# Hosting DNS with BIND



## contraversy (Jun 18, 2012)

I have a domain name: http://www.mizfitz.org/ and I have a dynamic IP address so I use ZoneEdit.com Name Servers (ns3.zoneedit.com and ns12.zoneedit.com). I installed BIND and set up my named.conf and zone files.

I can access my httpd index.html by visiting http://192.168.2.5/ in a web-browser, but http://www.mizfitz.org/ will not resolve externally; internally it just pulls up my router's configuration page.

I think it has to do with my reverse configuration file but I am not positive. I know the domain points to me because you can SSH into my shell from http://www.mizfitz.org all day long (tested this from an external shell location).

I also can *ping* / *dig* / *nslookup* my domain just fine, so I am going to post the output to each command so I can see if anyone can spot the problem. 

Also, I believe since users can SSH into http://www.mizfitz.org from the outside that the domain is close to being set up correctly. Thanks for any help you can offer!

A *dig* command performed from outside of my local network:

```
[contra@bassdesigns ~]$ dig mizfitz.org

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 <<>> mizfitz.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8922
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;mizfitz.org.                   IN      A

;; ANSWER SECTION:
mizfitz.org.            286     IN      A       68.186.186.44

;; AUTHORITY SECTION:
mizfitz.org.            7588    IN      NS      ns3.zoneedit.com.
mizfitz.org.            7588    IN      NS      ns12.zoneedit.com.

;; Query time: 16 msec
;; SERVER: 184.22.119.106#53(184.22.119.106)
;; WHEN: Mon Jun 18 22:42:34 2012
;; MSG SIZE  rcvd: 94
```

*nslookup* response perfomed outside of local network (from http://www.mizfitz.org and 68.186.186.44):

```
[contra@bassdesigns ~]$ nslookup www.mizfitz.org
Server:         184.22.119.106
Address:        184.22.119.106#53

Non-authoritative answer:
Name:   www.mizfitz.org
Address: 68.186.186.44

[contra@bassdesigns ~]$ nslookup 68.186.186.44
Server:         184.22.119.106
Address:        184.22.119.106#53

Non-authoritative answer:
44.186.186.68.in-addr.arpa      name = 68-186-186-44.dhcp.leds.al.charter.com.

Authoritative answers can be found from:
186.68.in-addr.arpa     nameserver = NS2.charter.com.
186.68.in-addr.arpa     nameserver = NS1.charter.com.
186.68.in-addr.arpa     nameserver = NS3.charter.com.
186.68.in-addr.arpa     nameserver = NS4.charter.com.
```

/etc/named.conf

```
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "mizfitz.org" {
                type master;
                file "/var/named/mizfitz.org.hosts";
                primary 192.168.2.5;
                allow-transfer {
                        127.0.0.1;
                        68.186.186.44;
                        76.74.236.21;
                        209.62.64.46;
                };
                notify yes;
};


zone "2.168.192.in-addr.arpa" {
        type master;
        file "/var/named/2.168.192.in-addr.arpa.rev";
        allow-update { none; };
};
zone "2.168.192.in-addr.arpa" {
        type slave;
        file "/var/named/2.168.192.in-addr.arpa.rev";
        masters { 68.186.186.44; };
};
```

/var/named/mizfitz.org.hosts

```
$TTL 3600
mizfitz.org.    IN      SOA     ns3.zoneedit.com. admin@mizfitz.org. (
                        2012061822 ;
                        3H ;
                        1H ;
                        1W ;
                        1D )

        IN      NS      mizfitz.org.
        IN      NS      ns3.zoneedit.com.
        IN      NS      ns12.zoneedit.com.


mizfitz.org.            IN A            68.186.186.44
www                     IN CNAME        68.186.186.44
```

/var/named/2.168.192.in-addr.arpa.rev

```
$TTL 86400
$ORIGIN 2.168.192.in-addr.arpa.
@       IN      SOA     ns3.zoneedit.com. admin.mizfitz.org.     (
                        2007040431      ;serial
                        14400                 ;refresh
                        3600                   ;retry
                        604800              ;expire
                        10800 )               ;minimum


236.74.76.in-addr.arpa.                IN      NS      ns3.zoneedit.com.
64.62.209.in-addr.arpa.                IN      NS      ns12.zoneedit.com.

5               IN      PTR   www.mizfitz.org.
```

Even though I am not using Charter's name servers for my domain (Charter is just my ISP) do I need to include their name server information?

***EDIT**** almost forgot the *named-checkzone*

```
[root@mizfitz conf]# named-checkzone mizfitz.org /var/named/mizfitz.org.hosts
zone mizfitz.org/IN: loaded serial 2012061822
OK
```


----------



## kpa (Jun 18, 2012)

I'm not following everything you wrote but your domain is still delegated to ns3.zoneedit.com and ns12.zoneedit.com nameservers. Is your goal to have your own nameserver(s) as the primary server(s) for your domain?


----------



## contraversy (Jun 18, 2012)

I use the ns3.zoneedit.com / ns12.zoneedit.com because my IP address is not static from my ISP, they update when my IP address changes so the domain will always point to me.

What I am looking for are errors in these files, or do they look set up properly? Why would I be able to SSH in to http://www.mizfitz.org fine but not when using a webbrowser? httpd is running and 192.168.2.5 from inside the network will load the webpage fine.


----------



## gordon@ (Jun 19, 2012)

What are you using to NAT your external IP address to your internal IP address? Does your router do some sort of NAT that you have port 22 tunneled to your internal IP? Did you set up a similar NAT for your port 80 traffic?


----------



## dave (Jun 29, 2012)

Where to begin...?

OK...


 It looks like your web server is inside your local network.  Correct?
 Where is your DNS server located? (The one you are posting configs from.). Is it also inside your local network, or outside?
 I don't think you can be both master and slave for the misfits domain.  Besides, there is no situation where a live server should be master for reverse lookups on a 192.168.x.x domain. (bottom of named.conf)
 If you want reverse lookups to work, you will have to contact charter.com and ask them to make an entry for you.
 I can assure you that accessing a web server using a name will never rely on reverse lookups, so you can stop,worrying about reverse DNS altogether.
 if your web/ssh server is inside your domain, then perhaps you just need to forward port 80 on your router to your web server.  If it is already forwarded, then test it from the outside, because most routers will not let you surf out and then back in via a forwarded port, especially if your request is name-based.
 mizfitz.org resolves to IP address: 74.50.115.104 on the Internet.  Is that correct?  If not, log in to zone edit and set it up there.  No amount of DNS config inside your network will make it work outside your network. Get it working live first, then worry about your internal DNS server.

Hope it helps.


----------



## TheDreamer (Jul 2, 2012)

I think what you want to do is set up your local BIND to be authoritative for the mizfitz.org domain, for your local systems (and be a caching server for the rest of the Internet).  And, have it return 192.168.2.5 when the internal hosts query for http://www.mizfitz.org.

Next, is figure out how to get your router to forward port 80 on the outside to 192.168.2.5 on the inside, so systems on the Internet querying your dynamic DNS provider will get to the same server.

Or if you have a router that does "loopback", it'll port-forward the internal traffic to its external interface to 192.168.2.5 (instead of its configuration page).  I've had routers that did and routers that didn't, not sure if my current router does or not.

The alternative is to have local BIND be authoritative for both internal and external queries and use views, to return 192.168.2.x address for internal queries and your external IP for external queries. (aka Split-Horizon DNS).

For most things you don't need the reverse to point back to your name, though for somethings you'll need the reverse to forward confirm (since some mail servers use FCrDNS to fight spam, such as the ones I run for my employer) -- meaning your ISP needs to provide a forward resolution to whatever name they have the reverse lookup return.

Also check with you're dynamic DNS provider on what it'll resolve.

Personally, I'm doing the first at home with my DynDNS domain, and there was a check box to make *.my_DynDNS.domain also resolve to my dynamic IP.  So that www would work.  And, having the services listening on a non-standard port both internal and forwarding off of my router, means I can access them by name from either side of my router.

The Dreamer.


----------

