Solved [Solved] BIND, why sometimes not working?

B

beesatmsu

my old bind (probably 6! on Freebsd 4.10) works like a charm. I change the serial, reload and ping, and the new change shows up.

not with bind9.

I have generated rndc.key, included in the named.conf, got it working with one test domain once. now I up the serial, no error message, but the ip wont change. I want to make sure it works fine before I reboot as my main DNS server.

I edit the db files from old bind.
Code: 
$TTL 3600

@  IN SOA  xx.com.  hostmaster.yyy.net. (
                      2010041308   ; Serial
                      3600         ; Refresh after 1  hours
                      1800         ; Retry after 1 hour
                      604800       ; Expire after 7 days (1 week)
                      86400)       ; Minimum TTL of 24 hours (1 day)
;
; Define  the nameservers and the mail servers
;
xx.com.                      IN   NS   ns1.yy.net. 
xx.com.                      IN   NS   ns2.yy.net.
; Define localhost
;
localhost.xx.com.            IN   A     127.0.0.1
;
; define the hosts in this zone
;

xx.com.                    IN   A      xx.x.x.108
www.xx.com.                  IN   CNAME  xx.com.

ns1.yy.net is the name of the machine, but it is the "official" DNS. yet, it worked once yesterday and now all my machines know what is xx.com, but it is just that I cannot update it with a new ip.

after I start named, the log says

Code: 
Apr 17 10:17:11 queen named[67571]: starting BIND 9.6.1-P1
Apr 17 10:17:11 queen named[67571]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' 
'--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-
libxml2'
Apr 17 10:17:11 queen named[67571]: command channel listening on 127.0.0.1#953
Apr 17 10:17:11 queen named[67571]: command channel listening on ::1#953
Apr 17 10:17:11 queen named[67571]: running

so no errors...yet the domain wont resolve.
maybe it is listening on the wrong channel? only local IP? then how can it did work yesterday?

the named.conf I did not change anything, except that one line about removing it, unless it was only for local. which I did remove.
 
I thought simply commenting it out would work.
do I need to add

listen-on {my ip};?

Code: 
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
//      listen-on       { 127.0.0.1; };
 
I added my own IP,
then
Code: 
/usr/sbin/rndc reload
rndc: connect failed: 127.0.0.1#953: connection refused

not sure what is happening...
 
BIND9 is quite a different beast. Lots of things that were allowed in < 9, are now disallowed by default. If you want to serve your domains to the world, you'll have to tell BIND to listen on an interface, and you'll have to allow queries to zones, but not recursive queries unless you're also a nameserver for machines in your LAN which use it as a resolver, etc. etc. Search the forums for strings like "named.conf", "allow-query", "allow-recursion", "allow-transfer". You should get some insightful posts and threads.
 
Dutchdaemon, thanks.

here is my output from "named -4 -S 1024 -c /etc/namedb/named.conf -g". see no obvious errors.

Code: 
17-Apr-2010 12:24:32.362 starting BIND 9.6.1-P1 -4 -S 1024 -c /etc/namedb/named.conf -g
17-Apr-2010 12:24:32.362 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--disable-ipv6' 
'--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
17-Apr-2010 12:24:32.362 found 4 CPUs, using 4 worker threads
17-Apr-2010 12:24:32.363 using up to 1024 sockets
17-Apr-2010 12:24:32.367 loading configuration from '/etc/namedb/named.conf'
17-Apr-2010 12:24:32.368 using default UDP/IPv4 port range: [49152, 65535]
17-Apr-2010 12:24:32.368 using default UDP/IPv6 port range: [49152, 65535]
17-Apr-2010 12:24:32.369 no IPv6 interfaces found
17-Apr-2010 12:24:32.369 listening on IPv4 interface re0, xx.xx.x.8#53
17-Apr-2010 12:24:32.376 command channel listening on 127.0.0.1#953
17-Apr-2010 12:24:32.376 ignoring config file logging statement due to -g option
17-Apr-2010 12:24:32.376 zone 0.in-addr.arpa/IN: loaded serial 42
17-Apr-2010 12:24:32.376 zone 10.in-addr.arpa/IN: loaded serial 42
17-Apr-2010 12:24:32.376 zone 127.in-addr.arpa/IN: loaded serial 42
...
17-Apr-2010 12:24:32.384 zone 1.com/IN: loaded serial 2010031601
17-Apr-2010 12:24:32.385 zone 2.com/IN: loaded serial 2010031601
17-Apr-2010 12:24:32.385 zone 3.com/IN: loaded serial 2010041308
17-Apr-2010 12:24:32.385 zone ip6.int/IN: loaded serial 42
17-Apr-2010 12:24:32.385 zone localhost/IN: loaded serial 42
17-Apr-2010 12:24:32.385 zone 4.net/IN: loaded serial 2010041502
17-Apr-2010 12:24:32.385 zone 5.net/IN: loaded serial 2009090403
17-Apr-2010 12:24:32.385 zone 6.net/IN: loaded serial 2010041203
17-Apr-2010 12:24:32.386 zone 7.net/IN: loaded serial 2010041110
17-Apr-2010 12:24:32.386 zone 8.net/IN: loaded serial 2010031604
17-Apr-2010 12:24:32.386 zone 9.org/IN: loaded serial 2010040902
17-Apr-2010 12:24:32.386 zone 10.org/IN: loaded serial 2010031608
17-Apr-2010 12:24:32.386 zone 11.org/IN: loaded serial 2010031601
17-Apr-2010 12:24:32.388 running
17-Apr-2010 12:24:32.388 zone 1.net/IN: sending notifies (serial 2010041502)
17-Apr-2010 12:24:32.388 zone 2.org/IN: sending notifies (serial 2010031601)
17-Apr-2010 12:24:32.388 zone 3.com/IN: sending notifies (serial 2010041308)
17-Apr-2010 12:24:32.388 zone 4.com/IN: sending notifies (serial 2010031601)
17-Apr-2010 12:24:32.388 zone 5.net/IN: sending notifies (serial 2009090403)
17-Apr-2010 12:24:32.388 zone 6.net/IN: sending notifies (serial 2010041203)
17-Apr-2010 12:24:32.388 zone 7.net/IN: sending notifies (serial 2010041110)
17-Apr-2010 12:24:32.388 zone 8.com/IN: sending notifies (serial 2010031601)
17-Apr-2010 12:24:32.388 zone 9.net/IN: sending notifies (serial 2010031604)
17-Apr-2010 12:24:32.388 zone 10.org/IN: sending notifies (serial 2010040902)
17-Apr-2010 12:24:32.388 zone 11.org/IN: sending notifies (serial 2010031608)
 
A named.conf can be syntactically correct, and still do none of what you want. Which is why you'll have to read up on BIND9's named.conf(5) settings and the forum discussions about them. There are quite a few.
 
sigh...It was working on the previous HD, I did not take notes (mistake!). then I wiped that one out when x stopped working. thought I ftped to somewhere...2 many computers.

yet the above log seems to say it was even trying to notify others...slave transferred everything from it also.

I rebooted it to the new IP, did not work either...(thought it might be because the ip/name was not matching the authoritative dns from whois).
 
actually everything was working! but I had to set the "resolv.conf" to itself, when I was testing it as a nameserver...if I used another IP, of course, the new update wont show on itself (because it would querry the nameserver, not itself!) so I finally found that out by doing a "dig @localhost xxx.net" and found it was working.

right now I booted with the new IP and it seems to work well, except "dig @localhost xxx.net" returns an error (which worked fine when not ran as an authoritative DNS), but "dig @name xxx.net" works fine with using its real domain. strange. but I updated serial and ip and it works fine.

here is the error message:

Code: 
dig @localhost x.net

; <<>> DiG 9.6.1-P1 <<>> @localhost x.net
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached
 
also the other domain I thought it was working but not now, was because it was initially tested on "worker", not on "queen". so queen refused to take over, even though neither was the authoritative server..strange.
 
If you want the server to listen on your public IP and localhost, simply use

Code: 
listen-on       { pu.bl.ic.ip; 127.0.0.1; };

Check with [cmd=]sockstat -l4p53[/cmd] where port 53 is in use.
 
Thanks, Dutch.

both servers were using only public ip...I guess it might be a better idea not to use local IP. so if there is a problem, I know right away :)

Code: 
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
bind     named      745   20 tcp4   x.x.x.4:53         *:*
bind     named      745   512 udp4  x.x.x.4:53         *:*
 
another strange thing: one server transferred files fine last time, yet I got:

Code: 
pr 16 20:51:06 cell named[745]: dumping master file: tmp-GfYm1A5lSp: open: permission denied
Apr 16 20:51:06 cell named[745]: transfer of 'beetography.com/IN' from xx.2#53: failed while receiving responses: permission denied

I had to chown to bind for the real directory of /etc/namedb, and also made it group writable.
then the error disappeared, except for one domain...even the zone file was transferred.

so finally the new DNS have taken over!

I had not even given permission to the slave IP (in the named.conf of the master), yet still it transfers...
 
my home server today suddenly wont connect to internet...(it was working fine last night at 2 am). again it is related to "resolv.conf" I had my name server there, but there is no recursive. so it will resolve all authoritative domains, but not even google.

since turning it on is also bad for the server, so I needed to turn it on only for my machines.
To do that I added the following lines to named.conf (first line outside options, 2nd line inside)
Code: 
1.acl recurseallow { x.x.x.1/10 ; x.x.x.73; };
2.allow-recursion { recurseallow; };
"rndc reload", and now my home computer can google
 
You must log in or register to reply here.
Back
Top