I followed this example to get BIND up and running on CentOS. http://www.wains.be/index.php/2007/1...dns-with-bind/ Problem is I can't get my domains to resolve. Even locally, dns names I add to my zones aren't resolving. Here is my named.conf: ################################## RNDC SETTINGS ###################################### // we include the rndckey (copy-paste from rndc.key created earlier) key "rndckey" { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxxxx"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; #inet xxx.xxx.xxx.xxx allow { any; } keys { "rndckey"; }; }; ################################## OPTIONS #################################### options { directory "/var/named"; pid-file "/var/run/named/named.pid"; recursion yes; allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; }; // these are the opendns servers (optional) forwarders { 208.67.222.222; 208.67.220.220; }; listen-on { 127.0.0.1; xxx.xxx.xxx.xxx; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ #query-source address * port 53; // so people can't try to guess what version you're running version "REFUSED"; allow-query { any; #127.0.0.1; #xxx.xxx.xxx.xxx; }; }; server xxx.xxx.xxx.xxx { keys { rndckey; }; }; ######################################## ZONES ######################################## zone "." IN { type hint; file "named.ca"; }; zone "domain1.com" IN { type master; file "data/domain1.com.zone"; }; zone "domain2.com" IN { type master; file "data/domain2.com.zone"; }; One of my zone files: $ttl 38400 domain2.com. IN SOA ns.domain2.com. admin.domain2.com. ( 20090429 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day domain2.com. IN NS ns1.domain2.com. domain2.com. IN MX 1 mx.domain2.com. www.domain2.com. IN A xxx.xxx.xxx.xxx ns1.domain2.com. IN A xxx.xxx.xxx.xxx ns2.domain2.com. IN A xxx.xxx.xxx.xxx mx.domain2.com. IN A xxx.xxx.xxx.xxx node1.domain2.com. IN A xxx.xxx.xxx.xxx webmail.domain2.com IN A xxx.xxx.xxx.xxx mailadmin.domain2.com IN A xxx.xxx.xxx.xxx mail.domain2.com. IN CNAME mx.domain2.com. The problem is some of the domains are resolving, but most aren't. When I try to do nslookup www.google.com 127.0.0.1 It's not resolving locally. Because of this when I do nslookup www.domain2.com 127.0.0.1 I'm not getting the correct response. I was wondering if IPTables has anything to do with it. I have this in my ruleset: -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT Can anyone help me? I really need to get this up. ANy heop is appreciated.
I doubt if your bind is even working because you can not comment using # which you have done around the allow-query setting. The config file is malformed Run the command Code: named-checkconf
There is definitely a typo in your named.conf whats the output of Code: dig www.google.com @127.0.0.1
; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25585 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 21 IN CNAME google.navigation.opendns.com. google.navigation.opendns.com. 21 IN A 208.67.217.231 google.navigation.opendns.com. 21 IN A 208.67.217.230 ;; AUTHORITY SECTION: . 516485 IN NS l.root-servers.net. . 516485 IN NS m.root-servers.net. . 516485 IN NS a.root-servers.net. . 516485 IN NS b.root-servers.net. . 516485 IN NS c.root-servers.net. . 516485 IN NS d.root-servers.net. . 516485 IN NS e.root-servers.net. . 516485 IN NS f.root-servers.net. . 516485 IN NS g.root-servers.net. . 516485 IN NS h.root-servers.net. . 516485 IN NS i.root-servers.net. . 516485 IN NS j.root-servers.net. . 516485 IN NS k.root-servers.net. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue May 5 17:00:27 2009 ;; MSG SIZE rcvd: 315
www.domain2.com may not be resolving correctly because the queries are being sent out to the forwarders instead of being handled locally.
The problem is I can't resolve the domains locally or from my machine at home. Should I take the forwarders out?
You should be able to resolve queries via the hits file without forwarders. those domains you have locally are they pointed correctly from the registry or not ? If they are not pointed from the registry then you will have issues resolving them using the forwarders.
Okay then take out the forwarders and run the query against the localhost as well as the opendns servers and see which is different
I'm still having issues: [root@localhost data]# nslookup webmail.domain2.com Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find webmail.domain2.com: NXDOMAIN [root@localhost data]# cat zone.* $ttl 38400 domain2.com. IN SOA ns1.domain2.com. admin.domain2.com. ( 20090429 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day domain2.com. IN NS ns1.domain2.com. domain2.com. IN MX 1 mx.domain2.com. www.domain2.com. IN A xxx.xxx.xxx.xxx ns1.domain2.com. IN A xxx.xxx.xxx.xxx ns2.domain2.com. IN A xxx.xxx.xxx.xxx mx.domain2.com. IN A xxx.xxx.xxx.xxx node1.domain2.com. IN A xxx.xxx.xxx.xxx webmail.domain2.com IN A xxx.xxx.xxx.xxx mailadmin.domain2.com IN A xxx.xxx.xxx.xxx mail.domain2.com. IN CNAME mx.domain2.com. This is the output of dig.google.com ; <<>> DiG 9.3.4-P1 <<>> www.google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33568 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 30 IN CNAME google.navigation.opendns.com. google.navigation.opendns.com. 30 IN A 208.67.217.230 google.navigation.opendns.com. 30 IN A 208.67.217.231 ;; AUTHORITY SECTION: . 516864 IN NS M.ROOT-SERVERS.NET. . 516864 IN NS A.ROOT-SERVERS.NET. . 516864 IN NS B.ROOT-SERVERS.NET. . 516864 IN NS C.ROOT-SERVERS.NET. . 516864 IN NS D.ROOT-SERVERS.NET. . 516864 IN NS E.ROOT-SERVERS.NET. . 516864 IN NS F.ROOT-SERVERS.NET. . 516864 IN NS G.ROOT-SERVERS.NET. . 516864 IN NS H.ROOT-SERVERS.NET. . 516864 IN NS I.ROOT-SERVERS.NET. . 516864 IN NS J.ROOT-SERVERS.NET. . 516864 IN NS K.ROOT-SERVERS.NET. . 516864 IN NS L.ROOT-SERVERS.NET. ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 6 11:53:34 2009 ;; MSG SIZE rcvd: 315 and my domain: ; <<>> DiG 9.3.4-P1 <<>> domain2.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23182 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;domain2.com. IN A ;; AUTHORITY SECTION: domain2.com. 38400 IN SOA ns1.domain2.com. admin.domain2.com. 20090429 10800 3600 604800 86400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 6 11:57:56 2009 ;; MSG SIZE rcvd: 82 I have the following iptables rules installed iptables -I INPUT -p udp --dport 53 -j ACCEPT iptables -I OUTPUT -p udp --sport 53 -j ACCEPT Anyone seen this before?
There are dots missing - should be webmail.domain2.com. IN A xxx.xxx.xxx.xxx mailadmin.domain2.com. IN A xxx.xxx.xxx.xxx