linux – bind9 does not work when starting the bind9 service but works during explicit start named

I have a really strange situation that I don't fully understand. I have a master and slave DNS, I checked the configuration and no error is returned. if i try to start bind9 as a service, it fails to synchronize properly with the slave:

sudo service bind9 start

I have also tried to activate it with:

sudo systemctl enable bind9

Again, the master and the slave do not synchronize. I was digging and someone suggested to run appointed in the foreground to see what the newspapers produce. Curiously, when I run service bind9 stop then run named -fg on the master and slave, they suddenly start to synchronize and transfer the necessary zone information.

Why would they be transferred when I explicitly run named, but not when I run bind9 as a service? I thought naming and linking were just aliases for each other, so I'm not really sure I understand the difference between what's going on in one case and in the other. ;other.

How to allow the OpenVPN client (W10) to use the DNS server (BIND9) residing on the OpenVPN server (Ubuntu 16.04)?

I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with a 4G USB modem.
When I choose to use Google DNS when installing OpenVPN, I can very well surf the Internet via OpenVPN (on my OpenVPN client computer W10). But if I choose to use a current DNS setting (that is, my own BIND9 server), then I can connect client to server, but the DNS does not work. I know that I have to modify the OpenVPN server.conf AND server configuration file to modify the client's OpenVPN file as well. And I do not know exactly if my DNS server (BIND9) is correctly configured to play this type of role.
When I go to the W10 CMD and I'm doing ipconfig / all, I see a DNS server with the correct IP address of my BIND9 (this is a public IP address of my Ubuntu machine). However, DNS does not work on a client computer and I have not found a complete step-by-step manual to enable this schema.

bind – how to resolve subdomains in bind9

in our society we have / 24 distinct subnetworks of a single high-class address B (/ 16).

(refer to the photo)

I work in domaine1.entreprise.com and from there, I am able to resolve all the names of hosts from the same domain xx.domaine1.entreprise.com (An example is server1.doamin1.entreprise.com).

I can also go on the Internet using the DNS server domain3.company.com as a freight forwarder.

but trying to solve something in another subdomain (ex: server3.domain2.business.com) he fails.

enter the description of the image here

that's how my named.conf.options looks like.


acl "inner-net" {
    A.B.C.0/24;
    10.11.200.0/24; //private mgmt network
};

acl "blocked-from-recursion" {
    A.B.C.66/32;
};

options {
    directory "/var/cache/bind";
    // recursion yes;
        allow-recursion { inner-net; };
    blackhole { blocked-from-recursion; };
        listen-on { any; };
        allow-transfer { none; };
    allow-query { inner-net; };
        forwarders {
                A.B.E.2; // ip address of the DNS fowarder
                x.x.x.x; //second forwarder
                //8.8.8.8;
        };
    dnssec-enable yes;
    dnssec-validation yes;

    auth-nxdomain no;    # conform to RFC1035
    // listen-on-v6 { any; };
};


What can I do to solve this problem if I do not have access to other DNS servers in other subnets?

domain name system – BIND9 SERVFAIL using dig on the server UBUNTU 18

I am setting up a nextcloud + onlyoffice server on the Ubuntu 18 server and a local DNS network for my desktop.
I am not a real computer scientist, but I am tutorials and I read forums. Moreover, being in China, I do not have Google and most of my research finds irrelevant answers … I've seen many people who had a similar error to mine but no solution did not work for me. I'm sure it's an obvious but stupid mistake, but since I'm not familiar with the BIND9 syntax, I just do not see it …
here is my named.conf.local :

                zone "platform.local" IN {
master type;
file "/etc/bind/zones/db.platform.local";
//allow-transfer{211.66.139.29;};
allow-update {none; };
allow-query {any; };
};

zone "139.66.211.in-addr-arpa" IN {
master type;
file "/etc/bind/zones/db.rev.platform.local";
allow-update {none;};
};

my db.plateforme.local :

;
; BIND data file for local loopback interface
;
$ TTL 604800
@ IN SOA ns.plateform.local. root.plateforme.local. (
33; Serial
604800; Refresh
86400; try again
2419200; Expire
604800); TTL negative cover
;

; name servers - NS info
NS ns.plateform.local.

; name servers - address
ns IN A 211.66.139.29

; name servers - A records
nextcloud IN A 211.66.139.29
onlyoffice IN A 211.66.139.29

here is db.rev.plateforme.local :

;
; BIND inverted data file for local loopback interface
;
$ TTL 604800
@ IN SOA ns.plateform.local. root.plateforme.local. (
17; Serial
604800; Refresh
86400; try again
2419200; Expire
604800); TTL negative cover
;

; name servers - NS info
IN NS ns.plateform.local.
IN NS localhost.

; name servers - address
29 IN NS ns.plateform.local.

29 IN PTR nextcloud.plateform.
29 IN PTR onlyoffice.plateform.local.

Here is the result of dig nextcloud.plateform.local :

nextcloud @ nextcloud-server: / etc / bind / zones $ dig nextcloud.platform.local.
; << >> DiG 9.11.4-3ubuntu5.1-Ubuntu << >> nextcloud.plateforme.local.
;; global options: + cmd
;; Do you have the answer:
;; CAUTION: .local is reserved for multicast DNS
;; You are currently testing what happens when an mDNS query is filtered to DNS
;; - >> HEADER << - opcode: QUERY, status: SERVFAIL, id: 42787
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; PSEUDOSECTION OPT:
; EDNS: version: 0, flags:; PNU: 65494
;; SECTION QUESTION:
; nextcloud.plateforme.local. IN ONE

;; Query time: 0 msec
;; SERVER: 127.0.0.53 # 53 (127.0.0.53)
;; WHEN: Tue 12 Mar 10:25:52 HKT 2019
;; MSG SIZE rcvd: 55

and the reverse dig dig -x 211.66.139.29 it works surprisingly:

nextcloud @ nextcloud-server: / etc / bind / zones $ dig -x 211.66.139.29

; << >> DiG 9.11.4-3ubuntu5.1-Ubuntu << >> -x 211.66.139.29
;; global options: + cmd
;; Do you have the answer:
;; - >> HEADER << - opcode: QUERY, status: NOERROR, id: 63404
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; PSEUDOSECTION OPT:
; EDNS: version: 0, flags:; PNU: 65494
;; SECTION QUESTION:
; 29.139.66.211.in-addr.arpa. IN PTR

;; SECTION RESPONSE:
29.139.66.211.in-addr.arpa. 0 IN PTR nextcloud-server.
29.139.66.211.in-addr.arpa. 0 IN PTR nextcloud-server.local.

;; Time of interrogation: 120 ms
;; SERVER: 127.0.0.53 # 53 (127.0.0.53)
;; WHEN: Tue, Mar 12 10:39:53 HKT 2019
;; MSG SIZE rcvd: 121

I would be very grateful if anyone could help me … I set up this server for our team of 16 teachers because I took computer training more than ten years ago, because we we need this server and the supply on the continent. China is limited and out of reach … but I do it in addition to my teaching duties and it takes a lot of time. I would greatly appreciate the help and advice of experts.
Thank you in advance for your time!

dns – bind9 solve ip.example.com in ip

the company has changed to Zscaler private access, and now the connections for an IP address no longer work.

What works is a host name because it is translated to 100.64.x.y and then routed to the data center in the data center.

My question now: is there a way to tell bind, to solve something like 10.1.1.1.ip.domain.com to 10.1.1.1 without adding 16 million records? Something like "* IN A *" does not work?

Thank you

bind – The `zones.rfc1918` file for Bind9 and other 'best practices' for the Ubuntu 18.04 era?

I'm installing Bind9 on Ubuntu 18.04 and finding this SF article on Ubuntu 10.04: What is the interest of the zones.rfc1918 file for Bind9 ?, with a comment citing a Penn State documentation in 1996.

The question is still open after 8 years and has only one popular answer: including zones.rfc1918The information is "generally considered a good practice".

There are many other research results, but do not address the "good practices" of 18.04. Being in the Web 2.0 and approaching the Google https world, I think it's important to indicate if the elements related to arpa are affected or not.

Should I still "include" zones.rfc1918 in my named.conf.local file for Ubuntu 18.04 (maybe other contemporaries of Linux), y / n, etc.? And are there any other Bind9 settings similar to this one that may have changed since this post and that it is recommended for me to change the default installation settings of bind9, y / n what?

How to resolve a domain name with Bind9

I am really confused on how to solve bind9, I sent bind9 a request for help about a month ago and I have never heard of any response. I've installed bind9 bind9utils bind9-doc bind9-host and i also set up my hosts file as follows so that i can bind my host name to that too

echo -e "192.168.1.142 Evil.com Inspire" >> / etc / hosts

hostnamectl set-hostname Inspire

Then I was able to run ping -c Evil.com and receive a response after enabling ICMP requests, my next step is to configure the named.conf.options drop for my preferences

acl TrustedPPL {192.168.1.0/24; 192.168.1.142; };

acAc NoAccess {192.168.1.111; };

options {
directory "/ var / cache / bind";

allow-query {TrustedPPL; };
blackhole {NoAccess; };

recursion yes;

allow-recursion {local networks; 192.168.1.0/24; };
listening port 53 {192.168.1.142; 127.0.0.1; };
senders {192.168.1.1; 8.8.8.8; 8.8.4.4; };

dnssec-auto validation;
dnssec-lookaside auto;
dnssec-enable yes;
auth-nxdomain no;

tcp-listen-queue 25;
transfers-in 25;
outgoing transfers 25;
tcp-clients 200;
};

At this point, I restarted bind9 so that all errors are reported to me. There was no mistake. I have therefore created the name of the zone and the zone file. I also included the contents of the zone files.

echo -e "zone" Evil.com "IN {type master; file "/etc/bind/db.Domain.zone"; }; & # 39; > /etc/bind/named.conf.local

Zone file /etc/bind/db.Domain.zone

    $ TTL 3h

@ IN SOA Evil.com. snakes.gmail.com. (
15; Serial
3h; Refresh
1h; try again
1w; Expire
1h); TTL negative cover

@ IN NS Evil.com.
@ IN A 192.168.1.142

Then I used dig Evil.com and I had an answer showing that IPv4 was 192.168.1.142, and then I confirmed it with nslookup and he also came back accurate, so I decided to test the resolution part of it and I changed @ IN A 192.168.1.142 A 192.168.1.111 I then changed the serial number and restarted bind9 without error, I did a dig Evil.com and he returned 192.168.1.142 again. So at this point I was curious and I completely deleted the file with db.local, as well as dig and nslookup show that bind9 does not even detect its own resolution file, any idea?


That's my /etc/nsswitch.conf file

passwd: compat systemd
group: compat systemd
shadow: compat
gshadow: files

hosts: dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

network group: nis

I have tried with the original /etc/bind/named.conf.options the file too and there was no change, I use manly use linux mint, but that does not work on kali linux either

There is also no Dnsmasq or NSCD caching daemon.