BIND setup log

I'm a total newbie to BINDS, and I'm trying to understand this thing. I want to push two "name servers" on one ip address:

cat /etc/named.conf

cat sr2.co.zone

Part 1 complete, issues;

Apparently parts of BIND require spaces to work properly (seriously?), "insecure" symbols enabled (like @), and some settings to enable the usage of subdomains with "_". Also added reverse ip so there is less complications.

7 Replies

Start comments in zone files with a semicolon ';' not double slash.

@sednet:

Start comments in zone files with a semicolon ';' not double slash.
That was fixed awhile ago, I ran a export from my old DNS Server. But DIG is not working when I explicitly try to query the dns server.````
dig @37.247.53.215 sr2.co

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @37.247.53.215 sr2.co
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Not sure what I did wrong. So I double checked my iptables firewall?

iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 308 packets, 24802 bytes)
num pkts bytes target prot opt in out source destination
1 6115 399K fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535 state ESTABLISHED
3 1 474 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535 state ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 243 packets, 26061 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53 state NEW,ESTABLISHED
2 9 461 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53 state NEW,ESTABLISHED

Chain fail2ban-SSH (1 references)
num pkts bytes target prot opt in out source destination
1 6115 399K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Update 2: Yes, it's being blocked: (remote test)

telnet 37.247.53.215 53
Connecting To 37.247.53.215…Could not open connection to the host, on port 53: Connect failed

I think my server is listening on the wrong port…````
netstat -tulpn | grep :53
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      23714/named
tcp        0      0 ::1:53                      :::*                        LISTEN      23714/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               23714/named
udp        0      0 ::1:53                      :::*                                    23714/named

Fixed by changing listening ipv4 address. It looks like it's working flawlessly locally, and remotely the port seems open. The next issue I'm running into is when I query dns remotely, it gives a error.

dig @37.247.53.215 sr2.co
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @37.247.53.215 sr2.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62154
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sr2.co.                                IN      A

;; Query time: 167 msec
;; SERVER: 37.247.53.215#53(37.247.53.215)
;; WHEN: Sat Apr  6 01:10:58 2013
;; MSG SIZE  rcvd: 24

Update 3: Added/Modified the following in named.conf: (Server was set up to only accept queries from localhost for anything, changed it now to accept only for domain's managed by the name server.)

        allow-recursion { localhost; };
        allow-query     { any; };
        allow-query-cache { localhost; };

Seems to be working just fine. I did have to rewrite the name server whois entries.

Seems like it is answering for me… but since you're posting here and thus obviously have a Linode, in addition to whatever 37.247.53.215 is, why not set it up as a slave? Having only one nameserver for a zone is not a valid configuration. You can also use Linode's DNS Manager instead/in addition to your own nameserver(s).

@hoopycat:

Seems like it is answering for me… but since you're posting here and thus obviously have a Linode, in addition to whatever 37.247.53.215 is, why not set it up as a slave? Having only one nameserver for a zone is not a valid configuration. You can also use Linode's DNS Manager instead/in addition to your own nameserver(s).

It looks like a virtual server from prometeus.net. They have some pretty good deals actually.

Your correct, prometheus doesnt offer name servers like linode does. So I had to learn BIND (nsd, or that other one, I forget). I have several domains to transfer. But things seem to be transitioning just fine.

I did want to keep some of the info public in case anyone else has to go through the process of setting up their own name server with the latest version of bind. I might use bluevm for slave dns servers. (They have a deal for 12 usd yearly for 128mb of ram vm's between three locations; texas, illnois, and california)

@superfastcars:

Your correct, prometheus doesnt offer name servers like linode does. So I had to learn BIND (nsd, or that other one, I forget). I have several domains to transfer. But things seem to be transitioning just fine.

I did want to keep some of the info public in case anyone else has to go through the process of setting up their own name server with the latest version of bind. I might use bluevm for slave dns servers. (They have a deal for 12 usd yearly for 128mb of ram vm's between three locations; texas, illnois, and california)

I've always run bind myself. I used to use everydns as a free slave before they got sold to dyn.

There are deals for $2.50 a month on bluevm's site but I don't see $12 a year. I'm not sure I'd trust anywhere that cheap, they can't be doing it right on that budget.

@sednet:

I've always run bind myself. I used to use everydns as a free slave before they got sold to dyn.

There are deals for $2.50 a month on bluevm's site but I don't see $12 a year. I'm not sure I'd trust anywhere that cheap, they can't be doing it right on that budget. At $12 yearly you could scarcely complain if it didnt work properly. The deals are from a link on their BlueVM chat page;

https://www.bluevm.com/cart.php?gid=42

The "catch" is that they refill it over time. (In this case you can't buy any of the plans right now because they are all used up.)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct