[arch-general] BIND 9 problem
hello, I'm trying to set up my own DNS server but I can't... I registered ns1.mydomain.com as a nameserver and I ponted it to my VPS's IP. the I listed ns1.mydomain.com as the nameserver of mydomain.com. I don't know if I've done something wrong with my registrar or my zones/configs are wrong... the logs are absolutely empty! all my confs/zones: http://pastebin.com/z23HRyAh the ONLY thing altered in the confs is the domain thank you in advance! -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.)
On Fri, Jul 27, 2012 at 5:55 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
I'm trying to set up my own DNS server but I can't... I registered ns1.mydomain.com as a nameserver and I ponted it to my VPS's IP. the I listed ns1.mydomain.com as the nameserver of mydomain.com.
I don't know if I've done something wrong with my registrar or my zones/configs are wrong... the logs are absolutely empty!
all my confs/zones: http://pastebin.com/z23HRyAh the ONLY thing altered in the confs is the domain
1. You are missing a $ORIGIN line at the top of your zone file: $ORIGIN dimitrisze.com. (Don't forget the dot after "com"!) 2. Your SOA record has a wrong MNAME (master DNS server name) field – it should point to a DNS server such as "ns1.mydomain.com." (or just "ns1" if you have $ORIGIN), not to the domain itself. 3. Your SOA field is missing the RNAME (responsible person name) field between MNAME and the serial number. It should point to an email address in DNS syntax, e.g. "01ttouch.gmail.com." or "hostmaster.mydomain.com." (or just "hostmaster"). http://pastebin.com/xPMzG8m2 should be correct. Use "named-checkzone" to verify zone files: named-checkzone mydomain.com /etc/named/domain-enabled/mydomain.com.db By the way, hiding the domain is 1) pointless since domain names are public anyway, 2) makes it much harder to answer such questions when I cannot look at the real information with `dig` and such. (You forgot to change line 63, though.) Also, using "notify no" is a poor idea – makes DNS updates a bit slower. -- Mantas Mikulėnas
thanks a million man... yes, you're right, domains are public :P didn't know about named-check*! -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Fri, Jul 27, 2012 at 7:17 PM, Mantas Mikulėnas <grawity@gmail.com> wrote:
On Fri, Jul 27, 2012 at 5:55 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
I'm trying to set up my own DNS server but I can't... I registered ns1.mydomain.com as a nameserver and I ponted it to my VPS's IP. the I listed ns1.mydomain.com as the nameserver of mydomain.com.
I don't know if I've done something wrong with my registrar or my zones/configs are wrong... the logs are absolutely empty!
all my confs/zones: http://pastebin.com/z23HRyAh the ONLY thing altered in the confs is the domain
1. You are missing a $ORIGIN line at the top of your zone file:
$ORIGIN dimitrisze.com.
(Don't forget the dot after "com"!)
2. Your SOA record has a wrong MNAME (master DNS server name) field – it should point to a DNS server such as "ns1.mydomain.com." (or just "ns1" if you have $ORIGIN), not to the domain itself.
3. Your SOA field is missing the RNAME (responsible person name) field between MNAME and the serial number. It should point to an email address in DNS syntax, e.g. "01ttouch.gmail.com." or "hostmaster.mydomain.com." (or just "hostmaster").
http://pastebin.com/xPMzG8m2 should be correct. Use "named-checkzone" to verify zone files:
named-checkzone mydomain.com /etc/named/domain-enabled/mydomain.com.db
By the way, hiding the domain is 1) pointless since domain names are public anyway, 2) makes it much harder to answer such questions when I cannot look at the real information with `dig` and such. (You forgot to change line 63, though.)
Also, using "notify no" is a poor idea – makes DNS updates a bit slower.
-- Mantas Mikulėnas
is the IP 0.0.0.0 ok? or do I have to change it to the actual public IP (it's static, so it won't be a problem) -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Fri, Jul 27, 2012 at 9:29 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
thanks a million man... yes, you're right, domains are public :P didn't know about named-check*!
-- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.)
On Fri, Jul 27, 2012 at 7:17 PM, Mantas Mikulėnas <grawity@gmail.com>wrote:
On Fri, Jul 27, 2012 at 5:55 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
I'm trying to set up my own DNS server but I can't... I registered ns1.mydomain.com as a nameserver and I ponted it to my VPS's IP. the I listed ns1.mydomain.com as the nameserver of mydomain.com.
I don't know if I've done something wrong with my registrar or my zones/configs are wrong... the logs are absolutely empty!
all my confs/zones: http://pastebin.com/z23HRyAh the ONLY thing altered in the confs is the domain
1. You are missing a $ORIGIN line at the top of your zone file:
$ORIGIN dimitrisze.com.
(Don't forget the dot after "com"!)
2. Your SOA record has a wrong MNAME (master DNS server name) field – it should point to a DNS server such as "ns1.mydomain.com." (or just "ns1" if you have $ORIGIN), not to the domain itself.
3. Your SOA field is missing the RNAME (responsible person name) field between MNAME and the serial number. It should point to an email address in DNS syntax, e.g. "01ttouch.gmail.com." or "hostmaster.mydomain.com." (or just "hostmaster").
http://pastebin.com/xPMzG8m2 should be correct. Use "named-checkzone" to verify zone files:
named-checkzone mydomain.com/etc/named/domain-enabled/mydomain.com.db
By the way, hiding the domain is 1) pointless since domain names are public anyway, 2) makes it much harder to answer such questions when I cannot look at the real information with `dig` and such. (You forgot to change line 63, though.)
Also, using "notify no" is a poor idea – makes DNS updates a bit slower.
-- Mantas Mikulėnas
On Fri, Jul 27, 2012 at 9:35 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
is the IP 0.0.0.0 ok? or do I have to change it to the actual public IP
Why would you want to have 0.0.0.0 in DNS anyway? If you don't want to have a "www" or "imap" or other subdomains, just delete them completely... (But for "ns1", you must use the real public address of the server.) -- Mantas Mikulėnas
I thought that it would be translated to my public ip... :P A dig proved that I was wrong, I fixed it, but now I have to wait 2 hours (TTL 7200) to update the zone? -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Fri, Jul 27, 2012 at 9:54 PM, Mantas Mikulėnas <grawity@gmail.com> wrote:
On Fri, Jul 27, 2012 at 9:35 PM, Δημήτρης Ζέρβας <01ttouch@gmail.com> wrote:
is the IP 0.0.0.0 ok? or do I have to change it to the actual public IP
Why would you want to have 0.0.0.0 in DNS anyway? If you don't want to have a "www" or "imap" or other subdomains, just delete them completely... (But for "ns1", you must use the real public address of the server.)
-- Mantas Mikulėnas
all my confs/zones: http://pastebin.com/z23HRyAh the ONLY thing altered in the confs is the domain
1. You are missing a $ORIGIN line at the top of your zone file:
$ORIGIN dimitrisze.com.
(Don't forget the dot after "com"!)
That $ORIGIN is implied by bind from the zone "dimitrisze.com" IN { ... } setting, so it's not necessary. I've avoided it usually since it allows me to have the same zone file for two zones that need to be kept in lock-step, for ex. domain.info and domain.com -- дамјан
tracepath dimitrisze.com: 1: 192.168.1.30 0.038ms pmtu 1500 1: 192.168.1.1 0.529ms asymm 2 1: 192.168.1.1 0.517ms asymm 2 2: no reply 3: no reply ping dimitrisze.com: PING dimitrisze.com (158.255.215.159) 56(84) bytes of data. 64 bytes from 159-215-255-158.static.edis.at (158.255.215.159): icmp_req=1 ttl=49 time=99.5 ms 64 bytes from 159-215-255-158.static.edis.at (158.255.215.159): icmp_req=2 ttl=49 time=105 ms --- dimitrisze.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 99.507/102.559/105.611/3.052 ms dig dimitrisze.com: ; <<>> DiG 9.9.1-P2 <<>> dimitrisze.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11827 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dimitrisze.com. IN A ;; ANSWER SECTION: dimitrisze.com. 2369 IN A 158.255.215.159 ;; Query time: 65 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Jul 27 20:06:55 2012 ;; MSG SIZE rcvd: 59 WTF? ping & dig ok, but tracepath reports no reply! -- (\_ /) copy the bunny to your profile (0.o ) to help him achieve world domination. (> <) come join the dark side. /_|_\ (we have cookies.) On Fri, Jul 27, 2012 at 10:44 PM, Damjan <gdamjan@gmail.com> wrote:
all my confs/zones: http://pastebin.com/z23HRyAh
the ONLY thing altered in the confs is the domain
1. You are missing a $ORIGIN line at the top of your zone file:
$ORIGIN dimitrisze.com.
(Don't forget the dot after "com"!)
That $ORIGIN is implied by bind from the zone "dimitrisze.com" IN { ... } setting, so it's not necessary.
I've avoided it usually since it allows me to have the same zone file for two zones that need to be kept in lock-step, for ex. domain.info and domain.com
-- дамјан
participants (3)
-
Damjan
-
Mantas Mikulėnas
-
Δημήτρης Ζέρβας