Re: Need Help W/ DNS Server
On Wednesday 23 February 2005 03:10 pm, Alan Chandler wrote:
> On Wed, 2005-02-23 at 14:18 -0500, Hal Vaughan wrote:
> > I REALLY need some help with setting up a DNS server on Mepis. I've been
> > working hard on this since Monday, I'm short on sleep, so I really feel
> > like I'm not thinking clearly, but I need to get this (and NIS, which is
> > fubar, too) working as quickly as possible, so I'd really appreciate help
> > with this (since nobody on the Mepis IRC channels or forums seems to know
> > what to do). I've tried other mailing lists, but I'm not getting any
> > suggestions. Please don't hesitate to tell me if I'm missing the obvious,
> > since, at this point, my brain feels like it's mud.
> >
> > I've been using the Debian reference manuals online, but even when I
> > follow their instructions, it doesn't seem to be enough. I tried using
> > Webmin to set this up, figuring that would ensure the config files were
> > in proper shape, but it didn't help.
> >
> > I think there are several issues. The first is that everytime I try to
> > start the dns with /etc/init.d/bind9, I get this:
> >
> > Stopping domain name service: namedrndc: connect failed: connection
> > refused .
> > Starting domain name service: namednamed: capset failed: Operation not
> > permitted
> > named: capset failed: Operation not permitted
>
> Its a bit difficult for me to answer you directly because I use the more
> standard debian setup. However at least the first error message is
> related to where it is looking for a key.
>
> You should have a file called rdnc.key inside /etc/bind directory. I
> must admit I am a bit puzzled as what calls things to look in this
> directory for it, but this is also where the named.conf file resides, so
> it could just be related to that.
I saw references to a key here and there, but the docs I looked at never
mentioned it. So I guess that means a key is necessary, right? So I'll read
up on that. It's been a few years since I set up a DNS, but I didn't
remember ever dealing with a key.
> > .
> >
> > I found a reference that capset is a module I can install in the kernel
> > (Mepis is using 2.6.7). I'd rather not have to recompile the kernel, but
> > I don't see the source on the install (I can't remember the directory,
> > but I thought it was in /var/libs somewhere), and other than just running
> > insmod, I can't remember how to get capset installed. (Note: I have not
> > always been getting the error about capset.)
>
> Don't know the answer to the above - I haven't done anything special, I
> am using a standard debian kernel, and I am not aware of the capset
> module.
What version of bind are you using?
> > I used nslint and it thinks everything is okay. I run dnswalk, and I get
> > the following:
> >
> > Checking thresh.loc.
> > BAD: SOA record not found for thresh.loc.
> > BAD: thresh.loc. has NO authoritative nameservers!
> > BAD: All zone transfer attempts of thresh.loc. failed!
> > 0 failures, 0 warnings, 3 errors.
> >
> > While all the Debian docs say the config is in /etc/named.conf, I've
> > found /etc/init.d/bind9 references /etc/bind/named.conf, so I'm keeping
> > both files the same. I have the zone files stored in /var/named.
>
> This, I think is the issue. All of my zone files are in /etc/bind, and
> I do have a directory statement in the options section of
> named.conf.options (debian splits named.conf into lots of smaller
> files), but this is pointing at /var/cache/bind. I think there is bind
> caches answers from othere nameservers, NOT where it looks for your zone
> files.
So it would be a good idea to change ALL the files to go in /etc/bind, right?
> Should also note that in my named.conf file (the standard zones) and
> named.conf.local (zones I am controlling from my nameserver) are
> referenced by the full path , e.g.
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
Okay, that's an easy change to make. I am so burned out I can barely follow
what you're saying, so I'll make these changes after a nap.
Thanks!
Hal
Reply to: