Setting the bind and dhcp for use as dns/ddns

I will start the new thread because i configured major things regarding
my "project" so this post is more oriented to pure bind configuration.

------------------------
This is what i have:
- static ip address 85.113.xx.xx
- local ip's from 192.168.1.50 - 200
- installed bind 9
- installed dhcp3
- installed gadmin-bind tool

My goal is to offer free dns and ddns service for our costumers.
I'ts not much. It's around 40 users.

--------------------------------------------------------------------------------
Problems:
When i restart bind service i get this error.
p { margin-bottom: 0.08in; } * Stopping domain name service... bind9
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid. [ OK ]
* Starting domain name service... bind9 [ fail ]

*************************
This is my named.conf:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local


controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};


include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

***********************
named.conf.options
//----------------------
options {
directory "/var/cache/bind";


// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113


// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.


// forwarders {
// 0.0.0.0;
// };


auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};


forwarders {
# Replace the address below with the address of your provider’s DNS server
8.8.8.8;
};

*******************
My example.com.db
//------------------
// replace example.com with your domain name.


example.com. IN SOA ns1.example.com. admin.example.com.
(
// Do not modify the following lines!
2007031001
28800
3600
604800
38400
)


// Replace the following line as necessary:
// ns1 = DNS Server name
// mail = mail server name
// example.com = domain name
example.com. IN NS ns1.example.com.
example.com. IN MX 10 mail.example.com.

// Replace the IP address with the right IP addresses.
www IN A 192.168.1.120
mta IN A 192.168.1.121
ns1 IN A 192.168.1.122

***************************************
What is wrong with my configuration ?

alike <(E-Mail Removed)> wrote:
> - static ip address 85.113.xx.xx

Potentially useful, but irrelevant for your configuration as posted

> - local ip's from 192.168.1.50 - 200
> - installed bind 9
> - installed dhcp3
> - installed gadmin-bind tool

> My goal is to offer free dns and ddns service for our costumers.
> I'ts not much. It's around 40 users.

These customers, can they see your 192.168.1/24 range, or do they only
see your external (public facing) IP address?


> When i restart bind service i get this error.
> * Stopping domain name service... bind9
> rndc: connection to remote host closed
> This may indicate that
> * the remote server is using an older version of the command protocol,
> * this host is not authorized to connect,
> * the clocks are not synchronized, or
> * the key is invalid. [ OK ]
> * Starting domain name service... bind9 [ fail ]

After you restart bind, is it actually running? (Use "ps -ef" rather than
"rndc".)

If it's not running, does it start after you run "/etc/init.d/bind start"
(might be "/etc/init.d/bind9 start")


> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
> };

You do have an rndc-key file, and it's been correctly created in the
right place? (This is distribution dependent, I suspect, but try /etc/bind)


> forwarders {
> # Replace the address below with the address of your provider’s DNS server
> 8.8.8.8;
> };

You really want 8.8.8.8 as a forwarder?


> // replace example.com with your domain name.
> example.com. IN SOA ns1.example.com. admin.example.com.

You haven't replaced "example.com" like it says to do???


> // Replace the following line as necessary:
> // ns1 = DNS Server name
> // mail = mail server name
> // example.com = domain name
> example.com. IN NS ns1.example.com.
> example.com. IN MX 10 mail.example.com.

....nor here, either???


> // Replace the IP address with the right IP addresses.
> www IN A 192.168.1.120
> mta IN A 192.168.1.121
> ns1 IN A 192.168.1.122

> ***************************************
> What is wrong with my configuration ?


Potentially, not very much.

On my Debian distributions, you'll find much more information in
/var/adm/daemon.log (grep for named).

Chris

static ip address 85.113.xx.xx
Potentially useful, but irrelevant for your configuration as posted
--> i will register the domain avideonet.com.tv
The domain should be active in few days.

These customers, can they see your 192.168.1/24 range, or do they only
see your external (public facing) IP address?
--> the idea is to set subdomain for each user.
Something like:
user1.avideonet.com.tv
user2.avideonet.com.tv
user3.avideonet.com.tv
etc.
They should not see anything.
It's the same as in ddns.org service.

------------------------------------------------------
dns@server:/etc/bind$ sudo /etc/init.d/bind9 stop
* Stopping domain name service... bind9

rndc: connect failed:
127.0.0.1#953: connection refused [OK]

dnsserver@DNSserver:/etc/bind$ sudo /etc/init.d/bind9 start
* Starting domain name service...
bind9 [fail]
----------------------------------------------------------
Use "ps -ef" rather than "rndc"
--> can you explain why ?

You do have an rndc-key file, and it's been correctly created in the
right place? (This is distribution dependent, I suspect, but try /etc/bind)
--> yes i have this file and it's in /etc/bind/ folder

> You really want 8.8.8.8 as a forwarder?
--> what do you suggest ?

Can you please tell me, how would you set this configuration ?

On Mon, 2012-01-02, alike wrote:
> static ip address 85.113.xx.xx
> Potentially useful, but irrelevant for your configuration as posted
> --> i will register the domain avideonet.com.tv
> The domain should be active in few days.

Ugh, please quote properly. Three different people wrote the text
above, and it doesn't make sense if you don't show it.

/Jorgen

--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .

On 01/02/2012 12:38 PM, Jorgen Grahn wrote:
> On Mon, 2012-01-02, alike wrote:
>> static ip address 85.113.xx.xx
>> Potentially useful, but irrelevant for your configuration as posted
>> --> i will register the domain avideonet.com.tv
>> The domain should be active in few days.
>
> Ugh, please quote properly. Three different people wrote the text
> above, and it doesn't make sense if you don't show it.
>
> /Jorgen
>
--------------------
when i look into messages log file this is the description:
apparmor="DENIED" operation="open" parent=12917
profile="/usr/sbin/named" name="/etc/ssl/openssl.cnf" pid=12918
comm="named" requested_mask="r" denied_mask="r" fsuid=118 ouid=0

I shut down the apparmor and make the bind restart.
The situation is the same.

It's interesting that this error comes all the time.
From first installation till now.

my usr.bin.named

/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/nis>

capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,

/usr/sbin/named mr,
/var/lib/named/dev/random r,
/var/lib/named/etc/127.0.0 r,
/var/lib/named/etc/bind/named.conf r,
/var/lib/named/etc/bind/rndc.key r,
/var/lib/named/etc/localhost r,
/var/lib/named/etc/localtime r,
/var/lib/named/etc/named.run a,
/var/lib/named/etc/root.hints r,
/var/lib/named/etc/sites/domingo.dk/forward.zone r,
/var/lib/named/etc/sites/domingo.dk/reverse.zone r,
/var/lib/named/var/run/named.pid w,
}