The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Nameserver issues need help

Discussion in 'Bind / DNS / Nameserver Issues' started by webcloaker, Sep 18, 2007.

  1. webcloaker

    webcloaker Member

    Joined:
    Jan 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Okay here is whats going on, today we got our 3rd box from hivelocity, we have never had this problem and I have read all over the forum and tried everything I found but nothing is working,

    Our nameservers are showing up as lame, and nothing is resolving,

    Here is a copy of our ect/name.conf

    Code:
    include "/etc/rndc.key";
    
    controls {
    	inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    
    
    options
    {
        /* make named use port 53 for the source of all queries, to allow
             * firewalls to block all ports except 53:
             */
        query-source    port 53;    
        
        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file             "data/cache_dump.db";
        statistics-file     "data/named_stats.txt";
        memstatistics-file     "data/named_mem_stats.txt";
    };
    
    logging 
    {
    /*      If you want to enable debugging, eg. using the 'rndc trace' command,
     *      named will try to write the 'named.run' file in the $directory (/var/named).
     *      By default, SELinux policy does not allow named to modify the /var/named directory,
     *      so put the default debug log file in data/ :
     */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };    
    };
    
    
    // All BIND 9 zones are in a "view", which allow different zones to be served
    // to different types of client addresses, and for options to be set for groups
    // of zones.
    //
    // By default, if named.conf contains no "view" clauses, all zones are in the 
    // "default" view, which matches all clients.
    // 
    // If named.conf contains any "view" clause, then all zones MUST be in a view; 
    // so it is recommended to start off using views to avoid having to restructure
    // your configuration files in the future.
    
    view "localhost_resolver"
    {
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
     * If all you want is a caching-only nameserver, then you need only define this view:
     */
        match-clients         { localhost; };
        match-destinations    { localhost; };
        recursion yes;
    
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/var/named/named.rfc1912.zones";
    };
    
    view "internal"
    {
    /* This view will contain zones you want to serve only to "internal" clients
       that connect via your directly attached LAN interfaces - "localnets" .
     */
        match-clients        { localnets; };
        match-destinations    { localnets; };
        recursion yes;
    
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        // include "/var/named/named.rfc1912.zones";
        // you should not serve your rfc1912 names to non-localhost clients.
     
        // These are your "authoritative" internal zones, and would probably
        // also be included in the "localhost_resolver" view above :
    };
    
    view    "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
     * that have addresses that are not on your directly attached LAN interface subnets:
     */
        match-clients        { !localnets; !localhost; };
        match-destinations    { !localnets; !localhost; };
    
        recursion no;
        // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers
    
        // all views must contain the root hints zone:
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:
    
        // BEGIN external zone entries
        zone "host.webfilehosting.com" {
            type master;
            file "/var/named/host.webfilehosting.com.db";
        };
        zone "ns1.webfilehosting.com" {
            type master;
            file "/var/named/ns1.webfilehosting.com.db";
        };
        zone "ns2.webfilehosting.com" {
            type master;
            file "/var/named/ns2.webfilehosting.com.db";
        };
        zone "webfilehosting.com" {
            type master;
            file "/var/named/webfilehosting.com.db";
        };
    };
    

    Here is our var/named/webfilehosting.db

    Code:
    ; cPanel 11.11.0-BETA_16977
    ; Zone file for webfilehosting.com
    $TTL 14400
    @      86400	IN      SOA     ns1.webfilehosting.com. webcloaker.gmail.com. (
    		2007091804	; serial, todays date+todays
    		86400		; refresh, seconds
    		7200		; retry, seconds
    		3600000		; expire, seconds
    		86400 )		; minimum, seconds
    
    webfilehosting.com. 86400 IN NS ns1.webfilehosting.com.
    webfilehosting.com. 86400 IN NS ns2.webfilehosting.com.
    
    ns1.webfilehosting.com. IN A 66.232.103.176
    ns2.webfilehosting.com. IN A 66.232.103.177
    
    
    webfilehosting.com. IN A 66.232.103.174
    
    localhost.webfilehosting.com. IN A 127.0.0.1
    
    webfilehosting.com. IN MX 0 webfilehosting.com.
    
    mail IN CNAME webfilehosting.com.
    www IN CNAME webfilehosting.com.
    ftp IN A 66.232.103.174
    ns1 14400 IN A  66.232.103.176
    ns2 14400 IN A  66.232.103.177
    host 14400 IN A  66.232.103.174
    

    her is our var/named/ns1.webfilehosting.db

    Code:
    ; Modified by Web Host Manager
    ; Zone File for ns1.webfilehosting.com
    $TTL 14400
    @	86400	IN	SOA	ns1.com.	root.webfilehosting.com.	(
    					2007091802
    					86400
    					7200
    					3600000
    					86400
    					)
    
    ns1.webfilehosting.com.	86400	IN	NS	ns1.com.
    ns1.webfilehosting.com.	86400	IN	NS	ns2.com.
    
    
    ns1.webfilehosting.com.	14400	IN	A	66.232.103.176
    
    localhost.ns1.webfilehosting.com.	14400	IN	A	127.0.0.1
    
    ns1.webfilehosting.com.	14400	IN	MX	0	ns1.webfilehosting.com.
    
    and /var/named/ns2.webfilehosting.db

    Code:
    ; Modified by Web Host Manager
    ; Zone File for ns2.webfilehosting.com
    $TTL 14400
    @	86400	IN	SOA	ns1.com.	root.webfilehosting.com.	(
    					2007091802
    					86400
    					7200
    					3600000
    					86400
    					)
    
    ns2.webfilehosting.com.	86400	IN	NS	ns1.com.
    ns2.webfilehosting.com.	86400	IN	NS	ns2.com.
    
    
    ns2.webfilehosting.com.	14400	IN	A	66.232.103.177
    
    localhost.ns2.webfilehosting.com.	14400	IN	A	127.0.0.1
    
    ns2.webfilehosting.com.	14400	IN	MX	0	ns2.webfilehosting.com.
    



    This whole thing is driving me nuts and I cant seem to figure out any of it, your help is greatly appreciated.
     
  2. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    for quick resolving:

    view "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
    * that have addresses that are not on your directly attached LAN interface subnets:
    */

    // match-clients { !localnets; !localhost; };
    // match-destinations { !localnets; !localhost; };

    replace above two stings with

    match-clients { any; };
    match-destinations { any; };

    and

    view "localhost_resolver"
    {
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
    * If all you want is a caching-only nameserver, then you need only define this view:
    */
    match-clients { localhost; };
    match-destinations { localhost; };

    replace abive two stings with

    match-clients { any; };
    match-destinations { any; };

    save and restart named. Should be correct issue. Also, you don't need have a dedicated zone files for ns1.webfilehosting and ns1.webfilehosting because you already set it in file webfilehosting.db.
     
  3. webcloaker

    webcloaker Member

    Joined:
    Jan 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    So I assume your code will replace our named file correct?
     
  4. webcloaker

    webcloaker Member

    Joined:
    Jan 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    okay I made your changes and still the same problem, is there something else we could be missing?
     
  5. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    no. only string which i mark ad required to be replaced.

    you should replace in section: view "external"

    // match-clients { !localnets; !localhost; };
    // match-destinations { !localnets; !localhost; };

    replace above two strings with

    match-clients { any; };
    match-destinations { any; };

    and in section: view "localhost_resolver"

    match-clients { localhost; };
    match-destinations { localhost; };

    replace abive two strings with

    match-clients { any; };
    match-destinations { any; };

    Actually it is "dirty" resolution, most likely it will make you dns servers as "open dns" but at least it is fast solution which should solve your problem with "lame" or, in other words "non-authorative" nameservers. Due to new acl model bind 9 just close all connection by default and you need open only destination which you want to be allowed. I've do not learn bind 9 manual enough for making secured setup...
     
  6. webcloaker

    webcloaker Member

    Joined:
    Jan 5, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    rustelekom,

    I just sent you a PM
     
Loading...

Share This Page