Wits end

Steven Stromer filter at stevenstromer.com
Fri Apr 18 02:31:09 UTC 2008 

On Apr 17, 2008, at 9:57 PM, Bob Hoffman wrote:

> Steven,
>
> I have to do recursion since my websites have to do mail and such.  
> I have
> the oreilly book..and about 6 others. I have read them all.
> I asked everyone about the resolv file and no one said that could be
> it..however someone just wrote me an email, that coupled with the  
> caching
> nameserver and 'bam' I can do nslookup.

The entry in resolve.conf is necessary to do ANY form of name  
resolution. Your computer needs to know who to ask for DNS  
information... even if the answer is the DNS service running locally.  
Thus, adding either nameserver 127.0.0.1, or the network address of  
the computer, would make dig/nslookup work. Again, answering  
questions in order would have gotten you there hours ago!

>
> According to the bind, I can take over the default cacningfile and  
> use my
> own named.conf file.

This is true, but many of the books are just a bit outdated regarding  
the stuff I wrote to you about in the last email. I have a feeling  
that you might be better off starting from scratch, so that when you  
try to become authoritative for your own domains, you'll be able to.

>
> I am hihgly interested inyour 'don't't need it' statement and  
> nothing wrong
> with me deleting it all and trying it from scratch (not that I have  
> not done
> that 400times in the last two weeks).
>
> It was probably the resolv.conf. I had added 'nameserver IP' (IP  
> was the
> assigned IP from the registrar registration) switching that ip to the
> 127.0.0.1 worked. I do not know how that will affect the  
> websites...but I
> can do a lookup...wow!!!! I knew it was something little. The  
> hardest issues
> to solve is always something stupid.
>
> I donot have an isp so to speak. My server is right on the backbone  
> and I am
> repsonisble for the dns completely (other than the ip assignments  
> they gave
> me)...so I have to do it here..and it should not be bad, just my  
> sites will
> be on it.
>
> If it does not allow authoritative, then I have to axe it for sure.  
> But the
> files are excellent so I will probably reuse most of it. I already  
> know how
> to set up a view for external and internal, so maybe I will go that  
> route.

Certainly make copies before you reinstall, so that you can save time  
with configuration.

>
> I do reply to the list sometimes, but I hate to have the 'newbness'  
> out
> there for an eternity. I am compiling a complete step by step  
> though for
> everyone... From buying the server components to assembling them,  
> installing
> linux, and configuring it.

We all deal with this. Look at my posts from years ago. This is a  
help forum, after all!

>
> This dns battle just knocked the schedule copmpletely off kilter.
> http://www.bobhoffman.com/test.html

We all know this story...

>
>
> Unfortunately, I find each step is a battle. Just making the raid 1  
> array
> was a real bitch (in my project website) and finding a lot of  
> little tricks
> and tips...no book really walked me though it. It was not easy.

The battles get easier EVERY SINGLE TIME. Don't give up!

>
>> -----Original Message-----
>> From: bind-users-bounce at isc.org
>> [mailto:bind-users-bounce at isc.org] On Behalf Of Steven Stromer
>> Sent: Thursday, April 17, 2008 9:37 PM
>> To: Bob Hoffman
>> Cc: bind-users at isc.org
>> Subject: Re: Wits end
>>
>> Bob,
>>
>> Hate to burst your bubble, but you not only don't need the
>> caching- nameserver package, you really DON'T want to install
>> it. Because you are trying to actually become authoritative
>> for your own sites, you need the full bind package. The
>> caching-nameserver package is really for users who are trying
>> to speed their internet connection by caching their outgoing
>> dns requests locally, instead of using the DNS servers of
>> their ISP, or for other, similar reasons.
>>
>> The caching-nameserver package does not provide authoritative
>> nameserver capabilities. Further, in my experience,
>> installing it over a full bind installation has a tendency to
>> actually break bind altogether. Once upon a time, the two
>> packages would both be installed, and they worked together to
>> fulfill their respective roles, but now bind has complete
>> caching capabilities built in to it.
>>
>> It is my honest recommendation that you uninstall all bind
>> related packages, and then follow the steps I listed earlier
>> to achieve a complete, basic installation. Instead of hiring
>> someone to do this stuff, when you are clearly not scared to
>> look under the hood yourself, you'd do better to spend your
>> money on a copy of O'Reilly's DNS and BIND book. One
>> afternoon of reading (probably only two chapters), and you'd
>> be entirely self-sufficient. Don't give up though; success
>> will be very rewarding! On a final note, make certain to
>> reply to the list, instead of to individuals, so that others
>> can learn from your experiences.
>>
>> Steven
>>
>>
>> On Apr 17, 2008, at 6:36 PM, jonr at destar.net wrote:
>>
>>> Quoting Bob Hoffman <bob at bobhoffman.com>:
>>>
>>>> Okay, so I tried offering up to 50 dollars an hour to help
>> me set up
>>>> a simple nameserver, but no takers.
>>>>
>>>> I really need some help. My first time doing it.
>>>>
>>>> At this point I would just be happy to be able to do a dig or
>>>> nslookup to a website like google.
>>>>
>>>> Another issue is the named-checkconf and named-checkzone
>> do not seem
>>>> to like how centos has chrooted the files and so far I have been
>>>> unable to successfully run these tools.
>>>>
>>>> This is my named.conf right now and causes no errors in
>> the message
>>>> logs.
>>>> I get a timed out, no servers could be reached when doing dig
>>>> google.com I have etc/resolv.conf saying search localhost
>> on one line
>>>> and nameserver xx.xx.xx.xx on the next.
>>>> My host name is localhost, full is localhost.localdomian.
>>>> AAAAAHHHHHHHHH!!!!!!!!!!!
>>>>
>>>> controls {}; shuts off rndc as I have no network
>>>>
>>>> options {
>>>> 	directory "/var/named/";
>>>> 	allow-recursion { xx.xx.xx/24; localhost; }; the xx is
>> the first
>>>> three parts of the ip address of my server.
>>>> }; this option only lets my server use recursion on my
>> nameserver and
>>>> not everyone else in the world.
>>>>
>>>>
>>>> zone "0.0.127.in-addr.arpa" {
>>>> 	type master;
>>>> 	file "127.0.0.zone"; this file causes no errors
>>>> 	allow-update { none; };
>>>> 	allow-transfer { none; };
>>>> };
>>>>
>>>>
>>>> zone "." {
>>>> 	type hint;
>>>> 	file "root.hint";  it finds it and has all the root servers
>>>> };
>>>>
>>>> zone "localhost" IN {
>>>> 	type master;
>>>> 	file "localhost.zone"; seems okay
>>>> 	allow-update { none; };
>>>> 	allow-transfer { none; };
>>>> };
>>>>
>>>
>>> Is the named daemon even starting up? When you start named what do
>>> your logs say? What errors are you seeing?
>>>
>>> Jon
>>>
>>>
>>>
>>>
>>>
>>
>
>

More information about the bind-users mailing list