i want to configure dns for domain bazim.ir with bind;
this is my /etc/named.conf
file:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "bazim.ir" {
type master;
file "bazim.ir";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
and this my zone file in /var/named/bazim.ir
:
$ttl 38400
bazim.ir. IN SOA bazim.ir admin.bazim.ir.(
2; Serial
10800; Refresh
3600; Retry
604800; Expire
38400; minimum TTL)
bazim.ir. IN A 87.236.213.231
www.bazim.ir. IN A 87.236.213.231
mail.bazim.ir. IN A 87.236.213.231
ftp.bazim.ir. IN A 87.236.213.231
ns1.bazim.ir. IN A 87.236.213.231
ns2.bazim.ir. IN A 87.236.213.231
bazim.ir. IN NS ns1.bazim.ir.
bazim.ir. IN NS ns2.bazim.ir.
bazim.ir IN MX 10 mail.bazim.ir.
when i start the named.service i get this error log:
Jul 23 12:51:19 bazim.ir bash[19430]: _default/bazim.ir/IN: extra input text
Jul 23 12:51:19 bazim.ir bash[19430]: zone localhost.localdomain/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone localhost/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6...ial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 0.in-addr.arpa/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir systemd[1]: named.service: control process exited, code=exited status=1
Jul 23 12:51:19 bazim.ir systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Jul 23 12:51:19 bazim.ir systemd[1]: Unit named.service entered failed state.
Jul 23 12:51:19 bazim.ir systemd[1]: named.service failed.
and i don't understand the _default/bazim.ir/IN: extra input text
error.
what this error mean?
Best Answer
named-checkzone
should tell you what is wrong in your zonefile. It is not wrong per se but would definitively not give you the results you want, in the last line, you are missing a dot afterbazir.ir
for the MX record.Your error is probably in the SOA record. You put the end, aka
)
, after the semicolon that starts a comment. Hence the parser does not find the end of your SOA record rendering your whole zone invalid.