-1

I have 2 bind9 server NS1 & NS2 with 4 zones for my websites and they worked but some day I find that they just resolve 1 of my domains and not resolve other domain . in my network they do well but at outside of network they don't work and just resolve 1 my domains !

here is the configuration of named.conf.options and locals of both servers .

NS1 :

~# cat /etc/bind/named.conf.options options { directory "/var/cache/bind"; // // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== allow-transfer { none;}; dnssec-validation auto; recursion yes; //listen-on { any; }; allow-recursion { 81.31.244.0/24; 172.16.1.0/24; localhost; }; allow-query-cache { 81.31.244.0/24; 172.16.1.0/24; localhost; }; allow-query { 81.31.244.0/24; 172.16.1.0/24; localhost; }; forwarders { 81.31.224.5; 81.31.224.192; 8.8.4.4; 8.8.8.8; 4.2.2.1; }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; };

};

~# cat /etc/bind/named.conf.local // // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";

zone "kiananet.net" { type master; file "/etc/bind/zones/kiananet.net"; notify yes; also-notify { 81.31.244.8; }; allow-transfer { 81.31.244.8; }; };

zone "arma-co.ir" { type master; file "/etc/bind/zones/arma-co.ir"; notify yes; also-notify { 81.31.244.8; }; allow-transfer { 81.31.244.8; }; };

zone "kiana.shop" { type master; file "/etc/bind/zones/kiana.shop"; notify yes; also-notify { 81.31.244.8; }; allow-transfer { 81.31.244.8; }; };

zone "244.31.81.in-addr.arpa" IN { type master; file "/etc/bind/zones/244.31.81.ptr"; notify yes; also-notify { 81.31.244.8; }; allow-transfer { 81.31.244.8; };

};

NS2 : ~# cat /etc/bind/named.conf.options options { directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
        81.31.244.5;
        81.31.224.192;
        217.218.127.127;
        8.8.4.4;
        4.2.2.4;
        8.8.8.8;
        4.2.2.1;
 };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
allow-transfer { none; };
dnssec-validation auto;
recursion yes;
listen-on { any; };
allow-recursion {
        127.0.0.1;
        81.31.244.0/24;
        172.16.1.0/24;
};
allow-query {
        any;
};
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };

};

~# cat /etc/bind/named.conf.local // // Do any local configuration here //

// Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";

zone "kiananet.net" { type slave; masters { 81.31.244.7; }; file "/etc/bind/zones/kiananet.net"; };

zone "arma-co.ir" { type slave; masters { 81.31.244.7; }; file "/etc/bind/zones/arma-co.ir"; };

zone "kiana.shop" { type slave; masters { 81.31.244.7; }; file "/etc/bind/zones/kiana.shop"; };

zone "244.31.81.in-addr.arpa" { type slave; file "/etc/bind/zones/244.31.81.ptr"; masters { 81.31.244.7; };

};

any one can help me ?

Siavosh
  • 1
  • Please retype your question by better separating files content. And when you say "it doesn't work", please provide trace of attempts using `dig` – Patrick Mevzek Jun 05 '17 at 12:22

1 Answers1

0

Ensure that DNS server is accessible from outside (NAT is in place, port 53 UDP and TCP are open).

Which zones are not working? Those zones are not working on both NS servers?

Try this from outside:

nslookup <enter>
server NS1 public IP<enter>
domain_not_working<enter>

server NS2 public IP<enter>
domain_not_working<enter>

The above should help you to ensure that NS1 and NS2 resolve sucesfully the domains & are internet accessible.

Have you defined the correct DNS servers (NS1 & NS2) to your registrar?

amprantino
  • 121
  • 6