Need help with split DNS (bind) on Ubuntu

bax · 11-08-2010, 05:19 PM

Setting up a fake (not real world, no access to the real world) domain and email server. For the life of me, I cannot get split DNS working so I can't receive mail from other test servers that need to use this as an email server. If there's an easier way of doing this using /etc/hosts, I'm all ears.

Ubuntu 10.04 Server 192.168.246.165 is the box's IP address.

Code:

cat /etc/hostname  fakedomain.com

Code:

cat /etc/hosts
127.0.0.1       localhost.localdomain localhost
192.168.246.165  mail.fakedomain.com mail

Code:

 cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

         forwarders {
                192.168.246.165;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

zone "fakedomain.com" {
    type master;
    file "/var/cache/bind/db.23";
};

Code:

cat /etc/bind/db.23 

;
;       Addresses and other host information.
;
@       IN      SOA     cdbamail.gov. hostmaster.cdbamail.gov. (
                               10118      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum
;       Define the nameservers and the mail servers
               IN      NS      192.168.246.165
               IN      A       192.168.246.165
               IN      MX      10 fakedomain.com

Code:

cat /etc/resolv.conf 
nameserver 192.168.246.165
domain fakedomain.com
search fakedomain.com

Code:

dig fakedomain.gov mx

; <<>> DiG 9.7.0-P1 <<>> fakedomain.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49359
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;fakedomain.com.			IN	MX

;; Query time: 0 msec
;; SERVER: 192.168.246.165#53(192.168.246.165)
;; WHEN: Mon Nov  8 18:18:40 2010
;; MSG SIZE  rcvd: 30

bathory · 11-09-2010, 12:21 AM

Hi,

First of all this is not a split dns configuration, so please change the title of your thread.

That said, there are a couple of errors in the zone file that could give the SERVFAIL. Specially the 1st one:
1. You need to use a FQDN and not an IP of the NS RR
2. The dns in the SOA record is different from that in the NS RR
3. You miss the trailing dot at the MX RR. Also you maybe want this to be mail.fakedomain.com.
4. Better keep together the NS and MX RRs before any A, CNAME,... records
So try the following and see if it works:

Code:

@       IN      SOA     fakedomain.com. hostmaster.cdbamail.gov. (
                               10118      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum
;       Define the nameservers and the mail servers
               IN      NS      fakedomain.com.
               IN      MX      10 fakedomain.com.
               IN      A       192.168.246.165

Don't forget to increase the serial before reloading bind.

To test the above zone file, you can run:

Code:

named-checkzone -D fakedomain.com /var/cache/bind/db.23

Regards