configure BIND DNS on debian
Solution 1
Your original config:
$TTL 3600
@ IN SOA example.com. admin.example.com. (
2011101601 ; Serial
3600 ; Refresh 1h
60 ; Retry 1m
86400 ; Expire 1d
600 ) ; Negative Cache TTL 1h
;
@ IN NS localhost.
;
example.com. IN CNAME localhost.
example.com. IN A 127.0.0.1
should be changed to this:
$TTL 3600
@ IN SOA example.com. admin.example.com. (
2011101801 ; Serial
3600 ; Refresh 1h
60 ; Retry 1m
86400 ; Expire 1d
600 ) ; Negative Cache TTL 1h
;
@ IN NS ns1.example.com.
;
example.com. IN A 127.0.0.1
ns1.example.com. IN A 127.0.0.1
www.example.com. IN CNAME example.com.
(did you notice that I also changed the serial? for every change you make on the config you need to alter the Serial. It's format is YEARMMDD and a two digit ID starting at 01 which you need to +1 every time you make a change. So for example if you made a second change on the config today, you should change it to 2011101802, on a third change it should be 2011101803, or if you would make a change tomorrow it should be 2011101901 etc. this is very important!)
Also make sure that on your webserver you have a virtual host configured as example.com
Check that your /etc/resolv.conf points to your local BIND and has nameserver 127.0.0.1 entry first. If you are using debian with Gnome then Network Manager might overwrite resolv.conf. One solution for this is just to add the nameserver to Network Manager through the GUI, but make sure that it is first in the list.
Solution 2
The following command might help
Check the zones specified.
named-checkconf -z
Dump the parsed configuration and paginate it so you can verify it.
named-checkconf -p | less
Check your zone file
named-checkzone example.com /etc/bind/db.example.com
Also check the log messages generates when you restart bind. They should tell you what is and isn't being loaded. On Debian/Ubuntu these will be logged to /var/log/daemon.log.
You should be able to use reload rather than restart to load your changes.
Besides dig you can use the host command to resolve names.
host -a example.com localhost
Solution 3
Check that your /etc/resolv.conf points to your local BIND and has nameserver 127.0.0.1 entry first. You local network clients should also be configured to use your local BIND to resolve domain names if you want to be able to use your example.com domain.
To check if your BIND handles example.com correctly execute dig @127.0.0.1 example.com. To check default resolver specified in /etc/resolv.conf execute dig example.com
Ron
Updated on September 18, 2022Comments
-
Ron almost 2 years
I'm trying to configure configure BIND for use on my local Debian machine, which I will use as a development and testing environment.
First of all, I'm using Debian 6.x [Squeeze] and BIND 9. BIND server was set up automatically during the installation of the Debian.
For the purpose of this question, let's say I want to create a domain called example.com that I will be able to access from the same machine on which BIND is running, and my local network.
Here is what I have done so far:
In /etc/bind named.conf.local (which is included in name.conf) I put the following:
zone "cms1.com" { type master; file "/etc/bind/db.example.com"; };In /etc/bind/db.example.com I put the following:
$TTL 3600 @ IN SOA example.com. admin.example.com. ( 2011101601 ; Serial 3600 ; Refresh 1h 60 ; Retry 1m 86400 ; Expire 1d 600 ) ; Negative Cache TTL 1h ; @ IN NS localhost. ; example.com. IN CNAME localhost. example.com. IN A 127.0.0.1Notice that I am setting the nameserver as localhost. I don't know if this is right or wrong.
Then I added the appropriate virtual host directives to Apache and restarted BIND using the command
/etc/init.d/bind9 restart.However, when I ping or browse to example.com I access the example.com on the internet, and not the one on my machine.
What am I doing wrong?
To take AlexD's advice, I added
nameserver 127.0.0.1before all other directives in /etc/resolv.conf shown here:# Generated by NetworkManager nameserver 127.0.0.1 domain cm.flowja.com search cm.flowja.com nameserver 65.183.0.76 nameserver 65.183.0.86The other directives were automatically generated by Debian.
Here is the response after I edited resolve.conf and restarted BIND.
; <<>> DiG 9.7.3 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60115 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.com. IN A ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 16 16:06:29 2011 ;; MSG SIZE rcvd: 29Now it seems to that adding the
nameserver 127.0.0.1directive to resolv.conf actually caused example.com to resolve to my BIND server, but something is still going wrong.Ideas?
-
Ziron5 over 12 yearsWhat's the output of: dig example.com @localhost
-
Ron over 12 yearsthere are no messages that relate to named in /var/log/messages
-
-
AlexD over 12 yearsYou need to remove NS record if you want to have CNAME for
example.com. But I think it is better to useexample.com IN A 127.0.0.1instead of CNAME. -
Ron over 12 yearswhen I comment out the NS record and add
example.com IN CNAME localhostit causes an error. -
AlexD over 12 yearsWhat is exact error message?
-
Ron over 12 years...two errors actually: "has no NS records" and it fails on the
example.com IN CNAME localhostline -
AlexD over 12 yearsWell, I forgot about
SOArecord which you can't remove, so you can't haveCNAMEfor second level domain. Useexample.com. IN A 127.0.0.1instead. -
Ron over 12 yearsThanks George, This was the most complete answer. I edited it to add instructions regarding resolv.conf which was pointed out by AlexD and chose it as the accepted answer.
-
jarzyn over 10 yearswhy is ns1.example.com line required and what was wrong with localhost?
