Need help with making myself top level domain

I am going crazy trying to figure out how to make the DNS server on our isolated network work.

I am trying to make my own domain called avengers.comic, with the machine running bind being captainamerica.avengers.comic as well as ns1.avengers.comic and ns2.avengers.comic.

I have attached all of the related files.

Please help.



I'm stumped.


David Kopp

Sounds like you need to create the "avengers.comic" zone in named.conf and the appropriate information in the zone file. This is done exactly the same way as normal domains. So what's the problem?

The problem is that I don't know how to do it. Here is my named.conf:

# Try yet again

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; } ;
};

include "/etc/named.custom";

include "/etc/rndc.key";

options {
directory "/var/named";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};

zone "0.16.172.in-addr.arpa" {
type master;
file "0.16.172.in-addr.arpa.zone";
};

zone "." {
type master;
file "root.zone";
};

zone "comic." {
type master;
file "comic.zone";
};

zone "avengers.comic." {
type master;
file "avengers.comic.zone";
};


And here is avengers.comic.zone:

$TTL 864000
avengers.comic. IN SOA avengers.comic. steve.avengers.comic. (
2004020501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum

; Name Servers

avengers.comic. IN NS ns1.avengers.comic.
avengers.comic. IN NS ns2.avengers.comic.

; Mail server for domain
avengers.comic. IN MX 10 captainamerica.avengers.comic.

; Public servers
ns1.avengers.comic. IN A 172.16.89.1
ns2.avengers.comic. IN A 172.16.89.1
captainamerica.avengers.comic. IN A 172.16.89.1


The statis IP address of the server machine is 172.16.89.1

I'm just so confused....

David

remove the following zone. It's redundant. Either put everything in the comic zone or the avengers.comic zone.

zone "comic." {
type master;
file "comic.zone";
};

OK, I removed the comic zone. This is what I now have.

named.conf:

# Try yet again

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; } ;
};

include "/etc/named.custom";

include "/etc/rndc.key";

options {
directory "/var/named";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};

zone "0.16.172.in-addr.arpa" {
type master;
file "0.16.172.in-addr.arpa.zone";
};

zone "." {
type master;
file "root.zone";
};

zone "avengers.comic." {
type master;
file "avengers.comic.zone";
};


root.zone:

$TTL 864000
. IN SOA . steve. (
20040205 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum


; Name Servers

. IN NS ns1.
. IN NS ns2.

; Public servers
ns1. IN A 172.16.89.1
ns2. IN A 172.16.89.1


avengers.comic.zone:

$TTL 864000
avengers.comic. IN SOA avengers.comic. steve.avengers.comic. (
2004020501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum

; Name Servers

avengers.comic. IN NS ns1.avengers.comic.
avengers.comic. IN NS ns2.avengers.comic.

; Mail server for domain
avengers.comic. IN MX 10 captainamerica.avengers.comic.

; Public servers
ns1.avengers.comic. IN A 172.16.89.1
ns2.avengers.comic. IN A 172.16.89.1
captainamerica.avengers.comic. IN A 172.16.89.1

0.0.127.in-addr-arpa.zone:

$TTL 864000
@ IN SOA localhost. steve.localhost. (
2003040701 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum



@ IN NS localhost.

1 IN PTR localhost.


0.16.172.in-addr.arpa.zone:

$TTL 864000
@ IN SOA ns1.avengers.comic. steve.avengers.comic. (
2003040701 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400) ; Minimum



@ IN NS ns1.avengers.comic.
@ IN NS ns2.avengers.comic.

250 IN PTR captainamerica.avengers.comic.


I can restart BIND by invoking:

/etc/init.d/named restart

BIND says it starts and stops OK.

I then go to another maching on the network and type:

dig ns1.avengers.comic

Dig says no servers could be reached.

I also tried:

dig

Dig again said no servers could be reached. So, I tried

dig @172.16.89.1

Dig again said no servers could be reached.

What am I missing?

BTW, thanks for all of your help so far.

David

I want the exactly pasted response from these commands at the server:

First stop the server. Then do this:

named -u named -g

Then start the server and do this:

dig @172.16.89.1 avengers.comic any

Well, that worked. Here is what I got:

[koppdk@scarletwitch koppdk]$ dig @172.16.89.1 avengers.comic any

; <<>> DiG 9.2.2-P3 <<>> @172.16.89.1 avengers.comic any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27374
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3

;; QUESTION SECTION:
;avengers.comic. IN ANY

;; ANSWER SECTION:
avengers.comic. 864000 IN SOA avengers.comic. steve.avengers.comic. 2004020501 28800 14400 3600000 86400
avengers.comic. 864000 IN NS ns2.avengers.comic.
avengers.comic. 864000 IN NS ns1.avengers.comic.
avengers.comic. 864000 IN MX 10 captainamerica.avengers.comic.

;; ADDITIONAL SECTION:
ns1.avengers.comic. 864000 IN A 172.16.89.1
ns2.avengers.comic. 864000 IN A 172.16.89.1
captainamerica.avengers.comic. 864000 IN A 172.16.89.1

;; Query time: 16 msec
;; SERVER: 172.16.89.1#53(172.16.89.1)
;; WHEN: Mon Feb 9 08:18:11 2004
;; MSG SIZE rcvd: 189

So, I took a look at the /etc/init.d/named script. It turns out that they were running:

named -u named -t /var/named/chroot

For some reason this won't work. I even changed the owner on /var/named/chroot and all of its children to named. Still no joy.

So, I removed the -t option from the script, and now everything works fine.

Thank you, thank you, thank you.

SilentRage, you truly ARE a DNS/BIND Guru.

Thanks again,

David Kopp

The -t option helps make your server more secure. It sticks your BIND process under a new root so that if a new exploit is found for BIND and you are compromised you aren't giving anybody any love. It's an added line of defense, but completely optional.