HPE Community
Operating System - Linux
1826400 Members
4262 Online
109692 Solutions
New Discussion

BIND 9 on temp box

 
SOLVED
Go to solution
rmueller58
Valued Contributor

‎12-04-2006 09:09 AM

‎12-04-2006 09:09 AM

BIND 9 on temp box

All,

Our 9.2.1 Bind box is going south, and we need to put a temporary in place..

I've installed Fedora on a temporary box, laid the existing named root zone files into the /var/named/chroot/etc including our old named.conf

Get some funky errors about bad owner name (check-names) in /var/log/messages and can't query against new instance of DNS.. Any insight appreciated..

Rex M - unix engineer ESU3 LaVista NE
0 Kudos
Reply
5 REPLIES 5
Stuart Browne
Honored Contributor

‎12-04-2006 10:18 AM

‎12-04-2006 10:18 AM

Solution

Re: BIND 9 on temp box

Ok.

Make sure that 'named' owns all of '/var/named/chroot/*'.

Make sure that '/etc/named.conf' is a symlink to '/var/named/chroot/etc/named.conf'.

Make sure that all your master directories are there in '/var/named/chroot/'.

Make sure that bind is started as a chroot ('/etc/sysconfig/named' has 'ROOTDIR=/var/named/chroot' in it).

If you've got all of this, then paste us your 'named.conf' and show us the errors that show up in '/var/log/messages'.
One long-haired git at your service...
Reply
George Liu_4
Trusted Contributor

‎12-05-2006 01:50 AM

‎12-05-2006 01:50 AM

Re: BIND 9 on temp box

are you running named in chroot? Check the configuration file in /etc/sysconfig/named
0 Kudos
Reply
rmueller58
Valued Contributor

‎12-05-2006 01:58 AM

‎12-05-2006 01:58 AM

Re: BIND 9 on temp box

I am running the new rev in /var/named/chroot

I did a

chown -R root:named /var/named/chroot

I've modified the named.conf and added the lines:
allow-query { any; };
check-names master ignore;

stopped and restarted the daemon,

getting DNS replys now, Still getting

primary/:22: no TTL specified; using SOA MINTTL instead

I believe our zone files have the following entry,

@ IN SOA ns1.ourdomain.org. dns.ns1.ourdomain.org. (
200611150 ; Serial
43200 ; Refresh - 12 hours
1800 ; Retry - 1 minute
604800 ; Expire - 2 weeks
86400) ; Minimum - 12 hours


Been reading we need a
$TTL 86400 directive.

Does this look copacetic?

0 Kudos
Reply
Stuart Browne
Honored Contributor

‎12-05-2006 09:15 AM

‎12-05-2006 09:15 AM

Re: BIND 9 on temp box

Yeah, throw a '$TTL ' in at the top, and that'll get rid of that warning.

Other than that, the minimum TTL's look a bit big. This an internal or public domain?
One long-haired git at your service...
Reply
rmueller58
Valued Contributor

‎12-05-2006 10:06 AM

‎12-05-2006 10:06 AM

Re: BIND 9 on temp box

Stuart,

We host multiple domains for school districts. Some of the servers within each domain are public / parent access while other parts are restricted access. So we have a mixed bag o' bs. We are putting the temp server in place on Friday and I will rebuild our primary next week with FC6 and BIND 9.3.2xx.. I hope to fix most of the zone records prior to bringing the primary back online.

DNS is not a high priority as long as it is working but heaven forbid some of the local admins take two second to add the secondary into the search :( Many people with static IP's only have the one DNS entry. If they are served DHCP they get the secondary. So now we have to fight the outage battles. grrrr. Needless to say, I hope my manager reinterates in the district advisory meetings where the tech people meet from each school that they "NEED" to add the secondary to their workstation configs..

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.