# DNS not working with bind

## FcukThisGame

EDIT: I started this thread trying dnsmasq for dns. Since I'm using dhcpd for dhcp, I decided against dnsmasq. 

I'm in the process of setting up a gentoo firewall/router (there's another thread not far below this one), and I've got most everything I need working to deploy this, except for DNS. I'm not sure if it's because my new router is behind my current router, but I can't get DNS forwarding to work.

In my resolv.conf I used Google's public DNS (8.8.8.8 and 8.8.4.4) servers.

EDIT: dhcpd is picking up my ISP's nameservers and is generating my resolv.conf with them.

I don't have anything pertaining to DNS in my /etc/conf.d/net.

I've got my mac connected to the router and I have full internet access if I specify a DNS server. However without it (having it point to the router) gets me nowhere. The router is able to resolve google.com and whatnot. 

EDIT: I'm no longer behind two routers. The gentoo router is connected directly to my cable modem.

I can post configs if necessary

----------

## Jimini

 *FcukThisGame wrote:*   

> I can post configs if necessary

 

Please post your client's /etc/conf.d/net.

Your clients can resolve hostnames, when /etc/resolv.conf contains something like "nameserver 8.8.8.8", but with "nameserver ip.of.your.router" it doesn't work, right?

Do you assign IP addresses via DHCP?

Please take also a look at these two wonderful guides:

- http://www.gentoo.org/doc/en/home-router-howto.xml#doc_chap4

- http://en.gentoo-wiki.com/wiki/Dnsmasq

Best regards,

Jimini

----------

## FcukThisGame

I've decided to get rid of dnsmasq as I've installed bind for dns. Now I'm having problems with that. when I start /etc/init.d/named, I just get [!!] with no explanation, even if I do it --verbose. 

```
# /etc/conf.d/net

# eth3: WAN

   config_eth3=( "dhcp" )

# eth2: To AP(10.1.4.X and 10.1.5.X) , then Miguel's room (10.1.2.X) and Living Room (10.1.3.X)

   vlans_eth2="1 2 3 4"

   vconfig_eth2=( "set_name_type VLAN_PLUS_VID_NO_PAD" )

   

   #vlan1: Roommate's Room (10.1.2.X)

   vconfig_vlan1=( "192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0" )

   

   #vlan2: Living Room (10.1.3.X)

   vconfig_vlan2=( "192.168.3.1 broadcast 192.168.3.255 netmask 255.255.255.0" )

   

   #vlan3: Home Wireless (10.1.4.X)

   vconfig_vlan3=( "192.168.4.1 broadcast 192.168.4.255 netmask 255.255.255.0" )

   #vlan4: Guest Wireless (isolated, 10.1.5.X)

   vconfig_vlan4=( "192.168.5.1 broadcast 192.168.5.255 netmask 255.255.255.0" )

# eth1: To my room, 10.1.1.X

   config_eth1=( "192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0" )

```

Don't worry about the vlans and whatnot, I'm not using eth2 at all yet. 

/etc/resolv.conf (on the router):

```

# Generated by dhcpcd from eth3

# /etc/resolv.conf.head can replace this line

search cfl.rr.com

nameserver 65.32.5.111

nameserver 65.32.5.112

# /etc/resolv.conf.tail can replace this line
```

the router itself has no issues with dns (it can translate web addresses to IPs), I just can't seem to get it to pass it on to its clients!

As far as bind goes, I've been following the Gentoo Bind guide. I'll go ahead and post all my configs:

/etc/bind/named.conf

```
options {

   directory "/var/bind";

   listen-on-v6 { none; };

        listen-on port 53 { 127.0.0.1; 192.168.1.1, 192.168.2.1; 192.168.3.1; 192.168.4.1; };

   pid-file "/var/run/named/named.pid";

};

view "internal" {

   match-clients { 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; 192.168.4.0/24; localhost; };

   recursion yes;

   zone "brewer.doesntexist.com" {

      type master;

      file "pri/brewer.doesntexist.com.internal";

      allow-transfer { any; };

   };

};

view "external" {

        match-clients { any; };

        recursion no;

        zone "." IN {

                type hint;

                file "named.ca";

        };

        zone "127.in-addr.arpa" IN {

                type master;

                file "pri/127.zone";

                allow-update { none; };

                notify no;

        };

        zone "brewer.doesntexist.com" {

                type master;

                file "pri/brewer.doesntexist.com.external";

                allow-query { any; };

        };

};

logging {

        channel default_syslog {

                file "/var/log/named/named.log" versions 3 size 5m;

                severity debug;

                print-time yes;

                print-severity yes;

                print-category yes;

        };

       category default { default_syslog; };

};
```

/var/bind/pri/brewer.doesntexist.com.internal:

```
$TTL 2d

@   IN SOA   ns.brewer.doesntexist.com.   root.brewer.doesntexist.com. (

   2010101901   ; serial

   3h   ; refresh

   1h   ; retry

   1w   ; expiry

   1d )   ; minimum

brewer.doesntexist.com.      IN NS   ns.brewer.doesntexist.com

www.brewer.doesntexist.com.   IN A   192.168.1.1

ns.brewer.doesntexist.com.           IN A   192.168.1.1

router.brewer.doesntexist.com.   IN A   192.168.1.1

gentoo.brewer.doesntexist.com.   IN A   192.168.1.1
```

/var/bind/pri/brewer.doesntexist.com.external:

```
$TTL 2d

@   IN SOA   ns.brewer.doesntexist.com.   root.brewer.doesntexist.com. (

   2010101901   ;serial

   3h   ;refresh

   1h   ;retry

   1w   ;expiry

   1d )   ;minimum

brewer.doesntexist.com.      IN NS   ns.brewer.doesntexist.com.
```

I'm using ddclient for dyndns. 

Any input would be appreciated... having a router without dns is no good!

----------

## FcukThisGame

 *Jimini wrote:*   

> 
> 
> Your clients can resolve hostnames, when /etc/resolv.conf contains something like "nameserver 8.8.8.8", but with "nameserver ip.of.your.router" it doesn't work, right?
> 
> Do you assign IP addresses via DHCP?

 

1) Whose resolv.conf? Client or router? No matter what the server's was set to, the client wouldn't work. Changing the client's resolv.conf (or changing DNS in windows) to public DNS results in working internet (our current fix for the time being).

2) Yes. Using dhcpd. Initially I thought that this issue was due to redundant dhcp, hence why I'm no longer using dnsmasq. 

In short, the router picks up my ISP's DNS servers automatically from dhcpd, and it has full working internet, just the clients didn't/dont.

Also, I've been following both of those guides  :Razz: 

Regards,

----------

## FcukThisGame

Okay, I've done a bit of troubleshooting on my own, but I'm still getting the same error:

```
gentoo ~ # /etc/init.d/named start

 * Starting named ...                                                     [ !! ]
```

Nothing gets written to /var/log/named/named.log.

Here's my emerge info and bind info:

```
gentoo ~ # emerge --info

Portage 2.1.8.3 (default/linux/x86/10.0/server, gcc-4.4.3, glibc-2.11.2-r0, 2.6.34-gentoo-r6 i686)

=================================================================

System uname: Linux-2.6.34-gentoo-r6-i686-Intel-R-_Pentium-R-_4_CPU_3.20GHz-with-gentoo-1.12.13

Timestamp of tree: Sat, 16 Oct 2010 18:00:01 +0000

app-shells/bash:     4.1_p7

dev-lang/python:     2.6.5-r3, 3.1.2-r4

dev-util/cmake:      2.8.1-r2

sys-apps/baselayout: 1.12.13

sys-apps/sandbox:    2.3-r1

sys-devel/autoconf:  2.65-r1

sys-devel/automake:  1.11.1

sys-devel/binutils:  2.20.1-r1

sys-devel/gcc:       4.4.3-r2

sys-devel/gcc-config: 1.4.1

sys-devel/libtool:   2.2.10

sys-devel/make:      3.81-r2

virtual/os-headers:  2.6.30-r1

ACCEPT_KEYWORDS="x86"

ACCEPT_LICENSE="* -@EULA"

CBUILD="i686-pc-linux-gnu"

CFLAGS="-O2 -march=i686 -pipe"

CHOST="i686-pc-linux-gnu"

CONFIG_PROTECT="/etc /var/bind"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-O2 -march=i686 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"

GENTOO_MIRRORS="http://distfiles.gentoo.org"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

MAKEOPTS="-j2"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="acl apache2 berkdb bzip2 cdr cli cracklib crypt cups cxx dri dvd fortran gdbm gpm iconv ipv6 ldap modules mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session snmp ssl sysfs tcpd truetype unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php-5.2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

gentoo ~ # emerge -pv bind 

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-dns/bind-9.4.3_p5  USE="berkdb ipv6 ldap mysql ssl -dlz -doc -idn -odbc -postgres -resolvconf (-selinux) -threads -urandom" 0 kB

```

I validated these files using either named-checkconf or named-checkzone.

/var/bind/pri/brewer.doesntexist.com.internal:

```
$TTL 1200

@   IN SOA   ns.brewer.doesntexist.com.   root.brewer.doesntexist.com. (

   2010101901   ; serial

   1800   ; refresh

   900   ; retry

   1209600   ; expiry

   1200 )   ; minimum

   NS   ns.brewer.doesntexist.com.
```

/var/bind/pri/brewer.doesntexist.com.external is identical to the zone above.

/etc/bind/named.conf:

```
include "/etc/bind/log.conf";

options {

   directory "/var/bind";

   listen-on-v6 { none; };

        listen-on { 192.168.1.1; 192.168.2.1; 192.168.3.1; 192.168.4.1; 127.0.0.1; brewer.doesntexist.com; };

   #pid-file "/var/run/named/named.pid";

};

view "internal" {

   match-clients { 192.168.1.0/16; 127.0.0.1; };

   recursion yes;

   zone "brewer.doesntexist.com" {

      type master;

      file "pri/brewer.doesntexist.com.internal";

      allow-transfer { any; };

   };

   

};

view "external" {

        match-clients { any; };

        recursion no;

        zone "." IN {

                type hint;

                file "named.ca";

        };

        zone "127.in-addr.arpa" IN {

                type master;

                file "pri/127.zone";

                allow-update { none; };

                notify no;

        };

        zone "brewer.doesntexist.com" {

                type master;

                file "pri/brewer.doesntexist.com.external";

                allow-query { any; };

        };

};

```

I've tried this with and without brewer.doesntexist.com in listen-on, and with/without the pid-file line commented, same result every time.

Can someone at least point me in the right direction for troubleshooting this further?

EDIT: Okay, it's worth mentioning if it weren't already apparent that I'm trying to use dyndns. I have a dynamic external IP. The more guides I read the more they assume you have a static IP.

Maybe I'm going for more than I need. All I want is for my dhcp clients to be able to resolve hostnames into IPs (you know, basic dns forwarding?). Is there an easier way to accomplish this?

----------

## Jimini

I will try to summarize your setup for me:

- your router connects to the WAN via eth3 (dynamic IP address)

- eth1 (192.168.1.1) leads to your room / clients

- the clients can't use the router as a forwarding DNS server, they have to take an exterior one

It has no effect whether you have a static or dynamic IP address on eth3 - your problem is located inside your network. Can your clients reach your router on port 53 or does something block that traffic?

Unfortunately, I use dnsmasq instead of bind. As mentioned in the home router guide, I use the default config and it works fine.

Best regards,

Jimini

----------

## Anarcho

The problem is that bind doesn't start so obviously no client can't use it.

EDIT:

You should try to debug why bind isn't starting.

e.g. use the command "named-checkconf"

or have a look in the logfiles to see why named does not start.

----------

## FcukThisGame

 *Jimini wrote:*   

> I will try to summarize your setup for me:
> 
> - your router connects to the WAN via eth3 (dynamic IP address)
> 
> - eth1 (192.168.1.1) leads to your room / clients
> ...

 

Precisely.

I quickly realized bind was way over my head. Back to dnsmasq. Got it set up properly, service starts, still no dns. Configs:

```

# /etc/dnsmasq.conf

domain-needed

bogus-priv

interface=eth1

no-dhcp-interface=eth1

domain=brewer.doesntexist.com

log-queries

```

```

gentoo ~ # grep 53 /etc/scripts/reset-iptables-rules.sh

iptables -A INPUT -p UDP --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p UDP --dport 53 -j ACCEPT

iptables -A INPUT -p TCP --sport 53 -j ACCEPT

iptables -A INPUT -p TCP --dport 53 -j ACCEPT

gentoo ~ # confcat /etc/resolv.conf

search cfl.rr.com

nameserver 65.32.5.111

nameserver 65.32.5.112

gentoo ~ # confcat /etc/hosts

127.0.0.1       localhost       gentoo

192.168.1.1     gentoo.brewer.doesntexist.com

192.168.1.5 desktop.brewer.doesntexist.com
```

----------

## paziu

in similar cases I try to start the daemon in an interactive/foreground mode if possible.. there where I find the most info... even if logs are clean ( for example a core dump might/will keep the logs clean )

is just DNS not working? can you ping 4.2.2.2 from the client?

----------

## FcukThisGame

 *paziu wrote:*   

> in similar cases I try to start the daemon in an interactive/foreground mode if possible.. there where I find the most info... even if logs are clean ( for example a core dump might/will keep the logs clean )
> 
> is just DNS not working? can you ping 4.2.2.2 from the client?

 

You are correct. I've been using 4.2.2.2 to test and it does work. same for Google's public dns, 8.8.8.8 and 8.8.4.4.

I'll give the foreground/debug mode a shot when I get home tonight. How do you do it without the daemon? (I assume you have to forego the daemon since I didn't see any options for it in the configs)

----------

## paziu

try this:

named -g -d 1

if if fires up you cannot see anything suspicious, replace "1" with "9" - break to interrupt named

also. open the conf file in 'vi' , look for special/control/escape chars...

this is my ( -d 1 ) top output of an unconfigured/stock named:

```

22-Oct-2010 10:50:00.899 starting BIND 9.7.1-P2 -g -d 1

22-Oct-2010 10:50:00.899 built with '--prefix=/usr' '--build=i686-pc-linux-gnu' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--enable-ipv6' '--with-libxml2' '--without-gssapi' '--disable-linux-caps' '--disable-threads' '--with-randomdev=/dev/random' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -march=i686 -fomit-frame-pointer -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'

22-Oct-2010 10:50:00.900 using up to 4096 sockets

22-Oct-2010 10:50:00.904 loading configuration from '/etc/bind/named.conf'

22-Oct-2010 10:50:00.904 reading built-in trusted keys from file '/etc/bind/bind.keys'

22-Oct-2010 10:50:00.904 using default UDP/IPv4 port range: [1024, 65535]

22-Oct-2010 10:50:00.905 using default UDP/IPv6 port range: [1024, 65535]

22-Oct-2010 10:50:00.907 no IPv6 interfaces found

22-Oct-2010 10:50:00.907 listening on IPv4 interface lo, 127.0.0.1#53

22-Oct-2010 10:50:00.907 generating session key for dynamic DNS

22-Oct-2010 10:50:00.909 set up managed keys zone for view internal, file '3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'

```

if you still cannot find anything, backup your conf, unmerge bind, rename /etc/bind and /etc/conf.d/named , emerge bind and try to start it without any custom config, it should start with success, than customize it ( backup the original/stock conf files )

----------

