I am quite newcomer to BIND and am trying to understand why is my environment not working.
I have 3 DNS servers, ns1.ixlabs.net, ns2.ixlabs.net and ns1.plesk.ixlabs.net.
ns1 and ns2 on ixlabs, are master and slave servers for the ixlabs.net domain.
ns1.plesk.ixlabs.net is the master server for the subdomain plesk.ixlabs.net
This is just an experiment to try to understand how work BIND and DNS and it seems quite simple, but it doesn't work.
When i query dig @ns1.ixlabs.net test1.plesk.ixlabs.net it should run the delegation and ask ns1.plesk.ixlabs.net and retrieve me the ip address associated with the host test1.plesk.ixlabs.net
dig @ns1.plesk.ixlabs.net test1.plesk.ixlabs.net tell me that he can not found ns1.plesk.ixlabs.net
dig @212.129.38.246 (ip address ns1.plesk.ixlabs.net) test1.plesk.ixlabs.net retrieve me the correct info about the host test1.plesk.ixlabs.net
So, what it's happening?
Attached the config files from both of them. Of course they don't have firewalls between them.
$ORIGIN .
$TTL 86400 ; 1 day
ixlabs.net IN SOA ns1.ixlabs.net. postmaster.ixlabs.net. (
2014091004 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
1209600 ; expire (2 weeks)
86400 ; minimum (1 day)
)
NS ns1.ixlabs.net.
NS ns2.ixlabs.net.
A 212.83.168.145
MX 10 mail.ixlabs.net.
TXT "v=spf1 mx ptr ip4:212.83.168.145 mx:mail.ixlabs.net -all"
SPF "v=spf1 mx ptr ip4:212.83.168.145 mx:mail.ixlabs.net -all"
$ORIGIN ixlabs.net.
billing IN CNAME ixlabsco.roninapp.com.
helpdesk IN CNAME ixlabs.net.
ixsrv01 IN A 212.83.168.145
mail IN A 212.83.168.145
$TTL 60 ; 1 minute
niber IN A 91.66.225.104
$TTL 86400 ; 1 day
node01 IN A 62.210.75.148
ns1 IN A 212.83.168.145
ns2 IN A 204.145.72.174
plesk IN A 212.129.38.246
$ORIGIN plesk.ixlabs.net.
plesk.ixlabs.net. IN NS ns1.plesk.ixlabs.net.
ns1.plesk.ixlabs.net. IN A 212.129.38.246
$ORIGIN ixlabs.net.
www IN CNAME ixlabs.net.
zpanel IN CNAME ixlabs.net.
named.conf.option ns1.ixlabs.net
acl goodclients {
212.129.38.246;
212.83.168.145;
localhost;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
listen-on port 53 { any; };
allow-query { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
dnssec-enable yes;
allow-query {
trusted;
};
recursion yes;
allow-recursion {
trusted;
};
forwarders {
trusted;
8.8.8.8;
8.8.4.4;
};
dnssec-validation yes;
dnssec-lookaside auto;
/* fixes 100% cpu usage */
managed-keys-directory "/var/named/dynamic";
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
include "/etc/bind/zones.rfc1918";
include "/etc/zpanel/configs/bind/etc/named.conf";
include "/etc/zpanel/configs/bind/etc/log.conf";
named.conf.local ns1.ixlabs.net
zone "ixlabs.net" IN {
type master;
file "/etc/zpanel/configs/bind/zones/ixlabs.net.txt";
allow-transfer { any; };
allow-update { key update_key; };
};
named.conf.local ns1.plesk.ixlabs.net
zone "plesk.ixlabs.net" {
type master;
file "/etc/bind/zones/plesk.ixlabs.net.zone";
allow-query { any; };
};
zone plesk.ixlabs.net
; BIND db file for plesk.ixlabs.net
$TTL 86400
@ IN SOA ns1.plesk.ixlabs.net. postmaster.ixlabs.net. (
2014090132 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.plesk.ixlabs.net.
NS ns2.plesk.ixlabs.net.
MX 10 mail.ixlabs.net.
$ORIGIN plesk.ixlabs.net.
test1 IN A 12.34.56.78
test3 IN A 11.33.55.77
test4 IN A 22.44.66.88
ns1.plesk.ixlabs.net. IN A 212.129.38.246
ns2.plesk.ixlabs.net. IN A 212.129.38.247
named.conf.option ns1.plesk.ixlabs.net
options {
directory "/var/cache/bind";
pid-file "/var/run/named/named.pid";
listen-on-v6 { none; };
listen-on { any; };
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
/* Use the cache for the "trusted" ACL. */
/* Only trusted addresses are allowed to use recursion. */
/* Zone tranfers are denied by default. */
/* Don't allow updates, e.g. via nsupdate. */
allow-update {
none;
};
allow-query {
212.83.168.145;
};
recursion yes;
allow-recursion {
212.83.168.145;
};
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
forwarders {
212.83.168.145;
8.8.8.8;
8.8.4.4;
};
};
Edited: Due to comment 1, i changed the ns1.ixlabs.net zone. and ran a named-checkconf -zj with this result:
zone 10.in-addr.arpa/IN: loaded serial 1
zone 16.172.in-addr.arpa/IN: loaded serial 1
zone 17.172.in-addr.arpa/IN: loaded serial 1
zone 18.172.in-addr.arpa/IN: loaded serial 1
zone 19.172.in-addr.arpa/IN: loaded serial 1
zone 20.172.in-addr.arpa/IN: loaded serial 1
zone 21.172.in-addr.arpa/IN: loaded serial 1
zone 22.172.in-addr.arpa/IN: loaded serial 1
zone 23.172.in-addr.arpa/IN: loaded serial 1
zone 24.172.in-addr.arpa/IN: loaded serial 1
zone 25.172.in-addr.arpa/IN: loaded serial 1
zone 26.172.in-addr.arpa/IN: loaded serial 1
zone 27.172.in-addr.arpa/IN: loaded serial 1
zone 28.172.in-addr.arpa/IN: loaded serial 1
zone 29.172.in-addr.arpa/IN: loaded serial 1
zone 30.172.in-addr.arpa/IN: loaded serial 1
zone 31.172.in-addr.arpa/IN: loaded serial 1
zone 168.192.in-addr.arpa/IN: loaded serial 1
zone ixlabs.net/IN: loaded serial 2014091004
But still not working, ping to test1.plesk.ixlabs.net doesn't resolve neither ping to ns1.plesk.ixlabs.net
I am really totally lost.
Best Answer
The zone you have delegated is named
ns1.plesk.ixlabs.net.
, notplesk.ixlabs.net.
and it is delegated tons1.plesk.ixlabs.net.ixlabs.net.
which does not appear to exist. I believenamed-checkconf -zj
should reflect the problem of the unresolvable name.I assume that instead of
you meant