swygue
January 5th, 2005, 16:08
================================================== ======================

I need some help setting up Bind 9.3.0 on FreeBSD 5.3.

Here is my setup:

edit /etc/rc.conf
named_enable="YES"
named_chrotdir="/var/named"
named_chroot_autoupdate="YES"

Generate rndc.key, create rndc.conf, place rndc.key in named.conf and

rndc.conf
Create Forward zone, reverse zone, loopback
Place my named server in /etc/resolv.conf

Rebooted, then I tried the following:

hazika# dig

; <<>> DiG 9.3.0 <<>>
;; global options: printcmd
;; connection timed out; no servers could be reached


hazika# /etc/rc.d/named stop
named not running? (check /var/run/named/pid).

hazika# /etc/rc.d/named start

hazika# ps -aux | grep 'named'
root 670 0.0 0.8 1620 972 p1 R+ 12:21PM 0:00.02 grep named

hazika# netstat -an | grep '.53
Unmatched '.

hazika# rndc start
rndc: connect failed: connection refused

Some help please, it seems Bind is not running.

My /etc/var/log/messages

Jan 5 10:25:42 hazika named[3866]: could not configure root hints
from 'cache.zone': file not found
Jan 5 10:25:42 hazika named[3866]: loading configuration: file not found
Jan 5 10:25:42 hazika named[3866]: exiting (due to fatal error)

To make sure that I had this file in /etc/namedb. I deleted it and ran
this command:

dig @e.root-servers.net . ns > cache.zone

But I still getting the same errors.

Thanks

Kernel_Killer
January 5th, 2005, 17:54
Try running it with 'named -c /etc/namedb/named.conf'. Sounds like it's not getting the root zones from the conf file.

swygue
January 5th, 2005, 21:42
Thanks kernel_killer, but that command did not help .

elmore
January 6th, 2005, 02:13
I just setup bind9 on FBSD 5.3 tonight.

You must start bind by running:

/etc/rc.d/named start

you may reload it by using rndc, you may also stop named by using rndc but you have to at a minimum run the startup shell script to start the process.

named should also be logging to /var/log/messages. I had a problem or two when starting so it helps to run something like:

tail -f /var/log/messages &

in the background while setting named up. I can post my config if it'll help.

Strog
January 6th, 2005, 14:08
When you run bind in a chroot then there's a few more things you need to do to make it work (move some files, create a basic tree in the chroot, etc.). I'd recomend that you remove the chroot options in rc.conf and get it working normally before you tackle the chrooting part of this.

The FreeBSD Handbook has a good doc (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html) on this. About 3/4 the way down is the section on Running named in a Sandbox (a.k.a. chrooting).

swygue
January 6th, 2005, 17:23
Elmore, was your FreeBSD install fresh ? Because my install was, I usally installl FreeBSD from the Minimal ISO, then I CVSUP, build custom kernel and do the world thing.

Coul you let me know if you did the same thing. I just want to know if BIND 9.3.0 works from a fresh install, because this is my second time doing a fresh install and I can't get it to work.

And your config file would be nice to look at :)

Thanks

swygue
January 6th, 2005, 17:27
I thought that with FreeBSD 5.3, BIND 9.3.0 runs in a chroot enviroment by default. Once you enabled the setting in /etc/rc.conf

Thanks

elmore
January 6th, 2005, 17:51
Elmore, was your FreeBSD install fresh ? Because my install was, I usally installl FreeBSD from the Minimal ISO, then I CVSUP, build custom kernel and do the world thing.

Coul you let me know if you did the same thing. I just want to know if BIND 9.3.0 works from a fresh install, because this is my second time doing a fresh install and I can't get it to work.

And your config file would be nice to look at :)

Thanks


Yup fresh install, cvsup'd everything to stable then make world. Afterwards config'd named.

Here's my conf:

named.conf:

options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 10.0.2.1; };
forwarders {
127.0.0.1; 64.47.4.87; 64.47.5.23; 24.226.1.20; 209.167.141.5; 142.77.1.5;
};
query-source address * port 53;
};
zone "." {
type hint;
file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "xxxxxxx.com" {
type master;
file "db.xxxxxxx";
notify yes;
also-notify { 10.0.2.2; };
};
zone "1.0.10.in-addr.arpa" in {
type master;
file "db.10.0.1";
notify yes;
also-notify { 10.0.2.2; };
};
zone "2.0.10.in-addr.arpa" in {
type master;
file "db.10.0.2";
notify yes;
also-notify { 10.0.2.2; };
};
zone "3.0.10.in-addr.arpa" in {
type master;
file "db.10.0.3";
notify yes;
also-notify { 10.0.2.2; };
};

elmore
January 6th, 2005, 17:53
one last caveat, I use h2n (/usr/ports/dns/h2n) to create my zone files from etc/hosts. I'm also not running in a chroot jail like you are attempting to do. These are internal DNS boxes so there was no need for the chroot.

My external boxes run OBSD which by default runs in a chroot.

swygue
February 19th, 2005, 00:37
elmore

Thanks your config file was very helpful. I have some questions that you might be able to answer for me.

My background is Windows, and with Windows 2000 server and up, you can create a domain with a custom root. eg www.swygue.nul. Windows worked fine with this setup.

I noticed Bind respond different with the same setup. Here is the output:
---------------------------------------------------
$ nslookup swygue.nul
Server: 192.168.1.212
Address: 192.168.1.212#53

** server can't find swygue.nul: SERVFAIL
----------------------------------------------

From what I unserstand from reading Various BIND documentation. Using "swygue.nul" is in valid, because when bind consult the cache.zone for root servers it does not find the "swygue.nul" registered nor does it find "nul." to be a valid root. If I am right, how come Windows can operate with "swygue.nul" and bind can't. Better put, can I run Bind without registering a valid domain ?

I want to learn Bind. How can I run a valid registered domain name on my internal network and be sure that my name server won't respond to request from outside of my network.

Thanks