I'm trying to set up a Debian Etch webserver on my LAN. This is meant as a practise as I will soon rent a dedicated server and am using my local machine as a testbox. I have completed my Debian Etch installation as told on the perfect installation guide on this website. I choose however to not use ISPconfig. A little bit of background info first: All my pc's at home are connected through a router. My router ip is 192.168.1.1 . The ip i'm giving my server is 192.168.1.100 . The hostname is neo, and lets say the domain name is example.com. example.com does however already exist and bound to a rented webserver (which i'll soon host on my own rented dedicated server). To get past this i've set up my client pc to use my server as primary dns, and my router as secondary (because my server isn't always online). However, if i try to ping to neo.example.com from my client pc, it returns the ip from my rented webserver instead of my own local debian server. If i do the same from my on the server, it returns 192.168.1.100, as it should. If i try to ping www.example.com however (also from on my server, and which is also configured in my zone files) it returns "ping: unknown host www.example.com". What could be causing this? Here's a list of the files i reckon are involved with this configuration: /etc/bind/named.conf - I didn't really change anything here. The changes i made are in named.conf.local Code: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; // zone "com" { type delegation-only; }; // zone "net" { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the "root-delegations-only" feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including "MUSEUM" and "DE", and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { "DE"; "MUSEUM"; }; include "/etc/bind/named.conf.local"; /etc/bind/named.conf.local Code: // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "example.com" { type master; file "neo.example.com"; }; zone "1.168.192.in-addr.arpa" { type master; file "neo.1.168.192.in-addr.arpa"; }; neo.example.com Code: ;neo.example.com $TTL 604800 @ IN SOA neo.example.com. root.localhost. ( 2008011301; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds ; NS ns1.example.com NS ns2.example.com MX 10 mail.example.com example.com. A 192.168.1.100 neo A 192.168.1.100 www A 192.168.1.100 ns1 A 192.168.1.100 ns2 A 192.168.1.1 mail A 192.168.1.100 ftp CNAME neo neo.1.168.192.in-addr.arpa Code: @ IN SOA neo.example.com. root.localhost. ( 2008011301; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds NS ns1.example.com.; NS ns2.example.com. 1 PTR ns2.example.com. 100 PTR example.com. /etc/bind/named.conf.options Code: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 192.168.1.1; }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; listen-on { 127.0.0.1; 192.168.1.100; }; };
Things tried since this post was made without luck: in neo.example.com i changed: Code: NS ns1.example.com NS ns2.example.com MX 10 mail.example.com to Code: NS ns1 NS ns2 MX 10 mail
Do Code: dig @localhost neo.example.com or Code: dig @localhost www.example.com work (on the server)? Do you use the DNS server as the primary DNS on your clients?
dig @localhost neo.example.com Code: ; <<>> DiG 9.3.4 <<>> @localhost neo.example.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36175 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;neo.example.com. IN A ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jan 15 15:40:21 2008 ;; MSG SIZE rcvd: 32 dig @localhost www.example.com Code: ; <<>> DiG 9.3.4 <<>> @localhost www.example.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.com. IN A ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jan 15 15:42:02 2008 ;; MSG SIZE rcvd: 32 So i guess it's not working. And yes, my server is configured as primary DNS on my client.
You've forgotten some dots in your zone file: Code: ;neo.example.com $TTL 604800 @ IN SOA neo.example.com. root.localhost. ( 2008011301; serial 28800; refresh, seconds 7200; retry, seconds 604800; expire, seconds 86400 ); minimum, seconds ; NS ns1.example.com[B][COLOR="Red"].[/COLOR][/B] NS ns2.example.com[B][COLOR="Red"].[/COLOR][/B] MX 10 mail.example.com[B][COLOR="Red"].[/COLOR][/B] example.com. A 192.168.1.100 neo A 192.168.1.100 www A 192.168.1.100 ns1 A 192.168.1.100 ns2 A 192.168.1.1 mail A 192.168.1.100 ftp CNAME neo
Hmm, still no luck. But at the moment my dedicated server is online and i'm waiting for the dns to be changed to the new server. So i'll just wait until that has happend and see if the problem also occurs on that system. Won't have t o mess around with my dns server settings of my client then.
Your named.conf seems messy to me, why all the includes? Guess they were there by default, let me show you how things work on my server perhaps it will help you out /etc/bind/named.conf Code: options { pid-file "/var/run/bind/run/named.pid"; directory "/etc/bind"; auth-nxdomain no; recursion no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; zone "example-domain.com" { type master; file "example-domain.com"; }; /etc/bind/example-domain.com Code: $TTL 86400 @ IN SOA ns1.example-domain.com. admin.example-domain.com. ( 2007121809 ; serial, todays date + todays serial # 28800 ; refresh, seconds 7200 ; retry, seconds 604800 ; expire, seconds 86400 ) ; minimum, seconds NS ns1.my-ns.com. NS ns2.my-ns.com. MX 10 example-domain.com. example-domain.com. A 127.0.0.1 webmail A 127.0.0.1 www A 127.0.0.1 example-domain.com. IN TXT "v=spf1 a mx ip4:127.0.0.1 ~all" That's it you don't need anything else. BTW do you run chrooted bind? If so make sure your zone files are inside the chrooted directory. Hope it helps.
It is chrooted, but the files are inside that directory. The perfect setup thingy made a symlink. so actually if i go to /etc/bind it goes to /var/lib/named/etc/bind and it's chrooted in /var/lib/named The includes thing is standard, but i do kinda like it. having the options and my own made zones in custom files. Not sure if the standard zones actually should be there, but they look harmless Code: zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; I do see some differences in your options file though. like the pid thing. gonna have a look into what it does and see if it helps.
