#service named restart fails with a weird message
Hey Gurus,
When I try to restart named, it fails with the following message:
[root@new-dns2 ~]# service named restart
Stopping named:[ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: missing ';' before '}'
/etc/named.conf:11: missing ';' before '}'
[FAILED]
[root@new-dns2 ~]#
And here is what my simple named.conf looks like:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
allow-recursion {207.151.36.0/24; 206.117.117.0/24};
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0
};
[root@new-dns2 ~]#
What am I doing wrong? Can you please assist?
Many thanks in advance and have a nice day.
Regards,
Samad Agha
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Getting an error on a simple DNS configuration
I put together a simple working DNS server and called it new-dns2 with the
IP address of 206.117.115.93. My configuration files follow:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]# cat /var/named/db.127.0.0
$TTL 3D
@ IN SOA new-dns1.ci.glendale.ca.us
mchavoshi.glendaleca.gov. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS new-dns1.ci.glendale.ca.us.
1 PTR localhost.
[root@new-dns2 ~]#
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an IP, but when I query my new DNS server from another
Linux box, it fails with the following error message.
[root@new-dns2 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
Non-authoritative answer:
Name: google.com
Address: 216.58.217.206
[root@new-dns2 ~]#
[root@oragrid01 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
** server can't find google.com: REFUSED
[root@oragrid01 ~]#
I have stopped FireWall on new-dns2, my DNS server:
[root@new-dns2 ~]# service iptables status
iptables: Firewall is not running.
[root@new-dns2 ~]#
Can someone please tell me what might be the problem?
Many thanks in advance and have a wonderful day/night.
Sincerely,
Samad Agha
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a simple DNS configuration
Dear Tony, Bob, Matus, Thank you very much for your advice, you guys are awesome. On Wed, Jun 3, 2015 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 03.06.15 12:34, Samad Agha wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. you must allow BIND to provide recursive DNS for other hosts, by configuring allow-recursion. otherwise, it will provide DNS resolution only for its local networks (directly connected to host interfaces). [root@new-dns2 ~]# nslookup google.com 206.117.115.93 don't use nslookup, it's very bad tool for debugging DNS problems. learn using host and/or dig -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Fwd: Getting an error on a simple DNS configuration
I put the allow-recursion clause under my options, the #service named
restart failed. Where exactly should I place this allow-recursion clause?
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
allow-recursion (207.151.36.0);
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]#
[root@new-dns2 ~]# service named restart
Stopping named: . [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: '{' expected near '(207.151.36.0)'
[FAILED]
[root@new-dns2 ~]#
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a very simple DNS configuration
Ok, I corrected that and was able to restart named w/o any errors:
[root@new-dns1 etc]# service named restart
Stopping named:[ OK ]
Starting named:[ OK ]
[root@new-dns1 etc]#
Now, I should have a working DNS server, right? Now when I go to another
machine and query this newly set up DNS server I get the following error.
Why?
[mchavoshi@oraapps01 ~]$ nslookup google.com 206.117.115.92
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
[mchavoshi@oraapps01 ~]$
On Wed, Apr 8, 2015 at 2:43 PM, Mark Andrews ma...@isc.org wrote:
You have a file not found error. Specify the working directory
and where file names are relative to or use absolute file names.
options {
directory /var/named;
};
Mark
In message CAOqzdMruo=N33U5r5jh-93CRpqfek83uUy5182QCm_XfOm=
0...@mail.gmail.com
, Samad Agha writes:
Hey Gurus,
I'm a newbie and am trying to set up the simplest DNS server, just a
working version, nothing fancy yet. Below is the steps I've taken
already:
1- Set up my /etc/named.conf as follows:
[root@new-dns1 named]# cd /etc
[root@new-dns1 etc]# cat named.conf
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns1 etc]#
2- Set up my first zone in /var/named/db.127.0.0 as follows:
[root@new-dns1 named]# cat db.127.0.0
$TTL 3D
@ IN SOA new-dns1.ci.glendale.ca.us
mchavoshi.glendaleca.gov. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS new-dns1.ci.glendale.ca.us.
1 PTR localhost.
[root@new-dns1 named]#
When I restarted named I got the following error:
[root@new-dns1 named]# service named restart
Stopping named:[ OK ]
Starting named:
Error in named configuration:
zone 0.0.127.in-addr.arpa/IN: loading from master file db.127.0.0 failed:
file not found
zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
_default/0.0.127.in-addr.arpa/IN: file not found
[FAILED]
What's wrong? Please don't assume anything as I'm a newbie.
Many thanks in advance for your excellent work.
Hiroshi
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Getting an error on a very simple DNS configuration
Hey Gurus,
I'm a newbie and am trying to set up the simplest DNS server, just a
working version, nothing fancy yet. Below is the steps I've taken already:
1- Set up my /etc/named.conf as follows:
[root@new-dns1 named]# cd /etc
[root@new-dns1 etc]# cat named.conf
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns1 etc]#
2- Set up my first zone in /var/named/db.127.0.0 as follows:
[root@new-dns1 named]# cat db.127.0.0
$TTL 3D
@ IN SOA new-dns1.ci.glendale.ca.us
mchavoshi.glendaleca.gov. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS new-dns1.ci.glendale.ca.us.
1 PTR localhost.
[root@new-dns1 named]#
When I restarted named I got the following error:
[root@new-dns1 named]# service named restart
Stopping named:[ OK ]
Starting named:
Error in named configuration:
zone 0.0.127.in-addr.arpa/IN: loading from master file db.127.0.0 failed:
file not found
zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
_default/0.0.127.in-addr.arpa/IN: file not found
[FAILED]
What's wrong? Please don't assume anything as I'm a newbie.
Many thanks in advance for your excellent work.
Hiroshi
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a very simple DNS configuration
Hi All, Problem is solved for now. Reindl Harald pointed out that my port 53 is not open. Sure enough I went on the new dns server and issued the command $service iptables stop, and all was working like a charm after that. Thank you guys, seriously the service you have set up is so valuable for newbies and experienced users alike. Thank you so much everyone and have a terrific rest of the day. I'm sure I'll call on you again as I add zones and try to put this DNS server in production. Thanks again, you are terrific bunch of guys. Hiroshi On Wed, Apr 8, 2015 at 3:10 PM, Mark Andrews ma...@isc.org wrote: In message calmep077vbgbupjgnylqzw2lfnk0xap8u9nmaym5mpztqr4...@mail.gmail.com , Steven Carr writes: On 8 April 2015 at 22:56, Reindl Harald h.rei...@thelounge.net wrote: looks like you did not open port 53 on the servers firewall You're missing a whole swaythe of required declarations for BIND to be able to handle recursion. named -c /dev/null is all that is required for named to be a recursive server to the host running named and directly connected networks assuming that the root servers for the network the host is connected to are those of the Internet. Yes, you can do additional configuration but named will operate as a recursive server without any configuration at all beyond giving it a empty configuration file. There are numerous examples via google, first one that is returned is... https://www.digitalocean.com/community/tutorials/how-to-configure-bind- as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04 skip over the OS bits and focus on the BIND configuration. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can someone please translate entries from query.log file?
Hi All, Can someone please tell me exactly what the two entries below from query.log file mean? 15-Jul-2014 16:24:27.042 queries: XX / 206.117.120.2/foothillfiretraining.org/SOA/IN 15-Jul-2014 16:24:34.100 queries: XX / 206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN I'm running BIND 8.2.4 on Solaris 8 root@bmw:/export/home/dns # in.named -v in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 Generic Patch-5.8-July 2004 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
In BIND 8.2 running on Solaris 8, how to start logging
Hi All, I have two Solaris 8 servers running BIND 8.2. I'd like to retire them both and transfer everything to a couple of RHEL 7 boxes. The City (I work for a mid-size California city) has outsourced different aspects of our DNS that I even lost track and have no idea what these two DNS servers serve. I'd like to start logging all queries on these two boxes to know who queries them. How do I start a comprehensive logging to capture all transactions going through these two servers? Please advise; please be thorough and don't assume anything. Many thanks in advance. Regards, Samad ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: In BIND 8.2 running on Solaris 8, how to start logging
Mike, Barry, Baird, Thank you so much for your quick replies. I'll try your recommendations first thing Monday morning and see what happens. Again, thank you and have a nice weekend. Regards, Samad On Fri, Jun 27, 2014 at 2:12 PM, Baird, Josh jba...@follett.com wrote: Enable query logging or run tcpdump on port 53. A quick Google search should explain exactly how to do either of these very easily. Josh -Original Message- From: bind-users-boun...@lists.isc.org [mailto: bind-users-boun...@lists.isc.org] On Behalf Of Barry S. Finkel Sent: Friday, June 27, 2014 5:02 PM To: bind-users@lists.isc.org Subject: Re: In BIND 8.2 running on Solaris 8, how to start logging On 6/27/2014, Samad Agha samad.agha2...@gmail.com wrote: Hi All, I have two Solaris 8 servers running BIND 8.2. I'd like to retire them both and transfer everything to a couple of RHEL 7 boxes. The City (I work for a mid-size California city) has outsourced different aspects of our DNS that I even lost track and have no idea what these two DNS servers serve. I'd like to start logging all queries on these two boxes to know who queries them. How do I start a comprehensive logging to capture all transactions going through these two servers? Please advise; please be thorough and don't assume anything. Many thanks in advance. Regards, Samad I may be missing something here. The servers are running BIND. What zones do the servers serve? They serve the zones listed in the BIND configuration file(s), and they may be recursive servers for your clients. Look at the config files to see what zones are mastered or slaved on the servers. --Barry Finkel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can I build a new DNS/BIND system parallel to our existing DNS production system?
Dear DNS/BIND gurus, I am the sole Unix/Linux/Backup Admin for a midsize city in California. I also inherited a old DNS/BIND (BIND 8.2.2-P5) system running on a Sun-Fire-V210 with Solaris 8 on it. The city is comprised of a hotchpotch of many Windows domains/domain-controllers, WINS servers, and Windows based recursive DNS servers. My DNS/BIND skill set is elementary and I just ordered two DNS books to start learning it in depth (DNS BIND Cookbook and DNS and BIND; 5th Editionhttp://www.amazon.com/dp/0596100574/ref=pe_175190_21431760_C1_cs_sce_dp_3 ). 1- Is it possible to treat the entire environment as brand new, start building a couple of Linux name servers running the latest and greatest BIND S/W, start populating it in parallel with our current production system, and once the new system is completely up and running, turn off the two Sun-Fire-V210s. 2- If step#1 is possible, as a minimum (H/W, S/W) what do I need for a complete DNS/BIND system satisfying all the city's DNS needs (internal/external resolutions). Any architectural/implementation/best practices advice would be highly appreciated. Many thanks in advance, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can I build a new DNS/BIND system parallel to our existing DNS production system?
Thanks Daniel, I really appreciate your help. SA On Thu, May 3, 2012 at 1:34 PM, Daniel Deighton ddeighton-...@aplura.comwrote: On 05/03/2012 02:44 PM, Samad Agha wrote: Thanks for your help Eivind. Depends, how long is a piece of string? I don't know what amount of traffic you're currently seeing, or what your uptime requirements are. - Are there tools to find out about current amount of traffic? - Our uptime requirements are basically from 6am to 6pm during city's business hours. Estimate what amount of traffic you're seeing during prime time. How many queries per second? - Again, how do I find out? It is fairly easy to find out your query load using BIND. You will just need to enable query logging (if it isn't already enabled) and use the data to calculate your queries per second from the data. Getting the information from your Windows DNS servers is not as easy. You will likely need to put your Windows DNS servers into debug mode to get any sort of query logging and the output isn't exactly pretty. You could also get the data by taking packet captures and/or using a tool such as dnssnarf, dnsdump or some other tool that another list member might recommend. I'd normally not recommend running BIND on slower multi-threaded Sun/Oracle servers like the T-series, you'll normally be better off with fewer threads but higher clock speeds from typical Intel/AMD systems.(caveat: I haven't bench-marked BIND 9.9.x, which might have improved this). - Currently I have two: Dell PowerEdge 2950 servers with two Intel Xeon 3.0GHZ CPUs, and 4GB RAM each running RHEL 5.8 OS Thanks again, SA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
What should I put as Primary DNS and Secondary DNS when building our DNS Servers
Hi All, I'm building our DNS servers from scratch with Red Hat 5.5. Part of the installation asks for Primary DNS and Secondary DNS, since these two servers will act as our DNS servers, should I put their own IP? Does that create any problems? If it does, is there any workarounds? Many thanks in advance, Samad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Newbie Question: How to edit a host IP address
Thanks so much guys: Beavis, Todd, Brian, and whoever read my post and thought about replying. I'll read the manual suggested and try this change today, see what happens. You all have a terrific weekend. Samad On Fri, Aug 20, 2010 at 12:18 PM, Brian Wilson bfwil...@doit.wisc.eduwrote: On Aug 20, 2010, at 1:24 PM, Samad Agha wrote: Hey All, Overnight I have become the new DNS Admin for City of Glendale. Someone just sent me an email telling me that our ns1 has been reporting a wrong IP for one of his computers in the past couple of days. If you guys remember, I had the issue with our ns2 not being able to resolve rim.com tmo.blackberry.net only yesterday. That problem was fixed by bouncing the in.named daemon on ns2. And now ns1 putting out wrong IP for a host name; what's going on? This time I'll try to include some useful info: r...@bmw:/ # uname -a SunOS bmw 5.8 Generic_117350-25 sun4u sparc SUNW,Sun-Fire-V210 Just an FYI from a Sun admin - Solaris 8 (aka SunOS 5.8) isn't getting new patches from Oracle/Sun - and hasn't been since I think April 2008 or 2009. At some point you'll want to upgrade to Solaris 10 (or some other OS). I doubt that's your problem though. r...@bmw:/ # /usr/sbin/in.named -v in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 Generic Patch-5.8-July 2004 I haven't had the chance to research and see how widespread is this issue (ns1 reporting a wrong IP for a host). Until further research I'll assume, and hope, is only unique to this one host. Two questions please: 1- Can you guys recommend a good DNS Admin book/website/paper, so I can start educating myself and hopefully soon I won't have to trouble you good guys/gals. And maybe even be able to contribute to the list. 2- How do I go about changing this IP on ns1? Will it automatically propagate to ns2 or do I have to do it on ns2 as well? Again, many thanks in advance for your time and assistance. You guys/gals and this list really works. Can't wait to be able to contribute to it soon; maybe I could do dns 101 type questions :-) Samad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --- Brian Wilson, Solaris SE, UW-Madison DoIT Room 3114 CSS 608-263-8047 bfwilson(a)doit.wisc.edu 'I try to save a life a day. Usually it's my own.' - John Crichton --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How do I stress test my newly setup DNS BIND server?
I'm new to setting up DNS servers, I used Webmin to set it up, and now need to test all different functionalities of it before registering it (basically a stress test). Can someone show me some cool commands to do this? Thanks in advance. Samad Agha ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How do I stress test my newly setup DNS BIND server?
I'm new to setting up DNS servers, I used Webmin to set it up, and now need to test all different functionalities of it before registering it (basically a stress test). Can someone show me some cool commands to do this? Thanks in advance. Samad Agha ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How do I stress test my newly setup DNS BIND server?
Thanks guys; how about something to check for any possible errors that might be generating? Samad On Thu, Aug 19, 2010 at 9:17 AM, Tom Daly t...@dyn.com wrote: Samad, It depends on how you want to test. Are you looking to test DNS query performance (if so, try dnsperf from Nominum), and if you just want to test the box itself for malformed query handling / TCP/UDP stack performance try using tcpreplay + PCAPs captured from the world. Tom I'm new to setting up DNS servers, I used Webmin to set it up, and now need to test all different functionalities of it before registering it (basically a stress test). Can someone show me some cool commands to do this? Thanks in advance. Samad Agha ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Tom Daly CTO, Dynamic Network Services, Inc. http://dyn.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
I get No mail exchanger (MX) records available for rimm.com error just for a couple of domains
#nslookup set query=mx rimm.com *** No mail exchanger (MX) records available for rimm.com Obviously Rimm's DNS cannot be down! What gives? Any ideas? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
