-
Website
http://www.zaphu.com/ -
Original page
http://www.zaphu.com/2007/09/14/ubuntu-dns-server-guide-bind-master-server-setup/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
All Comments
I was not able to get this one to work though, I probably screwed something up. Please help me figure out where I went wrong.
named.conf file minus the rndc-key section
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
server 68.105.29.12 {
};
server 68.105.28.12 {
};
server 68.105.28.11 {
};
named.conf.options file
options {
directory "/etc/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
192.168.1.1;
68.105.28.12;
68.105.28.11;
68.105.29.12;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local file
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "teststr.lan" IN {
type master;
file "/etc/bind/zones/teststr.lan.db";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};
teststr.lan.db file
; Use semicolons to add comments.
; Host-to-IP Address DNS Pointers for mydomain.lan
; Note: The extra “.” at the end of addresses are important.
; The following parameters set when DNS records will expire, etc.
; Importantly, the serial number must always be iterated upward to prevent
; undesirable consequences. A good format to use is YYYYMMDDI where
; the I index is in case you make more that one change in the same day.
teststr.lan. IN SOA ubuntusvr.teststr.lan. hostmaster.teststr.lan. (
200801026
8H
4H
4W
1D )
; NS indicates that john is the name server on mydomain.lan
; MX indicates that john is (also) the mail server on mydomain.lan
teststr.lan. IN NS ubuntusvr.teststr.lan.
teststr.lan. IN MX 10 ubuntusvr.teststr.lan.
; Set an alias (canonical name) for ubuntusvr
www IN CNAME ubuntusvr.teststr.lan.
; Set the address for localhost.teststr.lan
localhost.teststr.lan. IN A 127.0.0.1
; Set the hostnames in alphabetical order
dlinkpr.teststr.lan. IN A 192.168.1.20
hp2600n.teststr.lan. IN A 192.168.1.25
mfc7820n.teststr.lan. IN A 192.168.1.26
router.teststr.lan. IN A 192.168.1.1
strap.teststr.lan. IN A 192.168.1.245
ubuntusvr.teststr.lan. IN A 192.168.1.109
rev.1.168.192.in-addr.arpa file
; IP Address-to-Host DNS Pointers for 192.168.1.0 subnet
@ IN SOA ubuntusvr.teststr.lan. hostmaster.teststr.lan. (
200801024
8H
4H
4W
1D )
; define the authoritative name server
IN NS ubuntusvr.teststr.lan.
; our hosts, in numeric order
20.1.168.192.in-addr.arpa. IN PTR dlinkpr.teststr.lan.
25.1.168.192.in-addr.arpa. IN PTR hp2600n.teststr.lan.
26.1.168.192.in-addr.arpa. IN PTR mfc7820n.teststr.lan.
1.1.168.192.in-addr.arpa. IN PTR router.teststr.lan.
245.1.168.192.in-addr.arpa. IN PTR strap.teststr.lan.
109.1.168.192.in-addr.arpa. IN PTR ubuntusvr.teststr.lan.
I have looked at this manually and with WebMin but I can't find the problem. None of the following work:
dig ubuntusvr
dig ubuntusvr.teststr.lan
dig router.teststr.lan
the return data is like:
dad@ubuntusvr:~$ dig teststr.lan
; > DiG 9.4.1-P1 > teststr.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER
Bind seems fine with this: 'host' and 'nslookup' both give proper responses to queries.
Now the strange part: when I try to ping www.eregion.local I get unknown host. When I point lynx or firefox to this host, they take some time trying names and I end up on some site on public internet www.eregion.local.com that happens to exists with a close match in name. The equivalent config on the old Slackware system works properly as I would expect.
What can cause this?
Daniel
I'm stuck when it comes to forwarding my other domain names to my server. I figured i'd have to setup my own dns server on the box using my 3rd IP. I've gone through all the similar guides but havent had any luck. BIND is installed correctly with no errors, but my issue is how i go about having my names point my new DNS server. I went to godaddy and tried to supply the IP (the 3rd ip) of my new DNS server but for some reason it didnt like taking the standard IP convention. Its likes NS1.xxx.com, NS2.xxx.com, etc.
I've created seperate zones for the other domains, but for some reason they're not resolving. when i dig i get a response, but i also see SERVFAIL.
Any Ideas on where to start my troubleshooting will be apprecaited. Thanks.
On two lines below:
===
mydomain.lan. IN SOA john.mydomain.lan. hostmaster.mydomain.lan.
mydomain.lan. IN SOA john.mydomain.lan. root.mydomain.lan.
===
What is the difference between "hostmaster.mydomain.lan" and some tutorial put "root.mydomain.lan".
Is the "root" hostname should be there (exist on the network)?
Thanks,
Thanks for your previous answer.
Another note/question:
On last paragraph to check DNS, you said by "dig mydomain.lan" will show all of hosts on AUTHORITY SECTION.
I think the authority section only show the "authoritative name server" of "mydomain.lan" domain, thus NOT all of hosts on our local network (registered on our local DNS).
If we want to show all the hosts registered on mydomain.lan local DNS server, we can use command: host -l mydomain.lan.
CMIIW.
Thanks,
[bayu]
Thanks again for the succinct how-to's.
Without that space in there, it doesn't reconize the NS entry, and it all goes to .... at that point. Thanks again for this great summary.
Don
In the first section, making up a fictional domain, where did you get all those ip addresses for the hosts? Are they static ip addresses assigned to the other machines? If they are, is it necessary to set a static ip to all machines on the network? How would I go about setting it up where only the server has a static ip and the other machines still use dhcp assigned ip addresses?
Thank you, great work, I love Ubuntu
I have noticed however that when i dig mydomain. i dont get a "ANSWER SECTION".
It does cach the website. Because when i dig another site the query time is 0.
Ok anybody any idea's?
then how we have to solve it?