0

As Dnsmasq does not support Views, I have installed and configured bind9. Everything works, however I am noticing on a specific entry that my bind server is not returning the same answer/response as Dnsmasq did. How can I achieve this?

Here is the config for my Dnsmasq server:

address=/override-url.example.com/54.210.175.6

Here is the dns response from my Dnsmaq server:

$ dig @127.0.0.1 override-url.example.com

Response:

; <<>> DiG 9.9.5-3-Ubuntu <<>> @127.0.0.1 override-url.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53532
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;override-url.example.com.  IN  A

;; ANSWER SECTION:
override-url.example.com. 0 IN  A   1.2.3.4

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 06 21:58:44 UTC 2014
;; MSG SIZE  rcvd: 58

Here is my bind config and zone file:

    zone "override-url.example.com" {
            type master;
            file "/etc/bind/override-url.example.com";
    };

And the zone file:

$TTL    3600
$ORIGIN override-url.example.com.

@       IN SOA localhost. hostmaster.localhost.com. (
        20140805 ; sn = serial number
        86400    ; ref = refresh = 1d
        900      ; ret = update retry = 15m
        1209600  ; ex = expiry = 2w
        3600     ; min = minimum = 1h
        )

        ; we need at least 1 name server
        IN NS

        ; override public ip with this address
        IN A 54.210.127.53

And of course, here is the returned data from bind that doesn't match the answer above. I'd like to match it as closely as possible.

; <<>> DiG 9.8.3-P1 <<>> override-url.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12930
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;override-url.example.com.  IN  A

;; Query time: 36 msec
;; SERVER: 54.88.72.140#53(54.88.72.140)
;; WHEN: Wed Aug  6 18:04:23 2014
;; MSG SIZE  rcvd: 42

What changes should I make to my bind zone file to make it look as close to the dnsmasq settings as possible?

Kladskull
  • 1,265
  • 5
  • 15
  • 32
  • `; we need at least 1 name server- IN NS` - Did you forget to include your DNS server, or are you obfuscating? Are you sure there are no errors when Bind tries to load that zone? **`status: SERVFAIL`** Reload bind, check your system logs for named. – Zoredache Aug 06 '14 at 22:12
  • What does Dnsmasq do for that line? Should I make the NS the same as my public ip? I am not obfuscating. – Kladskull Aug 06 '14 at 22:14
  • There is an extra [space] char in your SOA designation:`localhost. hostmaster.localhost.com.` (between "localhost." and "hostmaster" which is not helping matters. Check your log files for ISC-DNS and see whether there is a parse error on the zone file. – ericx Aug 06 '14 at 22:15
  • Well, it is an IP address of the box running Dnsmasq. Bind needs a valid value, but it probably should matter much to your clients – Zoredache Aug 06 '14 at 22:15
  • I want the example behaviour as Dnsmasq, I don't set any name servers when adding an entry. – Kladskull Aug 06 '14 at 22:17
  • @ericx, his SOA looks fine to me, I am confused. It is SOA primary_nameserver email_address. So localhost. = the DNS server, and the email part is the hostmaster.localhost.com. – Zoredache Aug 06 '14 at 22:18
  • The SOA format is correct I believe. – Kladskull Aug 06 '14 at 22:18
  • @Zoredache you are correct. My field-count is wrong. But in my defense, "localhost." isn't really an FQDN. – ericx Aug 06 '14 at 22:22
  • I don't have a FQDN setup, just as my dnsmaq server doesn't have a FQDN. Just trying to replicate the exact behaviour as dnsmasq. Unless however, the FQDN is the fqdn for each entry in dnsmaq setup... i.e: address=/override-url.example.com/54.210.175.6 – Kladskull Aug 06 '14 at 22:25
  • Does "localhost.com" actually resolve? Presumably, you want "localhost.com" to be 127.0.0.1 (::1); but "localhost.com" is a different host from "localhost" – ericx Aug 06 '14 at 22:26
  • I've changed localhost to override-url.example.com - and back to square 1, my dig is returning a NS line, which dnsmasq does not. – Kladskull Aug 06 '14 at 22:27
  • The "AUTHORITATIVE" section seems to be extra, any way to remove the authoritative section? – Kladskull Aug 06 '14 at 22:29
  • Why does does it matter. Setup a valid zone and use it. The extra values shouldn't hurt anything. – Zoredache Aug 06 '14 at 22:31
  • Would the option minimal-responses do this? – Kladskull Aug 06 '14 at 22:31
  • Ok, looks like adding "minimal-responses yes;" to my named.conf.options file, and changing the soa from localhost. to the zone name work. Thanks a lot guys, think I have it. – Kladskull Aug 06 '14 at 22:35

1 Answers1

1

Figured it out, had to make the following changes:

Add minimal-responses yes; to named.conf.options

and changed the zone file to the following:

$TTL    3600
$ORIGIN override-url.example.com.

@       IN SOA override-url.example.com. hostmaster.override-url.example.com. (
        20140805 ; sn = serial number
        86400    ; ref = refresh = 1d
        900      ; ret = update retry = 15m
        1209600  ; ex = expiry = 2w
        3600     ; min = minimum = 1h
        )

        ; we need at least 1 name server
        IN NS override-url.example.com.

        ; override public ip with this address
        IN A 54.210.127.53
Tombart
  • 2,013
  • 3
  • 27
  • 47
Kladskull
  • 1,265
  • 5
  • 15
  • 32