Howto: Setup a DNS server with bind

[CopaceticOpus]

I must follow up on my above posting. My setup is kind of working, but not exactly. It seems that the first time I try to look up any ".dev" URL from another machine, I get a delayed response. For example, this is the output of two nslookup commands from an XP box which is using my Linux BIND server as its DNS server:

Code:

C:\>nslookup wahoo.dev
Server:  dev
Address:  192.168.1.10

DNS request timed out.
    timeout was 2 seconds.
Name:    wahoo.dev
Address:  192.168.1.10


C:\>nslookup wahoo.dev
Server:  dev
Address:  192.168.1.10

Name:    wahoo.dev
Address:  192.168.1.10

That delay is a big problem. When I try to access a ".dev" URL from the web browser, it works only part of the time, seemingly randomly. Often, I will get a message saying "Firefox can't find the server at whatever.dev." Once this happens, Firefox seems to cache the failed DNS result, because no amount of refreshing will fix the problem.

Does anyone know why I might be getting this delay?

[Trackieman]

the first time I try to look up any ".dev" URL from another machine, I get a delayed response.

The machine you are doing the lookup from, is it using the DNS server handling your .dev as it's primary DNS nameserver?

You can get really horrible delays if the machine you are browsing from first uses a DNS server that knows nothing about your .dev domain

[CopaceticOpus]

Thanks for the reply... I'm using the local DNS machine as the primary DNS server, with an external public DNS server as the alternate.

I've been getting strange, intermittent behavior. Sometimes it works great and I can load any .dev domain instantly. But just when I think it's working right, I'll try later in the day and I get slow responses and failed lookups. I can't figure it out.

[talz13]

What does it mean, "replace example.com with your domain name"? Does that just mean to replace it with my server's hostname? I don't recall assigning an actual domain name to my machine...

[phormion]

CopaceticOpus , you might want to try dig as a DNS troubleshooting tool, the nslookup program that comes with Windows is far from ideal in that respect. Look up a binary BIND distro for windows on ISC's website (www.isc.org). The latest is BIND 9.4.0. dig is also part of that, and its output is more verbose and more helpful than the one from nslookup.

A sniffer (e.g. like wireshark) might also help in troubleshooting.

[2012_ad]

Okay, here's one for you guys...

I haven't seen a topic on this or a how-to and will create a new post if you think I should.

I want to setup a DNS server using Ubuntu server.
The server will have to serve as a DHCP/DNS/WINS server for the internal network to resolve internal hostnames and handle requests for the outside (www) as well. This is a network of about 100 workstations on VLANs, address ranges from 192.158.51.0-192.168.60.0

Here's the catch, some workstations, because of their location and job function, can't have full blown internet access but there are a handful of websites (maybe 10 or so) that they DO need to have access to.

I am currently accomplishing this by using two Windows 2003 servers, one server (..51.6) is the full blown internet access DNS server with forwarders to our outside DNS. The other server (..51.8) is the limited DNS server that only knows about a handful of website addresses which I've statically configured the IPs for.

How I'd like this to work: I'd like to configure either two network cards or one network card with two ip addresses on Ubuntu server. Any request to ..51.6 will allow access, any request to ..51.8 will DENY access unless it's a site I allow, then it will forward to ..51.6 for resolution.

I need to do this to consolidate the servers and to relieve load on one of the servers.

I have a base install of Ubuntu server ready to go. Any help is appreciated.

[Abhi Kalyan]

Been searching for such knowledge,
Am trying to integrate DNS and DHCP so that the DHCp updates the DNS, And what ever is the IP served out by the DHCP the other systems should be able to get the system. But am getting stuck some where and i dont Know Where. Thank you, WIll be reading this post .
Thank you
All the best

[jparello]

Hi,

I went through this setup and then had problems with the comments lines. Sometimes you have // other times you have #

When I was setting up my .db files I cut/paste from the guide above and got errors in the startup. One good thing to do when you restart the bind9 is to tail the daemons.log

any errors in loading the files will show up there.

In mydomain.com.db file I got an error from the // comments and had this in /var/daemons.log

Mar 16 15:56:36 server named[28388]: /etc/bind/zones/mydomain.com.db:1: unknown RR type 'replace'
Mar 16 15:56:36 server named[28388]: zone mydomain.com/IN: loading master file /etc/bind/zones/slytly.com.db: unknown class/type

Well the first comment line in the file has the word replace in it so I removed all the // comments

That was it. For some reason the // comments were not being processed.

I'm not sure if I had some fat finger error in there or not but it may help you if you tail the daemons.log when you restart bind9 to look for any errors in your .db files.

HTH

[phormion]

jparello, you can also use named-checkconf to check your configuration file (or named-checkzone to check your zone files). They are part of the BIND distribution, and I think they are included in the bind9 Ubuntu package.

2012_ad, you can accomplish that with a firewall or proxy, it's not absolutely necessary to use DNS. However, if you wish you can configure a root zone on the limited nameserver, and put whatever hosts you want to be accessible. The other nameserver would be a regular caching-only nameserver (I think on Debian/Ubuntu bind comes configured for that out of the box), with forwarders configured if you are positive that you need them.

Forwarders add another point of failure to your DNS setup - you depend on the provider's DNS servers to be always accessible. Also, maybe your provider's nameservers weren't designed with forwarding in mind. Your nameservers can resolve just fine without forwarding.

[whtet]

I have set up the box following the instruction and it works but with a few glitches.
e.g. If I try to ' dig hostname.mydomain.com' it works but if I 'ping hostname.mydomain.com' it's not working.
I have to spend some time to solve the issue.
I also have problems with the reverse look up. 'nslookup xx.xx.xx.xx' is not working.

Finally I find the problems and they all have to do with the comment type.
I cannot use '//' or '#' in the zone files but ';'. After I have taken out '//' and '#' from the zone (reverse) files
'ping hostname.mydomain.com' and 'nslookup xx.xx.xx.xx' is working again.

I still needs to troubleshoot why 'dig hostname' is not working while 'ping hostname' is working.