# BIND 9 named.conf delegation problem



## ObiektywNy (Jun 15, 2012)

Hi,

I am newbie with DNS setup and reading t*h*rough many pages and tutorials I am still confused.

I set up my DNS server in a DMZ with port 53 open, with NAT 10.10.0.3 -> 33.55.0.222
For safety reason*s* I changed my domain name to *domain.com* and my public IP to *33.55.0.222*

I  configured my named.conf file:

```
------------------------------------------------------------------------------
//named.conf
------------------------------------------------------------------------------

options {
        // Relative to the chroot directory, if any
        directory       "/etc/namedb";   // "/var/named/etc/namedb"
        version         "get lost";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        allow-recursion {127.0.0.1; 10.10.0.0/29; 33.55.0.222; };

        notify no;

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        //listen-on     { 127.0.0.1; };
        listen-on  port 53  { 10.10.0.3; 33.55.0.222; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//      listen-on-v6    { ::1; };
        listen-on-v6    { none; };

// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
        disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
                127.0.0.1;
        };
*/



zone "domain.com" {
        type master;
        file "master/domain.com";
        //allow-update { key "exampleorgkey"; };
        allow-transfer {66.118.156.178; 208.64.137.251; };
};
```
I changed the DNS zone file on my domain provider website to:

```
---------------------------------------------------
//DNS zone in company where I purchase domain webmasters.com
--------------------------------------------------
$TTL	86400

domain.com.	IN	SOA	ns1.domain.com. info.domain.com. (
			952591121	; serial
			10800	; refresh
			3600	; retry
			604800	; expire
			86400 )	; minimum

domain.com.	                            	IN NS	ns1.domain.com.
domain.com.		                        IN NS	ns77.webmasters.com.
ns77.webmasters.com.		IN A	 66.118.156.178
ns24.webmasters.com.		IN A	 208.64.137.251
ns1.domain.com.		                IN A	 33.55.0.222
```
My domain zone file I filled with:

```
-----------------------------------------------------------
// /master/domain.com zone file
-----------------------------------------------------------
# cat  domain.com /var/named/etc/namedb/master/domain.com
cat: domain.com: No such file or directory
$TTL	86400
$ORIGIN  domain.com.
@  IN	SOA	ns1.domain.com. info.domain.com. (
			952591110	; serial
			10800	; refresh
			3600	; retry
			604800	; expire
			86400 )	; minimum

			IN NS	ns1.domain.com.
			IN NS	ns24.webmasters.com.

localhost		IN A		127.0.0.1
@			IN A		33.55.0.222
ns1			IN A    	33.55.0.222
www			IN A		33.55.0.222
ns1			IN A		33.55.0.222
diabe			IN A		33.55.0.222

----------------------------------------------------------
```

I checked the configuration file with no errors and my zone file:

```
-----------------------------------------------------------
// checking zone domain.com file
-----------------------------------------------------------

# named-checkzone domain.com /var/named/etc/namedb/master/domain.com
zone domain.com/IN: loaded serial 952591110
OK

# named-checkzone diabe.domain.com /var/named/etc/namedb/master/domain.com
/var/named/etc/namedb/master/domain.com:3: ignoring out-of-zone data (domain.com)
/var/named/etc/namedb/master/domain.com:13: ignoring out-of-zone data (localhost.domain.com)
/var/named/etc/namedb/master/domain.com:14: ignoring out-of-zone data (domain.com)
/var/named/etc/namedb/master/domain.com:15: ignoring out-of-zone data (ns1.domain.com)
/var/named/etc/namedb/master/domain.com:16: ignoring out-of-zone data (www.domain.com)
/var/named/etc/namedb/master/domain.com:17: ignoring out-of-zone data (ns1.domain.com)
zone diabe.domain.com/IN: has 0 SOA records
zone diabe.domain.com/IN: has no NS records
zone diabe.domain.com/IN: not loaded due to errors.
```

Also when I checked my doain.com with robtex.com I got message 

```
Used as name server but missing in parent delegation
```

With http://dns.squish.net/ I am getting results only from WEBMSTERS.COM nameservers.

I am not sure if I set up domain provider DMZ zone correctly to use my ns1.domain.com as main root server. Also if my server delegate*s* my zone to slave name server ns24.webmasters.com. Please advise. I stuck because not sure how to diagnose it and the messages log doesn't show any errors.


----------



## ObiektywNy (Jun 18, 2012)

I solved it, I had a small error in the ACLs on my firewall and my UDP/53 port was not open.


----------

