:confused:
I'm trying to get a DNS server up and running and getting a lot of: **server can't find domain.com.:SERVFAIL
Let's keep this simple. One machine (for now -- I'll put in the other hosts when I get this one working). This machine is ns1.domain.com. It's to be the main DNS server for domain.com and will also be the main mail server for domain.com. All zone files will be in /var/named/ and named.conf will live in /etc (all defaults, far as I know). I have a static IP, etc.

Ideally, I need a set of named.conf and *.zone files that I can change the IP numbers and plug in the real domain name and have it fly. I've tried bindconf and I've tried doing the files manually, but I'm missing something along the way. It flat isn't working.

I know that sendmail, for example, NOW installs with the DAEMON turned off to outside hosts as a security measure where before it installed ready to go. Is there anything like that going on with BIND?

Can someone please help???


david

I found the DNSHowto very helpful

I'm using BIND on RH 7.2 and I use Webmin to configure it remotely. I know some like to manually edit the configuration files but it's too easy to screw up the syntax.
I set up both the master zone and the reverse lookup zone with Webmin and it's working perfectly. I'm a great beleiver in KISS.

Folks this is not helping, so let me put it another way. I've done the files via bindconf. I've redone the files manually four or five times,according to the How To, checking for errant periods after domain names, etc. I've run Linux (and BIND) since 1994, and haven't changed things since Red Hat 6.0. This new installation has me stymied. This is a very simple installation, and it's really got me scratching for clues.

Here's another possibility: I've got a 5 static IP bundle from PacBell (SBC) here in Los Angeles. This is the OTHER thing that's changed besides the move to RH7.2. Is there a chance that there's something weird about the way that PacBell is handling THEIR end of the DNS on this 5 IP bundle that could be causing me problems?

Here's another clue... I get great results with dig on LocalHost, every single time. I get SERVFAIL on the dig results when it looks up the IP number (or the hostname) of my lonely little box. What would be causing THAT? One option, of course, is misconfiguration. But why would my domain be configured badly over and over when I have no problems configuring Localhost???

What's happening here, oh DNS gurus?

david

Do you get any error mesages in your logs when bind is starting ?

I'm not digging bind myself too much either, I can get one host up & running but the minute I setup a second all $@!! breaks loose.

Originally posted by neotrace:
<STRONG>I'm not digging bind myself too much either, I can get one host up & running but the minute I setup a second all $@!! breaks loose.</STRONG>

Does your first machine use your dns ok without problems? Is it using your dns server for sure?

Okay, so here's a development. If I do a dig -x on the IP number of the machine I'm trying to set up as DNS server, I get some results (no error, no SERVFAIL this time), but here's what the ANSWER SECTION says (XXX's will stand for the octets of the IP number):
XXX.XXX.XXX.XXX.in-addr.arpa. 7200 IN PTR adsl-XXX-XXX-XXX-XXX.ds1.lsan03.pacbell.net.
And yes,those are dashes after adsl and between the octet numbers and they're presented in reverse order in the in-addr.arpa section and unreversed in the dashed section. It's not my name server doing that, of course -- it's one of Pacbell's name servers. Nothing else is working, yet, but this looks like one of those implementations of "Classless in-addr.arpa", right? If that IS the case, what do I put in the named.conf to handle this?
I'm SURE there are other folks who have had to deal with these little 5 IP number bundles before. What was the solution with YOUR ISP???

Oh, and this to FyberOptyx...
No, no messages from named when it's starting out. I'm looking in the /var/log/messages file, right? I'm watching the startup at boot for anything interesting as well.

david

I'm no expert on DNS but I have successfully set up my box on a private ip of 192.168.1.1
I have set it up as authoratative? for my domain but it is basically a caching server.
Only listens to requests from my lan, everything else is forwarded.
I could email you my files if you want but it will be tomorrow as it is 03:30 here and I am knackered.
You can twaek them as you see fit.

If I do dig -x 192.168.1.1 I get my domain as the answer and authority.

:) That would be just peachy. I'll leave it up to you if you want to send them to me direct or post them here -- my email address is DSpellman2002@netscape.net

It's always fun trying to deal with the UK from here -- I've got photo lighting systems built by some guys in London, and I'm usually trying to get an answer out of them when they're half asleep...

Thought I could just copy and paste from putty but it doesn't work.
I will have to set up nfs or samba to transfer the files over to mail them.
Back later.

Figured out the paste.
I have changed only my domain to ns1.domain.com
/etc/named.conf
// generated by named-bootconf.pl

options {
directory "/var/named";
allow-query { 192.168.1.0/24; localhost; };
listen-on { 192.168.1.1; };
forward first;
forwarders { isp.dns.server1; isp.dns.server2; };
allow-recursion { 192.168.1.0/24; localhost; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0";
allow-update { none; };
};

zone "domain.com" IN {
type master;
file "domain.com.zone";
allow-update { none; };
notify no;
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192";
notify no;
allow-update { none; };
};


include "/etc/rndc.key";


/var/named/1.168.192

$TTL 86400
@ IN SOA ns1.domain.com. root.ns1.domain.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.domain.com.

1 IN PTR ns1.domain.com.
5 IN PTR host2.domain.com.
6 IN PTR host3.domain.com.


/var/named/domain.com.zone

$TTL 86400
@ IN SOA ns1.domain.com. root.ns1.domain.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS ns1
;
localhost A 127.0.0.1
ns1 A 192.168.1.1
host2 A 192.168.1.5
host3 A 192.168.1.6
mail A 216.167.96.112 (I have no mail server set up yet)


/var/named/127.0.0

$TTL 86400
@ IN SOA ns1.domain.com. root.domain.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS ns1.domain.com.
1 PTR localhost.


The correct layout has not been preserved after pasting to here so you may need to modify it a little.

There may be errors or it may not be the best example but I followed the howto and several other sources and it works perfectly for me.

[ 16 April 2002: Message edited by: FyberOptyx ]