Need help with DNS configuration for my domain...

Joseph S D Yao jsdy at center.osis.gov
Tue Dec 27 21:56:57 UTC 2005


On Thu, Dec 15, 2005 at 06:49:07PM -0600, Michael Sullivan wrote:
> I set up my BIND configuration using "DNS and BIND, 4th Edition" from
> O'Reilly.  I'm using bind-bind-9.2.5-r6. I was following the examples in
> Chapter 4, substituting my domain for
> the example one.  However, when I use my new DNS server the only thing
> that works correctly is digging 0.0.127.in-addr.arpa.  Every other query
> gets me either NXDOMAIN or SERVFAIL.  Here's the /etc/hosts file I want
> my DNS config based off of:
> 
> 127.0.0.1   localhost.localdomain localhost
> 192.168.1.4 catherine.espersunited.com catherine
> 192.168.1.3 camille.espersunited.com camille
> 192.168.1.2 bullet.espersunited.com bullet
> 
> 
> Here's /etc/bind/named.conf:
...
> zone "2.1.168.192.in-addr.arpa." in {
>         type master;
>         file "db.2.1.168.192";
>         };


The above is your problem.  The zone name should be
"1.168.192.in-addr.arpa".

File names are conventions - I would call mine "zone.192.168.1" - but
you may want to change the file name to follow your personal convention.


...
> Here's /etc/bind/db.espersunited.com:
> 
> $TTL 3h
> espersunited.com.  IN SOA bullet.espersunited.com.
> michael.bullet.espersunited.com. (
> 
>    1    ;Serial
>    3h   ;Refresh after 3 hours
>    1h   ;Retry after one hour
>    1w   ;Expire after one week
>    1h ) ;Negative caching TTL of 1 hour
> 
> ;Name server(s)
> espersunited.com. IN NS bullet.espersunited.com.
> 
> ;Host addresses
> 
> localhost.espersunited.com.     IN A 127.0.0.1
> bullet.espersunited.com.        IN A 192.168.1.2
> camille.espersunited.com.       IN A 192.168.1.3
> catherine.espersunited.com.     IN A 192.168.1.4
> 
> ;Aliases
> 
> bullet.espersunited.com.        IN CNAME bullet.espersunited.com.
> camille.espersunited.com.       IN CNAME camille.espersunited.com.
> catherine.espersunited.com.     IN CNAME catherine.espersunited.com.

This can be re-written to use defaults:
=======================================================================
$TTL 3h

; I trust the below was a single line ending in '(' in the original.
@  IN SOA bullet.espersunited.com. michael.bullet.espersunited.com. (
   1    ;Serial
   3h   ;Refresh after 3 hours
   1h   ;Retry after one hour
   1w   ;Expire after one week
   1h ) ;Negative caching TTL of 1 hour

;Name server(s)
	IN NS bullet.espersunited.com.

;Host addresses

localhost	IN A	127.0.0.1
bullet		IN A	192.168.1.2
camille		IN A	192.168.1.3
catherine	IN A	192.168.1.4
=======================================================================
Other zone files can be re-written similarly.

The aliases are meaningless, as far as I can tell, because they have the
same name in front and in back.  They are also unacceptable to current
versions of BIND because you can't have the same name to the left of a
CNAME record and also other records (specifically, the A records).

> Here's db.db.2.1.168.192:
...

Well, that's not the name in your "named.conf" file!  Another problem,
or a typo?  ;-)

...
> $TTL 3h
> 2.1.168.192.in-addr.arpa. IN SOA bullet.espersunited.com.
> michael.bullet.espersunited.com. (
> 
>    1    ;Serial
>    3h   ;Refresh after 3 hours
>    1h   ;Retry after one hour
>    1w   ;Expire after one week
>    1h ) ;Negative caching TTL of 1 hour
> 
> ;Name servers
> 2.1.168.192.in-addr.arpa.       IN NS bullet.espersunited.com.
> 
> ;Host addresses
> 
> 2.1.168.192.in-addr.arpa.       IN PTR  bullet.espersunited.com.
> 3.1.168.192.in-addr.arpa.       IN PTR  camille.espersunited.com.
> 4.1.168.192.in-addr.arpa.       IN PTR  catherine.espersunited.com.
> 
> ;Aliases
> 
> bullet.espersunited.com.        IN CNAME bullet.espersunited.com.
> camille.espersunited.com.       IN CNAME camille.espersunited.com.
> catherine.espersunited.com.     IN CNAME catherine.espersunited.com.
...

If you use defaults, you don't have to re-write when you correct the
errors above:
=======================================================================
$TTL 3h

; I trust the below was a single line ending in '(' in the original.
@  IN SOA bullet.espersunited.com.  michael.bullet.espersunited.com. (
   1    ;Serial
   3h   ;Refresh after 3 hours
   1h   ;Retry after one hour
   1w   ;Expire after one week
   1h ) ;Negative caching TTL of 1 hour

;Name servers
	IN NS bullet.espersunited.com.

;Host addresses

2	IN PTR  bullet.espersunited.com.
3	IN PTR  camille.espersunited.com.
4	IN PTR  catherine.espersunited.com.
=======================================================================

The aliases, besides being meaningless and generally unacceptable, are
particularly out of place in reverse DNS zones.  Reverse DNS zones
should consist of an SOA record, an appropriate number of NS records,
and one PTR record for each IP address.  There are uses for TXT records
in reverse DNS zones, as well.  DNSSEC would add a whole extra
dimension, of course.

-- 
Joe Yao
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.



More information about the bind-users mailing list