1

I am trying to set up a chrooted DNS name server in a local LAN like this everyone connected in the LAN can have access to the mass virtual hosts defined for a development ambience without having to edit manually their local /etc/hosts one by one. The mass virtual host is named example.user.dev (VirtualDocumentRoot /home/user/example ) and example.test (DocumentRoot /var/www/example).

I set up everything and the /var/log/syslog doesn't show any error, but when checking the DNS with:

host -v example.test

Doesn't find the host. Also using the dig command I don't receive answer.

dig -x example.test

; <<>> DiG 9.5.1-P3 <<>> -x example
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 600 IN SOA a.root-servers.net. dns-ops.arin.net. 2010042604 1800 900 691200 10800

;; Query time: 108 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Mon Apr 26 11:15:53 2010
;; MSG SIZE rcvd: 107

My configuration is the following:

/etc/bind/named.conf.local

zone "example.test" {

 type master; allow-query { any; }; file "/etc/bind/zones/master_example.test"; notify yes; 

};

zone "1.168.192.in-addr.arpa" {

 type master; allow-query { any; }; file "/etc/bind/zones/master_1.168.192.in-addr.arpa"; notify yes; 

};

/etc/bind/named.conf.options

  • Note: We have an static IP address so I forward the querys to DNS server to said IP address.

options{

 directory "/var/cache/bind"; forwarders { 80.34.100.160; }; auth-nxdomain no; listen-on-v6 { any; }; 

};

/etc/bind/zones/master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA example.test. root.example.test. (

 201004227 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ) ; min 

;

TXT "example.test, DNS service"
@ IN NS example.test.
localhost A 127.0.0.1
example.test. A 192.168.1.52
example A 192.168.1.52
www CNAME example.test.

/etc/hosts

127.0.0.1 localhost example
192.168.1.52 localhost example example.test

/etc/resolv.conf

  • Note: For Bind I just added the 3 last lines.

nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

search example.test
search example
nameserver 192.168.1.52


EDIT

Some major changes. Now I have this configuration:

/etc/resolv.conf

search example.test
search example
nameserver 192.168.1.52

nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

/etc/hosts

127.0.0.1 localhost example example.test 192.168.1.52 dns1.example.test

/etc/bind/named.conf.local

I just commented out the reverse address zone.

/etc/bind/zones/master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (

 2010042214 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min 

IN NS dns1.example.test.
IN NS dns2.example.test.
IN A 192.168.1.52

example IN A 192.168.1.52
dns1 IN A 192.168.1.52
dns2 IN A 192.168.1.52
www CNAME example

And now executing:

dig example.test @192.168.1.52

; <<>> DiG 9.5.1-P3 <<>> example.test @192.168.1.52
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;example.test. IN A

;; ANSWER SECTION:
example.test. 86400 IN A 192.168.1.52

;; AUTHORITY SECTION:
example.test. 86400 IN NS dns1.example.test.
example.test. 86400 IN NS dns2.example.test.

;; ADDITIONAL SECTION:
dns1.example.test. 86400 IN A 192.168.1.52
dns2.example.test. 86400 IN A 192.168.1.52

;; Query time: 1 msec
;; SERVER: 192.168.1.52#53(192.168.1.52)
;; WHEN: Mon Apr 26 12:38:56 2010
;; MSG SIZE rcvd: 118

So, now, which should be my next step forward?


EDIT 2

I left the DNS server resolv.conf like this:

nameserver 192.168.1.52
nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

and added the DNS server addres 192.168.1.52 to any client computer in their resolv.conf

Like this I am able to reach from each computer to http://example.test .

For being able to reach to each individual virtual host of the development ambience should I create a new zone or use a wildcard in the example.test zone I created?


EDIT 3

Finally I left my zones like this. One zone for the test virtual host, and the other one for the mass virtual host for development issues. Everything works as I wanted and with fastness and a good performance. Don't know if there is a better configuration than this for the system I built. Any advise would be taken care of.

master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (

 2010042215 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min 

@ IN NS dns1.example.test.
@ IN NS dns2.example.test.
@ IN A 192.168.1.52
www IN CNAME @

master_dev

$ORIGIN dev.
$TTL 86400
@ IN SOA dev. hostmaster.dev. (

 2010042215 ; serial 21600 ; refresh 3600 ; retry 604800 ; expire 86400 ) ; min 

@ IN NS dev.
@ IN A 192.168.1.52
*.dev. IN A 192.168.1.52

/etc/bind/named.conf.local

zone "example.test" {

 type master; allow-query { any; }; file "/etc/bind/zones/master_example.test"; notify yes; 

};

zone "dev" {

 type master; allow-query { any; }; file "/etc/bind/zones/master_dev"; notify yes; 

};

zone "1.168.192.in-addr.arpa" {

 type master; allow-query { any; }; file "/etc/bind/zones/master_1.168.192.in-addr.arpa"; notify yes; 

};

/etc/bind/named.conf.options

  • Note: We have an static IP address so I forward the querys to DNS server to said IP address. Finally I added to the forwarders the ISP DNS IP in order to not do a bottle-neck in the web traffic, because experimentally I had a high raise in the speed for HTTP connections inside and outside of the local LAN.

options{

 directory "/var/cache/bind"; allow-query { 192.168.1.0/24; localhost;}; allow-recursion { 192.168.1.0/24; localhost;}; forwarders { 80.58.0.33; 80.34.100.160; }; auth-nxdomain no; listen-on-v6 { any; }; 

};

2
  • 'dig -x' does reverse lookups, i.e. from IP address to hostname. When debugging DNS problems I suggest to explicitly specify the DNS server you want to give you the response: 'dig example.test @80.58.0.33' or 'host example.test 80.58.0.33' Commented Apr 26, 2010 at 9:46
  • Thanks for the input. I didn't know that. Did some major changes to the configuration, so I am going to edit all this, because now I get answers. Commented Apr 26, 2010 at 10:31

2 Answers 2

1

Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.

You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.

To see if your BIND is configured correctly, try this:

dig example.test @192.168.1.52 
2
  • You are right. 80.58.0.33 is the ISP DNS. 192.168.1.52 is the IP of our local LAN where I am configuring the BIND DNS namerserver. We have an static IP address that I use to forward the petitions to BIND. Commented Apr 26, 2010 at 10:45
  • Followed your advise and that's how I made work it. Now I need to configure to make it reach to the mass virtual hosts. Commented Apr 26, 2010 at 11:46
1

You can (and should) do the zone much cleaner.

My example assumes service-domain.net is a domain you control, then simply reference it as many times as needed in in named.conf (I use a script that just takes a list of domains like this and creates the config)

Try something like this:

$TTL 86400 @ IN SOA ns.service-domain.net. hostmaster.service-domain.net. ( 201004227 ; serial 28800 ; refresh 14400 ; retry 3600000 ; expire 86400 ) ; min @ IN NS ns1.service-domain.net. @ IN NS ns2.service-domain.net. @ IN A 192.168.1.52 www IN CNAME @ @ IN MX 0 mail.service-domain.net. 

Then reference it like:

zone "example.test" { type master; allow-query { any; }; file "/etc/bind/zones/master_generic_zone"; notify yes; }; zone "sample.com" { type master; allow-query { any; }; file "/etc/bind/zones/master_generic_zone"; notify yes; }; 
5
  • no, don't make 'www' a CNAME alias for @, it should have the same A record in it as the apex. Using a CNAME (incorrectly) causes the NS and SOA records to also exist for 'www'. Commented Apr 26, 2010 at 12:12
  • @Alnitak In practice it doesn't. Commented Apr 27, 2010 at 3:46
  • Testing your zone... it makes DNS to also search in my server the www.service-domain.net address giving a 404 error because I have not set up that alias in the virtual hosts. That's the biggest difference so far I find. I didn't want to have the www.service-domain.com alias active for the DNS to remind to users they are in a local development ambiance and force them to use non-www addresses. The zone reference I have are the same as yours. Is there any DNS performance/usage benefit of using your zone configuration? Commented Apr 27, 2010 at 7:40
  • There might be some performance impact, our larger nameservers have over 15 thousand zones have no real issues loading those, so it's negligable at best. The reason I suggest mine is that way you have one static file for all domains exacept the service domain. Commented Apr 27, 2010 at 13:22
  • yes, it does. If you make 'www' a CNAME for '@' then a query for 'www MX?' or 'www SOA' will return the values from the apex. This could have unintended consequences. Commented Apr 28, 2010 at 12:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.