[CentOS] BIND Setup Issue

Sun Mar 10 23:07:08 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 10.03.2013 12:57, schrieb Austin Einter:
> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in that
> machine. It is having a static global IP. I have done lot of reading ,
> google search and tried all possible option, but still not able to resolve
> the issue.

After reading the entire thread I am still not sure what your actual
issue is. I can only guess some name resolution is not working as expected.

Please state:
- From which machine are you trying to resolve?
- Which name are you trying to resolve?
- Which result are you expecting?
- Which result do you get?

In the meantime, a few comments on your config.

> options {
>         listen-on port 53 { 127.0.0.1; 10.0.0.1; };

That doesn't look right. You said your machine has a public IP address
but you make it listen on a private IP address and localhost only.

>         listen-on-v6 port 53 { ::1; };

That doesn't look right either. If your machine does IPv6, why have it
listen only on localhost? If it doesn't, why have it listen on IPv6 at all?

>         allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };

This doesn't look right at all. Neither 10.0.0.1 nor 10.0.0.254 are
compatible with a /24 netmask.

>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside auto;

I don't think it's a good idea to activate DNSSEC before you have the
basics running.

> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> 
> ns1     IN      A       173.201.189.43
> ns2     IN      A       173.201.189.43

It's very strange to declare two nameservers with the same address. Why
put in ns2 in the first place if it's actually the same machine as ns1?
That doesn't make sense.

> And my reverse zone file looks as

> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> ns1     IN  A   173.201.189.43
> ns2     IN  A   173.201.189.43

These entries are wrong here.
Simple explanation: A RRs belong in the forward zone, not the reverse zone.
Complex explanation: The RRs you actually create by this look like this:

ns1.189.201.173.in-addr.arpa. IN A 173.201.189.43
ns2.189.201.173.in-addr.arpa. IN A 173.201.189.43

> 43      IN      PTR     ns1.netcloudjobs.com.
> 44      IN      PTR     ns2.netcloudjobs.com.

You have a forward/reverse mismatch here. Your reverse zone resolves
173.201.189.44 to ns2.netcloudjobs.com but your forward zone resolves
that to 173.201.189.43 instead of 173.201.189.44.

> I hope I am doing something wrong with configuration. I have done this
> since more than 60 hours. Still I am not able to resolve
> ns1.netcloudjobs.com.

I am:

[ts at dns01 ~]$ host ns1.netcloudjobs.com
ns1.netcloudjobs.com has address 173.201.189.43
[ts at dns01 ~]$

Looks fine to me. So again, please state from where you are trying the
resolution, which result you expect and which result you get.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130311/e088f0b7/attachment-0005.sig>