · 05-25-2009, 03:20 PM

The path is relative to the chroot path. Thus /var/chroot/bind9/etc/bind/db.vun.lan is actually /var/chroot/bind9/var/chroot/bind9/etc/bind/db.vun.lan.
So change the path in named.conf.local to your zone files to be /etc/bind/db.vun.lan and /etc/bind/db.1.168.192.rev and make sure that /var/chroot/bind9/etc/bind is owned by the user/group bind/bind:

Code:

chown -R bind:bind /var/chroot/bind9/etc/bind

If you have problems post again the logs from named startup.

matsyuf · 05-26-2009, 03:08 AM

Hello Bathory, this is great, I see evrything works fine.

Mats:/var/chroot/bind9/etc# dig Mats.vun.lan

; <<>> DiG 9.5.1-P1 <<>> Mats.vun.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5911
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;Mats.vun.lan. IN A

;; ANSWER SECTION:
Mats.vun.lan. 604800 IN A 192.168.1.43

;; AUTHORITY SECTION:
vun.lan. 604800 IN NS Mon.vun.lan.
vun.lan. 604800 IN NS Mats.vun.lan.

;; ADDITIONAL SECTION:
Mon.vun.lan. 604800 IN A 192.168.1.15

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 26 01:05:23 2009
;; MSG SIZE rcvd: 94

Mats:/var/chroot/bind9/etc#

My problem was
- /var/chroot/bind9/etc/bind - wasnt owned and in group bind, so it was
Mats:/var/chroot/bind9/etc# ls -l
total 4
drwxr-sr-x 2 root bind 4096 2009-05-23 16:28 bind
after changing it now

Mats:/var/chroot/bind9/etc# ls -l
total 4
drwxr-sr-x 2 bind bind 4096 2009-05-23 16:28 bind

And finally I had a problem withthe path.

Many thanx. Cheers

matsyuf · 05-26-2009, 03:26 AM

BTW, now everytihg seems to work but in my logs i get some strange error

May 26 01:24:02 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2001:500:2f::f#53
May 26 01:24:02 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2001:500:1::803f:235#53
May 26 01:24:02 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2001:dc3::35#53
May 26 01:24:02 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2001:500:3::42#53
May 26 01:24:02 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2001:503:c27::2:30#53
May 26 01:24:05 Mats named[4036]: network unreachable resolving 'news.bbc.co.uk/AAAA/IN': 2a01:40:1001:35::2#53

What could be the problem ?

bathory · 05-26-2009, 04:14 AM

This is because you're trying to resolve ipv6 addresses and I guess your network does not support ipv6
You can add the "-4" option to the bind startup script, so it uses only ipv4 protocol. Since I don't use Debian, looking at the tutorial I proposed you in Post#34, you cat edit /etc/default/bind9 and use:

Code:

OPTIONS="-u bind -4 -t /var/chroot/bind9"

Glad to see you've made it at last.

Cheers

matsyuf · 05-26-2009, 10:14 AM

I get a prob with nslookup

root@Mon:~# nslookup Mats.vun.lan
Server: 192.168.1.43
Address: 192.168.1.43#53

** server can't find Mats.vun.lan.Mats.vun.lan: REFUSED

root@Mon:~#

bathory · 05-26-2009, 04:03 PM

You have edited the zone file and missed the trailing dot in the A record of Mats.vun.lan. It should be either of the following:

Code:

Mats IN A 192.168.1.43
Mats.vun.lan. IN A 192.168.1.43

matsyuf · 05-27-2009, 06:01 AM

My zone files r fine. from the DNS server nslookup works but from another computer it doesnt work yet I have this computer ip in my zone files as below ;-

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
;
; BIND data file for vun.lan
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090526 ; serial
7200 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
@ IN NS Mats.vun.lan.
@ IN NS Mon.vun.lan.
@ IN A 192.168.1.15
@ IN A 192.168.1.43
@ IN MX 10 Mats.vun.lan.
Mats IN A 192.168.1.43
vun.lan.IN A 192.168.1.43
Mon IN A 192.168.1.15
www IN CNAME Mats
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.rev
;
; BIND data file for 1.168.192
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090526 ; serial
604800 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
IN NS Mats.vun.lan.
IN NS Mon.vun.lan.
43 IN PTR Mats.vun.lan.
43 IN PTR vun.lan.
15 IN PTR Mon.vun.lan.
Mats:/var/chroot/bind9/etc/bind#

192.168.1.15 is the computer where i execute nslookup and desnt work neither does dig give right answers.

Waiting to hear from you

Ciao

matsyuf · 05-27-2009, 06:02 AM

My zone files r fine. from the DNS server nslookup works but from another computer it doesnt work yet I have this computer ip in my zone files as below ;-

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
;
; BIND data file for vun.lan
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090526 ; serial
7200 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
@ IN NS Mats.vun.lan.
@ IN NS Mon.vun.lan.
@ IN A 192.168.1.15
@ IN A 192.168.1.43
@ IN MX 10 Mats.vun.lan.
Mats IN A 192.168.1.43
vun.lan.IN A 192.168.1.43
Mon IN A 192.168.1.15
www IN CNAME Mats
Mats:/var/chroot/bind9/etc/bind#

Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.rev
;
; BIND data file for 1.168.192
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090526 ; serial
604800 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
IN NS Mats.vun.lan.
IN NS Mon.vun.lan.
43 IN PTR Mats.vun.lan.
43 IN PTR vun.lan.
15 IN PTR Mon.vun.lan.
Mats:/var/chroot/bind9/etc/bind#

192.168.1.15 is the computer where i execute nslookup and desnt work neither does dig give right answers.

Waiting to hear from you

Ciao

bathory · 05-27-2009, 06:49 AM

Quote:

** server can't find Mats.vun.lan.Mats.vun.lan: REFUSED

Could be that the query was refused because the server thinks it's you're not authorized to use it.
Looking back to your config files, I saw you're using the "allow-query ..." statement. Either comment it out, or change the addresses to any and see if it works:

Code:

allow-query { any; };

Or you can enable recursion globally as a start and do your tests.

Code:

recursion yes;

Note also that using dig instead of nslookup gives more info about solving bind problems.

matsyuf · 05-27-2009, 11:23 AM

Bathory, Bathory, U r great , I love this, everything works. Thanks sooooooo much. Btw, now I want to configure LAN mail server with postfix. I will be back here when stuck. U have done a great job. Bravoo