Hi, basing my bind config on this howto: http://howtoforge.com/perfect_setup_debian_etch_p4 and this site: http://linux.justinhartman.com/DNS_Installation_and_Setup_using_BIND9 I am now really stuck as I'm having even more issues then my previous failed attempt at this. A while back I tried to create a master DNS server that would work inside my LAN and provide local addresses with DNS lookups of my servers. It failed the first time since I didn't have a domain name but as now I have one it still isn't working and has got worse? Well to start with I created 2 zone files; one for my domain and one for reverse. I have checked those with: named-checkzone and I got the response OK! However my server is not directing my local domain quieries to the proper hosts on the network. instead it seems to be using the domain servers provided by the domain company which when routed back into my network gives me "connection reffused"? Since my first failed try of this I have been using my Cisco router as the local networks DNS server which provided lookups for mydomain.com internally and obviously external quieries google etc. However I am trying to restore the original domain server now since my internet connection kept timing out due to too much load on the router. I was told that the server needed to be authoritive if it was going to relay the domain lookups to my local subnet so after google'ing a while I found that bind with rndc needed to create a key. I decided to create on like: Code: rndc-confgen -a -c /etc/namedb/rndc.conf -k dnsadmin -b 256 however I get the reply when running rndc update: Code: rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. and have tried adjusting the permissions to 777 on both rndc.conf and rndc.key but to no effect I don't know what to do now. Bind starts however rndc doesn't and I have no idea how to reset rndc after trying to remove the rndc.* files it complains that there is no key??? This problem is really complicated and I don't know if anyone has an idea of how to get rndc reload to work (with or without the key) and get my main server to perform active DNS is it zone transferrs so when I type in mydomain.com the IP address of my webserver gets resolved not my WAN IP???? Oh brother I think I've really gone and done it this time!
Ok so perhaps I need to take this slowly! To start with I get an error of rndc when I try to use the reload command! rndc.conf ile is as follows: Code: key "rndckey" { algorithm hmac-md5; secret "vL+4wnHLyR+o40KoB/uBug=="; }; options { default-key "rndckey"; default-server 127.0.0.1; default-port 953; }; and I added this to named.conf Code: key "rndckey" { algorithm hmac-md5; secret "vL+4wnHLyR+o40KoB/uBug=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; }; however the reply I always get when trying to run rndc reload is: Code: rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. As posted above I used the how to from this website adn am running bind9 chrooted! Don't know if anyone knows what's going on??
Have you tried to tell your router to use your internal DNS server instead of the ones from your ISP? That way, all your clients would use the DNS server as well and should be able to resolve local addresses.
Originally the way I set it up was that the router had NS records for all local hosts. Therefore each host would resolve without a problem; just point each device to DNS name to gateway address and then full DNS would work. This however keeps causing time outs on the router when the number of external connected hosts goes up. I wanted to achieve the same effect with my main server so that I could point all the local hosts to that and get local domain resolution and external name resolution. I have managed to sort out my key issue at least so bind is fully functional again. External name resolution is working fine although I lost total DNS about an hour ago or maybe just over for some strange reason; I think because my server was running too many backup dumps and since it's only a PIII 733 with 256MB RAM I think it locked up. However internal name resolution is still not functional? I turned my routers own DNS server off and pointed some machines to the main server but still no luck. My main server seems to be resolving the DNS servers of the place where I got my domain from instead of doing what my router did by using its own entries???? I based my zone files exactly on your howto Falko which I posted above. The zone files look like this: Code: $TTL 1d ; $ORIGIN 254.168.192.IN-ADDR.ARPA. @ IN SOA ns1.optiplex-networks.com. info.optiplex-networks.com. ( 2008092103 7200 120 2419200 604800 ) IN NS ns1.optiplex-networks.com. 1 IN PTR ns1.optiplex-networks.com. Code: ; ; BIND data file for example.com ; $TTL 604800 @ IN SOA ns1.optiplex-networks.com. info.optiplex-networks.com. ( 2008092305 ; Serial 7200 ; Refresh 120 ; Retry 2419200 ; Expire 604800) ; Default TTL ; IN NS ns1.optiplex-networks.com. optiplex-networks.com. IN MX 10 mail.optiplex-networks.com. optiplex-networks.com. IN A 192.168.1.50 gx110.optiplex-networks.com. IN A 192.168.1.51 ns1.optiplex-networks.com IN A 192.168.1.51 www.optiplex-networks.com IN A 192.168.1.50 mail.optiplex-networks.com IN A 192.168.1.50 ftp.optiplex-networks.com IN A 192.168.1.51 mail.gx110.optiplex-networks.com IN A 192.168.1.51 ferrari3200.optiplex-networks.com IN A 192.168.1.5 optiplex-networks.com. IN TXT "v=spf1 ip4:192.168.1.50 a mx ~all" mail IN TXT "v=spf1 a -all" I called them in named.conf.local: Code: zone “optiplex-networks.com” { type master; notify no; allow-query { 192.168.1.0/24; }; file “/var/named/optiplex-networks.db”; }; zone “1.168.192.in-addr.arpa” { type master; notify no; allow-query { 192.168.1.0/24; }; file “/var/named/192.168.1.rev”; }; All seems ok, I checked them with: Code: named-checkzone and it came up with Ok. rndc reload also works fine and 127.0.0.1 is placed as nameserver in resolv.conf. I can't think of what else I am missing or could check? Bind is definately listening on port 953 for rndc as the output of Netstat -tap shows. Maybe you might have some suggestions???
Ok I managed to fix the issue!! Problem was in named.conf I wasn't calling /etc/bind/named.conf.local so needed to use an include statement there. My named.conf.local was fine but I took out: Code: notify no; allow-query { 192.168.1.0/24; }; To make certain and changed the "" to ascii values as they seemed to be in html or non-ascii based code. And my Zone files weren't using proper syntax as tehy had . missing after my call to domain IN A statements. The final thing was relativity adn no not Einstein but the chroot wasn't finding /var/named directory since chroot started from /etc/lib/named. So copyed /var/named into /etc/lib/named/var/named. Then restarted bind9 and all was fine
