Setting up a DNS name server for a mass virtual host with Bind9
Solution 1
Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.
You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.
To see if your BIND is configured correctly, try this:
dig example.test @192.168.1.52
Solution 2
You can (and should) do the zone much cleaner.
My example assumes service-domain.net is a domain you control, then simply reference it as many times as needed in in named.conf
(I use a script that just takes a list of domains like this and creates the config)
Try something like this:
$TTL 86400
@ IN SOA ns.service-domain.net. hostmaster.service-domain.net. (
201004227 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ) ; min
@ IN NS ns1.service-domain.net.
@ IN NS ns2.service-domain.net.
@ IN A 192.168.1.52
www IN CNAME @
@ IN MX 0 mail.service-domain.net.
Then reference it like:
zone "example.test" {
type master;
allow-query { any; };
file "/etc/bind/zones/master_generic_zone";
notify yes;
};
zone "sample.com" {
type master;
allow-query { any; };
file "/etc/bind/zones/master_generic_zone";
notify yes;
};
Related videos on Youtube
Dez
Save before quitting. Originally from Santiago de Compostela, Galiza. Now living in London, UK.
Updated on September 17, 2022Comments
-
Dez over 1 year
I am trying to set up a chrooted DNS name server in a local LAN like this everyone connected in the LAN can have access to the mass virtual hosts defined for a development ambience without having to edit manually their local /etc/hosts one by one. The mass virtual host is named example.user.dev (VirtualDocumentRoot /home/user/example ) and example.test (DocumentRoot /var/www/example).
I set up everything and the /var/log/syslog doesn't show any error, but when checking the DNS with:
host -v example.test
Doesn't find the host. Also using the dig command I don't receive answer.
dig -x example.test
; <<>> DiG 9.5.1-P3 <<>> -x example
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:
;example.in-addr.arpa. IN PTR;; AUTHORITY SECTION:
in-addr.arpa. 600 IN SOA a.root-servers.net. dns-ops.arin.net. 2010042604 1800 900 691200 10800;; Query time: 108 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Mon Apr 26 11:15:53 2010
;; MSG SIZE rcvd: 107My configuration is the following:
/etc/bind/named.conf.local
zone "example.test" {
type master; allow-query { any; }; file "/etc/bind/zones/master_example.test"; notify yes;
};
zone "1.168.192.in-addr.arpa" {
type master; allow-query { any; }; file "/etc/bind/zones/master_1.168.192.in-addr.arpa"; notify yes;
};
/etc/bind/named.conf.options
- Note: We have an static IP address so I forward the querys to DNS server to said IP address.
options{
directory "/var/cache/bind"; forwarders { 80.34.100.160; }; auth-nxdomain no; listen-on-v6 { any; };
};
/etc/bind/zones/master_example.test
$ORIGIN example.test.
$TTL 86400
@ IN SOA example.test. root.example.test. (201004227 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ) ; min
;
TXT "example.test, DNS service"
@ IN NS example.test.
localhost A 127.0.0.1
example.test. A 192.168.1.52
example A 192.168.1.52
www CNAME example.test./etc/hosts
127.0.0.1 localhost example
192.168.1.52 localhost example example.test/etc/resolv.conf
- Note: For Bind I just added the 3 last lines.
nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254search example.test
search example
nameserver 192.168.1.52
EDIT
Some major changes. Now I have this configuration:
/etc/resolv.conf
search example.test
search example
nameserver 192.168.1.52nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254/etc/hosts
127.0.0.1 localhost example example.test 192.168.1.52 dns1.example.test
/etc/bind/named.conf.local
I just commented out the reverse address zone.
/etc/bind/zones/master_example.test
$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (2010042214 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min
IN NS dns1.example.test.
IN NS dns2.example.test.
IN A 192.168.1.52example IN A 192.168.1.52
dns1 IN A 192.168.1.52
dns2 IN A 192.168.1.52
www CNAME exampleAnd now executing:
dig example.test @192.168.1.52
; <<>> DiG 9.5.1-P3 <<>> example.test @192.168.1.52
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2;; QUESTION SECTION:
;example.test. IN A;; ANSWER SECTION:
example.test. 86400 IN A 192.168.1.52;; AUTHORITY SECTION:
example.test. 86400 IN NS dns1.example.test.
example.test. 86400 IN NS dns2.example.test.;; ADDITIONAL SECTION:
dns1.example.test. 86400 IN A 192.168.1.52
dns2.example.test. 86400 IN A 192.168.1.52;; Query time: 1 msec
;; SERVER: 192.168.1.52#53(192.168.1.52)
;; WHEN: Mon Apr 26 12:38:56 2010
;; MSG SIZE rcvd: 118So, now, which should be my next step forward?
EDIT 2
I left the DNS server resolv.conf like this:
nameserver 192.168.1.52
nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254and added the DNS server addres 192.168.1.52 to any client computer in their resolv.conf
Like this I am able to reach from each computer to http://example.test .
For being able to reach to each individual virtual host of the development ambience should I create a new zone or use a wildcard in the example.test zone I created?
EDIT 3
Finally I left my zones like this. One zone for the test virtual host, and the other one for the mass virtual host for development issues. Everything works as I wanted and with fastness and a good performance. Don't know if there is a better configuration than this for the system I built. Any advise would be taken care of.
master_example.test
$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (2010042215 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min
@ IN NS dns1.example.test.
@ IN NS dns2.example.test.
@ IN A 192.168.1.52
www IN CNAME @master_dev
$ORIGIN dev.
$TTL 86400
@ IN SOA dev. hostmaster.dev. (2010042215 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min
@ IN NS dev.
@ IN A 192.168.1.52
*.dev. IN A 192.168.1.52/etc/bind/named.conf.local
zone "example.test" {
type master; allow-query { any; }; file "/etc/bind/zones/master_example.test"; notify yes;
};
zone "dev" {
type master; allow-query { any; }; file "/etc/bind/zones/master_dev"; notify yes;
};
zone "1.168.192.in-addr.arpa" {
type master; allow-query { any; }; file "/etc/bind/zones/master_1.168.192.in-addr.arpa"; notify yes;
};
/etc/bind/named.conf.options
- Note: We have an static IP address so I forward the querys to DNS server to said IP address. Finally I added to the forwarders the ISP DNS IP in order to not do a bottle-neck in the web traffic, because experimentally I had a high raise in the speed for HTTP connections inside and outside of the local LAN.
options{
directory "/var/cache/bind"; allow-query { 192.168.1.0/24; localhost;}; allow-recursion { 192.168.1.0/24; localhost;}; forwarders { 80.58.0.33; 80.34.100.160; }; auth-nxdomain no; listen-on-v6 { any; };
};
-
Mayur Bhayani about 14 years'dig -x' does reverse lookups, i.e. from IP address to hostname. When debugging DNS problems I suggest to explicitly specify the DNS server you want to give you the response: 'dig example.test @80.58.0.33' or 'host example.test 80.58.0.33'
-
Dez about 14 yearsThanks for the input. I didn't know that. Did some major changes to the configuration, so I am going to edit all this, because now I get answers.
-
Dez about 14 yearsYou are right. 80.58.0.33 is the ISP DNS. 192.168.1.52 is the IP of our local LAN where I am configuring the BIND DNS namerserver. We have an static IP address that I use to forward the petitions to BIND.
-
Dez about 14 yearsFollowed your advise and that's how I made work it. Now I need to configure to make it reach to the mass virtual hosts.
-
Alnitak about 14 yearsno, don't make 'www' a CNAME alias for @, it should have the same A record in it as the apex. Using a CNAME (incorrectly) causes the NS and SOA records to also exist for 'www'.
-
LapTop006 about 14 years@Alnitak In practice it doesn't.
-
Dez about 14 yearsTesting your zone... it makes DNS to also search in my server the www.service-domain.net address giving a 404 error because I have not set up that alias in the virtual hosts. That's the biggest difference so far I find. I didn't want to have the www.service-domain.com alias active for the DNS to remind to users they are in a local development ambiance and force them to use non-www addresses. The zone reference I have are the same as yours. Is there any DNS performance/usage benefit of using your zone configuration?
-
LapTop006 about 14 yearsThere might be some performance impact, our larger nameservers have over 15 thousand zones have no real issues loading those, so it's negligable at best. The reason I suggest mine is that way you have one static file for all domains exacept the service domain.
-
Alnitak about 14 yearsyes, it does. If you make 'www' a CNAME for '@' then a query for 'www MX?' or 'www SOA' will return the values from the apex. This could have unintended consequences.