Vps – What am I doing wrong with bind9

binddns-zonedomain-name-systemvps

I am trying to bind a domain name to a vps but I am failing..

I get this when I dig:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> ns1.example.com @61.15.2.95
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49520
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ns1.example.com.           IN  A

;; ANSWER SECTION:
ns1.example.com.        604800  IN  A   61.15.2.95

;; AUTHORITY SECTION:
example.com.        604800  IN  NS  ns2.example.com.
example.com.        604800  IN  NS  ns1.example.com.

;; ADDITIONAL SECTION:
ns2.example.com.        604800  IN  A   178.159.2.95

;; Query time: 314 msec
;; SERVER: 178.159.2.95#53(178.159.2.95)
;; WHEN: Sat Apr 15 14:26:22 +04 2017
;; MSG SIZE  rcvd: 106

Problem
;; WARNING: recursion requested but not available
since it is just a warning I tried to register it at quickhostuk but I got this error at dns management:

Failed to Modify Domain Nameservers: Nameserver not found at registry

here is what I did..

say, my vps IP is: 61.15.2.95
domain name: example.com
name servers:

ns1.example.com=>61.15.2.95
ns2.example.com =>61.15.2.95

1.I installed bind9.

2.I created a zone in named.conf.local

zone "example.com" {
        type master;
        file "/etc/bind/db.example.com";
};

3. I created a db file for db.example.com

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns1.example.com. root.ns1.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                        604800 )       ; Negative Cache TTL
;
@                IN      NS      ns1.example.com.
@                IN      NS      ns2.example.com.
@                IN      A       61.15.2.95
ns1              IN      A       61.15.2.95
ns2              IN      A       61.15.2.95

4.I modified named.conf.options and I added my vps ip to forwarders, I also tried google's 8.8.8.8 and 8.8.4.4

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
                61.15.2.95;
        };


        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

How should I correctly put it all together to make it work?

Best Answer

;; WARNING: recursion requested but not available is actually a good sign when running an authoritative server, it is not supposed to provide recursion.
Instead of changing anything on the server side, you can simply add +norec to the dig command line to not request recursion and the warning will go away.

For an authoritative server you also do not need forwarders. You may actually want to go one step further and specify recursion no to be really sure you do not accidentally provide recursion access.

Regarding the problem, where you get the message Failed to Modify Domain Nameservers: Nameserver not found at registry in your interactions with your registrar I would guess that this has to do with the specific process of changing nameservers with this registrar.
As your nameserver names are inside your own zone, you will need glue records. I'm guessing that adding the necessary information for these glue records may be a separate step that you need to complete first.

Your question also suggests that you are using the same IP address for "two" nameservers. This sounds like a way to trick the enforcement of what is actually very sound policy of having some redundancy in place.

Finally, I will note that if you do not know how to run a nameserver and your end goal is something else altogether (running some other services), you are very likely better off using some established and properly managed dns hosting solution rather than setting up your own infrastructure for this.

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.

You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.

To see if your BIND is configured correctly, try this:

dig example.test @192.168.1.52

Wildcard DNS with BIND

Your origin for the zone is . per your configuration. You are creating records for ns1. and ns2. instead of ns1.example.com. and ns2.example.com. Since ns1.example.com and ns2.example.com aren't defined, they are matched by the wildcard.

EDIT: here's an edit of your config and zone:

zone "example.com." {
        type master;
        file "ext.zone";
};

ext.zone:

$TTL    3600
@       IN      SOA     ns1 root (
                              1         ; Serial
                         3600         ; Refresh
                          300         ; Retry
                         3600         ; Expire
                         300 )        ; Negative Cache TTL


        IN      NS      ns1
        IN      NS      ns2
        IN      A       192.0.2.6


ns1     IN      A       192.0.2.4
ns2     IN      A       192.0.2.5

*      IN      A       192.0.2.6

Everything in the zone is relative to the zone name in the named configuration, so adding a second zone just points to the same file:

zone "example.net." {
    type master;
    file "ext.zone";
};

Best Answer

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Wildcard DNS with BIND

Related Topic