# [ Solved ] Error in Bind process.

## CurtE

I ran named-checkconf and received no errors but this is what I get when I restart 'named'. 

```

csmn2 pri # ls

127.zone               cs-mn.zone      localhost.zone    blue-moose-gifts.zone  flitezimz.zone  reunions-with-flair.zone

csmn2 pri # /etc/init.d/named restart

 * Starting chrooted named ...

 * Mounting chroot dirs

_default/reunions-with-flair.com/IN: file not found

_default/cs-mn.com/IN: file not found

_default/blue-moose-gifts.com/IN: file not found

_default/flitezimz.com/IN: file not found

 * named-checkconf failed! Please fix your config first.

```

this is for cs-mn.zone  (time comments may not be right, don't be concerned)

```

$ORIGIN cs-mn.com.

$TTL 120 ; 8 hours

@       IN      SOA     csmn2   admin (

                                2011021101 ; serial

                                 300        ; refresh (2 hours)

                                1800       ; retry (30 minutes)

                                604800     ; expire (1 week)

                                 7200       ; minimum (2 hours)

                                )

        IN      NS      csmn2

        IN      NS      csmn1

        MX      10      csmn2

        MX      10      csmn1

csmn2           A       70.89.201.9

csmn1           A       70.89.201.10

mserver A       70.89.201.9

www     CNAME   mserver

mail    CNAME   mserver

photos  CNAME   mserver

```

What does _default/...  do and how would I find out the location of it?Last edited by CurtE on Mon Feb 21, 2011 4:48 am; edited 1 time in total

----------

## cdstealer

Hi,  It sounds like the directory and/or chroot setting under Options.  Can you provide your /etc/bind/named.conf?

----------

## CurtE

```

options {

   directory "/var/bind";

   pid-file "/var/run/named/named.pid";

   /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */

   //bindkeys-file "/etc/bind/bind.keys";

   listen-on-v6 { ::1; };

              listen-on port 53 { 127.0.0.1; 70.89.201.9; };

   listen-on { 127.0.0.1; };

   allow-query {

      /*

       * Accept queries from our "trusted" ACL.  We will

       * allow anyone to query our master zones below.

       * This prevents us from becoming a free DNS server

       * to the masses.

       */

      trusted;

   };

   /*

   * If you've got a DNS server around at your upstream provider, enter its

   * IP address here, and enable the line below. This will make you benefit

   * from its cache, thus reduce overall DNS traffic in the Internet.

   *

   * Uncomment the following lines to turn on DNS forwarding, and change

   *  and/or update the forwarding ip address(es):

   */

/*

   forward first;

   forwarders {

   //   123.123.123.123;   // Your ISP NS

   //   124.124.124.124;   // Your ISP NS

   //   4.2.2.1;      // Level3 Public DNS

   //   4.2.2.2;      // Level3 Public DNS

      8.8.8.8;      // Google Open DNS

      8.8.4.4;      // Google Open DNS

   };

*/

   /* if you have problems and are behind a firewall: */

   //query-source address * port 53;

};

/*

logging {

   channel default_log {

      file "/var/log/named/named.log" versions 5 size 50M;

      print-time yes;

      print-severity yes;

      print-category yes;

   };

   category default { default_log; };

   category general { default_log; };

};

*/

include "/etc/bind/rndc.key";

controls {

   inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };

};

zone "." in {

   type hint;

   file "/var/bind/root.cache";

};

zone "localhost" IN {

   type master;

   file "pri/localhost.zone";

   notify no;

};

zone "127.in-addr.arpa" IN {

  type master;

  file "pri/127.zone";

  allow-update { none; };

  notify no;

};

zone "reunions-with-flair.com" IN {

  type master;

  allow-update { none; };

  file "pri/reunions-with-flair.com.zone";

};

zone "cs-mn.com" IN {

  type master;

  allow-update { none; };

  file "pri/cs-mn.com.zone";

};

zone "blue-moose-gifts.com" IN {

  type master;

  allow-update { none; };

  file "pri/blue-moose-gifts.com.zone";

};

zone "flitezimz.com" IN {

  type master;

  allow-update { none; };

  file "pri/flitezimz.com.zone";

};

```

Last edited by CurtE on Sat Feb 12, 2011 3:17 pm; edited 1 time in total

----------

## cdstealer

OK.. the config looks ok.. The next place is to check /chroot/dns/var/blah/blah/blag and check all your files exist there.  Also check /etc/conf.d/named for any settings there that may cause headaches.  If your files aren't in your chroot dir, you may have CHROOT_NOMOUNT="1" set in /etc/conf.d/named which will prevent them from being copied over.

----------

## CurtE

/etc/conf.d/named

```

# Set various named options here.

#

OPTIONS=""

# Set this to the number of processors you have.

#

CPU="1"

# If you wish to run bind in a chroot, run:

# emerge --config =<bind-version>

# and un-comment the following line.

# You can specify a different chroot directory but MAKE SURE it's empty.

CHROOT="/chroot/dns"

# Default pid file location

PIDFILE="${CHROOT}/var/run/named/named.pid"

# Scheduling priority: 19 is the lowest and -20 is the highest.

#

NAMED_NICELEVEL="0"

```

csmn2 ~ # cd /chroot/dns/var/

csmn2 var # ls

bind  log  run

csmn2 var # cd bind/

csmn2 bind # ls

named.cache  pri  root.cache  sec

csmn2 bind # cd pri/

csmn2 pri # ls

127.zone  localhost.zone

csmn2 pri #

Do I need to copy them to this file too?

----------

## cdstealer

yes.. you'll need to copy the files over.

----------

## CurtE

/var/run/named

/var/log/named

/chroot/dns/var/run/named

/chroot/dns/var/log/named

/etc/conf.d/named

/etc/init.d/named

This is all the places I have 'named', which one do I maintain?

Still getting errors.

```

csmn2 pri # /etc/init.d/named restart

 * Caching service dependencies ...                                        [ ok ]

 * Starting chrooted named ...

 * Mounting chroot dirs

_default/localhost/IN: extra input text

_default/reunions-with-flair.com/IN: file not found

_default/cs-mn.com/IN: file not found

_default/blue-moose-gifts.com/IN: file not found

_default/flitezimz.com/IN: file not found

 * named-checkconf failed! Please fix your config first. 

```

----------

## cdstealer

most of them...

/var/run/named <---- an old pid if you're running chroot

/var/log/named <---- an old log if you're running chroot

/chroot/dns/var/run/named <---- should be your pid file

/chroot/dns/var/log/named <---- should be a log file

/etc/conf.d/named <---- is your chroot/pid config

/etc/init.d/named <---- is the start script

You won't cause any harm if you removed the top 4 as they will be created upon the service starting.  The bottom 2 will cause badness to happen.. don't remove these at all.  To be safe, just leave them all where they are.. they aren't doing any harm  :Smile: 

If you do remove a pid file while the process is running, it can/will kill the process.

----------

## CurtE

More info  :Smile: 

/etc/conf.d/named was updated, this is the new one.

```

# Set various named options here.

#

OPTIONS=""

# Set this to the number of processors you want bind to use.

# Leave this unchanged if you want bind to automatically detect the number

CPU="1"

# If you wish to run bind in a chroot:

# 1) un-comment the CHROOT= assignment, below. You may use

#    a different chroot directory but MAKE SURE it's empty.

# 2) run: emerge --config =<bind-version>

#

CHROOT="/chroot/dns"

# Uncomment the line below to avoid that the init script mounts the needed paths

# into the chroot directory.

# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".

CHROOT_NOMOUNT="0"

# RNDC needs to be told what server we're using sometimes.

SERVER="-s 127.0.0.1"

# rndc key to use

RNDC_KEY="${CHROOT}/etc/bind/rndc.key"

# Default pid file location

PIDFILE="${CHROOT}/var/run/named/named.pid"

# Scheduling priority: 19 is the lowest and -20 is the highest.

# Default: 0

#NAMED_NICELEVEL="0"

# Uncomment rc_named_use/rc_named_after for the database you need.

# Its necessary to ensure the database backend will be started before named.

# MySQL

rc_named_use="mysql"

rc_named_after="mysql"

# PostgreSQL

rc_named_use="pg_autovacuum postgresql"

rc_named_after="pg_autovacuum postgresql"

# LDAP

rc_named_use="ldap"

rc_named_after="ldap"

```

Also:

```
csmn2 conf.d # named-checkconf -z

dns_rdata_fromtext: pri/localhost.zone:7: near '@': extra input text

zone localhost/IN: loading from master file pri/localhost.zone failed: extra input text

zone localhost/IN: not loaded due to errors.

_default/localhost/IN: extra input text

zone 127.in-addr.arpa/IN: loaded serial 2011021101

zone reunions-with-flair.com/IN: loading from master file pri/reunions-with-flair.com.zone failed: file not found

zone reunions-with-flair.com/IN: not loaded due to errors.

_default/reunions-with-flair.com/IN: file not found

zone cs-mn.com/IN: loading from master file pri/cs-mn.com.zone failed: file not found

zone cs-mn.com/IN: not loaded due to errors.

_default/cs-mn.com/IN: file not found

zone blue-moose-gifts.com/IN: loading from master file pri/blue-moose-gifts.com.zone failed: file not found

zone blue-moose-gifts.com/IN: not loaded due to errors.

_default/blue-moose-gifts.com/IN: file not found

zone flitezimz.com/IN: loading from master file pri/flitezimz.com.zone failed: file not found

zone flitezimz.com/IN: not loaded due to errors.

_default/flitezimz.com/IN: file not found
```

----------

## cdstealer

ok.. it looks like your zone files have not been copied across to the chroot.  Copy your directory /etc/bind/pri to /chroot/dns/var/bind/ and then try again and see what appears.

You should be aiming for output like this:

```
# named-checkconf -z

zone localhost/IN: loaded serial 2008122601

zone 127.in-addr.arpa/IN: loaded serial 2008122601

zone cdstealer.com/IN: loaded serial 2011011614

zone 11.111.111.in-addr.arpa/IN: loaded serial 2010033029
```

----------

## CurtE

```

csmn2 www # ls -al /etc/bind/pri/

total 32

drwxr-xr-x 2 root root  4096 Feb 11 01:43 .

drwxr-x--- 3 root named 4096 Feb 11 00:52 ..

-rw-r--r-- 1 root root   533 Feb 11 00:15 127.zone

-rw-r--r-- 1 root root   510 Feb 11 00:16 blue-moose-gifts.zone

-rw-r--r-- 1 root root   499 Feb 11 01:46 cs-mn.zone

-rw-r--r-- 1 root root   505 Feb 11 00:18 flitezimz.zone

-rw-r--r-- 1 root root   326 Feb 11 00:19 localhost.zone

-rw-r--r-- 1 root root   528 Feb 11 00:19 reunions-with-flair.zone

```

```

csmn2 www # ls -al /var/bind/pri/

total 32

drwxr-x--- 2 root named 4096 Feb 11 15:44 .

drwxrwx--- 4 root named 4096 Feb 11 00:11 ..

-rw-r----- 1 root named  533 Feb 11 15:40 127.zone

-rw-r--r-- 1 root root   510 Feb 11 15:43 blue-moose-gifts.zone

-rw-r--r-- 1 root root   499 Feb 11 15:42 cs-mn.zone

-rw-r--r-- 1 root root   505 Feb 11 15:42 flitezimz.zone

-rw-r----- 1 root named  326 Feb 11 15:41 localhost.zone

-rw-r--r-- 1 root root   528 Feb 11 15:44 reunions-with-flair.zone

```

```

csmn2 www # ls -al /chroot/dns/var/bind/pri/

total 32

drwxr-x--- 2 root named 4096 Feb 11 15:44 .

drwxrwx--- 4 root named 4096 Feb 11 00:11 ..

-rw-r----- 1 root named  533 Feb 11 15:40 127.zone

-rw-r--r-- 1 root root   510 Feb 11 15:43 blue-moose-gifts.zone

-rw-r--r-- 1 root root   499 Feb 11 15:42 cs-mn.zone

-rw-r--r-- 1 root root   505 Feb 11 15:42 flitezimz.zone

-rw-r----- 1 root named  326 Feb 11 15:41 localhost.zone

-rw-r--r-- 1 root root   528 Feb 11 15:44 reunions-with-flair.zone

```

```

csmn2 www # ls -al /chroot/dns/etc/bind/pri/

total 32

drwxr-xr-x 2 root root  4096 Feb 11 01:43 .

drwxr-x--- 3 root named 4096 Feb 11 00:52 ..

-rw-r--r-- 1 root root   533 Feb 11 00:15 127.zone

-rw-r--r-- 1 root root   510 Feb 11 00:16 blue-moose-gifts.zone

-rw-r--r-- 1 root root   499 Feb 11 01:46 cs-mn.zone

-rw-r--r-- 1 root root   505 Feb 11 00:18 flitezimz.zone

-rw-r--r-- 1 root root   326 Feb 11 00:19 localhost.zone

-rw-r--r-- 1 root root   528 Feb 11 00:19 reunions-with-flair.zone

```

Same results.  :Sad: 

Any chance it has to do with permissions?

----------

## cdstealer

possibly.. try doing a chown -R named: /chroot/dns/var/bind/pri/  I think this is THE chroot.. see what happens.. if we have success then, we look at removing the other 3  :Smile: 

----------

## CurtE

I 'chown' all the .../.../pri's and no change.

----------

## cdstealer

Hmm.. ok.. let's take chroot out of the equation.. comment out the CHROOT option in /etc/conf.d/named and see if named will start.  If you have no errors, then we are good to go, if you do then we'll get those fixed first.

When I setup a chrooted bind, it was a PITA.  There are a few extra steps that if not done correctly or missed won't work.  Best thing is to actually get bind working, then chroot it  :Smile: 

----------

## CurtE

It didn't change anything.  :Sad: 

----------

## cdstealer

that's not good.. ok.. I wrote a guide to setting up a none chroot DNS.  Have a read through and check your setup.

http://cdblog.cdstealer.com/?p=98

----------

## CurtE

In named.conf, is this correct?

options {

   directory "/var/bind";

   pid-file "/var/run/named/named.pid";

   /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */

   //bindkeys-file "/etc/bind/bind.keys";

   listen-on-v6 { ::1; };

              listen-on port 53 { 127.0.0.1; 70.89.201.9; };

   listen-on { 127.0.0.1; };        <---------------------------------------------------  this part

I'm going to hit the sack and rest my brain.  LOL

----------

## cdstealer

Hi,  Yes.. you need to set the address to listen on  :Smile:   My DNS caches from my ISP, but I only need it accessible by my internal network so I don't open port 53 to the world.

I will update the config on my site as they are a little out of date and I know some of the options have changed.

*** EDIT *** ok.. I've updated the named.conf so it mirrors my current setup which is version 9.7.2-P3.

----------

## CurtE

Good news.  We have been looking at this so long we missed the obvious.

```

csmn2 www # ls -al /etc/bind/pri/

total 32

drwxr-xr-x 2 root root  4096 Feb 11 01:43 .

drwxr-x--- 3 root named 4096 Feb 11 00:52 ..

-rw-r--r-- 1 root root   533 Feb 11 00:15 127.zone

-rw-r--r-- 1 root root   510 Feb 11 00:16 blue-moose-gifts.zone

-rw-r--r-- 1 root root   499 Feb 11 01:46 cs-mn.zone

-rw-r--r-- 1 root root   505 Feb 11 00:18 flitezimz.zone

-rw-r--r-- 1 root root   326 Feb 11 00:19 localhost.zone

-rw-r--r-- 1 root root   528 Feb 11 00:19 reunions-with-flair.zone 

```

zone "cs-mn.com" IN {

  type master;

  allow-update { none; };

  file "pri/cs-mn.com.zone";

};

The other server must have it the other way.  When I get the fan fixed on CSMN1, I'll have to make them the same.

The first time I had help setting up the DNS (years ago), we had it set up to update server CSMN2 if CSMN1's zones were changed.  I'll have to find out how we did that.

```

csmn2 log # /etc/init.d/named restart

 * Stopping chrooted named ...

 * Umounting chroot dirs

 * umount /chroot/dns/etc/bind

 * umount /chroot/dns/var/bind                                                                                         [ ok ]

 * Starting chrooted named ...

 * Mounting chroot dirs

 * mounting /etc/bind to /chroot/dns/etc/bind

 * mounting /var/bind to /chroot/dns/var/bind

 * mounting /var/log/named to /chroot/dns/var/log/named       

```

But I still can't get to the web site www.cs-mn.com

----------

## cdstealer

excellent.. it's always the simplest things that get missed  :Smile:   The amount of times I've torn my hair out over a ;

Glad that's sorted.. however www.cs-mn.com does not exist.. if it is one of your local servers.. can you ping it?

If the DNS for that domain is hosted with a 3rd party, is it still in their records?

----------

## CurtE

These are all open to the outside world.  I run everything off my servers inside my home.  For all intents and purposes, I host and do everything.

I turned on the CSMN1 server for a few minutes and everything worked there.

My lack of knowledge is the biggest problem.

If I understand the process right, I went to Network Solutions and got my domain names and in turn, they point the name to IP addresses that I supplied them.  These IP address are the ones I use in the DNS server info.  So magical thing happens and my server recognizes that someone is looking for WWW.???.COM and allows them to access my site.  The last part is not working (obviously).

----------

## cdstealer

Hmmm.. that's exactly what I do  :Smile:   However, regardless of if your DNS servers being down.. the DNS hosting company should still be pointing at the IP you provided them with.. for me.. I'm getting nothing.

```
# traceroute cs-mn.com

cs-mn.com: Name or service not known

Cannot handle "host" cmdline arg `cs-mn.com' on position 1 (argc 1)
```

```
# dig cs-mn.com               

; <<>> DiG 9.7.2-P2 <<>> cs-mn.com

;; global options: +cmd

;; connection timed out; no servers could be reached
```

```
# nslookup cs-mn.com

;; connection timed out; no servers could be reached
```

----------

## CurtE

nslookup - what do I need to emerge that.

Okay, can anything with CSMN1 be affecting this?  It was the original DNS server.

Since we are on the subject, if both are set up as DNS servers.  What happens if both servers are running?  What should happen if one goes down?

I don't work on the servers enough.  What do I type in to see what is running?  I get the feeling that it's not listening to 53

----------

## CurtE

[ deleted ]Last edited by CurtE on Sun Feb 13, 2011 7:56 am; edited 1 time in total

----------

## cdstealer

hmmm.. iiiiiinteresting. I see you have some denied errors and the obvious unable to resolve errors.

Let's start with the permissions.  If you're not running a chroot yet, can you check

ls -l /etc/bind & ls -l /var/bind?

Feel free to remove your output  :Smile: 

----------

## CurtE

```

csmn2 ~ # ls -l /chroot/dns/etc/bind/

total 20

-rw-r----- 1 root  named  665 Feb 11 00:11 bind.keys

-rw-r----- 1 root  named 4589 Feb 13 01:11 named.conf

drwxr-xr-x 2 named named 4096 Feb 12 01:51 pri

-rw-r----- 1 root  named   77 Feb 11 00:11 rndc.key

lrwxrwxrwx 1 root  root    13 Feb 11 00:11 sec -> /var/bind/sec

csmn2 ~ # ls -l /chroot/dns/var/bind/

total 12

-rw-r----- 1 root  named 2941 Feb 11 00:11 named.cache

drwxr-x--- 2 named named 4096 Feb 11 15:44 pri

lrwxrwxrwx 1 root  root    21 Feb 11 00:11 root.cache -> /var/bind/named.cache

drwxrwx--- 2 root  named 4096 Feb 11 00:11 sec

csmn2 ~ # ls -l /etc/bind/

total 20

-rw-r----- 1 root  named  665 Feb 11 00:11 bind.keys

-rw-r----- 1 root  named 4589 Feb 13 01:11 named.conf

drwxr-xr-x 2 named named 4096 Feb 12 01:51 pri

-rw-r----- 1 root  named   77 Feb 11 00:11 rndc.key

lrwxrwxrwx 1 root  root    13 Feb 11 00:11 sec -> /var/bind/sec

csmn2 ~ # ls -l /var/bind/

total 12

-rw-r----- 1 root  named 2941 Feb 11 00:11 named.cache

drwxr-x--- 2 named named 4096 Feb 11 15:44 pri

lrwxrwxrwx 1 root  root    21 Feb 11 00:11 root.cache -> /var/bind/named.cache

drwxrwx--- 2 root  named 4096 Feb 11 00:11 sec

```

----------

## cdstealer

Was the output to named -g -d 1 then complete output?  If it was then none of you zone files were loaded.

does named-checkconf -z return your zone files ok now?  I also noticed you are using IPv6  :Smile: 

----------

## CurtE

No, it scrolled off the screen and I had a 'bot' or something accessing the site at the same time.  If I can't get in, neither could they.  LOL

```

csmn2 ~ # named-checkconf -z

zone localhost/IN: loaded serial 2011021101

zone 127.in-addr.arpa/IN: loaded serial 2011021101

zone reunions-with-flair.com/IN: loaded serial 2011021101

pri/cs-mn.zone:17: ignoring out-of-zone data (csmn2)

pri/cs-mn.zone:18: ignoring out-of-zone data (csmn1)

pri/cs-mn.zone:20: ignoring out-of-zone data (mserver)

zone cs-mn.com/IN: loaded serial 2011021101

zone blue-moose-gifts.com/IN: loaded serial 2011021101

zone flitezimz.com/IN: loaded serial 2011021101

```

----------

## cdstealer

looks like there are errors in pri/cs-mn.zone.  Check lines 17, 18 and 20.

pri/cs-mn.zone:17: ignoring out-of-zone data (csmn2)

pri/cs-mn.zone:18: ignoring out-of-zone data (csmn1)

pri/cs-mn.zone:20: ignoring out-of-zone data (mserver)

----------

## CurtE

```
$ORIGIN .

$TTL 120 ; 8 hours

cs-mn.com       IN      SOA     csmn2      admin (

                                2011021101 ; serial

                                300        ; refresh (2 hours)

                                1800       ; retry (30 minutes)

                                604800     ; expire (1 week)

                                7200       ; minimum (2 hours)

                                )

                IN      NS      csmn2

                IN      NS      csmn1

                MX      10      csmn2

                MX      20      csmn1

csmn2           A       70.89.201.9   <---

csmn1           A       70.89.201.10  <---

mserver A       70.89.201.9  <---
```

----------

## cdstealer

ok.. try changing to IPs to the internal addresses.  Once that's done.. restart named, try and ping a hostname and if it's not working, we need to pick apart the log.

----------

## CurtE

Ok, you lost me.  Internal addresses?  The 192.168.?.? or what?

On a different note, how far from Kent are you?

----------

## cdstealer

yes.. What ever eth0 is set to.  Here's part of my cdstealer.com zone file.

```
$ORIGIN .

$TTL 86400      ; 1 day

cdstealer.com           IN SOA  vip.cdstealer.com. root.cdstealer.com. (

                                2011011616 ; serial

                                10800      ; refresh (3 hours)

                                900        ; retry (15 minutes)

                                604800     ; expire (1 week)

                                86400      ; minimum (1 day)

                                )

$TTL 604800     ; 1 week

                        NS      vip.cdstealer.com.

                        A       192.168.11.11

                        MX      10 vip.cdstealer.com.

$ORIGIN cdstealer.com.

$TTL 604800     ; 1 week

vip                     A       192.168.11.11

www                     CNAME   vip
```

I'm 250 miles away from kent.. I think that's the hub of my cable company  :Smile: 

----------

## CurtE

I take it, this is all because of a Bind upgrade?

```

csmn2 ~ # /etc/init.d/named restart

 * Stopping chrooted named ...

 * Umounting chroot dirs

 * umount /chroot/dns/etc/bind

 * umount /chroot/dns/var/log/named

 * umount /chroot/dns/var/bind                                                     [ ok ]

 * Starting chrooted named ...

 * Mounting chroot dirs

 * mounting /etc/bind to /chroot/dns/etc/bind

 * mounting /var/bind to /chroot/dns/var/bind

 * mounting /var/log/named to /chroot/dns/var/log/named                            [ ok ]

csmn2 ~ # named-checkconf -z

zone localhost/IN: loaded serial 2011021101

zone 127.in-addr.arpa/IN: loaded serial 2011021101

zone reunions-with-flair.com/IN: loaded serial 2011021101

pri/cs-mn.zone:17: ignoring out-of-zone data (csmn2)

pri/cs-mn.zone:18: ignoring out-of-zone data (csmn1)

pri/cs-mn.zone:19: ignoring out-of-zone data (mserver)

zone cs-mn.com/IN: loaded serial 2011021101

zone blue-moose-gifts.com/IN: loaded serial 2011021101

zone flitezimz.com/IN: loaded serial 2011021101

```

```

$ORIGIN .

$TTL 120 ; 8 hours

cs-mn.com       IN      SOA     csmn2      admin (

                                2011021101 ; serial

                                300        ; refresh (2 hours)

                                1800       ; retry (30 minutes)

                                604800     ; expire (1 week)

                                7200       ; minimum (2 hours)

                                )

                IN      NS      csmn2

                IN      NS      csmn1

                MX      10      csmn2

                MX      20      csmn1

csmn2           A       192.168.1.21

csmn1           A       192.168.1.22

mserver         A       192.168.1.21

```

----------

## CurtE

In /etc/apache2/vhosts.d/default_vhost.include, I have:

```

DocumentRoot "/var/www/cs-mn.com"

# This should be changed to whatever you set DocumentRoot to.

<Directory "/var/www/cs-mn.com">

```

Does this mean that all the vhost sites need to go into cs-mn.com folder?

Should it be /var/www/ instead?

----------

## cdstealer

ok.. I've just had a check.. the IP's you have in your zone file are not going to work.

70.89.201.XXX is your ISP... so when a request hits your name server, either internal or external it wants to point it at your ISP not your actual server  :Smile: 

Yes I think the mount thing is due to the upgrade.. so it looks like manually copying the files to /chroot/dns is not needed.  :Smile: 

----------

## CurtE

This is the log

```

Feb 13 03:42:29 csmn2 named[6733]: starting BIND 9.7.2-P3 -u named -n 1 -t /chroot/dns

Feb 13 03:42:29 csmn2 named[6733]: built with '--prefix=/usr' '--build=i686-pc-linux-gnu' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--enable-ipv6' '--with-libxml2' '--without-gssapi' '--disable-linux-caps' '--disable-threads' '--with-randomdev=/dev/random' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -march=i686 -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'

Feb 13 03:42:29 csmn2 named[6733]: using up to 4096 sockets

Feb 13 03:42:29 csmn2 named[6733]: loading configuration from '/etc/bind/named.conf'

Feb 13 03:42:29 csmn2 named[6733]: reading built-in trusted keys from file '/etc/bind/bind.keys'

Feb 13 03:42:29 csmn2 named[6733]: using default UDP/IPv4 port range: [1024, 65535]

Feb 13 03:42:29 csmn2 named[6733]: using default UDP/IPv6 port range: [1024, 65535]

Feb 13 03:42:29 csmn2 named[6733]: listening on IPv4 interface lo, 127.0.0.1#53

Feb 13 03:42:29 csmn2 named[6733]: listening on IPv4 interface eth0, 70.89.201.9#53

Feb 13 03:42:29 csmn2 named[6733]: listening on IPv6 interface lo, ::1#53

Feb 13 03:42:29 csmn2 named[6733]: generating session key for dynamic DNS

Feb 13 03:42:29 csmn2 named[6733]: /etc/bind/named.conf:97: using specific query-source port suppresses port randomization and can be insecure.

Feb 13 03:42:29 csmn2 named[6733]: set up managed keys zone for view _default, file 'managed-keys.bind'

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 0.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 254.169.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 2.0.192.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 100.51.198.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 113.0.203.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: D.F.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 8.E.F.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 9.E.F.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: A.E.F.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: B.E.F.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA

Feb 13 03:42:29 csmn2 named[6733]: /etc/bind/named.conf:97: using specific query-source port suppresses port randomization and can be insecure.

Feb 13 03:42:29 csmn2 named[6733]: command channel listening on 127.0.0.1#953

Feb 13 03:42:29 csmn2 named[6733]: zone 127.in-addr.arpa/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: zone blue-moose-gifts.com/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: pri/cs-mn.zone:17: ignoring out-of-zone data (csmn2)

Feb 13 03:42:29 csmn2 named[6733]: pri/cs-mn.zone:18: ignoring out-of-zone data (csmn1)

Feb 13 03:42:29 csmn2 named[6733]: pri/cs-mn.zone:19: ignoring out-of-zone data (mserver)

Feb 13 03:42:29 csmn2 named[6733]: zone cs-mn.com/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: zone flitezimz.com/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: zone reunions-with-flair.com/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: zone localhost/IN: loaded serial 2011021101

Feb 13 03:42:29 csmn2 named[6733]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found

Feb 13 03:42:29 csmn2 named[6733]: managed-keys-zone ./IN: loaded serial 0

Feb 13 03:42:29 csmn2 named[6733]: running

Feb 13 03:42:29 csmn2 named[6733]: zone cs-mn.com/IN: sending notifies (serial 2011021101)

Feb 13 03:42:29 csmn2 named[6733]: zone blue-moose-gifts.com/IN: sending notifies (serial 2011021101)

Feb 13 03:42:29 csmn2 named[6733]: zone flitezimz.com/IN: sending notifies (serial 2011021101)

Feb 13 03:42:29 csmn2 named[6733]: error (network unreachable) resolving 'csmn1/A/IN': 2001:500:2f::f#53

Feb 13 03:42:29 csmn2 named[6733]: zone reunions-with-flair.com/IN: sending notifies (serial 2011021101)

```

----------

## cdstealer

With your apache config.. for me, if you're using vhosts ie http://blah.cs-mn.com then (depending on your setup) you don't need to specify the doc root in /etc/apache2/vhosts.d/default_vhost.include.  If you're using NameVirtualHost in /etc/apache2/vhosts.d/00_default_.....conf then you specify the directory explicitly in each vhost entry.

----------

## cdstealer

heh... I see you  :Smile: 

13-Feb-2011 09:21:54.919 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:21:55.079 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:22:27.107 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:22:27.111 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:23:41.783 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:23:41.787 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

----------

## CurtE

LOL.  So what does that mean?  Are we getting closer?

----------

## cdstealer

it does mean we are getting some where.. it shows that your DNS is propergating..

13-Feb-2011 09:21:54.919 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:21:55.079 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:22:27.107 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:22:27.111 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:23:41.783 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:23:41.787 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:24:23.067 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:24:23.071 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:24:23.071 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:24:23.071 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:25:46.059 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:25:46.064 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:25:47.647 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:25:47.655 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:26:15.827 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:26:15.831 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:29:38.367 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:29:38.371 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:29:47.766 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:29:47.769 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:30:52.583 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:30:52.591 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www.cs-mn.com/AAAA/IN': 70.89.201.9#53

13-Feb-2011 09:30:52.595 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/A/IN': 70.89.201.9#53

13-Feb-2011 09:30:52.595 lame-servers: info: error (unexpected RCODE REFUSED) resolving 'blah.cs-mn.com/AAAA/IN': 70.89.201.9#53

but... I'm convinced you have the wrong IPs set in your cs-mn.zone file...

----------

## CurtE

This wouldn't have anything to do with resolv.conf, would it?

```

search blue-moose-gifts.com

search cs-mn.com

search filtezimz.com

search reunions-with-flair.com

nameserver 70.89.201.9

nameserver 127.0.0.1

search wp.comcast.net

nameserver 68.87.77.130

nameserver 68.87.72.130

```

----------

## cdstealer

no.. resolv.conf is only used by your local machine... so.. what we have so is your DNS which is not allowing external clients to resolve your domain name.  However, if I browse directly to your IP... 70.89.201.9 I get your directory listing  :Smile: 

Index of /

Icon  Name                    Last modified      Size  Description[DIR] blue-moose-gifts.com/   17-Oct-2010 23:33    -   

[DIR] cs-mn.com/              09-Feb-2011 02:16    -   

[DIR] flitezimz.com/          08-Dec-2006 09:58    -   

[DIR] localhost/              24-May-2010 22:00    -   

[DIR] phptest/                31-Oct-2009 10:44    -   

[DIR] portfolio/              03-Aug-2009 14:29    -   

[DIR] reunions-with-flair...> 23-Aug-2009 19:52    -   

[DIR] rock/                   16-Dec-2009 00:58    -   

So you may want to disable Indexes in apache, unless this is what you want.

----------

## CurtE

No, they should not get to the list. Oops.  And I thought you knew you could get to it by the IP address.

Where do I disable it?

----------

## cdstealer

ok.. I think we are almost there  :Smile:   In your named.conf can you check

allow-query { 127.0.0.1; xxx.xxx.xxx.0/24; }; & query-source address * port 53;

----------

## CurtE

You had better show me what it should look like.  I created 7 more errors by adding it.  LOL

```

acl "xfer" {

   /* Deny transfers by default except for the listed hosts.

    * If we have other name servers, place them here.

    */

   none;

};

/*

 * You might put in here some ips which are allowed to use the cache or

 * recursive queries

 */

acl "trusted" {

   127.0.0.0/8;

   ::1/128;

};

options {

   directory "/var/bind";

   pid-file "/var/run/named/named.pid";

   /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */

   //bindkeys-file "/etc/bind/bind.keys";

   listen-on-v6 { ::1; };

              listen-on port 53 { 127.0.0.1; 70.89.201.9; };

   listen-on { 127.0.0.1; };

              listen-on port 53 { 127.0.0.1; 70.89.201.9; };

   allow-query {

      /*                                                   */

      trusted;

   };

   allow-query-cache {

      /* Use the cache for the "trusted" ACL. */

      trusted;

   };

   allow-recursion {

      /* Only trusted addresses are allowed to use recursion. */

      trusted;

   };

   allow-transfer {

      /* Zone tranfers are denied by default. */

      none;

   };

   allow-update {

      /* Don't allow updates, e.g. via nsupdate. */

      none;

   };

   /*

   * If you've got a DNS server around at your upstream provider, enter its

   * IP address here, and enable the line below. This will make you benefit

   * from its cache, thus reduce overall DNS traffic in the Internet.

   *

   * Uncomment the following lines to turn on DNS forwarding, and change

   *  and/or update the forwarding ip address(es):

   */

/*

   forward first;

   forwarders {

   //   123.123.123.123;   // Your ISP NS

   //   124.124.124.124;   // Your ISP NS

   //   4.2.2.1;      // Level3 Public DNS

   //   4.2.2.2;      // Level3 Public DNS

      8.8.8.8;      // Google Open DNS

      8.8.4.4;      // Google Open DNS

   };

*/

   //dnssec-enable yes;

   //dnssec-validation yes;

   /* if you have problems and are behind a firewall: */

   query-source address * port 53;

//   pid-file "var/run/named/named.pid";

};

/*

logging {

   channel default_log {

      file "/var/log/named/named.log" versions 5 size 50M;

      print-time yes;

      print-severity yes;

      print-category yes;

   };

   category default { default_log; };

   category general { default_log; };

};

*/

include "/etc/bind/rndc.key";

controls {

   inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };

};

/*

 * Briefly, a zone which has been declared delegation-only will be effectively

 * limited to containing NS RRs for subdomains, but no actual data beyond its

 * own apex (for example, its SOA RR and apex NS RRset). This can be used to

 * filter out "wildcard" or "synthesized" data from NAT boxes or from

 * authoritative name servers whose undelegated (in-zone) data is of no

 * interest.

 * See http://www.isc.org/software/bind/delegation-only for more info

 */

//zone "COM" { type delegation-only; };

//zone "NET" { type delegation-only; };

zone "." IN {

  type hint;

  file "named.cache";

};

zone "localhost" IN {

  type master;

  file "pri/localhost.zone";

  allow-update { none; };

  notify no;

};

zone "127.in-addr.arpa" IN {

  type master;

  file "pri/127.zone";

  allow-update { none; };

  notify no;

};

zone "reunions-with-flair.com" IN {

  type master;

  allow-update { none; };

  file "pri/reunions-with-flair.zone";

};

zone "cs-mn.com" IN {

  type master;

  allow-update { none; };

  file "pri/cs-mn.zone";

};

zone "blue-moose-gifts.com" IN {

  type master;

  allow-update { none; };

  file "pri/blue-moose-gifts.zone";

};

zone "flitezimz.com" IN {

  type master;

  allow-update { none; };

  file "pri/flitezimz.zone";

};

//zone "YOUR-DOMAIN.TLD" {

//   type master;

//   file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";

//   allow-query { any; };

//   allow-transfer { xfer; };

//};

//zone "YOUR-SLAVE.TLD" {

//   type slave;

//   file "/var/bind/sec/YOUR-SLAVE.TLD.zone";

//   masters { <MASTER>; };

   /* Anybody is allowed to query but transfer should be controlled by the master. */

//   allow-query { any; };

//   allow-transfer { none; };

   /* The master should be the only one who notifies the slaves, shouldn't it? */

//   allow-notify { <MASTER>; };

//   notify no;

//};

```

----------

## cdstealer

ok.. make a backup of the current named.conf and comment out the following block.

acl "xfer"

Change the 70.xxx.xxx.xxx ip to the internal interface in both listen-on port 53 { 127.0.0.1; 70.89.201.9; };

then restart bind.. if the query line gives you errors, then comment it out and restart bind again.

we're so close I can smell it  :Smile: 

----------

## CurtE

Nope, no luck.  I'm going to have to hit the sack tho.  I'll catch you later.  5 AM here.  LOL

```

Feb 13 05:52:38 csmn2 named[7809]: starting BIND 9.7.2-P3 -u named -n 1 -t /chroot/dns

Feb 13 05:52:38 csmn2 named[7809]: built with '--prefix=/usr' '--build=i686-pc-linux-gnu' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--enable-ipv6' '--with-libxml2' '--without-gssapi' '--disable-linux-caps' '--disable-threads' '--with-randomdev=/dev/random' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -march=i686 -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed'

Feb 13 05:52:38 csmn2 named[7809]: using up to 4096 sockets

Feb 13 05:52:38 csmn2 named[7809]: loading configuration from '/etc/bind/named.conf'

Feb 13 05:52:38 csmn2 named[7809]: reading built-in trusted keys from file '/etc/bind/bind.keys'

Feb 13 05:52:38 csmn2 named[7809]: using default UDP/IPv4 port range: [1024, 65535]

Feb 13 05:52:38 csmn2 named[7809]: using default UDP/IPv6 port range: [1024, 65535]

Feb 13 05:52:38 csmn2 named[7809]: listening on IPv4 interface lo, 127.0.0.1#53

Feb 13 05:52:38 csmn2 named[7809]: listening on IPv4 interface eth1, 192.168.1.21#53

Feb 13 05:52:38 csmn2 named[7809]: listening on IPv6 interface lo, ::1#53

Feb 13 05:52:38 csmn2 named[7809]: generating session key for dynamic DNS

Feb 13 05:52:38 csmn2 named[7809]: /etc/bind/named.conf:92: using specific query-source port suppresses port randomization and can be insecure.

Feb 13 05:52:38 csmn2 named[7809]: set up managed keys zone for view _default, file 'managed-keys.bind'

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 0.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 254.169.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 2.0.192.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 100.51.198.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 113.0.203.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: D.F.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 8.E.F.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 9.E.F.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: A.E.F.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: B.E.F.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA

Feb 13 05:52:38 csmn2 named[7809]: /etc/bind/named.conf:92: using specific query-source port suppresses port randomization and can be insecure.

Feb 13 05:52:38 csmn2 named[7809]: command channel listening on 127.0.0.1#953

Feb 13 05:52:38 csmn2 named[7809]: zone 127.in-addr.arpa/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: zone blue-moose-gifts.com/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: pri/cs-mn.zone:17: ignoring out-of-zone data (csmn2)

Feb 13 05:52:38 csmn2 named[7809]: pri/cs-mn.zone:18: ignoring out-of-zone data (csmn1)

Feb 13 05:52:38 csmn2 named[7809]: pri/cs-mn.zone:19: ignoring out-of-zone data (mserver)

Feb 13 05:52:38 csmn2 named[7809]: zone cs-mn.com/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: zone flitezimz.com/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: zone reunions-with-flair.com/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: zone localhost/IN: loaded serial 2011021101

Feb 13 05:52:38 csmn2 named[7809]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found

Feb 13 05:52:38 csmn2 named[7809]: managed-keys-zone ./IN: loaded serial 0

Feb 13 05:52:38 csmn2 named[7809]: running

Feb 13 05:52:38 csmn2 named[7809]: zone cs-mn.com/IN: sending notifies (serial 2011021101)

Feb 13 05:52:38 csmn2 named[7809]: zone blue-moose-gifts.com/IN: sending notifies (serial 2011021101)

Feb 13 05:52:38 csmn2 named[7809]: zone flitezimz.com/IN: sending notifies (serial 2011021101)

Feb 13 05:52:38 csmn2 named[7809]: error (network unreachable) resolving 'csmn1/A/IN': 2001:503:c27::2:30#53

Feb 13 05:52:38 csmn2 named[7809]: error (network unreachable) resolving 'csmn1/AAAA/IN': 2001:503:ba3e::2:30#53

Feb 13 05:52:38 csmn2 named[7809]: zone reunions-with-flair.com/IN: sending notifies (serial 2011021101)

Feb 13 05:52:38 csmn2 named[7809]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53

Feb 13 05:52:38 csmn2 named[7809]: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53

```

----------

## cdstealer

Hi, ok.. check /var/bind/pri/cs-mn.zone and make sure nothing (csmn1, csmn2, mserver) are pointing to 70.89.201.xxx but are pointing to 192.168....  It's still showing an error so I suspect the wrong file has been edited.

----------

## doctork

Hey CurtE, been awhile.  You and I had a fairly long exchange a couple of years back when you were setting up your DNS.  Well, being as it's Sunday morning and I hadn't messed with a CHROOT'd named for a long time, I decided to have a look. On a test box which didn't have bind installed, I emerged net-dns/bind-9.7.2_p3-r1.  I then modified /etc/conf.d/named to turn on CHROOT, using the default /chroot/dns directory and specifying that the mount option should be used.  I then did the "emerge --config =net-dns/bind-9.7.2_p3-r1" and went on to modify /etc/bind/named.conf.  What I changed in named.conf was:

Turn on forwarding

Uncomment the logging section so I could see what was going on

Change "listen" so named would listen on all interfaces

Modify  the "trusted" acl to allow my internal network (172.20.xx.0/24) to use the server

Add a "zone" section to make the server a master for my domain.

I then copied  a working zone file from my working name server to /var/bind/pri.

Then is was just a matter of starting named.  Amazingly enough, everthing I've tried works.  The mount trick is certainly a lot easier than I remember from previous experiences with CHROOT'd named.

I haven't read your entire thread, but I did see your zone file.  I believe that's where you problem lies.

--

doc

----------

## CurtE

Hi doc,

You know me, I need more specific instruction on this stuff.  LOL.  I programmed million dollar computers with ease but this is tougher for some reason.

Every time I changed the named.conf, I was getting tons of errors.

I'll look into what you both said but getting ready to try my luck at a casino instead.

----------

## doctork

Curt,

See, there's your problem.   :Razz:  Those million-dollar computers that you programmed had a staff to do the system administration.  Now your doing it yourself.  I had the good fortune to get involved with "small" computers early on in the game.  I did both programming and admin in a lot of different environments in my long and checkered carreer -- retired a couple of years ago.  In my last gig I did (among other things) the DNS for an international system of about 9500 nodes.  About 1/2 of them were Redhat Linux servers.  I hope you did OK at the casino.  

==

doc

----------

## CurtE

I still have money in my pocket so I guess I did okay.  :Wink: 

Every time I touched named.conf, I'm creating syntax errors (typos  :Smile:  ) so please add more details.

How do I turn off the index mode?  http://70.89.201.9

# Turn on forwarding  (where and why?)

# Uncomment the logging section so I could see what was going on  Let me guess, /*   .....  */ is a block comment,  may explain typos

# Change "listen" so named would listen on all interfaces  More details 

# Modify the "trusted" acl to allow my internal network (172.20.xx.0/24) to use the server  This one totally lost me.  LOL  What is ACL anyways.

# Add a "zone" section to make the server a master for my domain. That on I think I can handle.

----------

## CurtE

I suppose I should end this thread.

doctork and I worked many a night to fix my problem.

Basically, my dns setup was all wrong with the new Bind emerged.  Things had changed from my previous version.

Added to that, the site worked with [url]cs-mn.com[/url] but not for [url]www,cs-mn,com[/url].  

Once that was fixed, the web site is now function-able but still has some issues to iron out.

----------

