CentOS BIND DNS Troubleshooting

bindcentosdomain-name-system

I'm trying to setup my first BIND9 DNS server for a small local network and can't seem to get it working. I want to create a 'local' domain of max.app

As far as I can tell named is running, but it doesn't seem to be serving my domain records?

service named start

Returns OK, and the demon is running on boot.

If I try and ping mac1 I get: unknown host mac1

If I try and ping mac1.max.app I get: unknown host mac1

When I try nslookup I get:

nslookup max.app
Server: 8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   max.app
Address: 67.192.47.244

As you can see I'm not serving records from my local bind service (192.168.100.10)

My /etc/resolv.conf file looks like this:

# Generated by NetworkManager
search max.app
nameserver 192.168.100.10
nameserver 8.8.8.8
nameserver 8.8.4.4

My /etc/named.conf file looks like this:

acl local-network { 192.168.100.0/24;  }; 

options {
    listen-on port 53 { 127.0.0.1; 192.168.100.10; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { local-network;  };
    recursion yes;

    query-source address * port 53;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


zone "max.app" IN {   
    type master;   
    file "max.app.zone";   
    allow-update { none; }; 
};

zone "100.168.192.in-addr.arpa" IN {
    type master;   
    file "max.app.rr.zone";   
    allow-update { none; }; 
};

My /var/named/max.app.zone file looks like this:

$ORIGIN max.app. 
$TTL 86400 
@   IN  SOA dns1.max.app.   email.gmail.com. (
            2001062501 ; serial                     
            21600      ; refresh after 6 hours                     
            3600       ; retry after 1 hour                     
            604800     ; expire after 1 week                     
            86400 )    ; minimum TTL of 1 day  


    IN  NS  dns1.max.app.   

dns1    IN  A   192.168.100.10
CentOS1 IN  A   192.168.100.15
CentOS2 IN  A   192.168.100.25

mac1    IN  A   192.168.100.50
mac2    IN  A   192.168.100.55
mac3    IN  A   192.168.100.60

www     IN  CNAME   CentOS1

My /var/named/max.app.rr.zone file looks like this:

$ORIGIN 100.168.192.in-addr.arpa. 
$TTL 86400 
@   IN  SOA dns1.max.app.   email.gmail.com. (
            2001062501 ; serial                     
            21600      ; refresh after 6 hours                     
            3600       ; retry after 1 hour                     
            604800     ; expire after 1 week                     
            86400 )    ; minimum TTL of 1 day           

    IN  NS  dns1.max.app.

10  IN  PTR dns1.max.app.
15  IN  PTR CentOS1.max.app.
20  IN  PTR CentOS2.max.app.

50  IN  PTR mac1.max.app.
55  IN  PTR mac1.max.app.
60  IN  PTR mac1.max.app.

Service named status returns:

version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1
CPUs found: 2
worker threads: 2
number of zones: 15
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  1121) is running.

This "number of zones: 15" seems a bit odd? When I only have 1 zone defined in named.conf

UPDATE 7/14 5:45PM CST

Ok I've followed the suggestions below but things still don't seem to want to work.

Added to /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT

dig @192.168.100.10 mac1.max.app a returns:

; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.100.10 mac1.max.app a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48036
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;mac1.max.app.      IN  A

;; ANSWER SECTION:
mac1.max.app.   86400   IN  A   192.168.100.15

;; AUTHORITY SECTION:
max.app.        86400   IN  NS  dns1.max.app.

;; ADDITIONAL SECTION:
dns1.max.app.       86400   IN  A   192.168.100.10

;; Query time: 8 msec
;; SERVER: 192.168.100.10#53(192.168.100.10)
;; WHEN: Thu Jul 14 17:30:53 2011
;; MSG SIZE  rcvd: 85

dig @192.168.100.10 mac1.max.app ns returns

; <<>> DiG 9.6.0-APPLE-P2 <<>> @192.168.100.10 mac1.max.app ns ; (1
server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<-
opcode: QUERY, status: NOERROR, id: 28099 ;; flags: qr aa rd ra;
QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;mac1.max.app. IN NS

;; AUTHORITY SECTION: max.app. 86400 IN SOA dns1.max.app.
email.gmail.com. 2001062501 21600 3600 604800 86400

;; Query time: 8 msec ;; SERVER: 192.168.100.10#53(192.168.100.10) ;;
WHEN: Thu Jul 14 17:18:23 2011 ;; MSG SIZE rcvd: 94

nslookup show that named is listing on port 53

tcp   0   0 dns1:53                    *:*   LISTEN   2880/named
tcp   0   0 localhost.localdomain:53   *:*   LISTEN   2880/named

Best Answer

Some suggestions:

Remove the two google nameservers from your resolv.conf. Your nameserver is failing, but you're not getting much useful information because nslookup is falling through to the next nameserver.

Use dig instead if nslookup. The status response from dig is helpful in troubleshooting.

dig @192.168.100.10 mac1.max.app. a
dig @192.168.100.10 max.app. ns

Make sure you check your logs to see if your zone is actually loading.

Check netstat to make sure named is listening on port 53 of the appropriate interface.

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.

You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.

To see if your BIND is configured correctly, try this:

dig example.test @192.168.1.52

Wildcard DNS with BIND

Your origin for the zone is . per your configuration. You are creating records for ns1. and ns2. instead of ns1.example.com. and ns2.example.com. Since ns1.example.com and ns2.example.com aren't defined, they are matched by the wildcard.

EDIT: here's an edit of your config and zone:

zone "example.com." {
        type master;
        file "ext.zone";
};

ext.zone:

$TTL    3600
@       IN      SOA     ns1 root (
                              1         ; Serial
                         3600         ; Refresh
                          300         ; Retry
                         3600         ; Expire
                         300 )        ; Negative Cache TTL


        IN      NS      ns1
        IN      NS      ns2
        IN      A       192.0.2.6


ns1     IN      A       192.0.2.4
ns2     IN      A       192.0.2.5

*      IN      A       192.0.2.6

Everything in the zone is relative to the zone name in the named configuration, so adding a second zone just points to the same file:

zone "example.net." {
    type master;
    file "ext.zone";
};

Best Answer

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Wildcard DNS with BIND

Related Topic