Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
krotish2010-12-23 20:55:16
Domain Name System
krotish, 2010-12-23 20:55:16

Create primary and secondary DNS for a domain

Greetings. There was a need to create a DNS server to support domains. There are two servers (debian), 2 ip in different subnets (1.1.1.1 and 2.2.2.2).
So far, there is only one domain ( example.com ) and ns-servers for it should be: ns1.example.com and, accordingly, on the second server, ns2.example.com
, so what I did:
1) registered dns servers at the registrar: ns1.example.com 1.1.1.1 and ns2.example.com 2.2.2.2 2
) BIND was installed on the first server, port 53/tcp was opened, here is the contents of the configuration: : All the other servers answer: (more than a day has passed) Perhaps someone will tell me what the problem is?

$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";

$ cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};



$ cat /etc/bind/named.conf.local
zone "example.com" {
type master;
file "/etc/bind/example.com";
};



$ cat /etc/bind/example.com
$TTL 3600
@ IN SOA ns1.example.com. support.example.com. (
2010122202 ; serial, todays date + todays serial #
10800 ; refresh, seconds
3600 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
mail IN A 1.1.1.1
ns1 IN A 1.1.1.1
www IN A 1.1.1.1
ftp IN A 1.1.1.1
example.com. IN A 1.1.1.1
example.com. IN MX 10 mail

$ nslookup example.com localhost
Server: localhost
Address: 127.0.0.1#53

Name: example.com
Address: 1.1.1.1

$ nslookup example.com
;; connection timed out; no servers could be reached

and I would like recommendations on how to configure secondary dns on the second server (2.2.2.2)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Sergey, 2010-12-23
@krotish

open port 53/tcp
By default, DNS requests are made over UDP. Fallback on TCP only happens if the request (response) exceeds 500 bytes, usually with AXFR requests (zone transfer). Open 53/UDP
(more than a day has passed)
What is the TTL of a SOA record? give a conclusion
dig example.com SOA

How can I force him to write logs? 
The 'logging' directive in the config. Here is an example, you can dance from it:
logging {
#	# Log queries to a file limited to a size of 100 MB.
  channel query_logging {
    file "/var/log/named_querylog"
      versions 20 size 200M;
    print-time yes;			// timestamp log entries
    severity dynamic;	
  };
  channel security {
    file "/var/log/named_security"
      versions 10 size 50M;
    print-time yes;
    severity dynamic;	
  };
  channel resolver {
    file "/var/log/named_resolver"
      versions 2 size 50M;
    print-time yes;
    severity dynamic;	 
  };
  channel network {
    file "/var/log/named_network"
      versions 2 size 50M;
    print-time yes;
    severity dynamic;	 
  };
  channel xfer {
    file "/var/log/named_xfer"
      versions 2 size 50M;
    print-time yes;
    severity dynamic;	 
  };
  channel client {
    file "/var/log/named_client"
      versions 2 size 50M;
    print-time yes;
    severity dynamic;	 
  };
  category queries { query_logging; };
  category security { security; };
  category resolver { resolver; };
  category network { network; };
  category xfer-in { xfer; };
  category xfer-out { xfer; };
  category client { client; };
#
#	# Log general name server errors to syslog.
  channel syslog_errors {
    syslog user;
    severity error;
  };
  category default { syslog_errors;  };
#
#	# Don't log lame server messages.
  category lame-servers { null; };
  category security { null; };
};

Report
V
Vlad Zhivotnev, 2010-12-23
@inkvizitor68sl

debian.pro/125
debian.pro/156
Maybe it will be nicer this way)

Report
H
holivar, 2010-12-23
@holivar

>$ nslookup example.com
>;; connection timed out; no servers could be reached
This response means that the bind on the server to which the request was sent does not work at all or is not available (if it was not configured correctly, the request would be different).
You can "burn" specific ip and domain, I or someone else will say that it is not configured that way. In general, on the primary server there should be a line in the config

options {
        directory "/var/named";
        notify explicit;
        also-notify { SECONDARY SERVER IP; };
        allow-transfer { SECONDARY SERVER IP; };
  
};

And on the secondary
zone "example.com" { type slave; file "/var/named/slaves/example.com.db"; masters { IP of the primary server; }; };

Report
L
lhav, 2010-12-23
@lhav

Do you need it? Keep your own DNS, ensure their stability and correct configuration?
Buy yourself a year of DNS hosting from fastvps.ru for 0.90 euros, and don't worry =)

Report
S
skl1f, 2010-12-23
@skl1f

why buy there is dns from Yandex
, and it is not necessary to use mail there, you can specify your mx

Report
E
eternals, 2010-12-23
@eternals

Offhand:
1. For both servers, you must have the same config.
2. "ns1 IN A 1.1.1.1" and for ns2 on both "ns2 IN A 2.2.2.2"
3. A day is actually not enough.
4. You need to check not on localhost, but nslookup example.com 174.129.16.254
5. Considering that “nslookup localhost 174.129.16.254” gives “DNS request timed out.” By the way, what is your IP?).

Similar questions
A
anton13ms2019-04-16 08:36:50
How to set up access to the site from the .local domain in Google Chrome? 1Reply
H
Hesed2014-11-22 18:59:33
How to calculate rate-limit for recursive Bind? 1Reply
6
6yuHbIu2019-04-22 08:19:15
How to set A-record priority? 2Reply
O
onlyforward2014-12-01 16:44:58
How to properly set up an SPF record? 1Reply
A
Alexey2016-12-05 18:01:29
How to make a redirect from any *.domen.ru domain to domen.ru? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question