• Important: We recently upgraded our forum software - please let us know if you run into any issues.

Bind DNS Server

Dan W

New Member
Hi all, I am new to this forum and relatively new to linux. I have recently acquainted myself with Ubuntu and Debian and find them fascinating, as I have been using Windows most my life.

I have installed Ubuntu Server and been able to successfully complete a couple of tasks such as setting up a PXE, Print and DNS server. My current struggle has been with setting up Bind DNS server. I have followed the instructions on https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-18-04 to set up a primary DNS server, yet when I assign this Bind DNS server as the DNS server for one of my virtual PCs running the Ubuntu OS, the NS lookups are not successful (its reports server can't find "so-and-so" SERVFAIL). Yet, when I specify my DNS server in the NS lookup it works fine. For instance if I type "nslookup ubuntuweb.example.home.local" it will report back 127.0.0.53 as the server, 127.0.0.53#53 as the address and the domain will not be resolved (I will get a SERVFAIL message); yet if I type "nslookup ubuntuweb.example.home.local 192.168.1.204" (where 192.168.1.204 is my BIND DNS server) it is able to resolve the domain name successfully.

Please find my BIND DNS server configuration below. I would greatly appreciate any help to try and establish where it is I have gone wrong.

/etc/default/bind9
Code:
#
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"
/etc/bind/named.conf.local
Code:
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "example.home.local" {
    type master;
    file "/etc/bind/zones/db.example.home.local";
    // allow-transfer { };
    };

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.1.168.192";
    // allow-transfer { };
    };
/etc/bind/named.conf.options
Code:
acl "trusted" {
    192.168.1/24;
    localhost;
    };

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders. 
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.
    
    recursion yes;
    allow-recursion { trusted; };
    listen-on { 192.168.1.204; 127.0.0.1; };
    allow-transfer { none; };

    forwarders {
    192.168.1.254;
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    //listen-on-v6 { any; };
};
/etc/bind/zones/db.example.home.local (forward zone file)
Code:
;
; BIND data file for local loopback interface
;
$TTL    604800
@    IN    SOA    ubuntuserver.example.home.local. admin.example.home.local. (
             2019061308    ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
; name servers - NS records
    IN    NS    ubuntuserver.example.home.local.

; name servers - A records
ubuntuserver.example.home.local.    IN    A    192.168.1.204
ubuntuweb.example.home.local.    IN    A    192.168.1.208
/etc/bind/zones/db.1.168.192 (reverse zone file)
Code:
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@    IN    SOA    example.home.local. root.example.home.local. (
            2019061304    ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
; name servers
    IN    NS    ubuntuserver.example.home.local.

; PTR Records
204    IN    PTR    ubuntuserver.example.home.local.    ;
208    IN    PTR    ubuntuweb.example.home.local.    ;

Thank you!
 


dos2unix

Member
In your "forward zone" file, you don't need the fully qualified name.

You can just use the name... i.e.
; name servers - A records
ubuntuserver IN A 192.168.1.204
ubuntuweb IN A 192.168.1.208

----------------------

But this probably isn't your problem.

Having a DNS server is only half of the problem :)

On your client machines, you need to be pointed to that dns.

Can you cat /etc/resolv.conf on one of your client computers?

---------------------

finally, if you do a "dig ubuntuweb" on the DNS server, what is the output?
 

Dan W

New Member
In your "forward zone" file, you don't need the fully qualified name.

You can just use the name... i.e.
; name servers - A records
ubuntuserver IN A 192.168.1.204
ubuntuweb IN A 192.168.1.208

----------------------

But this probably isn't your problem.

Having a DNS server is only half of the problem :)

On your client machines, you need to be pointed to that dns.

Can you cat /etc/resolv.conf on one of your client computers?

---------------------

finally, if you do a "dig ubuntuweb" on the DNS server, what is the output?
Thanks for the response dos2unix.

Right I have adjusted the A records to just the name rather than the FQDN.

In the client, the only name server it lists in resolv.conf is 172..0.0.53 which is odd because I have definitely set up 192.168.1.204 as its nameserver in the network settings as shown on the attached file.

dig ubuntuweb on the DNS server returns 192.168.1.166 in the answer section which is obviously not where I have pointed it to in the A records. Now I do host a ISC DHCP server on this same DNS server and its possible it may have assigned this address in the pass but I have checked the current lease and 166 is not even assigned. I have also pinged this address with no response.
 

Attachments

dos2unix

Member
also whenever update the zone files, be sure to update the serial number in them.
Also be sure to restart the bind-dns service. (I prefer dnsmasq myself )

Finally, what are the actual IP addresses of the servers? Are these static
IPs or are you using dhcp?
 

Dan W

New Member
also whenever update the zone files, be sure to update the serial number in them.
Also be sure to restart the bind-dns service. (I prefer dnsmasq myself )

Finally, what are the actual IP addresses of the servers? Are these static
IPs or are you using dhcp?
I do update the serial numbers and restart bind. The servers are static, 204 and 208. I think I'll go ahead and give dnsmasq a try, I'm having nothing but difficulty with bind, thanks for your help again.
 

Members online


Top