topic Re: BIND 9 on temp box in Operating System - Linux

BIND 9 on temp box

rmueller58 — Mon, 04 Dec 2006 17:09:49 GMT

All,

Our 9.2.1 Bind box is going south, and we need to put a temporary in place..

I've installed Fedora on a temporary box, laid the existing named root zone files into the /var/named/chroot/etc including our old named.conf

Get some funky errors about bad owner name (check-names) in /var/log/messages and can't query against new instance of DNS.. Any insight appreciated..

Rex M - unix engineer ESU3 LaVista NE

Re: BIND 9 on temp box

Stuart Browne — Mon, 04 Dec 2006 18:18:10 GMT

Ok.

Make sure that 'named' owns all of '/var/named/chroot/*'.

Make sure that '/etc/named.conf' is a symlink to '/var/named/chroot/etc/named.conf'.

Make sure that all your master directories are there in '/var/named/chroot/'.

Make sure that bind is started as a chroot ('/etc/sysconfig/named' has 'ROOTDIR=/var/named/chroot' in it).

If you've got all of this, then paste us your 'named.conf' and show us the errors that show up in '/var/log/messages'.

Re: BIND 9 on temp box

George Liu_4 — Tue, 05 Dec 2006 09:50:29 GMT

are you running named in chroot? Check the configuration file in /etc/sysconfig/named

Re: BIND 9 on temp box

rmueller58 — Tue, 05 Dec 2006 09:58:41 GMT

I am running the new rev in /var/named/chroot

I did a

chown -R root:named /var/named/chroot

I've modified the named.conf and added the lines:
allow-query { any; };
check-names master ignore;

stopped and restarted the daemon,

getting DNS replys now, Still getting

primary/:22: no TTL specified; using SOA MINTTL instead

I believe our zone files have the following entry,

@ IN SOA ns1.ourdomain.org. dns.ns1.ourdomain.org. (
200611150 ; Serial
43200 ; Refresh - 12 hours
1800 ; Retry - 1 minute
604800 ; Expire - 2 weeks
86400) ; Minimum - 12 hours

Been reading we need a
$TTL 86400 directive.

Does this look copacetic?

Re: BIND 9 on temp box

Stuart Browne — Tue, 05 Dec 2006 17:15:35 GMT

Yeah, throw a '$TTL ' in at the top, and that'll get rid of that warning.

Other than that, the minimum TTL's look a bit big. This an internal or public domain?

Re: BIND 9 on temp box

rmueller58 — Tue, 05 Dec 2006 18:06:07 GMT

Stuart,

We host multiple domains for school districts. Some of the servers within each domain are public / parent access while other parts are restricted access. So we have a mixed bag o' bs. We are putting the temp server in place on Friday and I will rebuild our primary next week with FC6 and BIND 9.3.2xx.. I hope to fix most of the zone records prior to bringing the primary back online.

DNS is not a high priority as long as it is working but heaven forbid some of the local admins take two second to add the secondary into the search :( Many people with static IP's only have the one DNS entry. If they are served DHCP they get the secondary. So now we have to fight the outage battles. grrrr. Needless to say, I hope my manager reinterates in the district advisory meetings where the tech people meet from each school that they "NEED" to add the secondary to their workstation configs..