Results 1 to 17 of 17

Thread: FreeBSD 11.1 DNS does not work.

  1. #1
    Join Date
    Feb 2006
    Posts
    787

    DirectAdmin DNS does NOT work w/FreeBSD 11.1 Install *** SOLVED ***

    DirectAdmin DNS does NOT work w/FreeBSD 11.1 Install. I've done 3 clean OS and DA installs and it does NOT work.
    Attached Images Attached Images
    Last edited by IT_Architect; 07-13-2018 at 06:36 PM.

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,209
    Hello,

    What do you mean when you say "DNS does NOT work"? Do you mean that named does not start? Or resolving fails? Or what?

  3. #3
    Join Date
    May 2008
    Posts
    741
    Works fine with me. I was on 11.1 and recently upgraded to 11.2.

    What I see on the attached pictures is nothing wrong. They are just the default zones that bind installs.

  4. #4
    Join Date
    Feb 2006
    Posts
    787
    Those default zones do not show on the other servers.

  5. #5
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,209
    and bind starts and runs, and DNS responds to queries?

  6. #6
    Join Date
    Feb 2006
    Posts
    787
    - DNS does NOT respond to queries.
    - Bind shows up and running and there are no error messages during boot-up.

    <domain>.com has an entry in the DNS that says:
    Local Data: Yes
    Local Mail: Yes
    DNS entries look fine
    It has an A record for "server" as well.

    nslookup server.<domain>.com <ip of server>
    and
    nslookup <domain>.com <ip of server>
    returns:
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to UnKnown timed-out

    I believe when the first issue is fixed, it will all be fixed.
    Last edited by IT_Architect; 07-13-2018 at 04:45 PM.

  7. #7
    Join Date
    Feb 2006
    Posts
    787
    *** Solved ***
    Problem: After locating and digging through BIND configs, I discovered a fresh install of FreeBSD 11.1, plus completing the DA prerequisites, plus the DA install, and even rewriting all configs will never yield a operational DNS because it does not create a usable /usr/local/etc/namedb/named.conf file.
    One Solution:
    The top of named.conf above the domains at the bottom looks like this after a FreeBSD 11.1 install:
    Code:
    // $FreeBSD: branches/2018Q2/dns/bind99/files/named.conf.in 443609 2017-06-14 22:56:44Z mat $
    //
    // Refer to the named.conf(5) and named(8) man pages, and the documentation
    // in /usr/local/share/doc/bind for more details.
    //
    // If you are going to set up an authoritative server, make sure you
    // understand the hairy details of how DNS works.  Even with
    // simple mistakes, you can break connectivity for affected parties,
    // or cause huge amounts of useless Internet traffic.
    
    options {
    	// All file and path names are relative to the chroot directory,
    	// if any, and should be fully qualified.
    	directory	"/usr/local/etc/namedb/working";
    	pid-file	"/var/run/named/pid";
    	dump-file	"/var/dump/named_dump.db";
    	statistics-file	"/var/stats/named.stats";
    
    // If named is being used only as a local resolver, this is a safe default.
    // For named to be accessible to the network, comment this option, specify
    // the proper IP address, or delete this option.
    	listen-on	{ 127.0.0.1; };
    
    // If you have IPv6 enabled on this system, uncomment this option for
    // use as a local resolver.  To give access to the network, specify
    // an IPv6 address, or the keyword "any".
    //	listen-on-v6	{ ::1; };
    
    // These zones are already covered by the empty zones listed below.
    // If you remove the related empty zones below, comment these lines out.
    	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
    	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
    	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
    
    // If you've got a DNS server around at your upstream provider, enter
    // its IP address here, and enable the line below.  This will make you
    // benefit from its cache, thus reduce overall DNS traffic in the Internet.
    /*
    	forwarders {
    		127.0.0.1;
    	};
    */
    
    // If the 'forwarders' clause is not empty the default is to 'forward first'
    // which will fall back to sending a query from your local server if the name
    // servers in 'forwarders' do not have the answer.  Alternatively you can
    // force your name server to never initiate queries of its own by enabling the
    // following line:
    //	forward only;
    
    // If you wish to have forwarding configured automatically based on
    // the entries in /etc/resolv.conf, uncomment the following line and
    // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
    // named_auto_forward_only (the effect of which is described above).
    //	include "/usr/local/etc/namedb/auto_forward.conf";
    
    	/*
    	   Modern versions of BIND use a random UDP port for each outgoing
    	   query by default in order to dramatically reduce the possibility
    	   of cache poisoning.  All users are strongly encouraged to utilize
    	   this feature, and to configure their firewalls to accommodate it.
    
    	   AS A LAST RESORT in order to get around a restrictive firewall
    	   policy you can try enabling the option below.  Use of this option
    	   will significantly reduce your ability to withstand cache poisoning
    	   attacks, and should be avoided if at all possible.
    
    	   Replace NNNNN in the example with a number between 49160 and 65530.
    	*/
    	// query-source address * port NNNNN;
    };
    
    // If you enable a local name server, don't forget to enter 127.0.0.1
    // first in your /etc/resolv.conf so this server will be queried.
    // Also, make sure to enable it in /etc/rc.conf.
    
    // The traditional root hints mechanism. Use this, OR the slave zones below.
    zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
    
    /*	Slaving the following zones from the root name servers has some
    	significant advantages:
    	1. Faster local resolution for your users
    	2. No spurious traffic will be sent from your network to the roots
    	3. Greater resilience to any potential root server failure/DDoS
    
    	On the other hand, this method requires more monitoring than the
    	hints file to be sure that an unexpected failure mode has not
    	incapacitated your server.  Name servers that are serving a lot
    	of clients will benefit more from this approach than individual
    	hosts.  Use with caution.
    
    	To use this mechanism, uncomment the entries below, and comment
    	the hint zone above.
    
    	As documented at http://dns.icann.org/services/axfr/ these zones:
    	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
    	are available for AXFR from these servers on IPv4 and IPv6:
    	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
    */
    /*
    zone "." {
    	type slave;
    	file "/usr/local/etc/namedb/slave/root.slave";
    	masters {
    		192.0.32.132;           // lax.xfr.dns.icann.org
    		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
    		192.0.47.132;           // iad.xfr.dns.icann.org
    		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
    	};
    	notify no;
    };
    zone "arpa" {
    	type slave;
    	file "/usr/local/etc/namedb/slave/arpa.slave";
    	masters {
    		192.0.32.132;           // lax.xfr.dns.icann.org
    		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
    		192.0.47.132;           // iad.xfr.dns.icann.org
    		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
    	};
    	notify no;
    };
    zone "in-addr.arpa" {
    	type slave;
    	file "/usr/local/etc/namedb/slave/in-addr.arpa.slave";
    	masters {
    		192.0.32.132;           // lax.xfr.dns.icann.org
    		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
    		192.0.47.132;           // iad.xfr.dns.icann.org
    		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
    	};
    	notify no;
    };
    zone "ip6.arpa" {
    	type slave;
    	file "/usr/local/etc/namedb/slave/ip6.arpa.slave";
    	masters {
    		192.0.32.132;           // lax.xfr.dns.icann.org
    		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
    		192.0.47.132;           // iad.xfr.dns.icann.org
    		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
    	};
    	notify no;
    };
    */
    
    /*	Serving the following zones locally will prevent any queries
    	for these zones leaving your network and going to the root
    	name servers.  This has two significant advantages:
    	1. Faster local resolution for your users
    	2. No spurious traffic will be sent from your network to the roots
    */
    // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
    zone "localhost"	{ type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
    zone "127.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
    zone "255.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
    zone "0.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
    
    // "This" Network (RFCs 1912, 5735 and 6303)
    zone "0.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // Private Use Networks (RFCs 1918, 5735 and 6303)
    zone "10.in-addr.arpa"	   { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // Shared Address Space (RFC 6598)
    zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // Link-local/APIPA (RFCs 3927, 5735 and 6303)
    zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IETF protocol assignments (RFCs 5735 and 5736)
    zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
    zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
    zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // Router Benchmark Testing (RFCs 2544 and 5735)
    zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IANA Reserved - Old Class E Space (RFC 5735)
    zone "240.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "241.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "242.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "243.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "244.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "245.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "246.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "247.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "248.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "249.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "250.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "251.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "252.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "253.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "254.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IPv6 Unassigned Addresses (RFC 4291)
    zone "1.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "3.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "4.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "5.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "6.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "7.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "8.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "9.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "a.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "b.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "c.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "d.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "e.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "0.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "1.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "2.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "3.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "4.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "5.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "6.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "7.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "8.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "9.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "a.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "b.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "0.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "1.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "2.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "3.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "4.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "5.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "6.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "7.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IPv6 ULA (RFCs 4193 and 6303)
    zone "c.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "d.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IPv6 Link Local (RFCs 4291 and 6303)
    zone "8.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "9.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "a.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "b.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
    zone "c.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "d.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "e.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    zone "f.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // IP6.INT is Deprecated (RFC 4159)
    zone "ip6.int"		{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
    
    // NB: Do not use the IP addresses below, they are faked, and only
    // serve demonstration/documentation purposes!
    //
    // Example slave zone config entries.  It can be convenient to become
    // a slave at least for the zone your own domain is in.  Ask
    // your network administrator for the IP address of the responsible
    // master name server.
    //
    // Do not forget to include the reverse lookup zone!
    // This is named after the first bytes of the IP address, in reverse
    // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
    //
    // Before starting to set up a master zone, make sure you fully
    // understand how DNS and BIND work.  There are sometimes
    // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
    //
    // NB: Don't blindly enable the examples below. :-)  Use actual names
    // and addresses instead.
    
    /* An example dynamic zone
    key "exampleorgkey" {
    	algorithm hmac-md5;
    	secret "sf87HJqjkqh8ac87a02lla==";
    };
    zone "example.org" {
    	type master;
    	allow-update {
    		key "exampleorgkey";
    	};
    	file "/usr/local/etc/namedb/dynamic/example.org";
    };
    */
    
    /* Example of a slave reverse zone
    zone "1.168.192.in-addr.arpa" {
    	type slave;
    	file "/usr/local/etc/namedb/slave/1.168.192.in-addr.arpa";
    	masters {
    		192.168.1.1;
    	};
    };
    */
    Replace all of that with this: (copied from an earlier DA install)
    Code:
    // $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1 2004/09/30 23:36:07 dougb Exp $
    //
    // Refer to the named.conf(5) and named(8) man pages, and the documentation
    // in /usr/share/doc/bind9 for more details.
    options {
            directory       "/etc/namedb";
            pid-file        "/var/run/named/pid";
            dump-file       "/var/dump/named_dump.db";
            statistics-file "/var/stats/named.stats";
    
    	allow-transfer { none; };
    	allow-recursion { localnets; };
    };
    
    
    zone "." {
            type hint;
            file "named.root";
    };
    Then restart the DNS (named)

    If you have any ideas to improve the new config, let me know.

    Thanks!
    Last edited by IT_Architect; 07-14-2018 at 03:19 AM.

  8. #8
    Join Date
    May 2008
    Posts
    741
    Mine is:

    options {
    version "BIND";
    // All file and path names are relative to the chroot directory,
    // if any, and should be fully qualified.
    directory "/usr/local/etc/namedb/working";
    pid-file "/var/run/named/pid";
    dump-file "/var/dump/named_dump.db";
    statistics-file "/var/stats/named.stats";
    // recursion no;
    allow-transfer {"none";};
    dnssec-enable yes;
    dnssec-validation yes;
    //dnssec-lookaside auto;
    bindkeys-file "/etc/namedb/named.iscdlv.key";
    max-udp-size 4096;
    edns-udp-size 4096;
    and works.

    Next are the default zones. And the file ends with what DA adds:

    zone "<DOMAIN>" { type master; file "/etc/namedb/<DOMAIN>.db"; };
    repeated many times for each domain.

    I do not see these DA added zones at the end of yours. And this was the problem. You must check out why DA is not appending to the file properly.

  9. #9
    Join Date
    Feb 2006
    Posts
    787
    Quote Originally Posted by wattie View Post
    Mine is:
    Next are the default zones. And the file ends with what DA adds: repeated many times for each domain. I do not see these DA added zones at the end of yours. And this was the problem. You must check out why DA is not appending to the file properly.
    Thanks for the reply and the copy of your named.conf, but that was NOT the problem. My new config works properly, which is why I previously changed the name of the thread to solved. As I mentioned in my previous post, I replaced the code ahead of the DA added zones. The areas of the head of the original file that caused it to fail are highlighted in red. I simply copied the code ahead of the DA zones from a previous version of DA when the installs did produce a working DNS, and did not contain the default zones. It appears DA simply appends the named.conf that gets installed. The problem is, what gets installed today is the IP set to local host, and DA uses /usr/local/etc/namedb/ not /usr/local/etc/namedb/working to store the zones in and appears nothing else uses the directory "working", and it comes with all of the default zones. Either BIND didn't used to ship this way, or previously DA wrote the entire named.conf file and isn't doing it now or fails to do it now.

    Question: When you look at your DNS in the DirectAdmin, do you see 4 pages of junk before you get to the DA zones? It works good without the default zones so I wonder if in this situation if it even makes sense to have them.

    Thanks!
    Last edited by IT_Architect; 07-16-2018 at 11:24 AM.

  10. #10
    Join Date
    May 2008
    Posts
    741
    I do see them, yes, but that's not a problem. These are the so called "empty zones":

    http://ftp.isc.org/isc/bind9/cur/9.1...h06.html#empty

    The purpose of these zones is to prevent recursive servers from sending junk queries to the root servers.

    I guess you are not doing recursive DNS but only authoritative anyway, so it should not matter if you don't have them. But these zones do no harm if exist.

  11. #11
    Join Date
    Feb 2006
    Posts
    787
    Quote Originally Posted by wattie View Post
    I do see them, yes, but that's not a problem. These are the so called "empty zones":

    http://ftp.isc.org/isc/bind9/cur/9.1...h06.html#empty

    The purpose of these zones is to prevent recursive servers from sending junk queries to the root servers. I guess you are not doing recursive DNS but only authoritative anyway, so it should not matter if you don't have them. But these zones do no harm if exist.
    Thanks for the reply. I did read about them earlier. My earlier DA didn't have them. With my earlier installs, I never had to touch the DNS config files. My guess is something is not working right on the DA install. For now, I'll simply add this to my install notes.

    Thanks!

  12. #12
    Join Date
    May 2008
    Posts
    741
    Nothing is wrong with the DA install. And DA is not installing Bind, it's only using it - it's not part of the Custombuild.

  13. #13
    Join Date
    Feb 2006
    Posts
    787
    Quote Originally Posted by wattie View Post
    Nothing is wrong with the DA install. And DA is not installing Bind, it's only using it - it's not part of the Custombuild.
    DA does not install BIND, I agree. I don't know if DA ever configed it or not. What I do know is with the older versions of FreeBSD, I didn't have to deal with the default zones, and I never had to edit the conf file.

    Thanks!

  14. #14
    Join Date
    May 2008
    Posts
    741
    1. Default zones are there to help recursive servers to work better.

    2. You don't have to "deal with default zones". Just leave them and that's it.

    3. DA only adds this at the end of the conf file for each domain:

    zone "<DOMAIN>" { type master; file "/etc/namedb/<DOMAIN>.db"; };
    As far as I see, it does not happen on yours. And that was your problem. It could be permissions or something else - I don't know. You "resolved" the issue by adding /etc/namedb/*.db at the beginning of the conf file. Sure works as alternative.

  15. #15
    Join Date
    Feb 2006
    Posts
    787
    Quote Originally Posted by wattie View Post
    1. Default zones are there to help recursive servers to work better.

    2. You don't have to "deal with default zones". Just leave them and that's it.
    You have to deal with 4 pages of them every time you access DNS management in DA. They could easily be filtered out by DA if they chose because they are not managed by DA and the zone data is not local.

    Quote Originally Posted by wattie View Post
    3. DA only adds this at the end of the conf file for each domain:
    As far as I see, it does not happen on yours. And that was your problem. It could be permissions or something else - I don't know. You "resolved" the issue by adding /etc/namedb/*.db at the beginning of the conf file. Sure works as alternative.
    Thank you for your help. I believe we may be having a language barrier problem.

    1. What I said resolved it, is absolutely what did resolve it, as mentioned twice before. Currently, I have the original in place with the default domains, with only one change, and that is commenting out the 127.0.0.1, as recommended in the config, so that the DNS can serve more than local queries.

    2. >.../etc/namedb...< That change was due to the fact that I saw from browsing that DA puts the files in /etc/namedb, and previous FreeBSD + DA installs set directory to /etc/namedb, not /etc/namedb/work. However, I learned later that changing the directory parameter has no effect. Commenting the 127.0.0.1 line is what enables it to work publicly as is also documented in the default named.conf comments.

    3. "...as far as I can see..." But you cannot see, because as mentioned multiple times since the beginning, the code snips are from the code above DA's entry for server.domain.tld. I did not include what DA appended any more than you did when you posted your named.conf. DA's zone entry exists in the named.confs that did not work, as well as those that did. The configs with the 127.0.0.1 commented out, all resolve queries for the server.domain.tld, both locally and publicly, and commenting the 127.0.0.1 line is the ONLY modification NECESSARY to make the DNS work publicly after install. Commenting the 127.0.0.1 line IS the resolution. The config code from older unmodified FreeBSD + DA installs, also works. At that time they did not include the default domains, nor did the default install force the DNS to do local-only queries. A fresh install of FreeBSD 11.1 or 11.2 will in no case result in a DNS that can be used publicly as the named.conf clearly states. Commenting out or deleting the 127.0.0.1 line is REQUIRED to respond to any public queries. That should be documented in the DA install instructions because it has not always been this way.

    HTH. Thanks!
    Last edited by IT_Architect; 07-23-2018 at 10:33 AM. Reason: correct response numbering

  16. #16
    Join Date
    May 2008
    Posts
    741
    Then it's nothing wrong with DA after all.

  17. #17
    Join Date
    Feb 2006
    Posts
    787
    Quote Originally Posted by wattie View Post
    Then it's nothing wrong with DA after all.
    Correct! The only thing that could be improved is, at least with 11.1 and 11.2 standard OS install and perhaps other versions, is a note to comment out the 127.0.0.1 line that forces the DNS to be local-only after a standard OS install + DA prerequisites.

    I don't know when FreeBSD started making local-only DNS the default during a fresh install because I haven't set up any servers from scratch in the 8.x - 11.0 time frame. The only thing I can be certain of is 11.1 and 11.2 definitely default to local-only DNS.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •