Trying to host my own domain, using BIND and CentOS 6. Please check my named.conf and zone for errors

Question

delegated the namesever/ip records around 24 hours on the registars website but things aren't working. NAT: forwarding all UDP/TCP requests to internal server IP on port 53 (ISP not blocking) and apache2 is working properly. Please check said files below, using CHROOT also. Placed the mysite.ca file in var/named/chroot/var/named/. Firewall is disabled. Ran service "service named start - OK", perhaps there's something else that needs to be started?

When hosting the master zone file/nameserver as I am attempting to do now, do the DNS and or SOA records once I start BIND service propage somehow to cached name servers? Or when they say the authoritative name server publishes to cached name server they mean this data is only published/propagated to cached name servers when a request is sucessfully made and not just by having BIND name server run?

named.conf

options
{

    directory       "/var/named";       // "Working" directory
    dump-file       "data/cache_dump.db";
        statistics-file     "data/named_stats.txt";
        memstatistics-file  "data/named_mem_stats.txt";


    listen-on port 53   { any; };
    listen-on port 53   { 127.0.0.1; };

    //listen-on-v6 port 53  { any; };
    listen-on-v6 port 53    { ::1; };

    allow-query     { any; };
    allow-query-cache   { localhost; };


    recursion no;

    dnssec-enable yes;

    dnssec-validation yes;

    dnssec-lookaside auto;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

view "external"
{

    zone "mysite.com.au" IN {
            type master;
            file "/var/named/mysite.ca";
    };


};

mysite.ca zone file (XXX.XXX.XXX.XX = my WAN IP, have just one)

$TTL 1D 
$ORIGIN mysite.com.au.
@              IN      SOA   ns0.mysite.com.au. admin.mysite.com.au. (
               2011120100 ; serial number
               2h         ; refresh =  2 hours 
               15M        ; update retry = 15 minutes
               3W12h      ; expiry = 3 weeks + 12 hours
               2h20M      ; minimum = 2 hours + 20 minutes
               )
; main domain name servers
              IN      NS     ns0.mysite.com.au.
              IN      NS     ns1.mysite.com.au.
; mail domain mail servers
              IN      MX      10 mail
; A records for name servers above 
ns0           IN      A      XXX.XXX.XXX.XX
ns1           IN      A      XXX.XXX.XXX.XX
; A record for mail server above 
mail.mysite.com.au.          IN      A      XXX.XXX.XXX.XX

Answer 1

For a working setup you need to:

a) Ask yourself how many public dns servers you will expose for your domain If you have only one public IP address you can find very cheap "secondary name server" services which will replicate your master configuration and provide redundancy.

b) Configure the nameservers for your domain on your registrars. Since you want to use : ns0.mysite.ca and ns1.mysite.ca you need to configure "glue records", so check your registrar doc for how to set them up. It is often done automatically, but you need to check. Run "whois mysite.ca" in order to check that your nameservers are configured.

c) Verify the requirements for your tld. I do not know for .ca, but many tld ( .fr, .de .. ) have specific "quality requirement": at least 2 nameservers on 2 distinct nameservers , etc etc. There are many tools online to check your dns specifications

d) As far as your local bind configuration is concerned, use named-checkzone and named-checkconf to verify your conf, and I strongly recommend to start with a low ttl ( say, 300 seconds ) for the time you tune up your config. Always update your serial number when you update your zone and do dig mysite.ca soa @dns-server-ip-address to verify your changes are online. Verify also from an external, public ip address that you can query your public dns servers in tcp and udp port 53. Once again "dig" is your friend. Also if you replicate your zones from one master to one or several slaves, verify that each slave has the good serial after each update.

Good luck!

Answer 2

Possibly your problem is that there's no A records for yoursite.com.au and www.yoursite.com.ua.

Besides the missing A your zone and config looks ok. You don't need to start anything else besides named.

You don't really need that empty view statement, and all the dnssec statements you can as well remove - they serve no function. If you want to enable dnssec for your zone, you need much much more than just dnssec-enable. Also, you define two NS for the same IP - it probably serves no purpose and you can as well use 1 NS (unless your registrar requires 2 servers and is dumb enough to not to check for identical IPs).

As for propagation - bind when started just sits there and waits for queries, of course nothing propagates nothere until someone will query your domain. People talk about "propagation time" because old records may be cached for some while and thus any changes you make will not be seen there until TTL reached, then caching server will obsolete those cached records and query your server for a fresh set.