# Firs time BIND server setup "zone has no NS record" error

## maiku

/etc/bind/named.conf *Quote:*   

> options {
> 
> 	directory "/var/bind";
> 
> 	// uncomment the following lines to turn on DNS forwarding,
> ...

 /etc/bind/acls.conf *Quote:*   

> acl "our-networks" {
> 
> 	10.1.1.0/24;
> 
> };

 /etc/bind/domains.conf *Quote:*   

> zone "teknetronic.com" {
> 
> 	type master;
> 
> 	file "pri/teknetronic.com.zone";
> ...

 /etc/bind/pri/186.249.187.24.zone *Quote:*   

> $TTL    600
> 
> @	IN	SOA	ns1.teknetronic.com. hostmaster.teknetronic.com. (
> 
> 			200506260406
> ...

 /etc/bind/pri/teknetronic.com.zone *Quote:*   

> $TTL 600
> 
> ; domain1.com
> 
> @	IN	SOA	ns1.teknetronic.com. hostmaster.teknetronic.com. (
> ...

 /var/log/named/general.log *Quote:*   

> 08-Aug-2007 04:00:02.174 zone 186.249.187.24.in-addr.arpa/IN: loaded serial 2937764790
> 
> 08-Aug-2007 04:00:02.175 zone teknetronic.com/IN: has no NS records
> 
> 08-Aug-2007 04:00:02.175 running

 Now, I know I'm new at this and I need a good kick in the rear or two to get me set on this.  So feel free to criticize away.  See, I'm just trying to set up a domain on its own nameserver.  I have the static IP and everything.  Any tips would also be golden.  Thanks.

----------

## steveb

The zone file is not correct. Could you try to change it to this and look if this works:

```
$TTL 600

@                       IN      SOA     ns1.teknetronic.com. hostmaster.teknetronic.com. (

                                                2007080809  ; serial

                                                12h         ; refresh

                                                1h          ; update retry

                                                2w          ; expire

                                                1h          ; minimum

                                        )

                        IN      NS      ns1.teknetronic.com.

                        IN      NS      ns2.teknetronic.com.

                        IN      MX      10 mail.teknetronic.com.

                        IN      A       24.187.249.186

; host records

localhost               IN      A       127.0.0.1

ns1                     IN      A       24.187.249.186

ns2                     IN      A       ???.???.???.???

mail                    IN      A       24.187.249.186

www                     IN      A       24.187.249.186
```

Please add the IP for ns2.

// SteveB

btw: The reverse zone looks strange too. But let's try to fix normal DNS and then we can take a look at the reverse stuff.

----------

## maiku

Brilliant.  Changed the confs to this:

186.249.187.24.zone *Quote:*   

> $TTL    600
> 
> @	IN	SOA	ns1.teknetronic.com. hostmaster.teknetronic.com. (
> 
> 			200506260408
> ...

 teknetronic.com.conf *Quote:*   

> $TTL 600
> 
> ; domain1.com
> 
> @	IN	SOA	ns1.teknetronic.com. hostmaster.teknetronic.com. (
> ...

 and got no errors.  However it doesn't work when I ping test.teknetronic.com .  I'm wondering what I could have done wrong?  ns1.teknetronic.com is registered by the host to the machine's IP.  I'm a bit confused.

----------

## steveb

The reason that it is not working is this here: *maiku wrote:*   

> listen-on { 127.0.0.1; };

 

Check first if your DNS is working by issuing the following command:

```
dig @localhost in any teknetronic.com
```

If this gives you an answer, then change in you named.conf the listen-on line to:

```
listen-on { any; };
```

After that you should be able to do:

```
dig in any teknetronic.com
```

and get an answer.

If this is not working, then check if you have a firewall stopping you from doing DNS request or check /etc/resolv.conf if you have there an error.

// SteveB

----------

## steveb

Can you backup your current BIND configuration and then change the configuration?

Change your /etc/bind/named.conf to this:

```
include "/etc/bind/logging.conf";

include "/etc/bind/acls.conf";

options {

   directory "/var/bind";

   // uncomment the following lines to turn on DNS forwarding,

   // and change the forwarding ip address(es) :

   //forward first;

   //forwarders {

   //   123.123.123.123;

   //   123.123.123.123;

   //};

   listen-on-v6 { none; };

   listen-on { any; };

   // to allow only specific hosts to use the DNS server:

   //allow-query {

   //   127.0.0.1;

   //};

   // if you have problems and are behind a firewall:

   //query-source address * port 53;

   pid-file "/var/run/named/named.pid";

   statistics-file "/var/bind/named.stats";

   dump-file "/var/bind/dump";

   allow-recursion {

      teknetronic-internal-net;

      teknetronic-external-net;

   };

   transfer-format many-answers;

};

// Briefly, a zone which has been declared delegation-only will be effectively

// limited to containing NS RRs for subdomains, but no actual data beyond its

// own apex (for example, its SOA RR and apex NS RRset). This can be used to

// filter out "wildcard" or "synthesized" data from NAT boxes or from

// authoritative name servers whose undelegated (in-zone) data is of no

// interest.

// See http://www.isc.org/products/BIND/delegation-only.html for more info

//zone "COM" { type delegation-only; };

//zone "NET" { type delegation-only; };

zone "." IN {

   type hint;

   file "named.ca";

};

zone "localhost" IN {

   type master;

   file "pri/localhost.zone";

   allow-update { none; };

   notify no;

};

zone "127.in-addr.arpa" IN {

   type master;

   file "pri/127.zone";

   allow-update { none; };

   notify no;

};

include "/etc/bind/domains.conf";
```

And can you change /etc/bind/acls.conf to this:

```
acl "teknetronic-internal-net" {

   127.0.0.0/8;

   10.1.1.0/24;

};

acl "teknetronic-external-net" {

   24.187.249.186/32;

};
```

And can you change /etc/bind/domains.conf to this:

```
zone "teknetronic.com" {

   type master;

   file "pri/teknetronic.com.zone";

};

zone "186.249.187.24.in-addr.arpa" {

   type master;

   file "pri/186.249.187.24.zone";

};
```

After that restart your BIND and look if things are working the way you expect it.

I removed some stuff from your configuration. In domains.conf I removed the "check-names ignore;" statement since this is anyway the default and your statement missed one argument. The default for the check-names is:

```
check-names master ignore;

check-names slave ignore;

check-names response ignore;
```

I removed as well the "allow-query { our-networks; };" on the 186.249.187.24.in-addr.arpa zone. There is no point to prevent RR lookups to your IP. That kind of info should be open for any one to query.

In the acls.conf I renamed the old acl and added a new one. I think you know why.

Let me know if this is working for you? If you want more changes then let me know as well.

// SteveB

----------

## maiku

Great.  This config works wonders.  Now, if I could ask a question.  I'm going to get another domain (teknetronix.com).  What should I put in the reverse lookup file (186.249.187.24.conf file).  Should I put every entry for the domain (ex mail.teknetronic.com, subdomain.teknetronic.com, etc) or do I just need one entry?  If teknetronix.com shares the same IP, do I add that to the file also?  What exactly is the reverse file used for anyway?

----------

## steveb

 *maiku wrote:*   

> What should I put in the reverse lookup file (186.249.187.24.conf file). Should I put every entry for the domain (ex mail.teknetronic.com, subdomain.teknetronic.com, etc) or do I just need one entry? If teknetronix.com shares the same IP, do I add that to the file also? What exactly is the reverse file used for anyway?

 One entry per IP is enough.

The reverse zone is used to map a IP to a FQDN. For example it is used to find out that 24.187.249.186 is the host ns1.teknetronic.com.

// SteveB

----------

