configure BIND DNS on debian

Posted on

configure BIND DNS on debian – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, domain-name-system, debian, bind, .

I’m trying to configure configure BIND for use on my local Debian machine, which I will use as a development and testing environment.

First of all, I’m using Debian 6.x [Squeeze] and BIND 9. BIND server was set up automatically during the installation of the Debian.

For the purpose of this question, let’s say I want to create a domain called example.com that I will be able to access from the same machine on which BIND is running, and my local network.

Here is what I have done so far:

In /etc/bind named.conf.local (which is included in name.conf) I put the following:

zone "cms1.com" {
    type master;
    file "/etc/bind/db.example.com";
};

In /etc/bind/db.example.com I put the following:

$TTL    3600
@   IN  SOA example.com. admin.example.com. (
            2011101601  ; Serial
            3600        ; Refresh 1h
            60      ; Retry 1m
            86400       ; Expire 1d
            600 )       ; Negative Cache TTL 1h
;
@   IN  NS  localhost.

;
example.com.    IN CNAME localhost.
example.com.    IN A 127.0.0.1

Notice that I am setting the nameserver as localhost. I don’t know if this is right or wrong.

Then I added the appropriate virtual host directives to Apache and restarted BIND using the command /etc/init.d/bind9 restart.

However, when I ping or browse to example.com I access the example.com on the internet, and not the one on my machine.

What am I doing wrong?


To take AlexD’s advice, I added nameserver 127.0.0.1 before all other directives in /etc/resolv.conf shown here:

# Generated by NetworkManager
nameserver 127.0.0.1
domain cm.flowja.com
search cm.flowja.com
nameserver 65.183.0.76
nameserver 65.183.0.86

The other directives were automatically generated by Debian.

Here is the response after I edited resolve.conf and restarted BIND.

; <<>> DiG 9.7.3 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60115
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.           IN  A

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Oct 16 16:06:29 2011
;; MSG SIZE  rcvd: 29

Now it seems to that adding the nameserver 127.0.0.1 directive to resolv.conf actually caused example.com to resolve to my BIND server, but something is still going wrong.

Ideas?

Solution :

Your original config:

$TTL    3600
@   IN  SOA example.com. admin.example.com. (
            2011101601  ; Serial
            3600        ; Refresh 1h
            60      ; Retry 1m
            86400       ; Expire 1d
            600 )       ; Negative Cache TTL 1h
;
@   IN  NS  localhost.

;
example.com.    IN CNAME localhost.
example.com.    IN A 127.0.0.1

should be changed to this:

$TTL    3600
@   IN  SOA example.com. admin.example.com. (
            2011101801  ; Serial
            3600        ; Refresh 1h
            60      ; Retry 1m
            86400       ; Expire 1d
            600 )       ; Negative Cache TTL 1h
;
@   IN  NS  ns1.example.com.

;
example.com.        IN A 127.0.0.1
ns1.example.com.    IN A 127.0.0.1
www.example.com.    IN CNAME example.com.

(did you notice that I also changed the serial? for every change you make on the config you need to alter the Serial. It’s format is YEARMMDD and a two digit ID starting at 01 which you need to +1 every time you make a change. So for example if you made a second change on the config today, you should change it to 2011101802, on a third change it should be 2011101803, or if you would make a change tomorrow it should be 2011101901 etc. this is very important!)

Also make sure that on your webserver you have a virtual host configured as example.com

Check that your /etc/resolv.conf points to your local BIND and has nameserver 127.0.0.1 entry first. If you are using debian with Gnome then Network Manager might overwrite resolv.conf. One solution for this is just to add the nameserver to Network Manager through the GUI, but make sure that it is first in the list.

Check that your /etc/resolv.conf points to your local BIND and has nameserver 127.0.0.1 entry first. You local network clients should also be configured to use your local BIND to resolve domain names if you want to be able to use your example.com domain.

To check if your BIND handles example.com correctly execute dig @127.0.0.1 example.com. To check default resolver specified in /etc/resolv.conf execute dig example.com

The following command might help

Check the zones specified.

named-checkconf -z

Dump the parsed configuration and paginate it so you can verify it.

named-checkconf -p | less

Check your zone file

named-checkzone example.com /etc/bind/db.example.com

Also check the log messages generates when you restart bind. They should tell you what is and isn’t being loaded. On Debian/Ubuntu these will be logged to /var/log/daemon.log.

You should be able to use reload rather than restart to load your changes.

Besides dig you can use the host command to resolve names.

host -a example.com localhost

I added nameserver 127.0.0.1 as the first nameserver in the resolv.conf file.

I also commented out example.com. IN A 127.0.0.1 in the zone file /etc/bind/db.example.com, because I would not be using IP based nameservers.

After this I ran named-checkzone example.com /etc/bind/db.example.com I got the following results:

dns_master_load: /etc/bind/db.example.com:12: example.com: CNAME and other data
dns_master_load: /etc/bind/db.example.com:12: example.com: CNAME and other data
zone example.com/IN: loading from master file /etc/bind/db.example.com failed: CNAME and other data
zone example.com/IN: not loaded due to errors.

This indicates that there is an error on line 12, which has the CNAME record: example.com. IN CNAME localhost.. I changed the line to www.example.com. IN CNAME localhost. by adding the ‘www.’ before ‘example.com’ then the zone file got loaded successfully. This is what is displayed when I run named-checkzone example.com /etc/bind/db.example.com again:

zone example.com/IN: loaded serial 2011101601
OK

And if I run dig example.com it successfully finds the zone file. Here is the result:

; <<>> DiG 9.7.3 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51336
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.           IN  A

;; AUTHORITY SECTION:
example.com.        600 IN  SOA example.com. admin.example.com. 2011101601 3600 60 86400 600

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 17 02:17:49 2011
;; MSG SIZE  rcvd: 71

I can now access the website by using ‘www.example.com’. However it doesn’t work if I leave out the ‘www.’ – this is a separate but related issue. If you can guide me on how to make it work without the ‘www.’ please leave a comment.

Thanks for all the help.

Leave a Reply

Your email address will not be published. Required fields are marked *