New install, having bind issues
Jeremy Lunsford
jlunsford at verio.net
Mon Mar 8 03:26:54 UTC 2004
May the almighty Fred, god of computers, bless you and your keyboard!!!
Had to do about 5 minutes of looking up this whole chroot jail thingy,
but once it clicked my dns came up no problem.. It explained a lot
too.. Like why test entries that I put into the locahost.zone didn't
come up, and why when I purposely put errors in named.conf that it
didn't barf on me.. (It wasn't looking at those!! Genious!! hehee)
Seriously, thanks for the heads up...
One follow-up question. Now that I've jack around with my permissions
on all of these, any suggestions on ownership/permission settings for
the various files and directories under /var/named??
Thanks Again!!!
> -----Original Message-----
> From: fedora-list-admin at redhat.com
> [mailto:fedora-list-admin at redhat.com] On Behalf Of Matt Harris
> Sent: Sunday, March 07, 2004 6:31 PM
> To: fedora-list at redhat.com
> Subject: Re: New install, having bind issues
>
>
> By default, fedora runs named in a chroot jail.
> Consequently, all the config files and such are kept in
> /var/named/chroot/whatever. If the copy of named.conf you
> are editing isn't in /var/named/chroot/etc, then named won't
> ever even see that you want it to serve that domain. All of
> your zone files must be in /var/named/chroot/var/named.
>
> I beat my head against that for quite some time too. Hope this helps.
>
> On Sun, 2004-03-07 at 19:08, Jeremy Lunsford wrote:
> > I hope someone can help, I've been beating my head against this for
> > the last 24hours.
> >
> > I just did a fresh install of Fedora. The install seemed
> to go well,
> > so I started restoring all my files. I checked the new named.conf
> > file and all the header stuff at the top matched up exactly with my
> > old one. (Which was from a RedHat 9 install, so same major
> version of
> > bind) So I copied my named.conf file into /etc. I then
> copied all my
> > zone files into /var/named. (Not replacing the hint file) Then I
> > started bind.. It will resolve other domains with no
> problem, but when
> > I query it about a domain that it is master for it gives me a
> >
> > ** server can't find thedames.com: SERVFAIL
> >
> > In my log file all I get is a lame server error..
> >
> > Mar 7 20:56:24 bender named[22199]: lame server resolving
> > 'thedames.com' (in 'thedames.com'?): 209.75.97.4#53
> >
> > So my server clearly doesn't think that it has info for
> those zones.
> > At first I thought this was a permissions issue. However at this
> > point my named.conf file and all my zone files are 777 with
> an owner
> > of named. So I don't think that is an issue.. I don't get
> any errors
> > when restarting named. It just happily says that its loading
> > named.conf and that everything is great.
> >
> > Mar 7 20:48:55 bender named[22199]: starting BIND 9.2.2-P3 -u
> > named -t /var/named/chroot
> > Mar 7 20:48:55 bender named[22199]: using 1 CPU
> > Mar 7 20:48:55 bender named[22199]: loading configuration from
> > '/etc/named.conf'
> > Mar 7 20:48:55 bender named[22199]: no IPv6 interfaces found
> > Mar 7 20:48:55 bender named[22199]: listening on IPv4 interface
> > lo, 127.0.0.1#53
> > Mar 7 20:48:55 bender named[22199]: listening on IPv4 interface
> > eth0, 209.75.97.2#53
> > Mar 7 20:48:55 bender named[22199]: command channel
> listening on
> > 127.0.0.1#953
> > Mar 7 20:48:55 bender named[22199]: running
> > Mar 7 17:48:55 bender named: named startup succeeded
> >
> >
> > If I run named-checkconf on my named.conf file I get the following:
> >
> > [root at bender etc]# named-checkconf -t /etc/ named.conf
> > named.conf:4: change directory to '/var/named' failed:
> file not found
> > named.conf:4: parsing failed
> >
> > I had my friend run that same command on his server thou,
> and he got
> > the same error. I think I'm running the command wrong.
> >
> > Here is my current named.conf file, and one of my zone files:
> >
> > // generated by named-bootconf.pl
> >
> > options {
> > directory "/var/named";
> > /*
> > * If there is a firewall between you and
> nameservers you want
> > * to talk to, you might need to uncomment the query-source
> > * directive below. Previous versions of BIND always asked
> > * questions using port 53, but BIND 8.1 uses an
> unprivileged
> > * port by default.
> > */
> > // query-source address * port 53;
> > };
> >
> > //
> > // a caching only nameserver config
> > //
> > controls {
> > inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> > };
> > zone "." IN {
> > type hint;
> > file "named.ca";
> > };
> >
> > zone "localhost" IN {
> > type master;
> > file "localhost.zone";
> > allow-update { none; };
> > };
> >
> > zone "0.0.127.in-addr.arpa" IN {
> > type master;
> > file "named.local";
> > allow-update { none; };
> > };
> >
> > include "/etc/rndc.key";
> >
> >
> > zone "vmfaq.com"{
> > type master;
> > file "vmfaq.com";
> > };
> >
> > zone "ethiopianet.net"{
> > type master;
> > file "./ethiopianet.net";
> > };
> >
> > zone "thecryptorium.com"{
> > type master;
> > file "./thecryptorium.com";
> > };
> >
> > zone "monku.org"{
> > type master;
> > file "./monku.org";
> > };
> >
> > zone "thedames.com"{
> > type master;
> > file "thedames.com";
> > };
> >
> > zone "gravelymanor.com"{
> > type master;
> > file "./gravelymanor.com";
> > };
> >
> >
> >
> > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > ; File vmfaq.com
> > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > ; $ORIGIN vmfaq.com
> > ; @ = vmfaq.com
> > ;
> > @ 86400 IN SOA ns1.vmfaq.com. dnsadmin.vmfaq.com. (
> > 200403070 ; Serial number
> > 10800 ; Refresh after 3 hours
> > 3600 ; Retry after 1 hour
> > 604800 ; Expire after 1 week
> > 86400 ) ; Minimum TTL of 1 day
> >
> > 86400 IN NS ns1.vmfaq.com.
> > 86400 IN NS ns1.thoene.net.
> >
> >
> > vmfaq.com. 86400 IN A 209.75.97.2
> > 86400 IN MX 0 mx1.veriomail.com.
> > www 86400 IN A 209.75.97.2
> > bender 86400 IN A 209.75.97.2
> > ns1 86400 IN A 209.75.97.2
> > fonts 86400 IN A 209.75.97.2
> >
> >
> >
> > I found one place that said that I needed to put a $TTL 1D
> at the top
> > of my zones files. I've tried that, no luck.. Plus, the
> zone checker
> > utility says all my zones are ok. Besides my zone files
> having their
> > permissions wide open, so does the actual named directory..
> >
> > If anyone has some suggestions, I'd love to hear them.
> I've never had
> > this kind of problem with DNS before. I've been doing it
> for quite a
> > while and the thing I love about bind is that it always just works.
> > (Except today.)
> >
> > Thanks!!!!
> >
> >
> >
> >
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the fedora-list
mailing list