0

I have an OpenVZ VPS server with CentOS 5.9 32 bit installed. I also buy domain sehattotal.com from local provider (masterwebnet.com). currently sehattotal.com is hosting in hostgator.com.

My purpose is to create DNS server in VPS server and direct my domain to it.

So I try to configure Bind9 in my server like this:

/etc/named.conf:

options {
  directory   "/var/named";
  dump-file   "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  allow-query { any; };
  allow-transfer     { localhost; 0.0.0.0; };
  recursion no;

  dnssec-enable yes;
  dnssec-lookaside . trust-anchor dlv.isc.org.;
};

logging 
{
 channel default_debug {
        file "data/named.run";
        severity dynamic;
 };  
};

zone "." IN {
 type hint;
 file "named.root";
};

zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost." IN {
 type master;
 file "localhost.zone";
 allow-update { none; };
};

zone "0.0.127.in-addr.arpa." IN {
 type master;
 file "named.local";
 allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
  type master;
  file "named.ip6.local";
  allow-update { none; };
 };

zone "255.in-addr.arpa." IN {
  type master;
  file "named.broadcast";
  allow-update { none; };
};

zone "0.in-addr.arpa." IN {
   type master;
   file "named.zero";
   allow-update { none; };
};

zone "sehattotal.com" IN {
  type master;
  file "sehattotal.com.zone";
  allow-update { none; };
};

include "/etc/rndc.key";

/var/named/chroot/var/named/sehattotal.com.zone:

$TTL 86400
@   IN    SOA   ns1.sehattotal.com. root.sehattotal.com. (
  2013122901  ;Serial
  21600       ;Refresh
  1800        ;Retry
  604800      ;Expire
  86400 )     ;Minimum TTL

@ IN NS  ns1.sehattotal.com.
ns1 IN A  116.251.208.167

no error when I try to start named service.

The Problem is I think it doesn't work because I cannot ping ns1.sehattotal.com.

Any suggestion?

note: Currently sehattotal.com has NS2227.HOSTGATOR.COM and NS228.HOSTGATOR.COM I still can't change it to NS1.SEHATTOTAL.COM, because when I ping to NS1.SEHATTOTAL.COM it returns:

Ping request could not find host ns1.sehattotal.com. Please check the name and try again.

user1996297
  • 3
  • 2
  • Related: [Clarification of why DNS zone files require NS records](http://serverfault.com/q/526278/58408) – user Dec 30 '13 at 12:47

2 Answers2

2

Your provider has not correctly delegated the zone:

[me@risby tmp]$ whois sehattotal.com
[Querying whois.verisign-grs.com]
[Redirected to whois.tucows.com]
[Querying whois.tucows.com]
[whois.tucows.com]
Domain Name: SEHATTOTAL.COM
[...]
Name Server: NS2227.HOSTGATOR.COM
Name Server: NS2228.HOSTGATOR.COM

And

[root@bill ~]# dig  NS2227.HOSTGATOR.COM
[...]
;; ANSWER SECTION:
NS2227.HOSTGATOR.COM.   43200   IN  A   192.254.235.98
[...]
[root@bill ~]# dig  NS2228.HOSTGATOR.COM
[...]
;; ANSWER SECTION:
NS2228.HOSTGATOR.COM.   43200   IN  A   192.254.235.99
[...]

Since neither of those is the IP address you are setting for your ns1, to wit 116.251.208.167, I assume that delegation is incorrect.

Merely registering a domain name and setting up a name server doesn't magically connect the two: the world has to be told that when it looks up the domain, it should use your name servers (and yes, two will be needed, even if you just list the same address twice). It is the glue served by your registrar (in this case, tucows) that does that.

I would have downvoted this question as "does not show any research effort", but you were good enough to give the full domain name and address, and to obscure nothing in your question. Thank you for that - it doesn't half make them easier to answer.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • sorry maybe my question is not clear enough, currently my domain sehattotal.com is host in hostgator that's why if you check the current ns right now, it's still poin to hostgator. My purpose is to change it to my vps server, but I still can't change it to ns1.sehattotal.com, I try to ping ns1.sehattotal.com with no luck, so I assume there's something wrong with my configuration. – user1996297 Dec 30 '13 at 09:42
  • You have a chicken-and-egg problem. Until you change it with hostgator, it won't work, full stop; they will remain the registrar, and they need to advertise delegation information correctly even if they aren't providing the actual DNS service. Start with hostgator; change it there - you will likely need to give the IP address there as well, since the record is inside the zone - and then it might have a hope of working from anywhere else. – MadHatter Dec 30 '13 at 09:45
  • actually hostgator only provide my current hosting of sehattotal.com, I manage my domain from masterwebnet.com, when I try to change ns to ns1.sehattotal.com, the system denied it. – user1996297 Dec 30 '13 at 09:58
  • 1
    You will need to talk to the registrar's support desk, then; getting the delegation right is the **first** step. – MadHatter Dec 30 '13 at 10:01
0

Seems you are missing the reverse dns zone,

also add the the ip of the dns server in the resolve.conf file

don't forget to allow the dns traffic in the firewall

iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

Change eth0 to the interface of the listening ip, or just for testing purpose stop the firewall with

 service iptables stop

then start the named service.

Below there is a good guide, you just need to setup the master dns part. 

http://www.unixmen.com/dns-server-installation-step-by-step-using-centos-6-3/
MohyedeenN
  • 1,035
  • 1
  • 12
  • 14
  • thanks, i think you're right. I did it and now i can ping ns1.sehattotal.com from my VPS, though when i try to ping ns1.sehattotal.com from my computer it's still unreachable, maybe it takes time? I also don't understand how to allow dns traffic in the firewall, could you explain? – user1996297 Dec 30 '13 at 10:52
  • check the update above on how to enable dns traffic, to be able to ping tns1..... you need to set the dns on you computer to the ip address of the dns server. – MohyedeenN Dec 31 '13 at 13:10