1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting up nameserver - bind

Discussion in 'Web and Network Services' started by NuLL3rr0r, Jan 22, 2010.

  1. NuLL3rr0r

    NuLL3rr0r New Member

    Messages:
    118
    Likes Received:
    0
    Hi,

    First of all sorry for bad English.

    I'm a newcomer to FreeBSD, and I'm going to like it.
    Before I tried FreeBSD, I had a Linux VPS (My ISP set it up for me). I decide to drop it in favor of FreeBSD and installed FreeBSD from scratch on VMWare ESXi 4.0 (My ISP just offers Linux VPS, but they agreed to let me set it up myself).

    The problem is I know nothing about setting up DNS and Nameserver.

    I followed this guide to setup bind nameserver:
    http://www.freebsd.org/doc/handbook/network-dns.html


    The Server Spec:
    Code:
    http://91.194.91.7/
    ns1.babaei.net 91.194.90.11
    ns2.babaei.net 91.194.90.12
    ns3.babaei.net 193.200.241.6
    ns4.babaei.net 93.104.209.252
    


    I edit /etc/rc.conf:
    Code:
    named_enable="YES"
    

    /etc/namedb/named.conf
    Code:
    zone "babaei.net" {
        type master;
        file "master/babaei.net";
    };
    
    zone "1.168.192.in-addr.arpa" {
            type slave;
            file "slave/1.168.192.in-addr.arpa";
            masters {
                    192.168.1.1;
            };
    };
    

    /etc/namedb/master/babaei.net
    Code:
    $TTL 3600        ; 1 hour default TTL
    babaei.net.    IN      SOA      ns1.babaei.net. root.babaei.net. (
                                    2010012208      ; Serial
                                    10800           ; Refresh
                                    3600            ; Retry
                                    604800          ; Expire
                                    300             ; Negative Reponse TTL
                            )
    
    ; DNS Servers
                    IN      NS      ns1.babaei.net.
                    IN      NS      ns2.babaei.net.
                    IN      NS      ns3.babaei.net.
                    IN      NS      ns4.babaei.net.
    
    ; MX Records
                    IN      MX 10   mx.babaei.net.
                    IN      MX 20   mail.babaei.net.
    
                    IN      A       91.194.91.7
    
    ; Machine Names
    localhost       IN      A       127.0.0.1
    ns1             IN      A       91.194.90.11
    ns2             IN      A       93.104.209.252
    ns3             IN      A       193.200.241.6
    ns4             IN      A       91.194.90.12
    mx              IN      A       91.194.91.7
    mail            IN      A       91.194.91.7
    
    ; Aliases
    www             IN      CNAME   babaei.net.
    

    /etc/namedb/slave/1.168.192.in-addr.arpa
    Code:
    $TTL 3600
    
    1.168.192.in-addr.arpa. IN SOA ns1.babaei.net. root.babaei.net. (
                            2010012208      ; Serial
                            10800           ; Refresh
                            3600            ; Retry
                            604800          ; Expire
                            300 )           ; Negative Reponse TTL
    
            IN      NS      ns1.babaei.net.
            IN      NS      ns2.babaei.net.
            IN      NS      ns3.babaei.net.
            IN      NS      ns4.babaei.net.
    
    1       IN      PTR     babaei.net.
    2       IN      PTR     ns1.babaei.net.
    3       IN      PTR     ns2.babaei.net.
    4       IN      PTR     ns3.babaei.net.
    5       IN      PTR     ns4.babaei.net.
    6       IN      PTR     mx.babaei.net.
    7       IN      PTR     mail.babaei.net.
    

    Code:
    # named-checkzone babaei.net /etc/namedb/master/babaei.net
    zone babaei.net/IN: loaded serial 2010012208
    OK
    
    # /etc/rc.d/named reload
    // or
    # rndc reload
    


    When I tried this from the VPS itself:
    Code:
    # host -t ns babaei.net
    babaei.net name server ns4.babaei.net.
    babaei.net name server ns2.babaei.net.
    babaei.net name server ns3.babaei.net.
    babaei.net name server ns1.babaei.net.
    

    I tried this for 5 days, and still I can't browse my website:

    http://checkdns.net/quickcheck.aspx?domain=www.babaei.net&detailed=1

    Code:
      Tried to fetch SOA record for domain, but DNS server ns1.babaei.net [91.194.90.11] returned error code Refused 
      Error fetching SOA from ns2.babaei.net [93.104.209.252]: Connection reset. Probably DNS server is offline. 
      Tried to fetch SOA record for domain, but DNS server ns3.babaei.net [193.200.241.6] returned error code Refused 
      Tried to fetch SOA record for domain, but DNS server ns4.babaei.net [91.194.90.12] returned error code Refused 
    

    It's an rock-solid OS and I didn't want to ignore it just because I can't setup DNS in bind or my ISP doesn't support FreeBSD.


    Thanks in Advance.
     
  2. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,672
    Likes Received:
    26
    As far as I can see, your domain registration lacks glue records. Glue records are needed when a domain's nameservers are within that domain. So the problem is that nobody can find the IP address for the nameservers, because there's no way to ask the nameservers for the IP address, because the IP address for the nameservers is not known, making it impossible to find .... you see where this is going? So your domain registration needs to contain the IP addresses for your nameservers as well as their names.

    Code:
    Domain servers in listed order:
        ns4.babaei.net
        ns3.babaei.net
        ns2.babaei.net
        ns1.babaei.net
    Code:
    $ dnscheck -c -r -v -z babaei.net
    [   ] /usr/bin/dig +norecurse ns "babaei.net" "@a.root-servers.net"
    [net] /usr/bin/dig +norecurse ns "babaei.net" "@h.gtld-servers.net"
          + babaei.net. IN NS ns1.babaei.net. (serial 0)
          + babaei.net. IN NS ns2.babaei.net. (serial 0)
          + babaei.net. IN NS ns3.babaei.net. (serial 0)
          + babaei.net. IN NS ns4.babaei.net. (serial 0)
    
    [   ] /usr/bin/dig ns "babaei.net" "@localhost"
    babaei.net (serial 0)
     ns1.babaei.net                    -
     ns2.babaei.net                    -
     ns3.babaei.net                    -
     ns4.babaei.net                    -
    
    This may or may not relate to the errors you're experiencing, but it's an error nonetheless.
     
  3. NuLL3rr0r

    NuLL3rr0r New Member

    Messages:
    118
    Likes Received:
    0
    Thanks for the answer.

    Well this is the first time I've heard of a glue records. but from what I read and understood the Glue Record is simply an IP:

    http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
    http://faq.domainmonster.com/dns/glue_record/

    I checked my Domain Panel on Directi and found each dns registered with an IP address (If I'm not wrong, a glue record). My ISP did that for me.

    I attached a pic that shows each dns and it's registered IP.

    The problem is my ISP's technical support does know nothing about BSD and usually they setup DNS's with web interfaces like CPANEL or Webmin.

    I'm not sure about my config files. Is the syntax and situation OK??
    If I'll be sure the I can ask them for help (Maybe somethings on their side is wrong.).


    However thanks for responding.
     

    Attached Files:

    • nsip.jpg
      nsip.jpg
      File size:
      96.1 KB
      Views:
      676
  4. NuLL3rr0r

    NuLL3rr0r New Member

    Messages:
    118
    Likes Received:
    0
    Finally it works:

    I just changed everything to VPS IP itself:

    Code:
    ns1             IN      A       91.194.91.7
    ns2             IN      A       91.194.91.7
    ns3             IN      A       91.194.91.7
    ns4             IN      A       91.194.91.7
    
    (This happens in domain panel also).


    I also needed to change this line in

    /etc/namedb/named.conf
    Code:
    //     listen-on       { 127.0.0.1; };
    // Changed to:
            listen-on       { 91.194.91.7; };
    
    or simply it's not working.


    I added

    /etc/rc.conf
    Code:
    sendmail_enable="YES"
    
    or I'll get:
    Code:
    error connecting to mail server port 25 : connection refused.
    

    I'm still waiting till DNS databases across the NET is updating.
    Code:
    http://checkdns.net/quickcheck.aspx?domain=www.babaei.net&detailed=1
    


    That's a shame!! They told me these IP's are authoritative for my domain, But it's not. I think these are my ISP's DNS Server, since I can browse them by a browser. I really don't know how they can handle this, But I'm happy for now.
     
  5. Alt

    Alt New Member

    Messages:
    726
    Likes Received:
    0
    You must add allow-query for every world if this server ansers for domain zone.
     
  6. NuLL3rr0r

    NuLL3rr0r New Member

    Messages:
    118
    Likes Received:
    0

    Thanks for the tip. But as you can see here
    http://student.ing-steen.se/unix/named.conf.html
    it says:
    As it says I think this is the default option for all zones:
    Code:
    allow-query { any; };
    Now it's just works fine.

    I also found this nice brief tip for securing bind:
    http://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html

    As a good security practice I'm going to try this.
     
  7. Alt

    Alt New Member

    Messages:
    726
    Likes Received:
    0
    Dunno whats default, i just see error "returned error code Refused" in your logs xD
     
  8. NuLL3rr0r

    NuLL3rr0r New Member

    Messages:
    118
    Likes Received:
    0
    Well!!

    I just listen to your advice and put allow-query for every zone in named.conf.

    If I use nameserver other than 91.194.91.7 in resolv.conf the DNS query failed. But with allow-query set to any now I can use any nameserver that I want in resolv.conf.

    tnx,
    for the advise.