Bind9 is not fordwarding

clpu · 03-13-2015, 04:38 AM

Hi, I've been trying to configure the bind9 service as a forwarder and it's not working as intended.

The file /etc/bind/named.conf.options is configured as follows:

Code:

options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validations auto;
auth-nxdomanin no;
listen-on-v6 { any; };
};

And this is what I get with nslookup:

Code:

Server: 192.168.1.45
Address: 192.168.1.45#53

** server can't find www.google.com: SERVFAIL

Do you know why is it throwing this error?

bathory · 03-14-2015, 03:39 AM

Hi,

You have a couple of typos in your config file. It's

Code:

dnssec-validation auto;
auth-nxdomain no;

So correct them, restart named and see if it's working

Regards

clpu · 03-16-2015, 03:39 AM

Those typos are not in the file, so that can't be it.

kirukan · 03-16-2015, 04:47 AM

Can you post the whole configuration here?

clpu · 03-16-2015, 05:18 AM

named.conf.options

Quote:

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
8.8.8.8;208.67.222.222
};

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

named.conf.local

Quote:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "seas-linux.es" {
type master;
file "db.seas-linux.es";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "db.192.168.1";
};

db.seas-linux.es

Quote:

$ORIGIN seas-linux.es.
$TTL 86400 ; 1 dia
@ IN SOA seas-linux.es. root.seas-linux.es.(
1 ; serie
6H ; refresco (6 horas)
1H ; reintentos (1 hora)
2W ; expira (2 semanas)
3H ; minimo (3 horas)
)
NS ns.seas-linux.es.
servidor1 A 192.168.0.250
servidor2 A 192.168.0.251
www CNAME servidor1
mail A 192.168.0.252
MX 10 mail.seas-linux.es.
ns A 127.0.0.1

db.192.168.1

Quote:

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA seas-linux.es. root.seas-linux.es. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS seas.seas-linux.es.
4 IN PTR seas.seas-linux.es.
seas IN A 127.0.0.1
;@ IN AAAA ::1

bathory · 03-17-2015, 07:44 AM

Quote:

Server: 192.168.1.45
Address: 192.168.1.45#53

** server can't find www.google.com: SERVFAIL

Is 192.168.1.45 the IP of the name server you're trying to setup? Because the IPs in your zone file are from a different network (192.168.0.x)

Quote:

NS ns.seas-linux.es.

You don't have an A record for ns.seas-linux.es

Quote:

forwarders {
8.8.8.8;208.67.222.222
};

Another typo? You miss the trailing ";" after 208.67.222.222

P.S. You can use the named-checkconf utility to test your config files

Code:

named-checkconf -z