Hey,
The default BIND server in virtualmin does not forward the zones or take in other zones. How can I make this a public (and authentic) server in order to remove dns errors?
Thanks
----edit----
I followed this guide, but I still get non-authoritative answers …
http://bkraft.fr/articles/Bind_authoritative_nameserver/
Hi,
Are these zones local to your server (being hosted by your own DNS server) or are you trying to resolve other domains through your server?
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 604-229-0715 (new)
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Hey,
I am mainly hosting websites. My main goal should be to serve my zones to other DNS servers and make it look authoritative …
I don’t fully understand… By default, when you create BIND zones with Virtualmin, it will serve them to the whole Internet as an authoritative nameserver. Any other nameserver out there can query and cache them. Can you please re-iterate what exactly the issue is?
Hi,
Locutus is correct, so I too am a bit curious what you are really trying to do, and whether or not you may have something simply misconfigured.
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 604-229-0715 (new)
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Hey Locutus,
Thanks for your response.
I have set up a new server (B) today and I want to use ns1.example.be and ns2.example.be as DNS servers for that server.
The IP’s resolve correctly to the server (B). (example.be itself is managed in cloudflare and the actual site is on another server (A))
I setup the domain “example2.be” on server B with NS ns1.example.be and ns2.example.be. At this moment the server is unreachable through that domain and an nslookup is pointing to an unfamiliar IP.
Secondarily, whenever I do an nslookup I get “non-authoritative answers”:
Non-authoritative answer:
Name: ns1.example.com
Address: xx.yy.zz.ww
Looking at the logs I see a lot of these named lines:
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa3182383e0: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa3203bedb0: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa30c509e70: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa318156090: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa32469fd70: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: validating @0x7fa314029260: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:21 michelangelo named[22683]: error (unexpected RCODE REFUSED) resolving ‘42.136.179.118.in-addr.arpa/PTR/IN’: 202.4.96.2#53
Feb 15 02:30:22 michelangelo named[22683]: error (connection refused) resolving ‘132.106.88.23.in-addr.arpa/PTR/IN’: 2605:f700:40::c730:4419#53
Feb 15 02:30:22 michelangelo named[22683]: validating @0x7fa318236740: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:22 michelangelo named[22683]: validating @0x7fa30445f440: in-addr.arpa SOA: got insecure response; parent indicates it should be secure
Feb 15 02:30:22 michelangelo named[22683]: error (connection refused) resolving ‘196.159.107.216.in-addr.arpa/PTR/IN’: 2607:ff50:0:36::3#53
Feb 15 02:30:22 michelangelo named[22683]: error (connection refused) resolving ‘196.159.107.216.in-addr.arpa/PTR/IN’: 2607:ff50:0:36::2#53
Feb 15 02:30:22 michelangelo named[22683]: error (unexpected RCODE SERVFAIL) resolving ‘254.115.3.192.in-addr.arpa/PTR/IN’: 108.174.60.134#53
Feb 15 02:30:22 michelangelo named[22683]: error (unexpected RCODE SERVFAIL) resolving ‘253.115.3.192.in-addr.arpa/PTR/IN’: 108.174.60.134#53
Feb 15 02:30:22 michelangelo named[22683]: error (unexpected RCODE REFUSED) resolving ‘173.244.186.108.in-addr.arpa/PTR/IN’: 64.71.150.196#53
I am not yet really at home with bind …
this always happens to me … always with BIND and always on this forum…
The domain example2.com is online now. I made some changes before. Seems to got it working this way.
Though, My question remains, how can I set the BIND server to be authoritative?
Hey tpnsolutions, I am sorry. I didn’t see you there.
Yeah, it appears misconfiguration is one of my natural gifts … The good thing is that I learn from it though …
Hi,
Heh heh, no worries. We all face challenges from time to time.
Did you solve the issue, cause your last posting kinda sounded like you did, but you didn’t…
If you are still struggling, I’d be happy to setup a quick TeamViewer session with you to get to the bottom of things. I’ll be around for about another 2 - 3 hours.
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 604-229-0715 (new)
Skype: tpnsupport
Website: http://www.tpnsolutions.com
About the “authoritative” thing: When you do lookups with “nslookup”, you’ll usually always get a “non-authoritative” answer, because nslookup will query the nameserver configured for the system it’s running on. That is usually that of your router, your ISP or similar. Exception is when you do the lookup on the authoritative server itself and it is configured to use 127.0.0.1 as resolver.
The queried resolver will then recursively query the next higher instance and so on, until your actual authoritative server is queried and its reply cached along the chain. So the reply that nslookup gets from the caching server is non-authoritative.
If you want to use nslookup to directly query the authoritative server, use the “@” syntax (check its man page for details). You can also use “dig domain.tld +trace” to see a full path from the root DNS to your domain, each reply coming from an authoritative server.
Dear Locutus,
Thank you for your detailled description. This helps.
Dear TPNSolutions,
Thank you very much for your offer. I am sorry I could not reply any sooner. It was already midnight when I got it working and I have to wake up at 6 am to go to work.
I have taken it upon me to learn bind (and more specifically, DNS) in a proper way, with a book instead of messing around on a production server (mind you, it sets the right amount of stress though).
Thanks again 