Need Help with BIND9

G.W. Haywood bind at
Sat Jun 12 12:11:31 UTC 2021

Hi there,

On Sat, 12 Jun 2021, techlists at wrote:

Re: Need Help with BIND9

> ...
> The two domains I am working with on my SOHO home server are 1)
>  and 2)
> I setup first and configured BIND9 for it on the same
> server.
> To try to troubleshoot I configured on the same box,
> however it uses Zoneedit for DNS. works as expected.
> does not work which uses my local BIND9.
> I've tried everything I can think of.  I've tested the config files, run
> dig, and verified port 53 is open.
> I took the zone file for from my VPS that runs Plesk
> and previously hosted  I forgot to change the IP
> addresses in the zone to my SOHO box and the website on my VPS was
> accessible.  When I changed the IP addresses in the zone file to my SOHO
> box the website quit working.
> I assumed this meant I had an Apache issue and that is when I added
> to test Apache.  I've checked apache several times...
> And I just checked it again.....

Your problem statement is extremely vague and it seems to be telling
me that you do not understand how the parts you're working with all
fit together into a functioning whole.  You need to remedy that, or
you'll be flailing around quite unnecessarily in a fog of technical
terms and untested and/or broken configurations.  You might also need
to work on your fault-finding skills, but they might not be the, er,
root of the issue.

Do you have the book "DNS and BIND"?  Old, but still very relevant.

> ...
> If you need any additional information let me know.

There might be loads of it, but for now I think probably your best bet
is to do some reading.  The Web client (browser) needs to request its
configured resolver (*may* be BIND) to supply an IP address which is
associated with a domain name so it can send HTTP requests (packets)
to the Web server (*may* be Apache) at that IP address.  To answer the
queries from the Web client, the resolver needs to make queries of its
own from a name server which *may* also be BIND - not necessarily the
same instance.  In its turn, the resolver has to find IP addresses for
name servers which will answer its queries.  The routes all need to be
set up so *both* that the clients can talk to all the servers at the
IP addresses involved in the conversations *and* that the DNS and Web
servers can reply to the requesting clients.  You can see this happen,
in nauseating detail if required, with a tool like Wireshark.  It's a
good way to watch the traffic flowing (or not flowing, as the case may
be) and I recommend that you spend some quality time doing just that.

Note that the terms 'server' and 'client' can be misleading.  A server
can become a client of another server when it needs information which
it intends to return to a client of its own.  In my little description
above for example, the resolver acts as a server when it serves an IP
address to the browser, but as a client when it asks a name server for
the IP address to serve to the client.  So it's sometimes best to look
at the level of the individual request to decide what is acting as a
server, and what is acting as a client.

I see a nameserver response only for

$ dig | grep ANSWER
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
$ dig +short

I wouldn't run a port scan without your permission, but at the moment
there seems to be no response from to ping and HTTP(S)
(which might mean that you've switched off the box for the night...:)

$ ping
PING ( 56(84) bytes of data.
--- ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 159ms
$ telnet 80
telnet: Unable to connect to remote host: Connection timed out
$ telnet 443
telnet: Unable to connect to remote host: Connection timed out




More information about the bind-users mailing list