Create primary and secondary DNS for a domain

0 like 0 dislike
10 views
Welcome. There was a need to create a DNS-server to support domains. There are two servers (debian), 2 ip in different subnet(1.1.1.1 and 2.2.2.2).
Yet one domain (example.com) and ns-servers to be the following: ns1.example.com and accordingly on the second server ns2.example.com
so, what I did:
1) ordered at the Registrar's dns servers: ns1.example.com 1.1.1.1 and ns2.example.com 2.2.2.2
2) the first server includes BIND, open port 53/tcp quote content configuratie:

$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
the type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";


$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};



$ cat /etc/bind/named.conf.local
zone "example.com" {
type master;
file "/etc/bind/example.com";
};



$ cat /etc/bind/example.com
$TTL 3600
@ IN SOA ns1.example.com. support.example.com. (
2010122202 ; serial, todays date + todays serial #
10800 ; refresh, seconds
3600 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
mail IN A 1.1.1.1
ns1 IN A 1.1.1.1
www IN A 1.1.1.1
ftp IN A 1.1.1.1
example.com. IN A 1.1.1.1
example.com. IN MX 10 mail


If to do nslookup using that server (1.1.1.1), we see:
$ nslookup example.com localhost
Server: localhost
Address: 127.0.0.1#53

Name: example.com
Address: 1.1.1.1


All other servers answer: (it's been more than a day)
$ nslookup example.com
;; connection timed out; no servers could be reached


Maybe someone can tell me what's the problem?
and I would like recommendations on how to configure secondary DNS on the second server (2.2.2.2)
by | 10 views

6 Answers

0 like 0 dislike
open port 53/tcp
By default, DNS requests are done via UDP. Fallback on TCP is only if the request(response) exceeds 500 bytes, usually with AXFR queries (zone transfer). Open 53/UDP
\r
(it's been more than a day)
What is the TTL from the SOA record? Give the output
\r
dig example.com SOA 

\r
How to make it write logs?
Directive 'logging' in config. Here is an example from a dance:
\r
logging { # # Log queries to a file limited to a size of 100 MB. channel query_logging { file "/var/log/named_querylog" versions 20 size 200M; print-time yes; // timestamp log entries severity dynamic; }; channel security { file "/var/log/named_security" versions 10 size 50M; print-time yes; severity dynamic; }; channel resolver { file "/var/log/named_resolver" versions 2 size 50M; print-time yes; severity dynamic; }; channel network { file "/var/log/named_network" versions 2 size 50M; print-time yes; severity dynamic; }; channel xfer { file "/var/log/named_xfer" versions 2 size 50M; print-time yes; severity dynamic; }; channel client { file "/var/log/named_client" versions 2 size 50M; print-time yes; severity dynamic; }; category queries { query_logging; }; category security { security; }; category resolver { resolver; }; category network { network; }; category xfer-in { xfer; }; category xfer-out { xfer; }; category client { client; }; # # # Log general name server errors to syslog. channel syslog_errors { syslog user; severity error; }; category default { syslog_errors; }; # # # Don't log lame server messages. category lame-servers { null; }; category security { null; }; }; 
by
0 like 0 dislike
by
0 like 0 dislike
>$ nslookup example.com
>;; connection timed out; no servers could be reached
\r
This response indicates that the bind on the server to which you sent the query does not work at all, or unavailable (if it was not correctly configured, the request would be different).
\r
Can "burn" a specific IP and domain, I or anyone else says that is not so configured. In General, the primary server should be a string in the config
\r
options { directory "/var/named"; notify explicit; also-notify { IP of SECONDARY SERVER; }; allow-transfer { SECONDARY SERVER IP; }; }; 

And in the secondary
\r
zone "example.com" { type slave; file "/var/named/slaves/example.com.db"; masters { IP of primary; }; }; 
by
0 like 0 dislike
It is necessary to you? Keep your own DNS, to ensure their stability and correctness of the configuration?
\r
Buy a 0.90 Euro per year DNS hosting from fastvps.ru and do not worry =)
by
0 like 0 dislike
why buy there are dns from Yandex
and mail are not necessarily out there to use, you can specify your mx
by
0 like 0 dislike
Offhand:
1. Both servers have the same config should be.
2. "ns1 IN A 1.1.1.1" and for both ns2 "ns2 IN A 2.2.2.2"
3. Day little actually.
4. You need to check is not on localhost and nslookup example.com 174.129.16.254
5. Given that "nslookup localhost 174.129.16.254" gives "DNS request timed out." I would have assumed that you have the DNS port is closed (this, by the way, is your IP?).
by
110,608 questions
257,186 answers
0 comments
32,865 users