BIND returns SERVFAIL after setting seemingly correct records
Olivia Zamora 
EDIT: UPDATED CODE
I used nslookup ercont.club 127.0.0.1 to make sure that it would be using my host name server and that it wouldn't be something to do with my registrar. Here are the files:
db.ercont.club
;
; BIND data file for local loopback interface
; $TTL 604800 @ IN SOA ercont.club. mail.ercont.club. ( 4 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1.ercont.club.
@ IN NS ns2.ercont.club.
; name servers - A records
ns1.ercont.club. IN A 167.160.84.198
ns2.ercont.club. IN A 167.160.84.198
; - A records
ercont.club IN A 167.160.84.198/etc/bind/zones/db.160.67
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ercont.club. mail.ercont.club. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; name servers
@ IN NS ns1.ercont.club.
@ IN NS ns2.ercont.club.
; PTR Records
198.84 IN PTR ns1.ercont.club. ;
198.84 IN PTR ns2.ercont.club. ;
198.84 IN PTR mail.ercont.club. ;and /etc/bind/named.conf.options
acl "trusted" { 167.160.84.198; # ns1 and ns2
};
options { directory "/var/cache/bind"; recursion yes; allow-recursion { localhost; trusted; }; allow-query { localhost; 167.160.84.0/8; }; listen-on { 167.160.84.198; }; allow-transfer { none; }; forwarders { 8.8.8.8; 8.8.4.4; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; };
};If someone could help me troubleshoot this, that would be really nice of you. I'm a noob at bind and the issues really freak me out, so some help will be really appreciated.
1 Answer
First, a public dns server, such as the Registar, where the domain name was purchased, will need to be setup to point your TCP/IP Address, example server or residential gateway public IP address. This may also be completed through a third party service such as route53 through aws.amazon.com service.
This answer though is to cover the topic of resolving the domain name(ercont.club) from the local/private machine that has Bind9 installed.
The file: /etc/bind/named.conf.options resembles the following, and appears to be correct.
acl "trusted" { 167.160.84.198; # ns1 and ns2
};
options { directory "/var/cache/bind"; recursion yes; allow-recursion { localhost; trusted; }; allow-query { localhost; 167.160.84.0/8; }; listen-on { 167.160.84.198; }; allow-transfer { none; };
forwarders { 8.8.8.8; 8.8.4.4; };
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; };
};The File: /etc/bind/named.conf.local should resemble the following:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
view "internal" { match-clients { localhost; 167.160.84.0/8; };
# set zone zone "ercont.club" { type master; file "/etc/bind/db.ercont.club"; allow-update { none; }; };
# set reverse zone lookup zone "160.67.in-addr.arpa" { type master; file "/etc/bind/db.160.67"; allow-update { none; }; }; include "/etc/bind/named.conf.default-zones";
};The file: db.ercont.club
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ercont.club. mail.ercont.club. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1.ercont.club.
@ IN NS ns2.ercont.club.
@ IN A 127.0.0.1
@ IN A 167.160.84.198
; A records
ercont.club. A 167.160.84.198Prior to saving the file, increment the serial number by at least 1.
Issue command: sudo named-checkzone ercont.club db.ercont.club
If Zone OK, continue. If not review and correct.
The file: /etc/bind/db.167.160:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ercont.club. mail.ercont.club. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; name servers
@ IN NS ns1.ercont.club.
@ IN NS ns2.ercont.club.
; PTR Records
198.84 IN PTR ns1.ercont.club. ;
198.84 IN PTR ns2.ercont.club. ;
198.84 IN PTR mail.ercont.club. ;Prior to saving the file, increment the serial number by at least 1.
Issue command: sudo named-checkzone 167.160.in-addr.arpa db.167.160
If Zone OK, continue. If not review and correct.
Issue Command: sudo service bind9 restart
Verify the service started properly, issue the command: sudo service bind9 status
Before it will translate accordingly, we need to setup the server to point to the new DNS Server.
If this is a server only setup, no desktop client; we will want to review the file: /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static address 167.160.84.198 netmask 255.0.0.0 gateway xxx.xxx.xxx.xxx dns-nameservers 167.160.84.198 dns-search ercont.clubOtherwise, if you a Desktop and NetWork Manger, make the changes via the gui interface, or modify the file:
/etc/NetworkManager/system-connections/Wired\ connection\ 1Changing the Wired\ connection\ 1, for what appears in Network Manager as the name of the connection.
Find the [ipv4] section of the file and add/modify the following two lines:
[ipv4]
dns=ipofyourdnsserver;
dns-search=ercont.club;Save your modifications, and restart.
I hope this helps.
14
