Trying to set up Bind through YaST an failing

Hello everyone. A while ago I tied setting up BIND as an authoritative nameserver for my domain, but it didn’t go well because I didn’t know it could be done much more easily through YaST. This time things seem to be going a bit better, but it still isn’t working yet. I think everything is reasonably in order so far although I haven’t even pointed my domain from networksolutions.com to my host yet. I’m just trying to get the nameserver configured correctly first before making any other changes. I’m now on a less enormous subnet (just a /29 rather than a /21 like I used to be on). The problem that’s most obvious is that I can’t seem to do anything on the SOA page in YaST’s configuration module. Can anyone suggest why this might be? I’ve been following the instructions from http://doc.opensuse.org/products/draft/SLES/SLES-admin_sd_draft/cha.dns.html

I skipped over the instructions for logging, ACLs and TSIG keys 'cause I just want a basic, working setup before worrying about any of the other options. There was something in the zones list about an empty zone, I think. It looked like it was for IPV6, though, so I deleted it to keep the setup as simple as possible. Was that a dumb idea?

The SOA page in my domain’s master record file just has the text area for the serial number, a TTL line and a drop-box to set the units to dat/weeks/etc. I don’t see a way to add any other information.

Although I haven’t done it recently,
If your objective is to migrate DNS servers,
You might be able to simply copy the zone files from one machine to another.

I’ve found it’s useful to use YAST to setup a new domain but copy files (or in some cases replicate if the situation warrants) instead of creating new. Also depends on how many records may need to be recreated.

You’re doing it right in that you want to setup your new machine and make sure it’s working flawlessly before you flip the switch pointing from your old to your new Servers.

TSU

I only have limited access to the nameserver I’m trying to switch from. It’s the web-based type of thing in NetworkSolutions.com’s CP. Part of the reason for me wanting to switch is simply down to my own stupidity and now I’m (hopefully) half way through the process, I may as well see it through. I recently switched from GoDaddy as my registrar of record to NetworkSolutions, as well as switching my ISP ISP at about the same time. After changing ISP, I put in place the new gateway that they sent to me. However, like the forgetful idiot that I often am, I forgot that it would have an extra firewall in place by default that would block all incoming traffic. Somehow I got it in my head that it was the absence of an SOA record that was the problem and asked NetworkSolutions how I went about setting one up with them. They said “We don’t do SOA records” so I then set about trying to install and configure bind through YaST. After installing BIND and getting a few steps in to the setup process, I remembered about the new router and switched off the superfluous firewall. Everything started working normally again, but I was left with a semi-configured nameserver and thought I may as well just finish the job off. The problem is that I can’t figure out if the SOA page in the master zone for my domain is empty because YaST auto generates the content from the other information provided in other pages, or if I’m supposed to input information myself. I can’t see any way to input information, though.

I think I might just be being over-cautious because I’ve had a ppek at the zone file for my domain in /var/lib/named/master and it looks sensible enough.

Another question I have though is about master filename for the reverse domain. I see examples all over the internet for /24 networks of 192.168.1.x needing to be called 1.168.192.in-addr.arpa howver I never see examples of any other size of subnet. My subnetwork address is x.x.x.80 and my broadcast address is x.x.x.87. Do i then call my reverse zone file 80.x.x.x.in-addr.arpa, or is there some other form of filename for non-/24 networks?

Thanks for the help so far. It’s very much appreciated.

You really should set up at least two nameservers at different locations. For a small organization you could have a master at your own premises, and a slave on a cheap rented virtual machine (Linode have openSUSE images, I used Arch on DigitalOcean as a temporary solution while I was moving and upgrading servers).

If yo only have a few domains, writing the master zone files with a programmers editor (vim or emacs) is no big deal, especially if the configurations are similar. I use a simple script t add the basic records (SOA, NS, MX, mail, www), but I do this regularly for clients registering domains with us. Remember to incremeent the SOA serial number whenever yo change the zone file.

The PTR (reverse DNS) records are entered on the namesrevers of the ISP that issued your public IP addresses, and is registered with RIPE, APNIC, ARIN, etc. You have to give a list of domain names for your /29 to your ISP.
E.g.
80.z.y.x ptr net.sample.com
81.z.y.x ptr gateway.sample.com
82.z.y.x ptr www.sample.com
83.z.y.x ptr mail.sample.com

86.z.y.x ptr 6.sample.com
89.z.y.x ptr bc.sample.com

Your provider may have a web based method for you to enter these values yourself, or you may need to submit a support ticket.

It is your responsibility to create corresponding A records in the sample.com zone file. The only important PTR record to have is for your mail/smtp server.

PTR records for private addresses (e.g. 192.168.101.zone, 10.zone files) are not often used, except on complex local networks.

I had a look at yast2 dns-server, but personally did not think it offered much in the way of simplifying or productivity.

Generally I’ve only ever seen SOA records automatically generated. After all, it really is the Start of Authority for that machine.

In any case, if you’re setting up a new DNS Master, the SOA is likely irrelevant, and even when adding additional nameservers (For a publicly registered domain you will be <required> to have a minimum 2 public IP addresses) DNS uses tokens to maintain hierarchy and updates.

TSU