0

I seem to be having trouble resolving my web domain with bind9, I'll use the domain name example.com, I can connect to any other website that's not configured in my bind9 zone file, i know this should be the problem because when i enter nameserver 8.8.8.8 in the /etc/resolv file example.com comes up with no issues

This is my progress

My /etc/resolv.conf file

nameserver 192.168.1.112

Bind9 /etc/named.conf.options 

options { directory "/var/cache/bind";

    recursion yes;
    allow-recursion {localnets; 192.168.1.0/16;};

    forwarders {
            192.168.1.1;
    };

    dnssec-enable yes;
    dnssec-validation auto;
    dnssec-lookaside auto;

    auth-nxdomain yes;   
    listen-on { 192.168.1.112; 127.0.0.1; };
    // listen-on-ipv6 { any; };
};

Bind9 /etc/bind/named.conf.local file

zone "example.com" IN { type master; file "/etc/bind/dbb.example.zone"; };

Bind9 /etc/bind/dbb.example.zone file

@ IN SOA ns1.example.com. root@.my-email.com. (
  1  
  3h  
  1w  
  3w  
  3h 
 )

   IN NS ns1.example.com.
   IN NS ns2.example.com

ns1.example.com. 221 IN  A   93.184.216.34
ns2.example.com. 221 IN  A   93.184.216.34

What i get back is after running dig example.com | sed 's/;.*//g' is empty

but without sed i receive

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38603
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 1f65dfc5c2809726eb48d6805b9ecd12c2d28287c22188a4 (good)
;; QUESTION SECTION:
;example.com.   IN  A

;; Query time: 0 msec
;; SERVER: 192.168.1.112#53
;; WHEN: Sun Sep 16 16:37:22 CDT 2018
;; MSG SIZE  rcvd: 82

and with a name server not configured, for example: mocospace.com

dig mocospace.com

mocospace.com.      18830   IN  A   208.95.216.41

;; Query time: 144 msec
;; SERVER: 192.168.1.112#53
;; WHEN: Sun Sep 16 16:39:46 CDT 2018
;; MSG SIZE  rcvd: 310
guzzijason
  • 1,370
  • 7
  • 18
hello moto
  • 111
  • 5
  • You want to use the email address "root@example.com.my-email.com" cause I believe that is what `root@.my-email.com.` translates to in the SOA record. – Tommiie Sep 17 '18 at 05:43
  • Do not do `dig example.com`. First because it does `A` record queries which is often not the first thing you want to try when troubleshooting things, so `dig NS example.com` or `dig SOA example.com` are probably better. And then, very important, when debugging DNS always specify exactly which nameservers you query using dig `@` option followed by an IP address (or hostname), so that you are not hitting some hidden recursive nameservers which would expose you to its own constraints (cache, forwarding, etc.). And finally if you gave the true names, people could have helped you better. – Patrick Mevzek Jan 04 '19 at 20:56
  • Do not process `dig` replies with `sed` (or whatever else), at least not before understanding fully the DNS and what `dig` does. `dig` is a troubleshooting tools for humans. It is not supposed to be used by other applications and hence parsed. There are far too many edge cases. – Patrick Mevzek Jan 04 '19 at 20:57

1 Answers1

3

First, your example zone file is missing a terminating "." at the end of the record for ns2, which must be fixed:

    IN NS ns1.example.com.
    IN NS ns2.example.com

Second, if that's your entire zone file, you have no A records, so your test dig would contain no results, even if there were no failures. In order to test, you can try this:

    IN NS ns1.example.com.
    IN NS ns2.example.com.
    IN A 127.0.0.1

Be sure to update the serial number at the top of your zone file when updating it. Then reload your nameserver.

guzzijason
  • 1,370
  • 7
  • 18
  • Do you happen to know what the point of the period is ? – hello moto Sep 16 '18 at 22:59
  • I originally thought IN NS ns1.example.com. to ns1.example.com. 221 IN A 93.184.216.34 was thee address resolution – hello moto Sep 16 '18 at 23:04
  • 3
    The point of the period in a zone file is to terminate the name. Otherwise, the origin of the zone will be appended onto the name, which in this case would result in the NS record being `ns2.example.com.example.com`, which is obviously not what you want. – guzzijason Sep 16 '18 at 23:07
  • "your test dig would contain no results" dig does `A` records query if you do not specify anything, but you can force the record type, like in `dig NS example.com`. – Patrick Mevzek Jan 04 '19 at 20:52