Skip to main content

Zone in Bind9 successfully loaded. How to debug? Ubuntu [Resolved]

I am new to this SysAdmin-things.

I installed Bind9 (apt-get install bind9) on Ubuntu Server 18. I configured forwarding, setup the zone. But it does not work.

The log says that the new zone is up.

When I ping or host ns.ubuntu.local it says: ping: ns.ubuntu.local: Temporary failure in name resolution

How can I find out, what I am missing?

Log:

Mär 11 08:18:42 server named[4201]: managed-keys-zone: loaded serial 21
Mär 11 08:18:42 server named[4201]: zone 0.in-addr.arpa/IN: loaded serial 1
Mär 11 08:18:42 server named[4201]: zone 127.in-addr.arpa/IN: loaded serial 1
Mär 11 08:18:42 server named[4201]: zone 255.in-addr.arpa/IN: loaded serial 1
Mär 11 08:18:42 server named[4201]: zone ubuntu.local/IN: loaded serial 1
Mär 11 08:18:42 server named[4201]: zone localhost/IN: loaded serial 2
Mär 11 08:18:42 server named[4201]: all zones loaded

My named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
            8.8.8.8;
            8.8.4.4;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        listen-on { any; };
        allow-query { any; };
        recursion yes;
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

My named-conf.local

// Do any local configuration here
//
zone "ubuntu.local" {
    type master;
    file "/etc/bind/zones/db.ubuntu.local";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

My zones/db.ubuntu.local

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     ns.ubuntu.local. root.ubuntu.local. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.ubuntu.local.
ns      IN      A       192.168.2.10
www     IN      A       102.168.2.10

Question Credit: Chris Pillen
Question Reference
Asked March 13, 2019
Posted Under: Network
45 views
1 Answers

Based on the fact that you mentioned the name server is set to 127.0.0.53 in your /etc/resolv.conf, it would imply that systemd is handling the name resolution for you. For a quick break down of what that line means, name server 127.0.0.53 means to use the name server that is listening on that IP address, in this case it is systemd-resolved. The options edns0 mean to support extended DNS options allowing for larger UDP packet sizes, nothing you need to worry about here.

There are two possible fixes for this. The first is to fix systemd-resolved so it's pointing to your instance of Bind9 running on your server. You can do this by either a) editing /etc/systemd/resolved.conf so it says something similar to this:

[Resolve]
DNS=127.0.0.1

It probably has 8.8.8.8 in there. Or b) configure a systemd-resolved configuration file in /etc/systemd/network/ with a .network extension. Create a file named something like 50-mydns.network and in it put:

[Match]
Name=eth0 # Your interface name

[Network]
DNS=127.0.0.1

If you're not sure of the interface, you can always do systemd-resolve --status and it should list it there. Once either of those options have been done, restart systemd-resolved using:

sudo systemctl restart systemd-resolved`.

The second option is to disable systemd-resolved and install resolvconf doing the following:

sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo apt install resolvconf

Then look at /etc/resolvconf/resolv.conf.d/base and update the nameserver line to nameserver 127.0.0.1. Once that is done, you can restart resolvconf using:

sudo systemctl restart resolvconf

After either of those options, you should see your /etc/resolv.conf now has your name servers as defined in the configurations, and your DNS lookups should use your local bind. You didn't mention in the comment if the dig command worked, but I will assume they did.


credit: Jon Angliss
Answered March 13, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA