| View previous topic :: View next topic |
| Author |
Message |
eje211
Tux's lil' helper
Joined: 09 Sep 2004
Posts: 128
Location: London, UK
|
 Posted: Sat Sep 17, 2005 7:02 pm Post subject: My DNS is forgetful with BIND |
 |
|
I have to add domain names to a server, but I'm not too sure how. The server uses BIND 9.
I used to add lines to the zone file, and it worked only for a fez hours. I didn't know about the serial number.
Then I found out about the serial number. I now modify my zone file, increment the serial number, use /etc/init.d/named with the commands "restart" and "reload" (they probably have the same final effect in my case, but I'm desperate) and the problem persists. SOME domain names seem to propagate, some don't. Is there anything I'm missing.
named.conf: | Code: | options {
directory "/etc/bind";
listen-on { any; };
};
zone "example.com" IN {
type master;
file "example.com";
allow-update { none; };
notify no;
}; |
zone file: | Code: | $TTL 1h
example.com. IN SOA name.example.com. (
nospam.example.com ; admin email
2005091702 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS name.example.com.
name.example.com. IN A xxx.xxx.xxx.xxx
name2.example.com. IN A xxx.xxx.xxx.xxx
name3.example.com. IN A xxx.xxx.xxx.xxx
name4.example.com. IN A xxx.xxx.xxx.xxx
name5.example.com. IN A xxx.xxx.xxx.xxx
blah.example.com. IN A xxx.xxx.xxx.xxx
www.blah.example.com. IN CNAME blah.example.com.
thing.example.com. IN A xxx.xxx.xxx.xxx
www.thing.example.com. IN CNAME thing.example.com.
this.example.com. IN A xxx.xxx.xxx.xxx
that.example.com. IN A xxx.xxx.xxx.xxx
example.com. MX 10 mx1.example.com.
exchange.example.com. MX 10 exchange.example.com. |
Am I missing anything? (I didn't set up these files. I'm just trying to update them.) |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Sep 17, 2005 8:33 pm Post subject: |
|
|
1. communication with a running named is done through the rndc program; run
to reload all zone files.
What you're doing stops and then restarts the daemon, which is never a good idea on a live server.
2. to check what exactly it is doing, enable logging of queries through the logging {} directive.
3. how do you mean, "propagate"?
Unless your nameserver is listed as authoritative for the domains (no, you cannot know that simply by running a nameserver) it won't ever be queried.
Also, the timeout values have to be sane for global nameservers to do sane things with your data.
4. How is reverse resolution set up for those IP addresses ?
Quite a lot depends on rDNS mapping to point back to the right hostnames.
My advice ?
Start using dig to investigate the setup of the domain as it appears to the rest of the world; get comfortable with it, because you will need it often.
Dig is part of bind-tools.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
eje211
Tux's lil' helper
Joined: 09 Sep 2004
Posts: 128
Location: London, UK
|
| Posted: Sat Sep 17, 2005 9:02 pm Post subject: |
|
|
I've tried dig. I'm not sure of where to look. The server does work a bit because, again, there are SOME domain names that are available on the Internet. From my home computer, I get:
| Code: | # dig @example.com test.example.com
; <<>> DiG 9.3.1 <<>> @example.com test.example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22350
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;test.example.com. IN A
;; AUTHORITY SECTION:
example.com. 3600 IN SOA ns.example.com. nospam.example.com.example.com. 2005072203 28800 14400 604800 86400
;; Query time: 112 msec
;; SERVER: xxx.xxx.xxx.xxx#xx(xxx.xxx.xxx.xxx)
;; WHEN: Sat Sep 17 21:50:37 2005
;; MSG SIZE rcvd: 90 |
dig returns 2005072203 as the serial number of the zone (I think). But the serial in the zone file is 2005091703. Is that relevant? Shouldn't the number that's returned by dig the same as the zone file's?
I'll start enabling the logging. There is none yet. I'm not the main admin on the server, and it seems stange that they've been running it without logs all of this time. Anyway, if you could tell me if I'm looking in the wrong direction for the serial, it would help.
Thanks. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Sep 17, 2005 9:37 pm Post subject: |
|
|
What you need to start doing is checking several different nameservers for the information - as you can see, there is no such host as test.example.com, so it's a bad choice for testing in the first place.
And yes, the serial should definitely be the latest you have edited - certainly if you query your server directly.
What is it you don't understand about dig ?
The information in the last lines is very important for this kind of testing - it helps nothing at all that you munged the info here.
Among other things, it tells you where this information actually came from.
Start by laying the grondwork for your quest - what do you know ?
Not suppose, or hope, or intuit - but iron-hard know, from dig and whois queries.
If you PM me I'll see to get you started, it's not really that hard.
(although I wouldn't know why you would hide the domain, since it's public in the first place, yes ?)
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
