ISPConfig and BIND on Debian sarge (rfc1912 : failed on zonecheck)

Hello,
I've noticed that on Debian sarge, after configuring dns with ISPConfig web panel, the file /etc/bind/named.conf make an error when testing with zonecheck http://www.zonecheck.fr/
The /etc/bind/named.conf contain initially (from Debian) :
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

And after configuration with ISPConfig, beginning of file looks like this :
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
The problem is on the use of the file "db.local" (/etc/named/db.local) which is the file for zone "localhost" on Debian and the file for zone "0.0.127.in-addr.arpa" (ie : reverse zone) in ISPConfig.
The result is an error when testing with zonecheck and more important : without correction, we can't make some modification in the AFNIC's WHOIS which make use of zonecheck and deny modifications when the test result is not successful.

 

What's the exact error message you get?
What's in your (ISPConfig) /etc/bind/named.conf?

 

Error from http://www.zonecheck.fr/ (name and ip changed)
---- fatal ----
f: Loopback is not resolvable

* Ref: IETF RFC1912 (p.13 4.1. Boot file setup)

These are set up to either provide nameservice for "special" addresses, or to help eliminate accidental queries for broadcast or local address to be sent off to the root nameservers. All of these files will contain NS and SOA records just like the other zone files you maintain.

* site.exemple.net./192.168.0.1 (it'snot the real name/ip)


Final status
FAILURE
################
and the head of /etc/bind/named.conf is :
options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
################
To remove error from zonecheck.fr, I've commented
//zone "0.0.127.in-addr.arpa" {
// type master;
// file "db.local";
//};
and add this :
//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

 

Did you set up Bind as described here? http://www.howtoforge.com/perfect_setup_debian_sarge_p3

 

Yes.
The only difference is on some servers the use of
dpkg-reconfigure etherconf
for configuring the network interface.

 

So your Bind is running chrooted now, and you did all these steps?

Code:

[...]
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
[...]

 

Yes :
# ls -ld /var/lib/named/etc
drwxr-xr-x 3 root root 4096 2006-05-04 16:21 /var/lib/named/etc
# ls -ld /var/lib/named/dev
drwxr-xr-x 2 root root 4096 2007-01-09 19:24 /var/lib/named/dev
# ls -ld /var/lib/named/var/cache/bind
drwxr-xr-x 2 bind bind 4096 2006-05-04 16:20 /var/lib/named/var/cache/bind
# ls -ld /var/lib/named/var/run/bind/run
drwxr-xr-x 2 bind bind 4096 2007-01-12 16:25 /var/lib/named/var/run/bind/run
# ls -ld /etc/bind
lrwxrwxrwx 1 root root 23 2006-05-04 16:21 /etc/bind -> /var/lib/named/etc/bind
# ls -ld /var/lib/named/etc/*
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind
# ls -ld /var/lib/named/etc/bind/
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind/
# ls -ld /var/lib/named/etc/bind/*
drwxr-sr-x 2 root bind 4096 2006-11-22 14:52
-rw-r--r-- 1 bind bind 237 2004-09-23 17:25 /var/lib/named/etc/bind/db.0
-rw-r--r-- 1 bind bind 271 2004-09-23 17:25 /var/lib/named/etc/bind/db.127
-rw-r--r-- 1 bind bind 237 2004-09-23 17:25 /var/lib/named/etc/bind/db.255
-rw-r--r-- 1 bind bind 353 2004-09-23 17:25 /var/lib/named/etc/bind/db.empty
-rw-r--r-- 1 bind bind 256 2004-09-23 17:25 /var/lib/named/etc/bind/db.local
-rw-r--r-- 1 bind bind 1507 2004-09-23 17:25 /var/lib/named/etc/bind/db.root
-rw-r--r-- 1 root root 3131 2007-01-12 15:14 /var/lib/named/etc/bind/named.conf
-rw-r--r-- 1 bind bind 165 2004-09-23 17:25 /var/lib/named/etc/bind/named.conf.local
-rw-r--r-- 1 bind bind 672 2004-09-23 17:25 /var/lib/named/etc/bind/named.conf.options
-rw-r----- 1 bind bind 77 2006-05-04 16:19 /var/lib/named/etc/bind/rndc.key
-rw------- 1 bind bind 895 2007-01-19 09:43 /var/lib/named/etc/bind/sec.xxxxxxxxxx.in-addr.arpa
-rw------- 1 bind bind 494 2007-01-19 09:58 /var/lib/named/etc/bind/sec.xxxxxxxxxxx
-rw-r--r-- 1 bind bind 1317 2004-09-23 17:25 /var/lib/named/etc/bind/zones.rfc1918
# ls -ld /var/lib/named/dev/null
crw-rw-rw- 1 root root 1, 3 2006-05-04 16:21 /var/lib/named/dev/null
# ls -ld /var/lib/named/dev/random
crw-rw-rw- 1 root root 1, 8 2006-05-04 16:21 /var/lib/named/dev/random
# ls -ld /var/lib/named/var/*
drwxr-xr-x 3 bind bind 4096 2006-05-04 16:20 /var/lib/named/var/cache
drwxr-xr-x 3 bind bind 4096 2006-05-04 16:21 /var/lib/named/var/run
# ls -ld /var/lib/named/etc/bind
drwxr-sr-x 3 bind bind 4096 2007-01-17 11:35 /var/lib/named/etc/bind

 

And did you modify /etc/default/bind9 and /etc/init.d/sysklogd?

What's the output of

Code:

ls -la /var/lib/named

?

 

# cat /etc/default/bind9
OPTIONS="-u bind -t /var/lib/named"

##############################

# head -14 /etc/init.d/sysklogd
#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.

PATH=/bin:/usr/bin:/sbin:/usr/sbin

pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd

test -x $binpath || exit 0

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

##############################
# ls -la /var/lib/named
total 20
drwxr-xr-x 5 root root 4096 2006-05-04 16:20 .
drwxr-xr-x 26 root root 4096 2006-12-20 12:16 ..
drwxr-xr-x 2 root root 4096 2007-01-19 18:55 dev
drwxr-xr-x 3 root root 4096 2006-05-04 16:21 etc
drwxr-xr-x 4 root root 4096 2006-05-04 16:21 var

##############################
Thank you for your attention.

 

Looks ok.

 

Debian sarge set this at install time in named.conf :
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
notice that zone "localhost" => file db.local
and zone "127.in-addr.arpa" => file db.127
ISPConfig set this in named.conf after configuring some dns zone :
zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};
notice it's a mix between the "127.in-addr.arpa" zone et the "localhost" zone, and when I perform zonecheck test which is very strict regarding rfc, it issue an error.
But everything is working but it break rfc according to zonecheck.

 

solved

Hello,

I found that I can make changes in /root/ispconfig/isp/conf/named.conf.master
(I don't know if it stays after ISPConfig's update).

For my configuration (I've another dns server which is master for reverse zone), I've made this change :
delete

Code:

zone "0.0.127.in-addr.arpa" {
         type master;
         file "db.local";
};

and for not to be master for reverse, delete

Code:

<!-- BEGIN DYNAMIC BLOCK: named_reverse -->
zone "{ZONE}.in-addr.arpa" {
        type master;
        file "pri.{ZONE}.in-addr.arpa";
};
<!-- END DYNAMIC BLOCK: named_reverse -->

and I've add this at end of /etc/bind/named.conf (for Debian sarge)

Code:

//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
// fin RFC 1912

It works !

 

ok, thank you.