You are not logged in.
- Topics: Active | Unanswered
Pages: 1
Topic closed
#1 2015-10-23 01:18:21
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
BIND Configuration
This is my first foray into setting up my own DNS server. I'm working on an internal DNS server in preparation for when I ditch Verizon's router and also for when my contract ends with DynDNS which is used for my domain name. I'm not sure what I have misconfigured because dig and nslookup respond properly, but ping and web browsers can't resolve the names.
/etc/named.conf
// vim:set ts=4 sw=4 et:
options {
directory "/var/named";
pid-file "/run/named/named.pid";
listen-on { 192.168.1.3; };
forwarders { 8.8.8.8; 8.8.4.4; };
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
allow-transfer { none; };
allow-update { none; };
version none;
hostname "";
server-id none;
};
zone "arch-xu4" IN {
type master;
file "arch-xu4.forward.zone";
allow-update { none; };
notify no;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "arch-xu4.reverse.zone";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "localhost.ip6.zone";
};
zone "255.in-addr.arpa" IN {
type master;
file "empty.zone";
};
zone "0.in-addr.arpa" IN {
type master;
file "empty.zone";
};
zone "." IN {
type hint;
file "root.hint";
};
logging{
channel xfer-log {
file "/var/log/named.log";
print-category yes;
print-severity yes;
severity info;
};
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};/var/named/arch-xu4.forward.zone
$TTL 7200
; arch-xu4
@ IN SOA ns01.arch-xu4. postmaster.arch-xu4. (
2015102203 ; Serial
28800 ; Refresh
1800 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns01
ns01 IN A 0.0.0.0
;hosts
localhost IN A 127.0.0.1
arch-xu4 IN A 192.168.1.3
freenas IN A 192.168.1.6
arch-u2 IN A 192.168.1.10
nzedb IN A 192.168.1.100
plex IN A 192.168.1.99
;subdomains
pydio IN CNAME arch-xu4.
pma IN CNAME arch-xu4.
sickrage IN CNAME arch-xu4.
nzbget IN CNAME arch-xu4.
couchpotato IN CNAME arch-xu4.
htpc-manager IN CNAME arch-xu4.
transmission IN CNAME arch-xu4./var/named/arch-xu4.reverse.zone
I get this error up loading named.service: zone 1.168.192.in-addr.arpa/IN: NS 'ns01.1.168.192.in-addr.arpa' has no address records (A or AAAA)
$TTL 7200
; arch-xu4
@ IN SOA ns01.arch-xu4. postmaster.arch-xu4. (
2015102203 ; Serial
28800 ; Refresh
1800 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns01
6 IN PTR freenas.
10 IN PTR arch-u2.
3 IN PTR arch-xu4.
100 IN PTR nzedb.
99 IN PTR plex.dig responses
; <<>> DiG 9.10.3 <<>> pma.arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52895
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pma.arch-xu4. IN A
;; ANSWER SECTION:
pma.arch-xu4. 7200 IN CNAME arch-xu4.
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Fri Oct 23 00:43:39 UTC 2015
;; MSG SIZE rcvd: 107; <<>> DiG 9.10.3 <<>> sickrage.arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62433
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sickrage.arch-xu4. IN A
;; ANSWER SECTION:
sickrage.arch-xu4. 7200 IN CNAME arch-xu4.
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Fri Oct 23 00:45:07 UTC 2015
;; MSG SIZE rcvd: 112; <<>> DiG 9.10.3 <<>> arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13809
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arch-xu4. IN A
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Fri Oct 23 01:09:30 UTC 2015
;; MSG SIZE rcvd: 89nslookup responses
[root@arch-xu4 /var/named]$ nslookup sickrage.arch-xu4
Server: 192.168.1.3
Address: 192.168.1.3#53
sickrage.arch-xu4 canonical name = arch-xu4. [root@arch-xu4 /var/named]$ nslookup pma.arch-xu4
Server: 192.168.1.3
Address: 192.168.1.3#53
pma.arch-xu4 canonical name = arch-xu4.On my laptop I have nameserver 192.168.1.3 in /etc/resolv.conf and dig responds just as it would above but when I try to ping any hosts or the subdomains I get unknown host and when I try to browse to one of the subdomains I get DNS_PROBE_FINISHED_NXDOMAIN
What did I configure incorrectly?
Offline
#2 2015-10-23 06:30:09
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: BIND Configuration
Show the dig command - and show that dig is actually providing useful info. For example:
$ dig ms.com
<snipped>
;; ANSWER SECTION:
ms.com. 60 IN A 104.71.43.70You are missing an *IP address* in the dig output.
Offline
#3 2015-10-23 14:20:13
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
[root@arch-xu4 /srv/webserver/nginx/sites]$ dig google.com
; <<>> DiG 9.10.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61372
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 63.117.14.20
google.com. 299 IN A 63.117.14.21
google.com. 299 IN A 63.117.14.26
google.com. 299 IN A 63.117.14.27
google.com. 299 IN A 63.117.14.23
google.com. 299 IN A 63.117.14.24
google.com. 299 IN A 63.117.14.25
google.com. 299 IN A 63.117.14.22
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 23 14:19:57 UTC 2015
;; MSG SIZE rcvd: 167Offline
#4 2015-10-23 16:54:23
- tsh
- Member
- From: Munich
- Registered: 2014-07-25
- Posts: 41
- Website
Re: BIND Configuration
;; SERVER: 8.8.8.8#53(8.8.8.8)
Your configuration is still using Google DNS (8.8.8.8) server. Are you sure your /etc/resolve.conf has your DNS server's IP? If it is, do you have any firewall rules that automatically rewrite all UDP packets to port 53 to 8.8.8.8? NetworkManager or DHCP leases which may overwrite the file?
Edit: I see that you are forwarding for zones which your server is not responsible for. In this case, I guess the output you have is expected.
Last edited by tsh (2015-10-23 17:00:28)
Offline
#5 2015-10-23 16:59:07
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
Yea I changed it back to Google's DNS so resolution would work until I got this straightened out. Here I just changed it back to my local DNS for the time being:
[root@arch-xu4 ~]$ dig google.com
; <<>> DiG 9.10.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45109
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 63.117.68.27
google.com. 299 IN A 63.117.68.24
google.com. 299 IN A 63.117.68.22
google.com. 299 IN A 63.117.68.20
google.com. 299 IN A 63.117.68.21
google.com. 299 IN A 63.117.68.26
google.com. 299 IN A 63.117.68.25
google.com. 299 IN A 63.117.68.23
;; AUTHORITY SECTION:
. 12366 IN NS b.root-servers.net.
. 12366 IN NS i.root-servers.net.
. 12366 IN NS l.root-servers.net.
. 12366 IN NS m.root-servers.net.
. 12366 IN NS g.root-servers.net.
. 12366 IN NS f.root-servers.net.
. 12366 IN NS d.root-servers.net.
. 12366 IN NS h.root-servers.net.
. 12366 IN NS e.root-servers.net.
. 12366 IN NS j.root-servers.net.
. 12366 IN NS k.root-servers.net.
. 12366 IN NS c.root-servers.net.
. 12366 IN NS a.root-servers.net.
;; Query time: 55 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Fri Oct 23 16:58:20 UTC 2015
;; MSG SIZE rcvd: 378Offline
#6 2015-10-23 17:19:26
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: BIND Configuration
I'm working on an internal DNS server
What is the purpose of this DNS server? Authorative, caching, or both?
Offline
#7 2015-10-23 17:48:10
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
Currently, just authoritative, but I plan on implementing caching once I get my local resolutions figured out. This is just for my home network.
Offline
#8 2015-10-23 19:15:53
- branch
- Member
- Registered: 2014-03-16
- Posts: 209
Re: BIND Configuration
What is on the "hosts" line of /etc/nsswitch.conf?
Offline
#9 2015-10-23 21:23:57
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
[root@arch-xu4 ~]$ grep hosts /etc/nsswitch.conf
hosts: files dns myhostnameOffline
#10 2015-10-23 22:22:56
- tsh
- Member
- From: Munich
- Registered: 2014-07-25
- Posts: 41
- Website
Re: BIND Configuration
Could you change the line to:
hosts: files myhostname dnsOffline
#11 2015-10-24 18:08:15
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
I made that change on the DNS server and added search arch-xu4 and uncommented 192.168.1.3 (since it was screwing up things before since it's not working correctly) and now I can ping arch-xu4 and it responds but it comes back as pma.odroid for some reason, even though the hostname is actually just arch-xu4. That was a web address that I had on it when I first got it (it's an HardKernel Odroid-XU4), but it had Ubuntu on it. That domain name must be cached somewhere in the router or something, even though that hostname isn't found in the router's DNS.
[bran@chromebook /etc]$ ping arch-xu4
PING arch-xu4.arch-xu4 (192.168.1.3) 56(84) bytes of data.
64 bytes from pma.odroid (192.168.1.3): icmp_seq=1 ttl=64 time=18.3 ms
64 bytes from pma.odroid (192.168.1.3): icmp_seq=2 ttl=64 time=4.83 ms
64 bytes from pma.odroid (192.168.1.3): icmp_seq=3 ttl=64 time=2.48 ms
64 bytes from pma.odroid (192.168.1.3): icmp_seq=4 ttl=64 time=3.35 ms
^C
--- arch-xu4.arch-xu4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 2.486/7.244/18.302/6.439 msI can also type arch-xu4 into my web browser and it brings me to my Pydio subdomain (pydio.arch-xu4, which doesn't work). So we're making some progress here.
[bran@chromebook /etc]$ dig arch-xu4
; <<>> DiG 9.10.3 <<>> arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45925
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arch-xu4. IN A
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 2925 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sat Oct 24 14:45:25 EDT 2015
;; MSG SIZE rcvd: 89 [root@arch-xu4 ~]$ dig arch-xu4
; <<>> DiG 9.10.3 <<>> arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38646
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arch-xu4. IN A
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 2 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sat Oct 24 18:46:06 UTC 2015
;; MSG SIZE rcvd: 89 [root@arch-xu4 ~]$ dig pydio.arch-xu4
; <<>> DiG 9.10.3 <<>> pydio.arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45383
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pydio.arch-xu4. IN A
;; ANSWER SECTION:
pydio.arch-xu4. 7200 IN CNAME arch-xu4.
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 2 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sat Oct 24 18:47:41 UTC 2015
;; MSG SIZE rcvd: 109 [bran@chromebook /etc]$ dig pydio.arch-xu4
; <<>> DiG 9.10.3 <<>> pydio.arch-xu4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44334
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pydio.arch-xu4. IN A
;; ANSWER SECTION:
pydio.arch-xu4. 7200 IN CNAME arch-xu4.
;; AUTHORITY SECTION:
arch-xu4. 7200 IN SOA ns01.arch-xu4. postmaster.arch-xu4. 2015102203 28800 1800 604800 86400
;; Query time: 5 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Sat Oct 24 14:48:30 EDT 2015
;; MSG SIZE rcvd: 109Last edited by brando56894 (2015-10-24 18:52:53)
Offline
#12 2015-10-24 19:21:32
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: BIND Configuration
64 bytes from pma.odroid (192.168.1.3)
That name is coming from *reverse* DNS lookup, i.e. to show it:
dig -x 192.168.1.3Offline
#13 2015-10-26 13:35:05
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
Ah ok, this is the response I get
[root@arch-xu4 ~]$ dig -x 192.168.1.3
; <<>> DiG 9.10.3 <<>> -x 192.168.1.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51121
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.1.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
168.192.IN-ADDR.ARPA. 86400 IN SOA 168.192.IN-ADDR.ARPA. . 0 28800 7200 604800 86400
;; Query time: 3 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Mon Oct 26 13:32:37 UTC 2015
;; MSG SIZE rcvd: 108Offline
#14 2015-10-26 22:18:06
- Moviuro
- Member
- Registered: 2012-06-03
- Posts: 74
Re: BIND Configuration
This is my first foray into setting up my own DNS server.
I recommend you stop and switch to a more secure server (e.g. unbound)
http://www.cvedetails.com/product/18208 … r_id=10197
http://www.cvedetails.com/product/144/I … ndor_id=64
bspwm, BTRFS over LUKS
Archlinux a lot, FreeBSD more and more...
Murphy's rule: The day you need a backup, you tell yourself you should have created some.
Offline
#15 2015-10-31 22:38:01
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
Thanks, I gave it a try and after messing around with it I finally got it to work, you forgot one major flaw though: Unbound doesn't support CNAME records, so I ended up using A records.
Last edited by brando56894 (2015-10-31 22:38:32)
Offline
#16 2015-10-31 23:18:24
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: BIND Configuration
Er, Unbound works fine with CNAME - if it didn't, it would be effectively unusable!
Offline
#17 2015-11-01 23:16:34
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
Click the bold text and you'll see the explanation ;-) I couldn't get CNAME records to work at all.
Offline
#18 2015-11-02 12:23:37
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: BIND Configuration
Please stop using that old 2009 link to justify your own misunderstanding. Instead, do some googling.
I'll repeat this, hopefully it will sink in:
Unbound works fine with CNAME - if it didn't, it would be effectively unusable!
Offline
#19 2015-11-03 16:32:46
- brando56894
- Member
- From: NYC
- Registered: 2008-08-03
- Posts: 681
Re: BIND Configuration
I'll stop using it when you actually provide me with some help and prove that it works because I can't find anything that says it does after hours of searching. Saying "It works, google it" doesn't really help because that's what I've been doing for days.
Offline
#20 2015-11-03 19:46:46
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,349
Re: BIND Configuration
https://wiki.archlinux.org/index.php/Fo … ther_users
https://wiki.archlinux.org/index.php/Fo … troduction
Brebs was probably your best resource on the forums for this topic (with the possible exception of fukawi2)
I thought his advice was pretty good
Closing
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
Pages: 1
Topic closed