Bind Help or Tutorial
I was wondering if someone could help me with setting up bind or has a tutorial which would be simple enough for me to understand while thorough enough to accomplish what I need.
Anyways, here's what I'd like to do. Let's say I have a domain called mydomain.com. I'd like to setup ns1.mydomain.com and ns2.mydomain.com to point to my linode so that I could setup every domain at godaddy that I host to use those as name servers.
I already have bind installed and running. I even setup a fake mydomain.com domain name so that I can test it and it works, I guess. Here's what I get:
[/var/named]# dig @localhost mydomain.com
; <<>> DiG 9.2.4 <<>> @localhost mydomain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20998
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomain.com. IN A
;; AUTHORITY SECTION:
mydomain.com. 86400 IN SOA ns1.mydomain.com. postmaster.mydomain.com. 2001031102 10800 3600 604800 86400
;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu Dec 29 14:18:55 2005
;; MSG SIZE rcvd: 81
But I have no idea if this is correct and then how to register ns1.mydomain.com as a name server to point to my linode.
Any help would be appreciated.
LEC
21 Replies
LEC
You'll need two IP addresses for your ns1 and ns2. The global standard is to require that domains have nameservers with 2 IPs.
You'll need to register your nameservers with godaddy first, it's buried somewhere in your domain options for mydomain.com in your example. Then you can assign your ns1.mydomain.com and ns2.mydomain.com servers to any specific domains in your account.
Problem:
I own ausinvestor.com. I purchase two extra IPs 70.85.16.70 & 70.85.16.71 from linode for the nameservers. I want to set up BIND (the named daemon) on my linode for this domain.
Answer:
1. We register ausinvestor.com with godaddy. We then have to "register" the nameservers with the root nameservers. Luckily godaddy has an interface for this (with MelbourneIT for example you have to phone them up to do this)
Select ausinvestor.com in the godaddy control panel
Go to Nameservers Summary, set up NS1.AUSINVESTOR.COM and NS2.AUSINVESTOR.COM
Go to Domain Host Summary, set up IP 70.85.16.70 for NS1.AUSINVESTOR.COM and 70.85.16.71 for NS2.AUSINVESOT.COM
Your Godaddy summary should look like this:
Status: Active (LOCKED) Unlock Domain
Registration Type: Public Add Privacy
Registered Date: 10/14/2005
Expiration Date: 10/14/2006 Renew Now
Auto-Renew: Off Change Settings
Website Hosted Here: No
Auth Info Code: (sent by email) Send Email
...
Nameservers Summary
NS1.AUSINVESTOR.COM
NS2.AUSINVESTOR.COM
Last Updated: 10/15/2005
Click here to see details or to modify.
Forwarding
Email Summary
Domain Host Summary
NS1.AUSINVESTOR.COM
70.85.16.70
NS2.AUSINVESTOR.COM
70.85.16.71
Click here to see details or to modify.
2. At bootup:
# We pay linode for two extra IPs for out name servers
# Assign then to eth0
ifconfig eth0:1 70.85.16.70 netmask 255.255.255.0 up
ifconfig eth0:2 70.85.16.71 netmask 255.255.255.0 up
#start BIND
named
3. The main BIND control file:
/etc/named.conf:
// look in /var/named for zone files
options {
directory "/var/named";
};
//my logging
logging {
category "default" { "debug"; };
category "general" { "debug"; };
category "database" { "debug"; };
category "security" { "debug"; };
category "config" { "debug"; };
category "resolver" { "debug"; };
category "xfer-in" { "debug"; };
category "xfer-out" { "debug"; };
category "notify" { "debug"; };
category "client" { "debug"; };
category "unmatched" { "debug"; };
category "network" { "debug"; };
category "update" { "debug"; };
category "queries" { "debug"; };
category "dispatch" { "debug"; };
category "dnssec" { "debug"; };
category "lame-servers" { "debug"; };
channel "debug" {
file "/tmp/nameddbg" versions 2 size 1m;
print-time yes;
print-category yes;
};
};
//
// The full zone file
//
// This resolves to /var/named/ausinvestor.com
zone "ausinvestor.com" {
type master;
file "ausinvestor.com";}
;
4. Ausinvetor.com zone file. Have ausinvestor resolve to my linode IP 64.5.53.79. (Note eth0 now has 64.5.53.79, 70.85.16.70, 70.85.16.71, latter latter two are for DNS only).
We specified before that the zone files would be in /var/named.
/var/named/ausinvestor.com:
$TTL 28880
@ IN SOA ns1.ausinvestor.com. root.ausinvestor.com. (
2005120801 ; serial, todays date + todays serial #
28880 ; refresh, seconds
120 ; retry, seconds
1209600 ; expire, seconds
28880 ) ; minimum, seconds
NS ns1.ausinvestor.com.
NS ns2.ausinvestor.com.
MX 10 mail.ausinvestor.com. ; Primary Mail Exchanger
TXT "ausinvestor.com"
ausinvestor.com. IN A 64.5.53.79
www.ausinvestor.com. IN A 64.5.53.79
mail.ausinvestor.com. IN A 64.5.53.79
5. Wait a few hours for DNS propagation. Use DNSReport to see if it works:
6. In the zone file, there is a BIG difference between ausinvestor.com and ausinvestor.com. The trailing period denotes a root zone.
* * At godaddy, I had to setup the ns IPs in the Domain Host Summary first, then go to Nameservers Summary
* I ordered 1 additional IP and then it told me that's all I get. (I could get more through a ticket) So, I setup ns1 to point to my Linode and ns2 to point to my new IP. I hope it's ok.
* I wasn't sure where to put that code to setup my new IP so I put it in /etc/rc.local. It seems to be working fine.
* I added two lines for the ns1 and ns2 subdomains in the zone file to get rid of that warning on that testing page. They look like this:
````
ns1.ausinvestor.com IN A 70.85.16.70
ns2.ausinvestor.com IN A 70.85.16.71
````</list>
I only have one more question. Could you please show me an example of a zone file for another domain on my server? Let's say I setup anotherdomain.com on godaddy to use ns1.ausinvestor.com and ns2.ausinvestor.com. How would I setup a zone file for that?
Thanks,
LEC
Thank you again for your help.
LEC
If both IPs are on the same Linode, or in the same data center, you'll be screwed if your Linode, data center, or data center/local Linode networking ever goes down.
Far better to get a secondary nameservice from somewhere off-site. Can set one up as a trade (you do secondary NS for someone, someone does secondary NS for you) or buy secondary NS service from a place like ultradns for USD $5-10/month.
The real value of secondary nameservice is when your main nameserver is either down or unreachable.
saying this, i dont run my name servers on my linode just yet, cause im not 100% sure about some things i like doing, and another linode user offered to be a backup mx for me, so my mail seems to be safe most of the time….
cheers
NF
Working DNS somewhere will at least allow mail destined to you to be queued instead of a hard bounce to sender.
Without ANY available nameservers, you're more likely to encounter lost mail or bounce-back-to-sender, because sites on the net will not know about your secondary MX host.
With even one DNS nameserver not affected and a completely down Linode, sites on the net will likely just queue the mail messages destined for you and hold on to them until you're back up. Or they just mail it to a secondary MX.
@tronic:
Working DNS somewhere will at least allow mail destined to you to be queued instead of a hard bounce to sender.
Mail should not be bounced if there is no mail server there - email has always been store-and-forward.
And having name servers on the same machine as your linode is no disadvantage compared to having them externally hosted.
LEC
@lec:
I only have one more question. Could you please show me an example of a zone file for another domain on my server? Let's say I setup anotherdomain.com on godaddy to use ns1.ausinvestor.com and ns2.ausinvestor.com. How would I setup a zone file for that?
/var/named/example.com (the "new domain" you'd set up) might look like this:
$TTL 28880
@ IN SOA ns1.ausinvestor.com. root.example.com. (
2006010300 ; serial, todays date + todays serial #
28880 ; refresh, seconds
120 ; retry, seconds
1209600 ; expire, seconds
28880 ) ; minimum, seconds
NS ns1.ausinvestor.com.
NS ns2.ausinvestor.com.
MX 10 mail.example.com. ; Primary Mail Exchanger
IN A 64.5.53.80
www IN A 64.5.53.80
mail IN A 64.5.53.80
Also, add to /var/named/named.conf:
zone "example.com" {
type master;
file "example.com";}
;
Then reload named. It may vary depending on your OS distribution, but the official BIND 9 way of doing this without stopping/restarting named is to do:
# rndc reconfig
'reconfig' tells named to look for any changed stuff and load it. Or you can force it to reload everything, changed or not, with 'rndc reload' instead.
Don't forget to set up the GoDaddy stuff for it, too.
OK, now I really only have one more problem. I think.
demo IN A 70.85.16.76
But this doesn't work. Do I need to setup a separate zone file for it? If yes, what would I put in there?
Thanks,
LEC
Can you post the complete zone file contents of that domain and the entry for it in named.conf, please? Also, what are the IPs of ns1 and ns2.ausinvestor.com?
(My guess is you have a syntax error somewhere that is preventing the zone from loading, and/or missing A or NS entries.)
But if you can post (or private message me) the IPs and the zone file, I can help you on the spot.
zone "lecws.com"
{
type master;
file "lecws.com";
allow-update { none; };
};
and here's my lecws.com zone file:
; /var/named/lecws.com
;
; This line must be at the beginning of the file, it indicates that
; the name server being master for all the following addresses
;
$TTL 86400 ; Default TTL in secs(1 day)
@ IN SOA ns1.lecws.com. root.lecws.com. (
2005123001 ; Serial number yyyymmddvv
10800 ; Refresh (3, was 8 hours)
120 ; Retry (1, was 2 hours)
604800 ; Expire (7 days)
86400 ; Minimum (1 day)
)
;
; Descriptions of name servers for this domain
NS ns1.lecws.com.
NS ns2.lecws.com.
MX 10 mail.lecws.com. ; Primary Mail Exchanger
TXT "lecws.com"
;SPF Record
lecws.com. IN TXT "v=spf1 a mx ptr ~all"
mail.lecws.com. IN TXT "v=spf1 a -all"
;
lecws.com. IN A 70.85.16.76
www.lecws.com. IN A 70.85.16.76
mail.lecws.com. IN A 70.85.16.76
ns1.lecws.com. IN A 70.85.16.76
ns2.lecws.com. IN A 70.85.31.212
;
;subdomains
demo IN A 70.85.16.76
webmail IN A 70.85.16.76
;
;eof
I also tried the following but didn't work either:
demo.lecws.com. IN A 70.85.16.76
webmail.lecws.com. IN A 70.85.16.76
Appreciate your help.
LEC
$ dig @70.85.16.76 lecws.com axfr
[...]
demo.lecws.com.lecws.com. 86400 IN A 70.85.16.76
webmail.lecws.com.lecws.com. 86400 IN A 70.85.16.76
[...]
That generally means you either have a missing or extraneous period in one of the hostnames specifications somewhere. Usually something like:
demo.lecws.com IN A 70.85.16.76
being the error, causing it to tack on the domain name at the end to make it become demo.lecws.com.lecws.com. IN A 70.85.16.76.
In the zone file, it needs to be either demo IN A … or demo.lecws.com. IN A …
But what you've posted and tried (both forms) looks absolutely correct. Hmm. Perhaps had it wrong with an earlier test and it stuck in cached memory?
Try this: set the serial number to 2006010700 then do 'rndc reload', and mention it's been done, here.
$ dig @70.85.16.76 lecws.com axfr
; <<>> DiG 9.2.5 <<>> @70.85.16.76 lecws.com axfr
; (1 server found)
;; global options: printcmd
lecws.com. 86400 IN SOA ns1.lecws.com. root.lecws.com. 2005123001 10800 120 604800 86400
If need be, stop named completely then start it up, after making sure the new serial number is indeed in the zone file.
I wanted to rule out cached stuff from a possible earlier goof, which is why we're doing the serial number update thing. If it still looks odd even after the serial number update, there is an additional trick to try. But, first things first.
Sounds like a possible syntax error somewhere in the zone file causing named to refuse to load the zone.
Check your log files for any messages from named.
If you have a webserver, could you post the contents of named.conf and lecws.com zone file? Or send them to me in private message?
Running a nameserver is normally not this hard.