#1
  1. No Profile Picture
    I FreeBSD therefore I Am
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2002
    Posts
    30
    Rep Power
    13

    DNS is killing me


    hey guys

    Here goes then.
    i've tried everything with no luck whatsoever, there's always something that will not work
    IP's = 8

    Files that were edited/created

    /etc/resolv.conf
    /etc/named.conf
    /var/named/named.ca
    /var/named/localhost.zone
    /var/named/zenodine.net

    resolv.conf

    File created everytime server is booted.
    Contains ISP info.
    Should i add anything else to this file?

    named.conf

    Code:
    // Config file for caching only name server
    
    options {
            directory "/var/named";
    
            // Uncommenting this might help if you have to go through a
            // firewall and things are not working out.  But you probably
            // need to talk to your firewall admin.
    
            // query-source port 53;
    version"";
    auth-nxdomain no;
    recursion no;
    };
    
    zone "." {
            type hint;
            file "named.ca";
    };
    
    zone "0.0.127.in-addr.arpa" {
            type master;
            file "localhost.zone";
    };
    
    zone "zenodine.net" {
            type master;
            notify yes;
            file "zenodine.net";
    };
    named.ca
    Code:
    ; <<>> DiG 9.1.3 <<>> @e.root-servers.net . ns
    ; global options:  printcmd
    ; Got answer:
    ; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51228
    ; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
    
    ; QUESTION SECTION:
    ;   IN NS
    
    ; ANSWER SECTION:
    .   518400 IN NS C.ROOT-SERVERS.NET.
    .   518400 IN NS G.ROOT-SERVERS.NET.
    .   518400 IN NS F.ROOT-SERVERS.NET.
    .   518400 IN NS B.ROOT-SERVERS.NET.
    .   518400 IN NS J.ROOT-SERVERS.NET.
    .   518400 IN NS K.ROOT-SERVERS.NET.
    .   518400 IN NS L.ROOT-SERVERS.NET.
    .   518400 IN NS M.ROOT-SERVERS.NET.
    .   518400 IN NS I.ROOT-SERVERS.NET.
    .   518400 IN NS E.ROOT-SERVERS.NET.
    .   518400 IN NS D.ROOT-SERVERS.NET.
    .   518400 IN NS A.ROOT-SERVERS.NET.
    .   518400 IN NS H.ROOT-SERVERS.NET.
    
    ;; ADDITIONAL SECTION:
    C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
    G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
    F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
    B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.107
    J.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.10
    K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
    L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
    M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
    I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
    E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
    D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
    A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
    H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
    
    ; Query time: 326 msec
    ; SERVER: 192.203.230.10#53(e.root-servers.net)
    ; WHEN: Sat Feb 23 04:52:57 2002
    ; MSG SIZE  rcvd: 436
    localhost.zone
    Code:
    $TTL 3D
    @               IN      SOA     localhost. root.localhost. (
                                    1       ; Serial
                                    8H      ; Refresh
                                    2H      ; Retry
                                    4W      ; Expire
                                    1D)     ; Minimum TTL
                            NS      localhost.
    1                       PTR     localhost.
    zenodine.net
    Code:
    $TTL 86400
    zenodine.net. IN SOA ns1.zenodine.net. webmaster.zenodine.net. (
    2002020501 ; serial
    86400 ; refresh
    1800 ; retry
    604800 ; expire
    86400 ; default_ttl
    )
    zenodine.net. IN NS ns1.zenodine.net.
    zenodine.net. IN NS ns2.zenodine.net.
    ns1.zenodine.net. IN A server-ip-address-1-here
    ns2.zenodine.net. IN A server-ip-address-2-here
    zenodine.net. IN A server-ip-address-1-here
    www.zenodine.net. IN A server-ip-address-1-here
    mail.zenodine.net. IN MX 0 ns2.zenodine.net.
    i've searched at linuxdocs.org, at devshed, at google and still aint working.
    Can anyone enlighten me please?
    TIA
    Last edited by nuno; February 23rd, 2002 at 06:02 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    First off, let's see what root servers say about your NS.

    $ whois zenodine.net
    Code:
      Name Server.......... NS15A.BOCA15-VERIO.COM
      Name Server.......... NS15B.BOCA15-VERIO.COM
    Now let's ask ns15a.boca15-verio.com:

    $ dnsq any zenodine.net ns15a.boca15-verio.com
    Code:
    255 zenodine.net:
    273 bytes, 1+5+2+4 records, response, authoritative, weird ra, noerror
    query: 255 zenodine.net
    answer: zenodine.net 86400 A 208.55.91.110
    answer: zenodine.net 86400 MX 50 mail-fwd.boca15-verio.com
    answer: zenodine.net 86400 NS ns15a.boca15-verio.com
    answer: zenodine.net 86400 NS ns15b.boca15-verio.com
    answer: zenodine.net 86400 SOA feed15.boca15-verio.com hostmaster.boca15-verio.com 2001081315 7200 3600 604800 86400
    authority: zenodine.net 86400 NS ns15a.boca15-verio.com
    authority: zenodine.net 86400 NS ns15b.boca15-verio.com
    additional: mail-fwd.boca15-verio.com 7200 A 208.55.91.60
    additional: mail-fwd.boca15-verio.com 7200 A 208.55.91.61
    additional: ns15a.boca15-verio.com 7200 A 208.55.91.50
    additional: ns15b.boca15-verio.com 7200 A 208.55.91.51
    Oh no, verio.com sucks, because they have misconfigured your zone record. Like I always said, BIND people or the people who run BIND mostly don't have a clue about DNS.
    1) weird ra:
    That means recursion is available with a setting of recursion yes; within the options { in named.conf.
    Doing recursion is just lame, waste of resource, like running open relay SMTP for anyone in the world (including spammers) to use your dns cache. In addition, recursion is highly vulnerable to DoS attack to your DNS.
    2) feed15.boca15-verio.com:
    This field is so-called MNAME and it MUST be your primary DNS's FQDN. That said, it should be ns15a.boca15-verio.com instead.

    Now that you know verio.com sucks so it makes sense to run your own DNS.

    >> IP's = 8

    You mean you have 8 static IPs? What are they?

    >> resolv.conf File created everytime server is booted.

    Because your box is configured to ask a DHCP server. Just set IP manually then you're fine.

    >> version"";
    >> auth-nxdomain no;
    >> recursion no;

    These options are great. Where did you find them? In addition, you should add fetch-glue no; and allow-transfer { ip.of.your.secondary; };

    named.conf, change the following:
    Code:
    zone "0.0.127.in-addr.arpa" {
            type master;
            file "localhost.zone";
    };
    to:
    Code:
    zone "0.0.127.in-addr.arpa" {
            type master;
            file "localhost.zone";
            allow-transfer { none; };
            notify no;  
    };
    localhost.zone file:
    Code:
    $TTL 3D
    0.0.127.in-addr.arpa.	IN	SOA	ns1.zenodine.net.   webmaster.zenodine.net.	(
    				20010507; Serial
    				8H	; Refresh
    				2H	; Retry
    				4W	; Expire
    				3D ); Minimum
    0.0.127.in-addr.arpa.	IN	NS	ns1.zenodine.net.
    0.0.127.in-addr.arpa.	IN	NS	ns2.zenodine.net.
    1.0.0.127.in-addr.arpa.	IN	PTR	localhost.
    zenodine.net file change to:
    Code:
    $TTL 86400
    zenodine.net.	IN	SOA	ns1.zenodine.net.	webmaster.zenodine.net.	(
    	2002022304 ; serial
    	12H ; refresh (setting 24H is way too high)
    	1800 ; retry
    	2W ; expire (don't set 1 week - 604800)
    	1D ); default_ttl (move that closing ) on this line)
    zenodine.net.		IN	NS	ns1.zenodine.net.
    zenodine.net.		IN	NS	ns2.zenodine.net.
    ns1.zenodine.net.	IN	A	server-ip-address-1-here
    ns2.zenodine.net.	IN	A	server-ip-address-2-here
    zenodine.net.		IN	A	server-ip-address-1-here
    localhost.zenodine.net.	  IN	A	127.0.0.1
    www.zenodine.net.	IN	A	server-ip-address-1-here
    zenodine.net.	IN	MX	0	ns2.zenodine.net.
    Your mail.zenodine.net has no A record, you can't do that. mail.zenodine.net also hasn't been delegated to have its own zone.

    With these settings, your DNS is all set. You can contact verio.com and tell them to ***** off and update the new changes. Later on when everything is up and running you should contact verio.com again and ask if they can change the PTR records for your assigned IPs to the appropriate FQDN, so you can have a matching reverse DNS. Like I always said, having a matching reverse DNS is not required, but it makes huge difference if you have them.
    Last edited by freebsd; February 23rd, 2002 at 08:33 AM.
  4. #3
  5. No Profile Picture
    I FreeBSD therefore I Am
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2002
    Posts
    30
    Rep Power
    13
    >> These options are great. Where did you find them?

    from you, i've searched your previous posts here at devshed and followed your instructions.

    >> In addition, you should add fetch-glue no;

    Shell
    # tail -f /var/log/messages

    Code:
    ...remove fetch-glue no
    it's giving an error message about being obsolete

    and yet again freebsd, you have been a gr8 help
    many thx bud
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> from you, i've searched your previous posts

    It's good to hear that you actually searched before posting.

    >> it's giving an error message about being obsolete

    Because that option was based on BIND 8.X. So BIND in 9.X finally aware that fetch-glue is bad.

    BTW, in your previous post you said it didn't work. Please be more specific if you need hlep on that. Also, don't expect your authoritative DNS servers to be authoritative for your domain until it's really transferred from verio.com to you. In the meantime, you should not start BIND on boot, just use your ISP's caching nameservers. Once you verified that it's been transferred then you may run it at anytime.
    And don't forget, ditch BIND in 2 or 3 months and migrate to djbdns.
  8. #5
  9. No Profile Picture
    I FreeBSD therefore I Am
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2002
    Posts
    30
    Rep Power
    13
    i'm having a really bad time with register.com, u see.
    zenodine.com registrar was register.com
    zenodine.net was verio and zenodine.org was tera-byte.
    Guess what, since they require email confirmation to change DNS, and by accident i've changed IP's i no longer have access to webmaster@register.com.
    I already contacted support with no answers.
    http://mail.zenodine.com is gone now, i guess.
    Do i have to ask them to change DNS or should i do it manually?Will they charge me?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Guess what, register.com has been known for being the worst registrar for many many years. They only care about new customers and existing customers who are about to renew with them. Nameserver change? They don't care. You will need to send them at least 10 emails and wait for about 3 months for them to act to just make a very little change to your zone record. So the fastest way is to change registrar like godaddy.com so you don't have to fill out forms yourself.
  12. #7
  13. No Profile Picture
    I FreeBSD therefore I Am
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2002
    Posts
    30
    Rep Power
    13
    >> So the fastest way is to change registrar like godaddy.com so you don't have to fill out forms yourself.

    done
    register.com is gone

IMN logo majestic logo threadwatch logo seochat tools logo