Here's the output of systemctl status -l named
Code: Select all
[root@server ~]# systemctl status -l named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2019-11-17 08:30:27 CST; 3s ago
Process: 28821 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
Process: 38281 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 38279 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 38283 (named)
CGroup: /system.slice/named.service
└─38283 /usr/sbin/named -u named -c /etc/named.conf -4
Nov 17 08:30:27 server.domain.com named[38283]: command channel listening on 127.0.0.1#953
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: journal file is out of date: removing journal file
Nov 17 08:30:27 server.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: loaded serial 7
Nov 17 08:30:27 server.domain.com named[38283]: zone domain.com/IN: loaded serial 1001
Nov 17 08:30:27 server.domain.com named[38283]: all zones loaded
Nov 17 08:30:27 server.domain.com named[38283]: running
Nov 17 08:30:27 server.domain.com named[38283]: zone domain.com/IN: sending notifies (serial 1001)
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Nov 17 08:30:27 server.domain.com named[38283]: resolver priming query complete
[root@server ~]#
Code: Select all
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Here's What my /etc/named.rfc1912.zones file looks like
Code: Select all
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "domain.com" IN {
type master;
file "domain.com.db";
allow-update { none; };
};
Code: Select all
$TTL 38400
@ IN SOA ns1.domain.com. postmaster.domain.com. (
1001 ;Serial
3H ;Refresh
15M ;Retry
1W ;Expire
1D ;Minimum TTL
)
domain.com. 14400 IN NS ns1.domain.com.
domain.com. 14400 IN NS ns2.domain.com.
ns1 14400 IN A 185.181.8.67
ns2 14400 IN A 185.181.8.67
domain.com. 14400 IN A 185.181.8.67
localhost 14400 IN A 127.0.0.1
domain.com. 14400 IN MX 0 domain.com.
server IN A 185.181.8.67
www IN A 185.181.8.67
mail0 IN A 185.181.8.67
domain.com. IN TXT "v=spf1 a mx ptr a:domain.com ip4:185.181.8.0/24 ?all"
_adsp._domainkey.domain.com. IN TXT "dkim=all"
_domainkey.domain.com. IN TXT "o=~; r=abuse@domain.com"
_dmarc.domain.com. IN TXT "v=DMARC1; pct=100; ruf=mailto:abuse@domain.com; rua=mailto:abuse@domain.com; p=reject; adkim=r; aspf=r"
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqQE3rXZsyP2usd8vI3211hgt9zEs1zIVddGmMcq8u8RQKOB+xBI87xdiVSURo6epNbYiO/lZFAqKIWGCJDUlzsgMSWOn6+aX6HfcRfsDkIKOxcYCvAKzzmI4HgV8vnC/iIgG2g2lfW5DaBBwULVTcvIZDeUn84MbXO7FZuuqksQIDAQAB" ) ; ----- DKIM key default for domain.com
I haven't got a clue where i'm going wrong with this.
Thanks,
Chris