# named-checkconf error



## brigzzy (Aug 23, 2013)

Hi all,

I am trying to get my website working on a FreeBSD web server, but I am running into some configuration problems. I can run `dig example.com` from the server and get an answer, but not from outside my network. When I run `named-checkconf -t /etc/namedb/master/zone.db zone.db` I get the output 
	
	



```
isc_dir_chroot: invalid file
```

I can start the named daemon just fine, this doesn't seem to be a critical error, but it's all I can think of that may be causing my issue. I copied my zone file from my old (Debian) web server, and recursively chown'd the /etc/namedb directory to the user bind, but I am still having issues. It seems to be a chroot issue, but I have little experiance with chroot'ing files. Can someone please point me in the right direction to fix this issue?

Thanks!

EDIT:  

Here is the output of the `dig` command, just in case it will help debugging. I notice there is no Authority answer, but I am not sure if that is a problem:

```
; <<>> DiG 9.8.3-P4 <<>> example.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8855
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.org.                   IN      A

;; ANSWER SECTION:
example.org.            273     IN      A       {My external IP}

;; Query time: 0 msec
;; SERVER: 10.0.0.22#53(10.0.0.22)
;; WHEN: Fri Aug 23 15:58:12 2013
;; MSG SIZE  rcvd: 45
```


----------



## SirDice (Aug 23, 2013)

Test it with `dig @mydnsserver example.com`. The @ will tell it to specifically query a server, otherwise it'll try to resolve it using the internet root servers.


----------



## brigzzy (Aug 23, 2013)

Thanks for the reply!  I ran the command `dig @ns1.example.org example.org`, and got almost the same output:


```
[root@freebsd /home/brigzzy]# dig @ns1.example.org example.org

; <<>> DiG 9.8.3-P4 <<>> @ns1.example.org example.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60623
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.org.                   IN      A

;; ANSWER SECTION:
example.org.            89      IN      A       {external IP}

;; Query time: 0 msec
[color="Red"];; SERVER: {external IP}#53({external IP})[/color]; This line changed
;; WHEN: Fri Aug 23 16:32:16 2013
;; MSG SIZE  rcvd: 45
```

Did you mean my local DNS server? I thought that the freebsd FreeBSD host was acting as my local DNS server?

Thanks!


----------



## junovitch@ (Aug 23, 2013)

This is what you are looking for.  One command does zones and one does configurations.
`named-checkzone example.com /etc/namedb/master/empty.db`
`named-checkconf /etc/namedb/named.conf`

If you decide to use chroot'd BIND to enhance security, the directory structure is replicated under /var/named and commands would use a -t flag.
`named-checkconf -t /var/named /etc/namedb/named.conf`
`named-checkzone -t /var/named example.com /etc/namedb/master/empty.db`

See named-checkconf() and named-checkzone() for more.


----------



## brigzzy (Aug 25, 2013)

Thanks for the reply, however when I run `named-checkconf -t /var/named /etc/namedb/named.conf`, I get no output, instead of the chroot error I was getting before.  Does this mean my named.conf configuration file is okay?  If so, is there anything else I can do to troubleshoot my issue?  I'm really drawing a blank here...

Thanks for the reply


----------



## junovitch@ (Aug 25, 2013)

Yes. No news is good news. See for yourself by throwing in an errant semicolon or other error to see what it would say if it were wrong.


----------



## brigzzy (Sep 4, 2013)

Well, I feel silly, I had my router forwarding port 53 as TCP only instead of TCP/UDP.  Thanks for all the help everyone!


----------

