New install, having bind issues

Jeremy Lunsford jlunsford at verio.net
Mon Mar 8 03:26:54 UTC 2004 

May the almighty Fred, god of computers, bless you and your keyboard!!!

Had to do about 5 minutes of looking up this whole chroot jail thingy,
but once it clicked my dns came up no problem..  It explained a lot
too..  Like why test entries that I put into the locahost.zone didn't
come up, and why when I purposely put errors in named.conf that it
didn't barf on me..  (It wasn't looking at those!! Genious!!  hehee)

Seriously, thanks for the heads up...

One follow-up question.  Now that I've jack around with my permissions
on all of these, any suggestions on ownership/permission settings for
the various files and directories under /var/named??

Thanks Again!!!

> -----Original Message-----
> From: fedora-list-admin at redhat.com 
> [mailto:fedora-list-admin at redhat.com] On Behalf Of Matt Harris
> Sent: Sunday, March 07, 2004 6:31 PM
> To: fedora-list at redhat.com
> Subject: Re: New install, having bind issues
> 
> 
> By default, fedora runs named in a chroot jail.  
> Consequently, all the config files and such are kept in 
> /var/named/chroot/whatever.  If the copy of named.conf you 
> are editing isn't in /var/named/chroot/etc, then named won't 
> ever even see that you want it to serve that domain.  All of 
> your zone files must be in /var/named/chroot/var/named.
> 
> I beat my head against that for quite some time too.  Hope this helps.
> 
> On Sun, 2004-03-07 at 19:08, Jeremy Lunsford wrote:
> > I hope someone can help, I've been beating my head against this for 
> > the last 24hours.
> > 
> > I just did a fresh install of Fedora.  The install seemed 
> to go well, 
> > so I started restoring all my files.  I checked the new named.conf 
> > file and all the header stuff at the top matched up exactly with my 
> > old one. (Which was from a RedHat 9 install, so same major 
> version of 
> > bind)  So I copied my named.conf file into /etc.  I then 
> copied all my 
> > zone files into /var/named.  (Not replacing the hint file)  Then I 
> > started bind.. It will resolve other domains with no 
> problem, but when 
> > I query it about a domain that it is master for it gives me a
> > 
> >    ** server can't find thedames.com: SERVFAIL
> > 
> > In my log file all I get is a lame server error..
> > 
> >    Mar  7 20:56:24 bender named[22199]: lame server resolving 
> > 'thedames.com' (in 'thedames.com'?): 209.75.97.4#53
> > 
> > So my server clearly doesn't think that it has info for 
> those zones.  
> > At first I thought this was a permissions issue.  However at this 
> > point my named.conf file and all my zone files are 777 with 
> an owner 
> > of named. So I don't think that is an issue..  I don't get 
> any errors 
> > when restarting named.  It just happily says that its loading 
> > named.conf and that everything is great.
> > 
> >    Mar  7 20:48:55 bender named[22199]: starting BIND 9.2.2-P3 -u 
> > named -t /var/named/chroot
> >    Mar  7 20:48:55 bender named[22199]: using 1 CPU
> >    Mar  7 20:48:55 bender named[22199]: loading configuration from 
> > '/etc/named.conf'
> >    Mar  7 20:48:55 bender named[22199]: no IPv6 interfaces found
> >    Mar  7 20:48:55 bender named[22199]: listening on IPv4 interface 
> > lo, 127.0.0.1#53
> >    Mar  7 20:48:55 bender named[22199]: listening on IPv4 interface 
> > eth0, 209.75.97.2#53
> >    Mar  7 20:48:55 bender named[22199]: command channel 
> listening on 
> > 127.0.0.1#953
> >    Mar  7 20:48:55 bender named[22199]: running
> >    Mar  7 17:48:55 bender named: named startup succeeded
> > 
> > 
> > If I run named-checkconf on my named.conf file I get the following:
> > 
> >    [root at bender etc]# named-checkconf -t /etc/ named.conf
> >    named.conf:4: change directory to '/var/named' failed: 
> file not found
> >    named.conf:4: parsing failed
> > 
> > I had my friend run that same command on his server thou, 
> and he got 
> > the same error.  I think I'm running the command wrong.
> > 
> > Here is my current named.conf file, and one of my zone files:
> > 
> > // generated by named-bootconf.pl
> > 
> > options {
> >         directory "/var/named";
> >         /*
> >          * If there is a firewall between you and 
> nameservers you want
> >          * to talk to, you might need to uncomment the query-source
> >          * directive below.  Previous versions of BIND always asked
> >          * questions using port 53, but BIND 8.1 uses an 
> unprivileged
> >          * port by default.
> >          */
> >         // query-source address * port 53;
> > };
> > 
> > //
> > // a caching only nameserver config
> > // 
> > controls {
> >         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> > };
> > zone "." IN {
> >         type hint;
> >         file "named.ca";
> > };
> > 
> > zone "localhost" IN {
> >         type master;
> >         file "localhost.zone";
> >         allow-update { none; };
> > };
> > 
> > zone "0.0.127.in-addr.arpa" IN {
> >         type master;
> >         file "named.local";
> >         allow-update { none; };
> > };
> > 
> > include "/etc/rndc.key";
> > 
> > 
> > zone "vmfaq.com"{
> >         type master;
> >         file "vmfaq.com";
> > };
> > 
> > zone "ethiopianet.net"{
> >         type master;
> >         file "./ethiopianet.net";
> > };
> > 
> > zone "thecryptorium.com"{
> >         type master;
> >         file "./thecryptorium.com";
> > };
> > 
> > zone "monku.org"{
> >         type master;
> >         file "./monku.org";
> > };
> > 
> > zone "thedames.com"{
> >         type master;
> >         file "thedames.com";
> > };
> > 
> > zone "gravelymanor.com"{
> >         type master;
> >         file "./gravelymanor.com";
> > };
> > 
> > 
> > 
> > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > ; File vmfaq.com 
> > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > ; $ORIGIN vmfaq.com
> > ; @ = vmfaq.com
> > ;
> > @ 86400      IN      SOA     ns1.vmfaq.com. dnsadmin.vmfaq.com. (
> >  200403070      ; Serial number
> >      10800      ; Refresh after 3 hours
> >       3600      ; Retry after 1 hour
> >     604800      ; Expire after 1 week
> >      86400 )    ; Minimum TTL of 1 day
> > 
> >       86400                  IN NS   ns1.vmfaq.com.
> >           86400              IN NS   ns1.thoene.net.
> > 
> > 
> > vmfaq.com. 86400                IN A    209.75.97.2
> >                 86400           IN MX 0 mx1.veriomail.com.
> > www         86400            IN A    209.75.97.2
> > bender 86400                    IN A    209.75.97.2
> > ns1             86400           IN A    209.75.97.2
> > fonts 86400                     IN A    209.75.97.2
> > 
> > 
> > 
> > I found one place that said that I needed to put a $TTL 1D 
> at the top 
> > of my zones files.  I've tried that, no luck..  Plus, the 
> zone checker 
> > utility says all my zones are ok.  Besides my zone files 
> having their 
> > permissions wide open, so does the actual named directory..
> > 
> > If anyone has some suggestions, I'd love to hear them.  
> I've never had 
> > this kind of problem with DNS before.  I've been doing it 
> for quite a 
> > while and the thing I love about bind is that it always just works. 
> > (Except today.)
> > 
> > Thanks!!!!
> > 
> > 
> > 
> > 
> 
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the fedora-list mailing list