I am having trouble in getting FQDN working. Here are my settings: named.conf: Code: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; named.conf.local: Code: zone "mydomain.com" { type master; file "/etc/bind/mydomain.com.zone"; }; named.conf.default-zones: Code: // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; named.conf.options: Code: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; my /etc/resolv.conf: Code: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 8.8.4.4 search mydomain.com I added net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 lines into /etc/sysctl.conf because of some errors and fixed those errors and also added "-4" into /etc/default/bind9 I rebooted the server several times so there is no issue with not applied changes and these are the results: from "intodns.com" check: Code: Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records. Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: my-server-ip Pass Name of nameservers are valid OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green! Error Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. Pass Nameservers are lame OK. All the nameservers listed at the parent servers answer authoritatively for your domain. Pass Missing nameservers reported by parent OK. All NS records are the same at the parent and at your nameservers. Error Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again: ns1.mydomain.com. ns2.mydomain.com. here are the logs of grep bind /var/log/syslog: Code: . . ... Nov 22 21:48:04 Boiii named[1270]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -4 -u bind Nov 22 21:48:04 Boiii named[1270]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE' Nov 22 21:48:04 Boiii named[1270]: loading configuration from '/etc/bind/named.conf' Nov 22 21:48:04 Boiii named[1270]: reading built-in trusted keys from file '/etc/bind/bind.keys' Nov 22 21:48:05 Boiii named[1270]: set up managed keys zone for view _default, file 'managed-keys.bind' Nov 22 21:48:05 Boiii named[1270]: configuring command channel from '/etc/bind/rndc.key' Nov 22 21:52:09 Boiii kernel: [ 0.495060] TCP bind hash table entries: 8192 (order: 5, 131072 bytes) Nov 22 21:52:09 Boiii kernel: [ 0.495198] TCP: Hash tables configured (established 8192 bind 8192) Nov 22 21:52:09 Boiii named[1307]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -4 -u bind Nov 22 21:52:09 Boiii named[1307]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIGCHASE' Nov 22 21:52:09 Boiii named[1307]: loading configuration from '/etc/bind/named.conf' Nov 22 21:52:09 Boiii named[1307]: reading built-in trusted keys from file '/etc/bind/bind.keys' Nov 22 21:52:09 Boiii named[1307]: set up managed keys zone for view _default, file 'managed-keys.bind' Nov 22 21:52:09 Boiii named[1307]: configuring command channel from '/etc/bind/rndc.key' grep named /var/log/syslog: Code: . . ... Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 124.100.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 125.100.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 126.100.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 127.100.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 254.169.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: D.F.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 8.E.F.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 9.E.F.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: A.E.F.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: B.E.F.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Nov 22 21:52:09 Boiii named[1307]: automatic empty zone: EMPTY.AS112.ARPA Nov 22 21:52:09 Boiii named[1307]: configuring command channel from '/etc/bind/rndc.key' Nov 22 21:52:09 Boiii named[1307]: command channel listening on 127.0.0.1#953 Nov 22 21:52:09 Boiii named[1307]: managed-keys-zone: journal file is out of date: removing journal file Nov 22 21:52:09 Boiii named[1307]: managed-keys-zone: loaded serial 17 Nov 22 21:52:09 Boiii named[1307]: zone 0.in-addr.arpa/IN: loaded serial 1 Nov 22 21:52:09 Boiii named[1307]: zone 255.in-addr.arpa/IN: loaded serial 1 Nov 22 21:52:09 Boiii named[1307]: zone 127.in-addr.arpa/IN: loaded serial 1 Nov 22 21:52:09 Boiii named[1307]: zone localhost/IN: loaded serial 2 Nov 22 21:52:09 Boiii named[1307]: zone mydomain.com/IN: loaded serial 2017112002 Nov 22 21:52:09 Boiii named[1307]: all zones loaded Nov 22 21:52:09 Boiii named[1307]: running Nov 22 21:52:09 Boiii named[1307]: zone mydomain.com/IN: sending notifies (serial 2017112002) I only get error from this: Code: nslookup mydomain.com ;; Got SERVFAIL reply from 8.8.8.8, trying next server Server: 8.8.4.4 Address: 8.8.4.4#53 ** server can't find mydomain.com: SERVFAIL 127.0.0.1 is just fine: Code: nslookup mydomain.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: mydomain.com Address: my-server-ip I don't see any problem and I tried to change the NS settings from my domain provider ns1 and ns2 to my server's ip a couple of times. I need help, everything looks ok for me. I named the post title as this since I don't know where I am getting the error from, I'm sorry if that naming is wrong.
Ok, I found the problem lol, the problem was that I didn't allow the nameserver port (53) from ufw. I won't delete the thread anyways, maybe someday it can help people.
