Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 20:30, Eivind Olsen  wrote:
>> However, another site that _does_ work (with both nameservers on this
>> host, not just ns1) shows the same thing:
>>
>> # nslookup ns1.sharingserver.eu 178.63.65.136
>> Server:         178.63.65.136
>> Address:        178.63.65.136#53
>>
>> ** server can't find ns1.sharingserver.eu: NXDOMAIN
>
> How do you mean this one is working? It's working just as badly as your
> first example.
>

Yes, but typing the domain into Firefox brings up the webpage that
I've put on that server!


> I've tried looking up the domain "sharingserver.de" and "sharingserver.eu"
> on both the IP addresses you listed, and in all cases your nameserver
> replies with NXDOMAIN - it doesn't know about those domains.
>
>> I don't see a named or bind log, but messages is clean of such things.
>
> I don't think you've mentioned which OS you're running, and whether you run
> a bundled or self-compiled version of BIND, so I'm not sure where it puts
> its logs by default. Do you see _any_ mention of "named" in your
> /var/log/messages or /var/log/syslog or similar files if you restart BIND?
> How to restart it depends on your distribution, whether you use bundled BIND
> etc. It might be "service named restart" on one distribution, and "rndc
> stop" followed by "/usr/local/sbin/named" on another, or "/etc/rc.d/named
> restart" on yet another.. And I'm not good at guessing :D
>

Sorry, it's CentOS 5.5 and I'm running the distro's packaged bind.
There are a few Bind messages in /var/log/messages but no errors
(other than no-start error when I have a bad config).


> Anyway - if you don't see a single line about "named" in the logs even after
> restarting it, you need to look into fixing that, as I'm guessing BIND is
> then really trying to give you some nice information in the logs but it
> can't..
>

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 16:31, Greg Whynott  wrote:
> its as if they think hackers main source of targets comes from here.    
> doesn't appear to really want any help anyway.
>

Not at all, rather I was trying to learn. I really didn't want anybody
doing the heavy lifting for me. But I've gotten to the point where I
see that I _do_ need that help, and I am not embarrassed to admit it.
I have been posting the real data now.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 11:35, Eivind Olsen  wrote:
> Hm, you mention in another posting that you're hosting other domains. Are
> they using the same registrar as the one that's giving you this error
> message?

Yes.

> Are you _naming_ the nameservers the same? I know some registrars
> require you to first register your nameservers with them, so they can add
> any glue records if needed. I'm just wondering if the error message might
> be misleading.
>

With this particular registrar I have sharingcenter.eu and
sharingcenter.de. The sharingcenter.eu site works fine, it has
ns1.sharingcenter.eu and ns2.sharingcenter.eu working without me
having to explicitly set the "glue".


> But maybe they really can't contact your nameserver. As a few others have
> mentioned, it's hard to help troubleshoot this when you've given no real
> information.
>

Server mercury:
178.63.65.136
178.63.65.171
178.63.65.188

Server venus:
88.198.27.251

ns1.sharingcenter.eu - 178.63.65.136
ns2.sharingcenter.eu - 178.63.65.188

ns1.sharingcenter.de - 178.63.65.171
ns2.sharingcenter.de - 88.198.27.251


> Check your logs on your nameserver. Depending on your OS, it might end up
> in /var/log/messages, /var/adm/messages, or somewhere else entirely (or
> maybe not at all). You should at least see some log-entries when you start
> BIND. The copies of named.conf you listed didn't show any custom logging
> statements.
>

Bind is running as a service (CentOS), and I'm not really sure how to
get it logging.


> Verify nameserver operation, by doing something like this:
>
> # dig any your.troublesome.domain @1.1.1.1
> (replace the domain name + IP-address of your nameserver with the real data)
>
> Do this from multiple places:
> - from the nameserver itself
> - from another server in the same subnet if possible, to avoid routing
> issues etc...:
> - from somewhere outside of your network
>
> If it for example works from the nameserver itself + another server in
> your local network, but doesn't work from an external address, I suggest
> you look at any firewalls / access controls in your network.
>
> You also mentioned you had another domain which worked, on the same
> nameservers. Do the same kind of queries on that as well, from the same
> places.
>
> Let us know how these tests went. And/or post real data so we can check a
> bit for ourselves.
>

✈dcl:~$ dig any sharingserver.de @178.63.65.171

; <<>> DiG 9.6.1-P2 <<>> any sharingserver.de @178.63.65.171
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29311
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sharingserver.de.  IN  ANY

;; AUTHORITY SECTION:
de. 2398IN  SOA f.nic.de.
its.denic.de. 2010100577 7200 7200 360 7200

;; Query time: 228 msec
;; SERVER: 178.63.65.171#53(178.63.65.171)
;; WHEN: Tue Oct  5 21:41:22 2010
;; MSG SIZE  rcvd: 86

✈dcl:~$ dig any sharingserver.eu @178.63.65.136

; <<>> DiG 9.6.1-P2 <<>> any sharingserver.eu @178.63.65.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62696
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sharingserver.eu.  IN  ANY

;; AUTHORITY SECTION:
eu. 600 IN  SOA a.nic.eu.
tech.eurid.eu. 1002851820 3600 1800 360 600

;; Query time: 259 msec
;; SERVER: 178.63.65.136#53(178.63.65.136)
;; WHEN: Tue Oct  5 21:42:02 2010
;; MSG SIZE  rcvd: 87





> Oh, and another thing - you mentioned you were running both nameservers on
> the same server (eth0 and eth0:0). You _are_ aware of what this means, if
> your domain name is only served by a single physical server and that
> server happens to go down some day? Any server _will_ go down sometimes,
> even if you decide to not patch it...

Yes, I am aware of this.

> If it's serving a domain name you care about, I'd _really_ recommend
> having multiple _separate_ nameservers, hosted on separate subnets. There
> are various companies that sell cheap slave-DNS services.
>

The .de domain will be on two separate machines.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 08:48, Chiesa Stefano  wrote:
> Hello Dothan.
> You said: "The working site has both nameservers pointed to that same
> server (on two different IP addresses on eth0 and etho0:0)."
> So the question is "Are you sure you answer to queries on the proper
> interface?"
> Maybe you (for instance) receive a query on eth0:0 (1.1.2.2 ?) but
> answer on eth0 (1.1.1.1 ?)...

Could that be? I'd never considered that! How would I even check that?

> What is your default gateway?
>


[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
### Hetzner Online AG - installimage
# device: eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.136
NETMASK=255.255.255.255
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
### Hetzner Online AG - installimage
# device: eth0
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.188
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.171
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"
[r...@mercury html]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
BROADCAST=178.63.65.191
HWADDR=40:61:86:f5:43:1f
IPADDR=178.63.65.172
NETMASK=255.255.255.192
SCOPE="peer 178.63.65.129"

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 02:47, Noel Butler  wrote:
> apart from my dig for you not giving real information..
>
> On Mon, 2010-10-04 at 23:08 +0200, Dotan Cohen wrote:
>
>
> // On 1.1.1.1
> [r...@1.1.1.1]# cat /etc/named.conf
> options {
> directory "/etc";
>
>
> Why are you specifying /etc here?
> I suggest you use  /var/named
>

Thanks. I'm not sure where I got that from, this is an Frankenshein's
monster of bits that I've been googling!


>    pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
>
> zone "." {
> type hint;
>     file "/etc/db.cache";
>
> remove /etc/
>

I did not realize that a relative path would work.


> };
>
> zone "example.de" {
> type master;
> file "/var/named/example.de.hosts";
>
>
> only need the file name (so long as you correct the options statement

Makes sense!


>
> notify yes;
> allow-query { any; };
>     };
>
>
> who are you notifying?

I added that at some "throwing more lines of code at the file" attempt
to get this working...

> where is..
>     allow-transfer { remotedns; };
>

I did not know that I need it.


>
> zone "example.eu" {
> type master;
> file "/var/named/example.eu.hosts";
>     };
>
> correct as above for who to transfer to
>

Well, this one works properly so I don't want to touch it!

> [r...@1.1.1.1]# cat /var/named/example.de.hosts
> $ORIGIN example.de.
> $TTL 86400
> example.de. IN  SOA example.de. foo.example.de. (
>
> replace example.de.   with  @
>

Will do.

>     2010100401; Serial - increment me
> 10800
> 3600
> 604800
> 38400 )
>IN  NSns1.example.de.
>    IN  NS    ns2.example.de.
>
> no MX record?
>

Not yet, I'll tackle that later.

>IN  A 1.1.1.1
> wwwIN  A 1.1.1.1
> ns1IN  A 1.1.1.1
> ns2IN  A 1.1.2.2
>
>
>
>
> // On 1.1.2.2
> [r...@1.1.2.2]# cat /etc/named.conf
>
> fix up as above
>

Right.

> options {
> directory "/etc";
> pid-file "/var/run/named/named.pid";
> listen-on {
> any;
> };
> };
>
>
>
> zone "." {
> type hint;
> file "/etc/db.cache";
> };
>
> zone "example.de" {
> type slave;
> masters { 1.1.1.1; };
> allow-update { 1.1.1.1; };
>
>     ^  not needed
>

Thanks.

>     file "/var/named/example.de.hosts";
> notify yes;
>
>       remove
>

Thanks.

> allow-query { any; };
>
> ya got one right :)
>

Pure luck, I assure you!

>     allow-notify { 1.1.2.2; };
>     };
>
> remove
>

Right.

> [r...@1.1.2.2]# cat /var/named/example.de.hosts
>
>
> irrelevant since it gets this from master
>

I did think that was the case, thanks.

> Of course, when I make a change to a hosts file I increment the serial
> number and restart bind. I also restart bind after making a change to
>
> 'rndc reload'   is all u need to do
>

Nice, thanks.

> named.conf. What am I doing wrong? Thanks!
>
> once you tell us your real domains and NS's, maybe, just maybe we can help
> more
>

Server mercury:
178.63.65.136
178.63.65.171
178.63.65.188

Server venus:
88.198.27.251

ns1.sharingcenter.eu - 178.63.65.136
ns2.sharingcenter.eu - 178.63.65.188

ns1.sharingcenter.de - 178.63.65.171
ns2.sharingcenter.de - 88.198.27.251



-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 02:35, Noel Butler  wrote:
> Quite right, too many people with paranoia come here looking for help but
> refuse to let us do correct remote testing.
> First post was 7.08am local, its 3 /12 hours later and we still have no real
> info, had it been supplied his problem may been identified and resolved 3
> hours ago.
>

No paranoia at all! Actually, just a few minutes ago I did post the
corrent info, I saw that I wasn't getting very far with this whole
learning thing! :)

The two domains names are sharingcenter.eu and sharingcenter.de. The
eu domain has ns1 and ns2 on the same server (IP addresses
178.63.65.136 and 178.63.65.188) and works fine. The de domain has ns1
on this same server (IP address 178.63.65.171) but ns2 on a different
server (IP address 88.198.21.168).

The  178.63.65.* machine has these files:

On the machine intended for
[r...@mercury ~]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "sharingcenter.de" {
type master;
file "/var/named/sharingcenter.de.hosts";
notify yes;
allow-query { any; };
};
zone "sharingcenter.eu" {
type master;
file "/var/named/sharingcenter.eu.hosts";
};
[r...@mercury ~]# cat /var/named/sharingcenter.de.hosts
$ORIGIN sharingcenter.de.
$TTL 86400
sharingcenter.de. IN  SOA sharingcenter.de. foo.sharingcenter.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.sharingcenter.de.
   IN  NSns2.sharingcenter.de.
   IN  A 178.63.65.171
wwwIN  A 178.63.65.171
ns1IN  A 178.63.65.171
ns2IN  A 88.198.21.168
[r...@mercury ~]# cat /var/named/sharingcenter.eu.hosts
$ORIGIN sharingcenter.eu.
$TTL 86400
sharingcenter.eu. IN  SOAsharingcenter.eu. foo.sharingcenter.eu. (
2010092801; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.sharingcenter.eu.
   IN  NSns2.sharingcenter.eu.
   IN  A 178.63.65.136
   IN  A 178.63.65.188
wwwIN  A 178.63.65.136
wwwIN  A 178.63.65.188
ns1IN  A 178.63.65.136
ns2IN  A 178.63.65.188
[r...@mercury ~]#


The 88.198.21.168 machine has these files:

[r...@venus ~]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "sharingcenter.de" {
type slave;
masters { 178.63.65.171; };
allow-update { 178.63.65.171; };
file "/var/named/sharingcenter.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 88.198.21.168; };
};
[r...@venus ~]# cat /var/named/sharingcenter.de.hosts
$ORIGIN sharingcenter.de.
$TTL 86400
sharingcenter.de. IN  SOA sharingcenter.de. foo.sharingcenter.de. (
2010100401; Serial - increment me
10800
3600
    604800
38400 )
   IN  NSns2.sharingcenter.de.
ns2IN  A 88.198.21.168
[r...@venus ~]#

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 01:03, Nuno Paquete  wrote:
> Can you successfuly telnet port 53 from an external host?

Yes, but it's only a connection. I don't see any output. That' me typing "helo":

$ telnet 178.63.65.136 53
Trying 178.63.65.136...
Connected to 178.63.65.136.
Escape character is '^]'.
helo
USER test
^C^C
Connection closed by foreign host.


> Have you seen your logs? There must be something logged.
>

>From googling I see that I must start Bind with the -g option to
enable logging, but I must be doing it wrong as it's still not
logging:
# service named restart -g



-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Mon, Oct 4, 2010 at 23:37, Greg Whynott  wrote:
> someone with way more bind clues than I would be able to give you a better 
> answer.    the error returned begs two questions..
>
> 1. is this server behind or running a local firewall?
> 2. is bind actually listening on the proper interface?
>
> you could confirm #2 by typing 'nslookup ns1.example.de 1.1.1.1'  where 
> 1.1.1.1 is the ip of the local machine(you could even do this on another 
> machine,  its telling the resolver to use 1.1.1.1 as the name server for 
> initial queries,  if it works internally,  try an exterior machine to run the 
> command on).  it should return your A RR.  also you could try typing " 
> netstat -an | grep \:53\ | grep LIST " and see if its listening on the proper 
> interface.
>

It is listening on the right port, but it's not looking up properly I think:

# nslookup ns1.sharingserver.de 178.63.65.171
Server: 178.63.65.171
Address:178.63.65.171#53

** server can't find ns1.sharingserver.de: NXDOMAIN



However, another site that _does_ work (with both nameservers on this
host, not just ns1) shows the same thing:

# nslookup ns1.sharingserver.eu 178.63.65.136
Server: 178.63.65.136
Address:178.63.65.136#53

** server can't find ns1.sharingserver.eu: NXDOMAIN

Note that both the 171 and 136 addresses are on the same hardware
(eth0 and eth0:1)


> do the logs complain about any zones?  something like "not loading zone X"..
>

I don't see a named or bind log, but messages is clean of such things.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 01:14, Nuno Paquete  wrote:
> Are your servers running virtualized?
>

No, it's real hardware!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Tue, Oct 5, 2010 at 00:29, Lyle Giese  wrote:
> I would like to help but since you are refusing to post the real ip address
> or the real hostnames or the real domain names involved, I can not.  I could
> do some testing from here to see if your firewall was configured correctly
> or what the view was from outside your network.  But I can not.
>

Thanks Lyle for the offer. Actually, I would very much appreciate if
you should me what to check so that I might do it myself. Although my
concern is in fact to get this configured, my goal is to learn and I'm
at a loss for which tools/commands to use to check that. How would you
go about it?

> You appear to be posting sanitized portions of named.conf, so we can not
> tell if you have a typo in there that would cause this problem.

I assure you that a typo in the domain name or IP address is not the
issue, nor a missing period after the domain name. I've gone over
that!


> You may
> also be bypassing a firewall misconfiguration because of your testing
> methods, but we can not tell as you are not posting the real IP addresses.

No firewall at this stage.

> Even though the ip addresses involved are registered for web and dns
> services that should be availible to the world anyway.
>

Yes, of course, I have no illusions that they might be hidden!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Mon, Oct 4, 2010 at 23:37, Greg Whynott  wrote:
> someone with way more bind clues than I would be able to give you a better 
> answer.    the error returned begs two questions..
>
> 1. is this server behind or running a local firewall?

No.

> 2. is bind actually listening on the proper interface?
>

Yes


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to query the nameserver

[Dotan Cohen]

On Mon, Oct 4, 2010 at 23:20, Andrey G. Sergeev (AKA Andris)
 wrote:
> Hi Dotan!
>

Hello hello!

> You might be blocking 53/udp and (or) 53/tcp port. Try to query your
> problematic server from some other location rather than the site this
> server is installed on.
>

The ports aren't blocked as another site (example.eu) hosted on the
1.1.1.1 server works fine. The working site has both nameservers
pointed to that same server (on two different IP addresses on eth0 and
etho0:0). Only the example.de site which has one nameserver on the
1.1.1.1 machine and the second nameserver on 1.1.2.2 is giving me a
headache.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unable to query the nameserver

[Dotan Cohen]

I am configuring BIND on two servers: ns1.example.de on a server with
IP address 1.1.1.1 and ns2.example.de on a server with IP address
1.1.2.2. BIND starts fine on both servers, but when I try to configure
my domain name in the registrar's control panel I get this error:
"""
Error : Unable to query the nameserver ns1.example.de
"""

Of course I have been googling this for hours and I've been reading
BIND manuals for about two weeks now! I'm really stuck. Here are my
configuration files:

// On 1.1.1.1
[r...@1.1.1.1]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
};
zone "example.eu" {
type master;
file "/var/named/example.eu.hosts";
};
[r...@1.1.1.1]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.de.
   IN  NSns2.example.de.
   IN  A 1.1.1.1
wwwIN  A 1.1.1.1
ns1IN  A 1.1.1.1
ns2IN  A 1.1.2.2




// On 1.1.2.2
[r...@1.1.2.2]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type slave;
masters { 1.1.1.1; };
allow-update { 1.1.1.1; };
file "/var/named/example.de.hosts";
notify yes;
allow-query { any; };
allow-notify { 1.1.2.2; };
};
[r...@1.1.2.2]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010100401; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A 1.1.2.2




Of course, when I make a change to a hosts file I increment the serial
number and restart bind. I also restart bind after making a change to
named.conf. What am I doing wrong? Thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind won't start: /etc/named.conf

[Dotan Cohen]

On Sat, Oct 2, 2010 at 11:16, Imri Zvik  wrote:
> What does the logs say?

Thanks, Imri, the logs complain about /etc/db.cache. I copied
/etc/db.cache from the ns1 server to the ns2 server and bind stopped
complaining.

> Is the server chrooted or not?

no

> And I think you want to use "type slave;" for that zone, if this is a 
> secondary server.

Right, done, thanks!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND on CentOS: Nameservers for two domains

[Dotan Cohen]

On Tue, Sep 28, 2010 at 20:30, Kevin Darcy  wrote:
> About the only _generic_ advice I can give you -- since you obscured the
> domain names and the relevant addresses, so I can't actually check anything
> on my own -- is to query the .eu servers directly for the delegation
> records. It's possible that what you see in their "control panel" doesn't
> match what's in the actual DNS, and what's in the actual DNS *matters*, as
> opposed to whatever crap displays or doesn't display in their "control
> panel".

Do you mean to check with dig? whois? Something else?


> I've seen a lot of breakage in registrar "control panels" over the
> years, so this wouldn't surprise me in the least.
>

Really? I've been buying domain names for over 10 years, I've never
had an issue like that which you imply. Which registrar? I usually use
Fabulous or EuroDNS. Thanks for the info, I will keep my eyes open.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind won't start: /etc/named.conf

[Dotan Cohen]

On Tue, Sep 28, 2010 at 23:49, Imri Zvik  wrote:
> What are you trying to achieve? An empty named.conf file means named will
> use defaults for everything, and will probably just work out-of-the-box (as
> a simple resolver) so you should give more information about the goal and
> problem (including log entries, troubleshooting data etc.).
>

The goal is to for the server to be the second name server for a FQDN.
This is the relevant zone file:

[r...@venus ~]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA example.de. foo.example.de. (
2010092801; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns2.example.de.
ns2IN  A x.x.x.168



This is the non-working named.conf that I pieced together from other
working file on other servers:

[r...@venus ~# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
    file "/var/named/example.de.hosts";
};


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind won't start: /etc/named.conf

[Dotan Cohen]

I have just installed bind on a CentOS 5 machine but it won't start
without /etc/named.conf:

[r...@venus etc]# /etc/init.d/named start
Locating //etc/named.conf failed:
   [FAILED]
[r...@venus etc]# touch /etc/named.conf
[r...@venus etc]# /etc/init.d/named start
Starting named:[  OK  ]

Now, a blank named.conf isn't helpful, but I cannot use the named.conf
from another server as a template because it references other files
(specifically /etc/db.cache). What is the "default" named.conf file
for CentOS? I have tried to google for it but have not been able to
find something that works.

Thanks in advance.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND on CentOS: Nameservers for two domains

[Dotan Cohen]

Hello, I am trying to configure a single CentOS 5 machine as a server
for two unrelated websites:
example.eu
example.de

The server has four IP addresses assigned to it:
1.1.1.136
1.1.1.171
1.1.1.172
1.1.1.188

I plan on hosting example.eu on this server with these two IP
addresses for its name servers:
1.1.1.136 - ns1.example.eu
1.1.1.188 - ns2.example.eu

Likewise, I plan on hosting example.de on this server with these two
IP addresses for its name servers:
1.1.1.171 - ns1.example.de
1.1.1.172 - ns2.example.de

These are my relevant configuration files:

[r...@centos-55-32-minimal ~]# cat /etc/named.conf
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
listen-on {
any;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};

zone "example.de" {
type master;
file "/var/named/example.de.hosts";
};
zone "example.eu" {
type master;
file "/var/named/example.eu.hosts";
};



[r...@centos-55-32-minimal ~]# cat /var/named/example.eu.hosts
$ORIGIN example.eu.
$TTL 86400
example.eu. IN  SOA ns1.example.eu. ns2.example.eu. (
5; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.eu.
   IN  NSns2.example.eu.
   IN  A 1.1.1.136
   IN  A 1.1.1.188
wwwIN  A 1.1.1.136
wwwIN  A 1.1.1.188
ns1IN  A 1.1.1.136
ns2IN  A 1.1.1.188



[r...@centos-55-32-minimal ~]# cat /var/named/example.de.hosts
$ORIGIN example.de.
$TTL 86400
example.de. IN  SOA ns1.example.de. ns2.example.de. (
5; Serial - increment me
10800
3600
604800
38400 )
   IN  NSns1.example.de.
   IN  NSns2.example.de.
   IN  A 1.1.1.171
   IN  A 1.1.1.172
wwwIN  A 1.1.1.171
wwwIN  A 1.1.1.172
ns1IN  A 1.1.1.171
ns2IN  A 1.1.1.172


In BIND and in the registrar control panel for example.eu I had set
the IP addresses originally to 1.1.1.171 and to 1.1.1.172, however due
to a technical problem with the .de domain I later changed the
configuration to 1.1.1.136 and 1.1.1.188 (because it turns out that
.de domains cannot have the two nameservers on the same C block, and
only the 171 and 172 addresses I can swap for another address).
However, even though the registrar control panel is set to
ns1.example.eu as 1.1.1.136 and ns2.example.eu as 1.1.1.188, I still
see this in whois:

[r...@centos-55-32-minimal ~]# whois example.eu
// snip irrelevant lines
Nameservers:
ns1.example.eu (1.1.1.171)
ns2.example.eu (1.1.1.172)

I last made changes to the BIND configuration and to the registrar
control panel on Friday, 2010-9-24 which was three days ago. Therefore
I do not suspect that DNS propagation time is the issue here. Of
course, I also increased the serial line in the zone files when those
files changed. What am I missing, or what might I have done wrong?

Thank you in advance.


-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users