New install, having bind issues
Jeremy Lunsford
jlunsford at verio.net
Mon Mar 8 03:59:51 UTC 2004
Good points.. Now I can go beat my head against something more fun,
like MySQL.. ;)
Thanks thrice!
> -----Original Message-----
> From: fedora-list-admin at redhat.com
> [mailto:fedora-list-admin at redhat.com] On Behalf Of Matt Harris
> Sent: Sunday, March 07, 2004 7:44 PM
> To: fedora-list at redhat.com
> Subject: RE: New install, having bind issues
>
>
> > May the almighty Fred, god of computers, bless you and your
> > keyboard!!!
> >
> > Had to do about 5 minutes of looking up this whole chroot
> jail thingy,
> > but once it clicked my dns came up no problem.. It explained a lot
> > too.. Like why test entries that I put into the
> locahost.zone didn't
> > come up, and why when I purposely put errors in named.conf that it
> > didn't barf on me.. (It wasn't looking at those!! Genious!! hehee)
> >
> > Seriously, thanks for the heads up...
> >
> > One follow-up question. Now that I've jack around with my
> permissions
> > on all of these, any suggestions on ownership/permission
> settings for
> > the various files and directories under /var/named??
>
> The only files that really matter are files that have your
> shared secrets in them (named.conf and any include files you
> may use...especially rndc.key). Those shouldn't be
> world-readable. Any user can infer the contents of the zone
> files simply by performing lookups on them, so it's okay if
> they're world-readable. As long as joe luser can't write to
> anything in that jail and can't read the .key files (and any
> files with keys in them, say for dynamic updates), you should be fine.
>
> > Thanks Again!!!
> >
> > > -----Original Message-----
> > > From: fedora-list-admin at redhat.com
> > > [mailto:fedora-list-admin at redhat.com] On Behalf Of Matt Harris
> > > Sent: Sunday, March 07, 2004 6:31 PM
> > > To: fedora-list at redhat.com
> > > Subject: Re: New install, having bind issues
> > >
> > >
> > > By default, fedora runs named in a chroot jail.
> > > Consequently, all the config files and such are kept in
> > > /var/named/chroot/whatever. If the copy of named.conf you
> > > are editing isn't in /var/named/chroot/etc, then named won't
> > > ever even see that you want it to serve that domain. All of
> > > your zone files must be in /var/named/chroot/var/named.
> > >
> > > I beat my head against that for quite some time too. Hope this
> > > helps.
> > >
> > > On Sun, 2004-03-07 at 19:08, Jeremy Lunsford wrote:
> > > > I hope someone can help, I've been beating my head against this
> > > > for
> > > > the last 24hours.
> > > >
> > > > I just did a fresh install of Fedora. The install seemed
> > > to go well,
> > > > so I started restoring all my files. I checked the new
> named.conf
> > > > file and all the header stuff at the top matched up
> exactly with my
> > > > old one. (Which was from a RedHat 9 install, so same major
> > > version of
> > > > bind) So I copied my named.conf file into /etc. I then
> > > copied all my
> > > > zone files into /var/named. (Not replacing the hint
> file) Then I
> > > > started bind.. It will resolve other domains with no
> > > problem, but when
> > > > I query it about a domain that it is master for it gives me a
> > > >
> > > > ** server can't find thedames.com: SERVFAIL
> > > >
> > > > In my log file all I get is a lame server error..
> > > >
> > > > Mar 7 20:56:24 bender named[22199]: lame server resolving
> > > > 'thedames.com' (in 'thedames.com'?): 209.75.97.4#53
> > > >
> > > > So my server clearly doesn't think that it has info for
> > > those zones.
> > > > At first I thought this was a permissions issue.
> However at this
> > > > point my named.conf file and all my zone files are 777 with
> > > an owner
> > > > of named. So I don't think that is an issue.. I don't get
> > > any errors
> > > > when restarting named. It just happily says that its loading
> > > > named.conf and that everything is great.
> > > >
> > > > Mar 7 20:48:55 bender named[22199]: starting BIND
> 9.2.2-P3 -u
> > > > named -t /var/named/chroot
> > > > Mar 7 20:48:55 bender named[22199]: using 1 CPU
> > > > Mar 7 20:48:55 bender named[22199]: loading
> configuration from
> > > > '/etc/named.conf'
> > > > Mar 7 20:48:55 bender named[22199]: no IPv6 interfaces found
> > > > Mar 7 20:48:55 bender named[22199]: listening on
> IPv4 interface
> > > > lo, 127.0.0.1#53
> > > > Mar 7 20:48:55 bender named[22199]: listening on
> IPv4 interface
> > > > eth0, 209.75.97.2#53
> > > > Mar 7 20:48:55 bender named[22199]: command channel
> > > listening on
> > > > 127.0.0.1#953
> > > > Mar 7 20:48:55 bender named[22199]: running
> > > > Mar 7 17:48:55 bender named: named startup succeeded
> > > >
> > > >
> > > > If I run named-checkconf on my named.conf file I get the
> > > > following:
> > > >
> > > > [root at bender etc]# named-checkconf -t /etc/ named.conf
> > > > named.conf:4: change directory to '/var/named' failed:
> > > file not found
> > > > named.conf:4: parsing failed
> > > >
> > > > I had my friend run that same command on his server thou,
> > > and he got
> > > > the same error. I think I'm running the command wrong.
> > > >
> > > > Here is my current named.conf file, and one of my zone files:
> > > >
> > > > // generated by named-bootconf.pl
> > > >
> > > > options {
> > > > directory "/var/named";
> > > > /*
> > > > * If there is a firewall between you and
> > > nameservers you want
> > > > * to talk to, you might need to uncomment the
> query-source
> > > > * directive below. Previous versions of BIND
> always asked
> > > > * questions using port 53, but BIND 8.1 uses an
> > > unprivileged
> > > > * port by default.
> > > > */
> > > > // query-source address * port 53;
> > > > };
> > > >
> > > > //
> > > > // a caching only nameserver config
> > > > //
> > > > controls {
> > > > inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> > > > };
> > > > zone "." IN {
> > > > type hint;
> > > > file "named.ca";
> > > > };
> > > >
> > > > zone "localhost" IN {
> > > > type master;
> > > > file "localhost.zone";
> > > > allow-update { none; };
> > > > };
> > > >
> > > > zone "0.0.127.in-addr.arpa" IN {
> > > > type master;
> > > > file "named.local";
> > > > allow-update { none; };
> > > > };
> > > >
> > > > include "/etc/rndc.key";
> > > >
> > > >
> > > > zone "vmfaq.com"{
> > > > type master;
> > > > file "vmfaq.com";
> > > > };
> > > >
> > > > zone "ethiopianet.net"{
> > > > type master;
> > > > file "./ethiopianet.net";
> > > > };
> > > >
> > > > zone "thecryptorium.com"{
> > > > type master;
> > > > file "./thecryptorium.com";
> > > > };
> > > >
> > > > zone "monku.org"{
> > > > type master;
> > > > file "./monku.org";
> > > > };
> > > >
> > > > zone "thedames.com"{
> > > > type master;
> > > > file "thedames.com";
> > > > };
> > > >
> > > > zone "gravelymanor.com"{
> > > > type master;
> > > > file "./gravelymanor.com";
> > > > };
> > > >
> > > >
> > > >
> > > > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > > > ; File vmfaq.com
> > > > ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> > > > ; $ORIGIN vmfaq.com
> > > > ; @ = vmfaq.com
> > > > ;
> > > > @ 86400 IN SOA ns1.vmfaq.com.
> dnsadmin.vmfaq.com. (
> > > > 200403070 ; Serial number
> > > > 10800 ; Refresh after 3 hours
> > > > 3600 ; Retry after 1 hour
> > > > 604800 ; Expire after 1 week
> > > > 86400 ) ; Minimum TTL of 1 day
> > > >
> > > > 86400 IN NS ns1.vmfaq.com.
> > > > 86400 IN NS ns1.thoene.net.
> > > >
> > > >
> > > > vmfaq.com. 86400 IN A 209.75.97.2
> > > > 86400 IN MX 0 mx1.veriomail.com.
> > > > www 86400 IN A 209.75.97.2
> > > > bender 86400 IN A 209.75.97.2
> > > > ns1 86400 IN A 209.75.97.2
> > > > fonts 86400 IN A 209.75.97.2
> > > >
> > > >
> > > >
> > > > I found one place that said that I needed to put a $TTL 1D
> > > at the top
> > > > of my zones files. I've tried that, no luck.. Plus, the
> > > zone checker
> > > > utility says all my zones are ok. Besides my zone files
> > > having their
> > > > permissions wide open, so does the actual named directory..
> > > >
> > > > If anyone has some suggestions, I'd love to hear them.
> > > I've never had
> > > > this kind of problem with DNS before. I've been doing it
> > > for quite a
> > > > while and the thing I love about bind is that it always just
> > > > works.
> > > > (Except today.)
> > > >
> > > > Thanks!!!!
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > fedora-list mailing list
> > > fedora-list at redhat.com
> > > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> > >
> >
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
More information about the users
mailing list