Comments on: CentOS 4 : chroot DNS with BIND http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/ Linux, Open Source, VoIP and other stuff Fri, 03 Sep 2010 21:27:02 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Rashid http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-91520 Rashid Sun, 13 Jun 2010 13:08:32 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-91520 below is my named.conf file ********************************** [root@vcentos etc]# pwd /var/named/chroot/etc *************************** [root@vcentos etc]# cat -n named.conf 1 2 include "/etc/rndc.key"; 3 4 controls 5 { 6 inet 127.0.0.1 7 allow { localhost; } 8 keys { rndc-key; }; 9 }; 10 options 11 { 12 directory "/var/named"; //the default 13 dump-file "data/cache_dump.db"; 14 statistics-file "data/named_stats.txt"; 15 memstatistics-file "data/named_mem_stats.txe"; 16 listen-on { 127.0.0.1; 192.168.1.1; }; /*listen refrom the 17 allow-query { 127.0.0.1; 192.168.1.0/24; }; 18 }; 19 20 zone "." IN 21 { 22 type hint; 23 file "named.root"; 24 }; 25 26 27 zone "localhost" IN 28 { 29 type master; 30 file "localhost.fwd"; 31 allow-update { key "rndc.key"; }; 32 }; 33 34 35 zone "0.0.127.in-addr.arpa" IN 36 { 37 type master; 38 file "localhost.rev"; 39 allow-update { key "rndc.key"; }; 40 }; 41 42 43 zone "mydomain.com" IN 44 { 45 type master; 46 file "mydomain.com.fwd"; 47 allow-update { key "rndc.key"; }; 48 }; 49 50 zone "1.168.192.in-addr.arpa" IN 51 { 52 type master; 53 file "mydomain.com.rev"; 54 allow-update { key "rndc.key"; }; 55 }; 56 [root@vcentos etc]# ************************************************** GETTING ERROR: ******************************************* [root@vcentos etc]# named-checkconf named.conf named.conf:57: unexpected end of input ******************************************** Here is my rndc.conf and rndc.key file both locations same as above. [root@vcentos etc]# cat -n rndc.key 1 key "rndc-key" { 2 algorithm hmac-md5; 3 secret "9FL7Q8Sa0VdmR643AeilIIE52ePguipPLOnDh8544xaaqz13DWSKueBtnxOC"; 4 }; [root@vcentos etc]# cat -n rndc.conf 1 include "/etc/rndc.key"; 2 options { 3 default-server localhost; 4 default-key "rndc-key"; 5 }; 6 server localhost { 7 key "rndc-key" 8 }; 9 10 11 12 [root@vcentos etc]# *********************************************** BOTH FILES ALSO PRESENT IN /etc/rndc.key & /etc/rndc.conf. kindly help me to solve this issue. Regards, Rashid below is my named.conf file

**********************************
[root@vcentos etc]# pwd
/var/named/chroot/etc

***************************
[root@vcentos etc]# cat -n named.conf
1
2 include “/etc/rndc.key”;
3
4 controls
5 {
6 inet 127.0.0.1
7 allow { localhost; }
8 keys { rndc-key; };
9 };
10 options
11 {
12 directory “/var/named”; //the default
13 dump-file “data/cache_dump.db”;
14 statistics-file “data/named_stats.txt”;
15 memstatistics-file “data/named_mem_stats.txe”;
16 listen-on { 127.0.0.1; 192.168.1.1; }; /*listen refrom the
17 allow-query { 127.0.0.1; 192.168.1.0/24; };
18 };
19
20 zone “.” IN
21 {
22 type hint;
23 file “named.root”;
24 };
25
26
27 zone “localhost” IN
28 {
29 type master;
30 file “localhost.fwd”;
31 allow-update { key “rndc.key”; };
32 };
33
34
35 zone “0.0.127.in-addr.arpa” IN
36 {
37 type master;
38 file “localhost.rev”;
39 allow-update { key “rndc.key”; };
40 };
41
42
43 zone “mydomain.com” IN
44 {
45 type master;
46 file “mydomain.com.fwd”;
47 allow-update { key “rndc.key”; };
48 };
49
50 zone “1.168.192.in-addr.arpa” IN
51 {
52 type master;
53 file “mydomain.com.rev”;
54 allow-update { key “rndc.key”; };
55 };
56
[root@vcentos etc]#
**************************************************
GETTING ERROR:
*******************************************
[root@vcentos etc]# named-checkconf named.conf
named.conf:57: unexpected end of input
********************************************
Here is my rndc.conf and rndc.key file both locations same as above.

[root@vcentos etc]# cat -n rndc.key
1 key “rndc-key” {
2 algorithm hmac-md5;
3 secret “9FL7Q8Sa0VdmR643AeilIIE52ePguipPLOnDh8544xaaqz13DWSKueBtnxOC”;
4 };
[root@vcentos etc]# cat -n rndc.conf
1 include “/etc/rndc.key”;
2 options {
3 default-server localhost;
4 default-key “rndc-key”;
5 };
6 server localhost {
7 key “rndc-key”
8 };
9
10
11
12
[root@vcentos etc]#
***********************************************
BOTH FILES ALSO PRESENT IN /etc/rndc.key & /etc/rndc.conf.

kindly help me to solve this issue.

Regards,

Rashid

]]> By: Sébastien Wains http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87686 Sébastien Wains Mon, 01 Feb 2010 20:16:06 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87686 1 and 2 are the line numbers as far as I know. Here's another example of zone file under section 12.3.3 http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html 1 and 2 are the line numbers as far as I know.

Here’s another example of zone file under section 12.3.3
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-zone.html

]]> By: Ralf Hartings http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87685 Ralf Hartings Mon, 01 Feb 2010 20:09:46 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87685 When I copy your zone file from your original post, find/replace "test.be" by "hartings.se" (not changing the IP numbers to make sure I don't introduce new errors) and restart named, the System Log shows: Feb 1 20:57:38 server named[6096]: starting BIND 9.2.4 -u named -t /var/named/chroot Feb 1 20:57:38 server named[6096]: using 2 CPUs Feb 1 20:57:38 server named[6096]: loading configuration from '/etc/named.conf' Feb 1 20:57:38 server named[6096]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 1 20:57:38 server named[6096]: listening on IPv4 interface eth0, 192.168.1.93#53 Feb 1 20:57:38 server named[6096]: command channel listening on 127.0.0.1#953 Feb 1 20:57:38 server named[6096]: command channel listening on 192.168.1.93#953 Feb 1 20:57:38 server named[6096]: general: error: dns_master_load: data/hartings.se.zone:2: unexpected end of line Feb 1 20:57:38 server named[6096]: general: error: dns_master_load: data/hartings.se.zone:1: unexpected end of input Feb 1 20:57:38 server named[6096]: general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input Feb 1 20:57:38 server named[6096]: general: notice: running Feb 1 20:57:38 server named: named startup succeeded It seems as if the errors are on line 1 and 2? "unexpected end of input" and "unexpected end of line" ???? Or what does "1:" and "2:" mean? As your file worked, I don't understand why my "version" would not ..... I am lost! When I copy your zone file from your original post, find/replace “test.be” by “hartings.se” (not changing the IP numbers to make sure I don’t introduce new errors) and restart named, the System Log shows:

Feb 1 20:57:38 server named[6096]: starting BIND 9.2.4 -u named -t /var/named/chroot
Feb 1 20:57:38 server named[6096]: using 2 CPUs
Feb 1 20:57:38 server named[6096]: loading configuration from ‘/etc/named.conf’
Feb 1 20:57:38 server named[6096]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 1 20:57:38 server named[6096]: listening on IPv4 interface eth0, 192.168.1.93#53
Feb 1 20:57:38 server named[6096]: command channel listening on 127.0.0.1#953
Feb 1 20:57:38 server named[6096]: command channel listening on 192.168.1.93#953
Feb 1 20:57:38 server named[6096]: general: error: dns_master_load: data/hartings.se.zone:2: unexpected end of line
Feb 1 20:57:38 server named[6096]: general: error: dns_master_load: data/hartings.se.zone:1: unexpected end of input
Feb 1 20:57:38 server named[6096]: general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input
Feb 1 20:57:38 server named[6096]: general: notice: running
Feb 1 20:57:38 server named: named startup succeeded

It seems as if the errors are on line 1 and 2? “unexpected end of input” and “unexpected end of line” ????
Or what does “1:” and “2:” mean?
As your file worked, I don’t understand why my “version” would not …..
I am lost!

]]> By: Sébastien Wains http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87684 Sébastien Wains Mon, 01 Feb 2010 19:54:27 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87684 I can't really tell where the zone file could be wrong from what you pasted in the comments. Make sure to copy paste my zone file and replace what needs to be replaced. I can’t really tell where the zone file could be wrong from what you pasted in the comments.
Make sure to copy paste my zone file and replace what needs to be replaced.

]]> By: Ralf Hartings http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87683 Ralf Hartings Mon, 01 Feb 2010 19:49:32 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87683 That was a very quick reply !! I un-commented that section, added the logging function (new code section added to named.conf) created the logging files (query.log and security.log) owned by named in /var/named/chroot/var/named/log and restarted named. The result in the System Log: Feb 1 20:45:09 server named[6019]: starting BIND 9.2.4 -u named -t /var/named/chroot Feb 1 20:45:09 server named[6019]: using 2 CPUs Feb 1 20:45:09 server named[6019]: loading configuration from '/etc/named.conf' Feb 1 20:45:09 server named[6019]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 1 20:45:09 server named[6019]: listening on IPv4 interface eth0, 192.168.1.93#53 Feb 1 20:45:09 server named[6019]: command channel listening on 127.0.0.1#953 Feb 1 20:45:09 server named[6019]: command channel listening on 192.168.1.93#953 Feb 1 20:45:09 server named[6019]: general: error: dns_rdata_fromtext: data/hartings.se.zone:7: near eol: unexpected end of input Feb 1 20:45:09 server named[6019]: general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input Feb 1 20:45:09 server named[6019]: general: notice: running Feb 1 20:45:09 server named: named startup succeeded The content of the query.log is: Feb 01 20:43:54.183 client 127.0.0.1#50433: query: hartings.se IN A The security.log file is still empty. It seems something in wrong in the zone definition file, as you suggested: general: error: dns_rdata_fromtext: data/hartings.se.zone:7: near eol: unexpected end of input general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input Any clue on what is wrong/missing? That was a very quick reply !!
I un-commented that section, added the logging function (new code section added to named.conf) created the logging files (query.log and security.log) owned by named in /var/named/chroot/var/named/log and restarted named. The result in the System Log:
Feb 1 20:45:09 server named[6019]: starting BIND 9.2.4 -u named -t /var/named/chroot
Feb 1 20:45:09 server named[6019]: using 2 CPUs
Feb 1 20:45:09 server named[6019]: loading configuration from ‘/etc/named.conf’
Feb 1 20:45:09 server named[6019]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 1 20:45:09 server named[6019]: listening on IPv4 interface eth0, 192.168.1.93#53
Feb 1 20:45:09 server named[6019]: command channel listening on 127.0.0.1#953
Feb 1 20:45:09 server named[6019]: command channel listening on 192.168.1.93#953
Feb 1 20:45:09 server named[6019]: general: error: dns_rdata_fromtext: data/hartings.se.zone:7: near eol: unexpected end of input
Feb 1 20:45:09 server named[6019]: general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input
Feb 1 20:45:09 server named[6019]: general: notice: running
Feb 1 20:45:09 server named: named startup succeeded

The content of the query.log is:
Feb 01 20:43:54.183 client 127.0.0.1#50433: query: hartings.se IN A

The security.log file is still empty.

It seems something in wrong in the zone definition file, as you suggested:
general: error: dns_rdata_fromtext: data/hartings.se.zone:7: near eol: unexpected end of input
general: error: zone hartings.se/IN: loading master file data/hartings.se.zone: unexpected end of input

Any clue on what is wrong/missing?

]]> By: Sébastien Wains http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87681 Sébastien Wains Mon, 01 Feb 2010 19:26:47 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87681 You need that section, please uncomment and restart named and check the logs. I believe it's a permission error on the zone file. You need that section, please uncomment and restart named and check the logs.
I believe it’s a permission error on the zone file.

]]> By: Ralf Hartings http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87680 Ralf Hartings Mon, 01 Feb 2010 19:23:00 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87680 Sébastien, Thanks for looking into this!. Here is my named.conf: // // named.conf for Red Hat caching-nameserver // key "rndckey" { algorithm hmac-md5; secret "PtBS0MY+OXRXjk/iRgtlcw=="; }; // we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet controls { inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; }; inet 192.168.1.93 allow { 192.168.1.0/24; } keys { "rndckey"; }; }; options { directory "/var/named"; pid-file "/var/run/named/named.pid"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; recursion yes; allow-recursion { 127.0.0.1; 192.168.1.0/24; }; // these are the opendns servers (optional) forwarders { 213.50.29.170; 81.216.65.12; 195.58.112.157; }; listen-on { 127.0.0.1; 192.168.1.93; }; //query-source address * port 53; // so people can't try to guess what version you're running version "REFUSED"; allow-query { 127.0.0.1; 192.168.1.0/24; }; }; server 192.168.1.93 { keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; #zone "hartings.se" IN { #type master; #file "data/hartings.se.zone"; #allow-transfer { key TRANSFER; }; #}; --------- When I uncomment the last section, the result is: [root@server etc]# nslookup hartings.se 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find hartings.se: SERVFAIL [root@server etc]# I thought for a moment that this section should be in there, but this is not correct it seems. /Ralf Sébastien,

Thanks for looking into this!. Here is my named.conf:

//
// named.conf for Red Hat caching-nameserver
//

key “rndckey” {
algorithm hmac-md5;
secret “PtBS0MY+OXRXjk/iRgtlcw==”;
};

// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { “rndckey”; };
inet 192.168.1.93 allow { 192.168.1.0/24; } keys { “rndckey”; };
};

options {
directory “/var/named”;
pid-file “/var/run/named/named.pid”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;

recursion yes;

allow-recursion {
127.0.0.1;
192.168.1.0/24;
};

// these are the opendns servers (optional)
forwarders {
213.50.29.170;
81.216.65.12;
195.58.112.157;
};

listen-on {
127.0.0.1;
192.168.1.93;
};

//query-source address * port 53;

// so people can’t try to guess what version you’re running
version “REFUSED”;

allow-query {
127.0.0.1;
192.168.1.0/24;
};
};

server 192.168.1.93 {
keys { rndckey; };
};

zone “.” IN {
type hint;
file “named.ca”;
};

#zone “hartings.se” IN {
#type master;
#file “data/hartings.se.zone”;
#allow-transfer { key TRANSFER; };
#};

———

When I uncomment the last section, the result is:

[root@server etc]# nslookup hartings.se 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can’t find hartings.se: SERVFAIL
[root@server etc]#

I thought for a moment that this section should be in there, but this is not correct it seems.

/Ralf

]]> By: Sébastien Wains http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87679 Sébastien Wains Mon, 01 Feb 2010 19:10:07 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87679 Ralf, Can you show me the content of your named.conf file ? (I'm aware of the URL rewritten in the comments, I need to fix that) Thanks Ralf,

Can you show me the content of your named.conf file ?
(I’m aware of the URL rewritten in the comments, I need to fix that)

Thanks

]]> By: Ralf Hartings http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87634 Ralf Hartings Sun, 31 Jan 2010 15:12:25 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87634 Please note that the line " http://www.hartings.se" in my first comment is not the original line in the file. In the file it is www dot hartings dot se (replace dot by "."). While pasting the line on the website, it became automatically an URL address, beyond my control. So this is not a typo :-) Thanks /Ralf Please note that the line ” http://www.hartings.se” in my first comment is not the original line in the file. In the file it is www dot hartings dot se (replace dot by “.”).
While pasting the line on the website, it became automatically an URL address, beyond my control. So this is not a typo :-)

Thanks
/Ralf

]]> By: Ralf Hartings http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87632 Ralf Hartings Sun, 31 Jan 2010 15:06:37 +0000 http://www.wains.be/index.php/2007/02/04/centos-chroot-dns-with-bind/#comment-87632 Hi, Thanks, for a first -complete- template to get the BIND running on CENTOS! Please see my situation/question below. I would really appreciate your input/comments on where to look... My situation: - I run CENTOS 4.8 on my server. - I need to set up a nameserver for my internal network - I installed yum install bind bind-chroot bind-libs bind-utils caching-nameserver - http/mail/nameserver is 192.168.1.93 , all in one ! My external IP is 87.227.107.21 (shown in nameserver reply below) - I do not have a MX record (but copied the MX lines anyhow - does not make any difference in the result) - Only the open/external DNS servers reply on request - not my own nameserver :-( - Where is the mistake?? I did check for typo's (twice) and I did check the internet and tried several changes, with no luck.... From /var/log/messages: Jan 31 11:38:44 server named[31244]: starting BIND 9.2.4 -u named -t /var/named/chroot Jan 31 11:38:44 server named[31244]: using 2 CPUs Jan 31 11:38:44 server named[31244]: loading configuration from '/etc/named.conf' Jan 31 11:38:44 server named[31244]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 31 11:38:44 server named[31244]: listening on IPv4 interface eth0, 192.168.1.93#53 Jan 31 11:38:44 server named[31244]: command channel listening on 127.0.0.1#953 Jan 31 11:38:44 server named[31244]: command channel listening on 192.168.1.93#953 Jan 31 11:38:44 server named[31244]: running Jan 31 11:38:44 server named: named startup succeeded [root@server etc]# rndc status number of zones: 1 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running [root@server etc]# [root@server etc]# more /var/named/chroot/var/named/data/hartings.se.zone $ttl 38400 hartings.se. IN SOA ns.hartings.se. ( 2007020400 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL of 1 day hartings.se. IN NS ns.hartings.se. www.hartings.se. IN A 192.168.1.93 ns.hartings.se. IN A 192.168.1.93 [root@server etc]# [root@server etc]# nslookup hartings.se 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: hartings.se Address: 87.227.107.21 [root@server etc]# What could be wrong here?? Thanks for any hints that could help me! I appreciate you took your time to read this! /Ralf Hi, Thanks, for a first -complete- template to get the BIND running on CENTOS!

Please see my situation/question below. I would really appreciate your input/comments on where to look…

My situation:
- I run CENTOS 4.8 on my server.
- I need to set up a nameserver for my internal network
- I installed yum install bind bind-chroot bind-libs bind-utils caching-nameserver
- http/mail/nameserver is 192.168.1.93 , all in one ! My external IP is 87.227.107.21 (shown in nameserver reply below)
- I do not have a MX record (but copied the MX lines anyhow – does not make any difference in the result)
- Only the open/external DNS servers reply on request – not my own nameserver :-(
- Where is the mistake?? I did check for typo’s (twice) and I did check the internet and tried several changes, with no luck….

From /var/log/messages:
Jan 31 11:38:44 server named[31244]: starting BIND 9.2.4 -u named -t /var/named/chroot
Jan 31 11:38:44 server named[31244]: using 2 CPUs
Jan 31 11:38:44 server named[31244]: loading configuration from ‘/etc/named.conf’
Jan 31 11:38:44 server named[31244]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 31 11:38:44 server named[31244]: listening on IPv4 interface eth0, 192.168.1.93#53
Jan 31 11:38:44 server named[31244]: command channel listening on 127.0.0.1#953
Jan 31 11:38:44 server named[31244]: command channel listening on 192.168.1.93#953
Jan 31 11:38:44 server named[31244]: running
Jan 31 11:38:44 server named: named startup succeeded

[root@server etc]# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
[root@server etc]#

[root@server etc]# more /var/named/chroot/var/named/data/hartings.se.zone
$ttl 38400
hartings.se. IN SOA ns.hartings.se. (
2007020400 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
hartings.se. IN NS ns.hartings.se.

http://www.hartings.se. IN A 192.168.1.93
ns.hartings.se. IN A 192.168.1.93
[root@server etc]#

[root@server etc]# nslookup hartings.se 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: hartings.se
Address: 87.227.107.21

[root@server etc]#

What could be wrong here?? Thanks for any hints that could help me! I appreciate you took your time to read this!
/Ralf

]]>