Configuring BIND9 as master on a host at my ISP

[Kevin Darcy]

kamran remin wrote:

> hi ng,
>
> i have the following problem:
>
> i have rented a dedicated server at a isp. even if it is a bad idea to
> run multiple services on a server, i want to run mail, http/https and
> dns on this single server. my isp has offered to use their dns as a
> secondary for mine. that's were the toruble started.
>
> according to dns-resolution, my official dns-name is
> ds80-237-200.90.dedicated.hosteurope.de with the ip-address of
> 80.237.200.90. my isp also told me that the ip-address of the server
> that i can use as a secondary is 80.237.128.2 (b1.rsns.hosteurope.de).
>
> everytime i configure my dns and tell my iso that it is configured and
> try to do a update of the record for a domain (cms-pilot.de), my isp
> tells me that they checked my dns and there is something wrong with the
> dns-resolution.
>
> I configured the following things on my dns:
>
> 1. i added a zone-entry in /etc/bind/named.conf like this:
>
> zone "cms-pilot.de" {
>    type master;
>    file "cms-pilot.de";
>    notify yes;
>    allow-transfer { 80.237.128.2; };
> };
>
> 2. i added a zonefile under /var/cache/bind/, that looks like this:
>
> $TTL 3h
> cms.pilot.de.  IN SOA   ns1.cms.pilot.de.  dns.cms-pilot.de (
>    2002110603;
>    3h;
>    1h;
>    1w;
>    1h )
>
> cms.pilot.de.
> IN NS  ns1.cms-pilot.de.
> cms-pilot.de.   IN NS  b1.rsns.hosteurop.de.

(That looks like a typo to me -- "hosteurop" instead of "hosteurope". Is
that the way it is in your zonefile?)

> localhost           IN A   127.0.0.1
> ns1.cms-pilot.de.   IN A   80.237.200.90
> www.cms-pilot.de.   IN A   80.237.200.90
> mail.cms-pilot.de.  IN A   80.237.200.90
>
> cms-pilot.de.       IN MX 1 mail.cms-pilot.de
>
> ----------------------------------------------
>
> if i do it with that configuration i get a mail from my isp, telling me,
> that my dns wouldn't be able to secolve "ns1.cms-pilot.de"

cms-pilot.de is not delegated from the "de" zone. Did you or your ISP ever
register it? Oddly, the cms-pilot.de A record *does* resolve, directly from
the "de" zone. I'm not familiar with DENIC policies, so I'm not sure how
you could have an A record for cms-pilot.de in the "de" zone without any
cms-pilot.de zone, unless somehow it's a glue record for some other zone
(??)

I think you and/or your ISP needs to contact DENIC to get your zone
properly registered and delegated.

> ... that is
> strange, because if i use nslookup and type ns1.cms-pilot.de than my dns
> is able to resolve that name.

That's not really strange at all: when you query your own nameserver, it's
just answering out of its authoritative database. It doesn't need to follow
delegations or referrals at all.

> is the SOA line in the zone file correct? do i have to use the original
> name of my host (ds80-237-200-90.dedicated.hosteurope.de) or is it ok to
> use something like "ns1.cms-pilot.de" ?

One way or another, you need to get DENIC to delegate the cms-pilot.de to
your nameserver, irrespective of what you call it. Usually, registrars ask
for the addresses of nameservers as well as their names, so that they can
create glue records when necessary.

> what do i write if i want to
> host another domain, e.g. "foobar.de"? do i have to rewrite a new
> zonefile where the SOA line includes something like "ns1.foobar.de" or
> do i use there also "ds80-237-200-90.dedicated.hosteurope.de"?

You can use any valid name in the MNAME field of the SOA. The MNAME name
doesn't need to be in the same domain as the zone.

> and finally: what i do with the resverse-lookup file? do i have to have
> this one, because i only use one ip-address for everything? i yes, how
> does this one have to look like?

There is already a PTR for the address 80.237.200.90 in a reverse zone
served by hosteurope.de nameservers. Unless you have some specific
requirement to be able to control the reverse-resolution of that address,
I'd just leave things the way they are.


- Kevin