Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : DNS, hostname and nameserver

[Entrio]

Quote:

The zone for the root domain splinteredmedia.net is missing, or could not be read. The ip address will be read from the webserver configuration and a new zone will be created for this subdomain. Bind reconfiguring on smpl using rndc Error reconfiguring bind on smpl: rndc: connect failed: 127.0.0.1#953: connection refused
Created DNS entry for ns1.splinteredmedia.net

Is the error i get when i try to add a entry for one of my nameservers.

I have cPanel on a CentOS 5.1 VPS

I am still pretty new to CentOS

how would i go about adding a zone and if somebody cpuld point me to a place where i can read exactly what it is and how to set it up i would be very grateful

[w4Net]

if they are your own name servers have they been registered correctly?

[david510]

Add the following inside the /etc/hosts file

server_IP splinteredmedia.net

[prover]

rndc is essentially the api interface to BIND. You can send commands to BIND server such as reload. It looks like either the control program on port 953 isn't loaded or listening or there is a key mismatch. You probably also do not have a zone file for your domain setup. That is what tells the DNS server what nameservers go with the domain name and what addresses go with records like www.server.domain. There should be a /etc/named.conf on your system. Can you post a copy of that so we can better debug the problem?

[Entrio]

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
};

logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};

view "internal" {
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "ns1.splinteredmedia.net" {
type master;
file "/var/named/ns1.splinteredmedia.net.db";
};

zone "ns2.splinteredmedia.net" {
type master;
file "/var/named/ns2.splinteredmedia.net.db";
};

zone "splintereddream.com" {
type master;
file "/var/named/splintereddream.com.db";
};

zone "splinteredmedia.net" {
type master;
file "/var/named/splinteredmedia.net.db";
};

};


view "external" {
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

zone "ns1.splinteredmedia.net" {
type master;
file "/var/named/ns1.splinteredmedia.net.db";
};

zone "ns2.splinteredmedia.net" {
type master;
file "/var/named/ns2.splinteredmedia.net.db";
};

zone "splintereddream.com" {
type master;
file "/var/named/splintereddream.com.db";
};

zone "splinteredmedia.net" {
type master;
file "/var/named/splinteredmedia.net.db";
};

zone "srv1.splinteredmedia.net" {
type master;
file "/var/named/srv1.splinteredmedia.net.db";
};

};

[prover]

I suspect this is a default named.conf from this cpanel config? That is too bad, because its not that good, but I'll try to point out some of the key things that could be a problem.

Quote:

Originally Posted by Entrio

include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

check for that rndc.key file. If it exists and there is a line that begins with "key" you essentially want to put that same line in named.conf. If it doesn't existed, man rndc-confgen.

Quote:

options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;

I strongly advise you remove that and configure your firewall to allow this DNS server, if its a caching server, to make queries from any port to destination port 53. You also need to allow any src port to talk to this server's port 53, both udp and tcp. Failure to remove this line will make this server very susceptible to a cache poisoning attack. Search "DNS kaminsky attack" for details.

Quote:

zone "ns1.splinteredmedia.net" {
type master;
file "/var/named/ns1.splinteredmedia.net.db";
};

zone "ns2.splinteredmedia.net" {
type master;
file "/var/named/ns2.splinteredmedia.net.db";
};

hmm, i don't think you mean to make those zones. those are probably nameserver records and belong in your splintermedia zones.

Quote:

zone "splintereddream.com" {
type master;
file "/var/named/splintereddream.com.db";
};

zone "splinteredmedia.net" {
type master;
file "/var/named/splinteredmedia.net.db";
};

do those db files exist? whats in them?

Quote:

zone "srv1.splinteredmedia.net" {
type master;
file "/var/named/srv1.splinteredmedia.net.db";
};

you probably don't want that either.

[bsolaris]

There are alot of Bind tutorials for setting up a basic domain along with ns servers.

[Entrio]

i could not find any good ones, like i said previously most are for people who are very fimilar with linux and im jsut new if yoy could point to one?