Bind9 minimal zone configuration seems not working
Solution 1
May 12 22:11:17 mango named[22583]: zone devhub.pl/IN: loading from master file db.devhub failed: file not found
Specify the full path to your file (e.g.: /etc/bind/master/db.devhub is where I would place my file)
Solution 2
Have you checked your logs in /var/log/syslog?
Also, Have a look at http://wiki.debian.org/Bind9#Configuration.
Finally, one thing that I have in my /etc/named.conf that you don't have is an Options section, like this: (Granted, I'm running CentOS, not Debian, but Bind9 is Bind9. You probably need to tell it the actual path (with the directory set inside options) of your zone files, if they're in a different directory).
options
{
directory "/var/named"; // the default
recursion no;
listen-on { localhost; 127.0.0.1; My Public IP Address; };
allow-transfer {My Slave DNS Server;};
};
zone "domain.com" {
type master;
file "domain.com.db";
};
And then of course, my zone files (I have lots of domains I provide NS for) are in /var/named/.
Related videos on Youtube
kbec
Updated on September 18, 2022Comments
-
kbec over 1 year
I have installed bind9 on debian squeeze. This is my
named.conf.local
file:options { directory "/var/cache/bind"; auth-nxdomain no; listen-on { any; }; listen-on-v6 { any; }; }; zone "devhub.pl" IN { type master; file "db.devhub"; };
And this is my zone file:
$TTL 3h devhub.pl. IN SOA ns1.devhub.pl. root.devhub.pl. ( 2012051201 ; serial 3h ; refresh 1h ; retry 1w ; expire 1h ) ; negative caching IN NS ns1.devhub.pl. IN NS ns2.devhub.pl. ns1.devhub.pl. IN A 193.93.207.231 ns2.devhub.pl. IN A 193.93.207.231 www IN CNAME devhub.pl.
named-checkconf
andnamed-checkzone
report that all it's ok, but when I'm trying to setup external DNS asns1.devhub.pl -> 193.93.207.231 ns2.devhub.pl -> 193.93.207.231
my provider's admin panel show some error like this:
dns1: ns1.devhub.pl server isn't configured for devhub.pl domain. Please contact admin... dns2: ns2.devhub.pl server isn't configured for devhub.pl domain. Please contact admin...
What I'm missing? Any suggestions?
And logs:
starting BIND 9.7.3 -u bind -t /var/jail/bind built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' adjusted limit on open files from 1024 to 1048576 found 2 CPUs, using 2 worker threads using up to 4096 sockets loading configuration from '/etc/bind/named.conf' reading built-in trusted keys from file '/etc/bind/bind.keys' using default UDP/IPv4 port range: [1024, 65535] using default UDP/IPv6 port range: [1024, 65535] listening on IPv6 interfaces, port 53 binding TCP socket: address in use listening on IPv4 interface lo, 127.0.0.1#53 binding TCP socket: address in use listening on IPv4 interface eth0, 172.16.7.1#53 binding TCP socket: address in use listening on IPv4 interface eth1, 193.93.207.231#53 binding TCP socket: address in use generating session key for dynamic DNS set up managed keys zone for view _default, file 'managed-keys.bind' automatic empty zone: 254.169.IN-ADDR.ARPA automatic empty zone: 2.0.192.IN-ADDR.ARPA automatic empty zone: 100.51.198.IN-ADDR.ARPA automatic empty zone: 113.0.203.IN-ADDR.ARPA automatic empty zone: 255.255.255.255.IN-ADDR.ARPA automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA automatic empty zone: D.F.IP6.ARPA automatic empty zone: 8.E.F.IP6.ARPA automatic empty zone: 9.E.F.IP6.ARPA automatic empty zone: A.E.F.IP6.ARPA automatic empty zone: B.E.F.IP6.ARPA automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA couldn't add command channel 127.0.0.1#953: address in use couldn't add command channel ::1#953: address in use zone 0.in-addr.arpa/IN: loaded serial 1 zone 127.in-addr.arpa/IN: loaded serial 1 zone 255.in-addr.arpa/IN: loaded serial 1 zone localhost/IN: loaded serial 2 zone devhub.pl/IN: loaded serial 2012051201 managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found managed-keys-zone ./IN: loaded serial 0 zone devhub.pl/IN: sending notifies (serial 2012051201) running
What about this
address in use
- is it problem?BTW bind is chrooted and running
/etc/init.d/bind9 start
and then/etc/init.d/bind9 status
sayscould not access PID file for bind9 ... failed!
-
kbec about 12 yearsI have not another server, so I use as
ns2
same address likens1
. Soallow-transfer
is required? -
gparent about 12 yearsNo you don't need allow transfer for your setup to works, although if you had a real DNS setup like David mentioned you would probably want to allow transfers between them.
-
kbec about 12 yearsThanks, path specified. Log above updated. BTW what is
managed-keys.bind
? -
David W about 12 yearsCorrect, as gparent mentioned, you don't necessarily "have" to have a second NS, but this is standard practice. Having two different nameservers is also an RFC requirement, although I don't know the RFC # or section off hand (have a look at iana.org/procedures/nameserver-requirements.html).
-
kbec about 12 yearsSo what I can do if I don't have another machine yet and want only test/learn nameserving?
-
David W about 12 yearsJust continue to do what you're doing. :) It is technically possible to do exactly what you're doing - run only 1 nameserver. I just wouldn't recommend doing this in a production environment. :)
-
gparent about 12 yearsI don't know but I always get some errors about control channels and managed keys. I'm not running a chrooted setup though.
-
gparent about 12 yearsIf you just want to learn you can basically run your own internet in VMs.
.
is a zone, you could delegate.com
and thenexample.com
and so on. Also obviously if this is for a real domain you'll have to tell your domain name provider to set your two nameservers to the IP you have above so that the root nameservers are updated. Regarding that, namecheap didn't let me use only one nameserver. I didn't try two nameservers with the same IP, but I suspect they block that as well.