BIND9 Setup

[renandecarlo]

Hello. I'm having some trouble setting up BIND9 server on Debian.

I've already set it up and set the zones and my domain but it still doesn't work!

Somebody can help me?

[Edge100x]

There's a lot that can go wrong with BIND. Are you saying that the service fails to start after you set it up? What error are you seeing in /var/log/messages at that time?

[renandecarlo]

Well, BIND starts well, but my domain is not resolving to the server.
When I try to ping it, it doesn't catch any IP.

I've already tried setting the DNS of the domain as ns1.example.com and ns2.example.com, also I've tried to set the DNS as the NFO ones: ns1.nfoservers.com, ns2 and ns3.

With the NFO DNS, it seems that the server can ping the ns1.example.com and ns2.example.com, but not the main example.com.


It seems that there might be something wrong with the configs, but I can't manage to find what.

This is what i get from /var/log/messages:

Code: Select all

root@renandecarlo:/etc/bind# cat /var/log/messages
Aug 28 06:25:04 renandecarlo rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="10351" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Aug 29 06:25:01 renandecarlo rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="10351" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
Aug 30 06:25:22 renandecarlo rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="10351" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.

Here is what I get from /var/log/syslog after restarting BIND:

Code: Select all

root@renandecarlo:/etc/bind# grep bind /var/log/syslog | tail -20
Aug 30 07:21:50 renandecarlo named[26640]: set up managed keys zone for view _default, file 'managed-keys.bind'
Aug 30 07:21:50 renandecarlo named[26640]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Aug 30 07:28:43 renandecarlo named[26735]: starting BIND 9.7.3 -u bind -t /var/lib/named
Aug 30 07:28:43 renandecarlo named[26735]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Aug 30 07:28:43 renandecarlo named[26735]: loading configuration from '/etc/bind/named.conf'
Aug 30 07:28:43 renandecarlo named[26735]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Aug 30 07:28:43 renandecarlo named[26735]: set up managed keys zone for view _default, file 'managed-keys.bind'
Aug 30 07:28:43 renandecarlo named[26735]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Aug 30 07:38:18 renandecarlo named[26783]: starting BIND 9.7.3 -u bind -t /var/lib/named
Aug 30 07:38:18 renandecarlo named[26783]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Aug 30 07:38:18 renandecarlo named[26783]: loading configuration from '/etc/bind/named.conf'
Aug 30 07:38:18 renandecarlo named[26783]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Aug 30 07:38:18 renandecarlo named[26783]: set up managed keys zone for view _default, file 'managed-keys.bind'
Aug 30 07:38:18 renandecarlo named[26783]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Aug 30 16:22:08 renandecarlo named[28717]: starting BIND 9.7.3 -u bind -t /var/lib/named
Aug 30 16:22:08 renandecarlo named[28717]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Aug 30 16:22:08 renandecarlo named[28717]: loading configuration from '/etc/bind/named.conf'
Aug 30 16:22:08 renandecarlo named[28717]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Aug 30 16:22:08 renandecarlo named[28717]: set up managed keys zone for view _default, file 'managed-keys.bind'
Aug 30 16:22:08 renandecarlo named[28717]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found

[Edge100x]

I've already tried setting the DNS of the domain as ns1.example.com and ns2.example.com, also I've tried to set the DNS as the NFO ones: ns1.nfoservers.com, ns2 and ns3.

The name servers for the domain need to be set to your BIND server's IP address. In doing this, you will also have to create name server entries for them. Your registrar should be able to assist you with these tasks.

Usually it's easiest and most effective to let someone else run DNS servers for you. We run DNS servers that we make available to our webhosting clients, for instance, through the Domains page in our control panel. Many registrars also provide DNS servers, and there are free DNS providers such as www.everydns.net.

[renandecarlo]

I would like to use my nameservers as ns1.mydomain.com and ns2.mydomain.com. I don't know if it's possible by using a DNS Server from a differently location than when the server/website is.


ns1.mydomain.com and ns2.mydomain.com are already set with an A record to my server IP address, on my registrar, but it did not work aswell.

[Edge100x]

You wouldn't need an A record at your registrar (that's done through BIND). You need a DNS record at your registrar. They should be able to help you with how to set that up.

[renandecarlo]

I have asked my registrar support to set the config so that I could use my DNS.

He set up 2 NS records to ns1.mydomain.com and ns2.mydomain.com, at the DNS zones.

However, he did put their own dns servers at the domain dns servers:
ns1.dominios.uol.com.br
ns2.dominios.uol.com.br
ns3.dominios.uol.com.br


That is not the way I wanted it, so I'll wait and see if this way works, if it works then I'll try to change it to ns1.mydomain.com and ns2.mydomain.com

[Edge100x]

If you want to run your own name servers and BIND yourself, then your registrar won't need to set up zone files. All that you will need from them is for them to create name server entries (not DNS entries) for your desired IPs, and attach those name servers to the domain at the TLD level. At least, that's how it works with the TLDs.

[renandecarlo]

I can't understand what you mean with name server entries, isn't it NS records?

Well, although i'm on a VDS/VPS, is it possible to not use BIND at all, but still use my ns1.mydomain and ns2.mydomain as my DNS servers? **with reverse dns**

[Edge100x]

Name servers for your domain are not just NS entries, no. How they are set up varies from registrar to registrar. This is something that your registrar will need to explain for you, though it sounds like they haven't been doing a good job so far.

[renandecarlo]

I've done it!

I just had to set the servers IPs together with the domain name servers on my registrar panel.
I've also used DIG querying my own server to check if the config were OK.

In case someone else have a similar problem, the query is:

dig yourdomain.com @66.22.22.22

change 66.22.22.22 to your servers IP


Now I want to setup the reverse DNS, but, as there is an option to do that on NFO control panel, I'm not very sure if I really need to do that on my BIND config.

Using DIG to check the reverse dns of the servers IP already get me to my
nameservers (set on NFO control panel), so I think there is no need to set it again on BIND. What do you think?

[Vanderburg]

It's locked until you submit a support request asking us to turn it on for you.

[renandecarlo]

It's locked until you submit a support request asking us to turn it on for you.

Its already unlocked on mine. What I want to know is if I need to set it up also on BIND to have it working, as I used to do on some other VPS.

[Edge100x]

You can use dig to query any name server, but if you do that, you also will have to check separately to make sure that the name server is authoritative for the domain. Use "dig yourdomain.com +trace" for this.

The reverse DNS for our VDSes can be set through the "IP list" page in the control panel.

[renandecarlo]

Well, I've changed some config and the domain is not working anymore.

Now I'm not sure if it really worked, because I tried to use my server as my home connection DNS, just to check if the website would work.

Here are the results from dig, the results are good, but when I try to ping the domain it says "unknown host"!! I'm going crazy!!!!!

root@renandecarlo:~# dig myhiddendomain.com +trace

; <<>> DiG 9.7.3 <<>> myhiddendomain.com +trace
;; global options: +cmd
. 355780 IN NS i.root-servers.net.
. 355780 IN NS b.root-servers.net.
. 355780 IN NS j.root-servers.net.
. 355780 IN NS k.root-servers.net.
. 355780 IN NS m.root-servers.net.
. 355780 IN NS f.root-servers.net.
. 355780 IN NS d.root-servers.net.
. 355780 IN NS c.root-servers.net.
. 355780 IN NS g.root-servers.net.
. 355780 IN NS l.root-servers.net.
. 355780 IN NS h.root-servers.net.
. 355780 IN NS a.root-servers.net.
. 355780 IN NS e.root-servers.net.
;; Received 400 bytes from 128.95.120.1#53(128.95.120.1) in 49 ms

com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
;; Received 489 bytes from 192.112.36.4#53(g.root-servers.net) in 146 ms

myhiddendomain.com. 172800 IN NS ns1.myhiddendomain.com.
myhiddendomain.com. 172800 IN NS ns2.myhiddendomain.com.
;; Received 97 bytes from 192.52.178.30#53(k.gtld-servers.net) in 148 ms

myhiddendomain.com. 1800 IN A 66.151.244.199
myhiddendomain.com. 86400 IN NS ns1.myhiddendomain.com.
myhiddendomain.com. 86400 IN NS ns2.myhiddendomain.com.
;; Received 113 bytes from 66.151.244.199#53(ns1.myhiddendomain.com) in 0 ms

My named.conf.local is as follow:

Code: Select all

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "myhiddendomain.com" {
      type master;
      file "/etc/bind/myhiddendomain.db";
      allow-transfer { 66.151.244.199; };
};

Code: Select all

$TTL 1800
@ IN SOA renandecarlo.myhiddendomain.com. admin.myhiddendomain.com. (
2011090182 30M 15M 1W 1D )

myhiddendomain.com. 86400 IN NS ns1.myhiddendomain.com.
myhiddendomain.com. 86400 IN NS ns2.myhiddendomain.com.

ns1 A 66.151.244.199
ns2 A 66.151.244.205

myhiddendomain.com. IN MX 10 mail.myhiddendomain.com.
myhiddendomain.com. A 66.151.244.199

www IN CNAME myhiddendomain.com.
ftp A 66.151.244.199
mail A 66.151.244.199
cdn A 66.151.244.205

Result from ping

Code: Select all

root@renandecarlo:/etc/bind# ping myhiddendomain.com
ping: unknown host myhiddendomain.com