Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have configured a DynDNS on my router/modem called korimort.freedynamicdns.org which points to my modem as a gateway. It works nicely with a port forward of port 80 to my local server 192.168.1.2:80 for the web server, such that my web server can be reached externally at http://korimort.freedynamicdns.net
I want to run my own DNS server in local network having such domains as www.korimort.freedynamicdns.net . For that i installed bind9 under my Debian 9 stretch RaspBian Raspberry Pi 3 server. I forwarded TCP port 53 to my local server 192.168.1.2 . I configured the bind server as follows:
named.conf.local:
Quote:
zone "1.168.192.in-addr.arpa" {
notify no;
type master;
file "db.1.168.192.in-addr.arpa";
};
zone "korimort.freedynamicdns.net" {
notify no;
type master;
file "db.korimort.freedynamicdns.net";
};
Furthermore db.1.168.192.in-addr.arpa:
Quote:
$TTL 86400
@ IN SOA ns.korimort.freedynamicdns.net. tomkori.gmx.net. (
1; serial
3h; refresh
15; retry
1w; expire
3h; nxdomain ttl
)
@ IN NS ns.korimort.freedynamicdns.net.
@ IN PTR korimort.freedynamicdns.net.
2 IN PTR ns.korimort.freedynamicdns.net.
2 IN PTR rpiserver.korimort.freedynamicdns.net.
3 IN PTR thomaspc.korimort.freedynamicdns.net.
5 IN PTR raspberrypi.korimort.freedynamicdns.net.
6 IN PTR raspi-server2-eth.korimort.freedynamicdns.net.
7 IN PTR raspi-server2-wlan.korimort.freedynamicdns.net.
and furthermore db.korimort.freedynamicdns.net:
Quote:
$TTL 86400
@ IN SOA ns.korimort.freedynamicdns.net. tomkori.gmx.net. (
1; serial
3h; refresh
15; retry
1w; expire
3h; nxdomain ttl
)
@ IN NS ns.korimort.freedynamicdns.net.
ns IN A 192.168.1.2
www IN A 192.168.1.2
ftp IN A 192.168.1.2
rpiserver IN A 192.168.1.2
raspi-server2-eth IN A 192.168.1.6
raspi-server2-wlan IN A 192.168.1.7
raspberrypi IN A 192.168.1.5
thomaspc IN A 192.168.1.3
After starting the server i try the dig command:
dig @192.168.1.2 korimort.freedynamicdns.net
and it yields no matter what i dig for at the server 192.168.1.2
(i added forwards of 4.4.4.4 and 8.8.8.8 also). The server seems to get the request, but it does not answer it for whatever reason.
You get 1st a SERVFAIL and 2nd not an authoritative answer (no aa among the others flags: qr rd ra) from your dns server.
Add an A RR for korimort.freedynamicdns.net:
Code:
$TTL 86400
@ IN SOA ns.korimort.freedynamicdns.net. tomkori.gmx.net. (
2; serial
3h; refresh
15; retry
1w; expire
3h; nxdomain ttl
)
@ IN NS ns.korimort.freedynamicdns.net.
@ IN A 192.168.1.2
ns IN A 192.168.1.2
www IN A 192.168.1.2
ftp IN A 192.168.1.2
rpiserver IN A 192.168.1.2
raspi-server2-eth IN A 192.168.1.6
raspi-server2-wlan IN A 192.168.1.7
raspberrypi IN A 192.168.1.5
thomaspc IN A 192.168.1.3
Don't forget to increase the serial and reload the zone before trying again.
Thanks for your idea. Still i get SERVFAILS from dig and nslookup. In order to check for typos and other errors i tested all my files with named-checkconf, named-chckzone, compile-zone,... to me it seems that for some reason the zone files are simply not loaded by the bind server or that the bind server cannot follow any requests. I have changed my conf to
Quote:
zone "1.168.192.in-addr.arpa" {
notify no;
type master;
file "db.1.168.192.in-addr.arpa";
allow-query { any; };
forwarders { 4.4.4.4; 8.8.8.8; };
};
zone "korimort.freedynamicdns.net" {
notify no;
type master;
file "db.korimort.freedynamicdns.net";
allow-query { any; };
forwarders { 4.4.4.4; 8.8.8.8; };
};
but it did not help. Maybe something is wrong with the directory path?? I have put the db files also where all the other db files are contained in /etc/bind directory and permissions are root/bind. server also starts without any problems, but any query whatsoever results in servfail.
You don't need forwarders if you want to run an authoritative nameserver
I've just noticed in your OP, that you have "forwarded TCP port 53 to my local server 192.168.1.2".
You have to open also port 53/UDP, as dns is using UDP mainly. I guess that's why you're getting the SERVFAIL.
Quote:
have put the db files also where all the other db files are contained in /etc/bind directory and permissions are root/bind. server also starts without any problems, but any query whatsoever results in servfail.
I don't know about debian/bind configuration, but most likely the zone files are under /var/cache/bind. Unless you're running bind chrooted (default /var/bind9/chroot).
Thank you for your answer. I have already also activated UDP forward. And still the same. I have put my two zone files in /etc/bind, where also all the other zone files are residing. Maybe i should give the full path in the zone declaration. As for your suggestion to add @ IN A 192.168.1.2 i think this is inconsistent since @ is clearly the dynamic WAN IP of my modem/router which could be extended to further subdomains. Anyhow, the suggested change did not change anything. There are three files in /etc/bin/ directory: named.conf.options, named.conf.local and named.conf . In named.conf named.conf.local is included and it is commented that all zone declarations shall go into named.conf.local . That i did. I checked the syntax and contents of the zone files with the tools and it seems reasonable to me. However, it seems as if the zones are not known by the server.
I want to make an authoritative server for korimort.freedynamicdns.net zone as seen most probably correctly in the zone files. Inside my network i would like to use such names like rpiserver being resolved to 192.168.1.2 aso. maybe without querying outside servers for the full IP address of rpiserver.korimort.freedynamicdns.net . As already said i forward both UDP and TCP port 53 to my server 192.168.1.2 with bind9 installed on it. As from the configuration files i don't suspect that zone declarations need to be activated, but maybe the declarations are not properly parsed or parsed as comment ?!?!? Also no other zone files are activated of the many for localhost contained in the directory. One could uncomment the appropriate directive for the include of RFC zones. I did not do that. The only zones that should be known to the server are the two zones i defined: korimort.,freedynamicdns.net and the reverse lookup 1.168.192.in-addr.arpa .As already mentioned i checked the zoone files for syntax and semantics by the tools check-namedconf, check-compilezones, check-namedzones,...
Ok. It seems as if one of two things was the problem. I restarted bind9 by the command /etc/init.d/bind9 restart instead of systemctl restart bind9 or it was because of relative file names. Now, it works. However, one problem remains:
When i add the line you said @ IN A 192.168.1.2 then korimort.freedynamicdns.net is resolved as 192.168.1.2 but in fact it is already resolved to be the dynamic open IP registered in my modem/router. Isn't that inconsistent? Instead, if i declare forwarders then any request for resolving korimort.freedynamicdns.net should be forwarded to outside DNS servers which would resolve it correctly. Thus i can expect, that no time whatsoever my server will be queried for korimort.freedynamicdns.net . I think it would be wrong to return the local IP of my local DNS server as technically korimort.freedynamicdns.net is referencing the domain/subnet that is controlled by my modem/router and not a single network interface in it. If accidentially my server would be requested to resolve korimort.freedynamicdns.net it would be better to return no answer at all, than returning a wrong answer.
What do you say?
As for resolving local names like rpiserver i think i could try to define a zone file for the . domain ?!?!??!
Ok. It seems as if one of two things was the problem. I restarted bind9 by the command /etc/init.d/bind9 restart instead of systemctl restart bind9 or it was because of relative file names. Now, it works.
Cool!
Quote:
When i add the line you said @ IN A 192.168.1.2 then korimort.freedynamicdns.net is resolved as 192.168.1.2 but in fact it is already resolved to be the dynamic open IP registered in my modem/router. Isn't that inconsistent? Instead, if i declare forwarders then any request for resolving korimort.freedynamicdns.net should be forwarded to outside DNS servers which would resolve it correctly. Thus i can expect, that no time whatsoever my server will be queried for korimort.freedynamicdns.net . I think it would be wrong to return the local IP of my local DNS server as technically korimort.freedynamicdns.net is referencing the domain/subnet that is controlled by my modem/router and not a single network interface in it. If accidentially my server would be requested to resolve korimort.freedynamicdns.net it would be better to return no answer at all, than returning a wrong answer.
If you want to have different name resolutions based on the client (i.e. external or internal), you should use views.
Thanks for the info. I think i stumbled accross the article some time ago. Then i found this XName site to be commercialised. But the view perspective in BIND9 seems a good thing.
I think that it would be more proper to name a name server of No-Ip my DynDNS Provider in the SOA line like
Quote:
korimort.freedynamicdns.net in SOA ns1.freedynamicdns.net tomkori.gmx.net (...)
or maybe i could simply name any name server that has full resolution capabilities for korimort.freedynamicdns.net?
And if i would make an internal name for korimort.freedynamicdns.net shouldn't it be more the IP of my gateway than the IP of my server like 8.8.8.8?
Then also No-IP offers a package that allows for an own DNS server. I am already configuring my DNS server. So why would i need to pay money to No-IP to get a permission to have my own DNS server? Is it because they delegate/forward my korimort domain to my DNS server? Otherwise, if my DNS servers DNS is not mentioned anywhere is there a problem with (reverse) DNS resolution? As long as my router forwards the port to my DNS server, shouldn't my DNS server then be already fully integrated in the whole DNS network? What am i missing here?
Last edited by Thomas Korimort; 11-12-2017 at 02:05 AM.
I think that it would be more proper to name a name server of No-Ip my DynDNS Provider in the SOA line like
korimort.freedynamicdns.net in SOA ns1.freedynamicdns.net tomkori.gmx.net (...)
or maybe i could simply name any name server that has full resolution capabilities for korimort.freedynamicdns.net?
Then also No-IP offers a package that allows for an own DNS server. I am already configuring my DNS server. So why would i need to pay money to No-IP to get a permission to have my own DNS server?
You have to pay them, because they are the registrar of freedynamicdns.net. So if you want to run your own dns for the subdomain korimort.freedynamicdns.net, you need them to delegate it to you.
Without the delegation no-one from outside your network could ever resolve your (sub)domain
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
