Server Can't Find: SERVFAIL & Bind9 DNS Server Setup

i'm trying to deploy a web app on a VPS server. The app build with Django and currently trying to serve files with Apache2. I'm having trouble with DNS setup(bind9). The company i use does not help me with this.

Could you help me to solve this issue that i have dealt with 3 days ?

OS:

Distributor ID: Ubuntu
Description: Ubuntu 16.04.7 LTS
Release: 16.04
Codename: xenial

_

nslookup example.com
;; Got SERVFAIL reply from 8.8.8.8, trying next server
Server: 8.8.4.4
Address: 8.8.4.4#53
** server can't find example.com : SERVFAIL

_

nslookup example.com 185.106.209.113
Server: 185.106.209.113
Address: 185.106.209.113#53
Name:
Address: 185.106.209.113

When i go to address, i can see Apache2 default page. If i type throws me DNS_PROBE_FINISHED_NXDOMAIN error.

|-- [-rwxr-xr-x bind ] bind.keys
|-- [-rwxr-xr-x bind ] db.0
|-- [-rwxr-xr-x bind ] db.127
|-- [-rwxr-xr-x bind ] db.255
|-- [-rwxr-xr-x bind ] db.empty
|-- [-rwxr-xr-x bind ] db.local
|-- [-rwxr-xr-x bind ] db.root
|-- [-rwxr-xr-x bind ] named.conf
|-- [-rwxr-xr-x bind ] named.conf.default-zones
|-- [-rwxr-xr-x bind ] named.conf.local
|-- [-rwxr-xr-x bind ] named.conf.local.back
|-- [-rwxr-xr-x bind ] named.conf.options
|-- [-rwxr-xr-x bind ] rndc.key
|-- [drwxr-sr-x bind ] zones
| |-- [-rwxr-xr-x bind ] db.185.106
| `-- [-rwxr-xr-x bind ] db.example.com
`-- [-rwxr-xr-x bind ] zones.rfc1918

named.conf.options:

acl "trusted" { 185.106.209.113;
};
options { directory "/var/cache/bind"; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. forwarders { 185.106.209.113; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; };
};

named.conf.local:

//include "/etc/bind/zones.rfc1918";
zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; allow-transfer { 185.106.209.113; }; also-notify { 185.106.209.113; };
};
zone "209.106.185.in-addr.arpa" { type master; file "/etc/bind/zones/db.185.106"; allow-transfer { 185.106.209.113; }; also-notify {185.106.209.113; };
};

db.example.com:

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.example.com. root.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; NS records
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
@ IN A 185.106.209.113
; A records
ns1.example.com. IN A 185.106.209.113
ns2.example.com. IN A 185.106.209.113

db.185.106

;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.example.com. root.example.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
; name servers - NS records IN NS ns1.example.com. IN NS ns2.example.com.
; PTR Records
113.209 IN PTR ns1.example.com. ; 185.106.209.113
113.209 IN PTR ns2.example.com. ; 185.106.209.113

and firewall status:

To Action From
-- ------ ----
22 ALLOW Anywhere
80/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
8000 ALLOW Anywhere
53 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
8000 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
1

1 Answer

So go by these steps it worked for me and I'm sure it will work for you.

1.Set your hostname equal to one of your ServerNames like:

server.example.com


2.configure the interfaces in /etc/network/ like:

iface ens3 inet static
address 192.168.1.10
netmask 255.255.255.0

don't forget to restart 'networking'.

now let's config the bind. You don't need to edit all of the dbs just do it like bellow:

open /etc/bind/named.conf.local add this at the end of the file:

zone "example.com" IN {
type master;
file "/etc/bind/forward.example.com;
};
zone "1.168.192.in-addr.arpa" IN {
#1.168.192 is the reverse of 192.168.1 wit out the last part "10"
type maste;
file "/etc/bind/reverse.example.com";
}

now in /etc/bind

cp db.local forward.example.com

now edit forward.example.com

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA server.example.com root.server.example.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
;
@ IN NS server.example.com.
@ IN A xxx.xxx.xxx.xxx #your public static ip adress if you-
server IN A xxx.xxx.xxx.xxx #did you portforwards in NAT if you -
host IN A xxx.xxx.xxx.xxx #didn't import the static private ip-
client IN A xxx.xxx.xxx.xxx #address.
www IN A xxx.xxx.xxx.xxx
@ IN NS ns1.example.com.
@ IN A xxx.xxx.xxx.xxx
ns1 IN A xxx.xxx.xxx.xxx
@ IN MX 10 admin.example.com.
@ IN A xxx.xxx.xxx.xxx
admin IN A xxx.xxx.xxx.xxx
#this config contains email server configure too.

now in the same directory cp forward.example.com reverse.example.com

now edit reverse zone like bellow:

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA server.example.com root.server.example.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL
;
@ IN NS server.example.com.
@ IN PTR exapmle.com.
server IN A xxx.xxx.xxx.xxx
host IN A xxx.xxx.xxx.xxx
client IN A xxx.xxx.xxx.xxx
www IN A xxx.xxx.xxx.xxx
10 IN PTR server.exapmle.com.
11 IN PTR client.exapmle.com.
@ IN NS ns1.exapmle.com.
ns1 IN A xxx.xxx.xxx.xxx
10 IN PTR ns1.exapmle.com.
@ IN MX 10 admin.exapmle.com.
admin IN A xxx.xxx.xxx.xxx
10 IN PTR admin.exapmle.com.
#the ten in above of hashtag is the end number of your ip 192.168.1.(10)
or xxx.xxx.xxx.(xxx)

forward and reverse zones are configured now. naw follow the command:

sudo named-checkconf -z /etc/bind/named.conf
sudo named-checkconf -z /etc/bind/named.conf.local
sudo named-checkzone forward /etc/bind/forward.example.com
sudo named-checkzone reverse /etc/bind/reverse.example.com

the outputs should show that the zones are loaded and there is no error.

now restart bind. if there was an error just use journalctl -xe and see the details more times it just a typo and mistakes like that.

now do these:

sudo chown -R bind:bind /etc/bind
sudo chmod -R 755 /etc/bind
sudo systemctl restart bind9
sudo systemctl enable bind9
ufw allow bind9
ufw allow 53
ufw allow 53/tcp
ufw allow 53/udp

go to /etc/network/interfaces again add this in the end of file:

dns-search example.com
dns-nameserver 192.168.1.10

after that restart networking with sudo systemctl restart networking

nano this file now: /etc/resolv.conf

add these at the end of the file:

nameserver 192.168.1.10
search example.com

restart the networking restart the NetworkManager

now ping/nslookup/dig ns.example.com or server.example.com

NOW It's WORKING

3

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like