Can't get domain name to resolve

[chrisj383]

Ive installed and configured bind on centos 7 but the domain name isn't resolving, named is active and running and from what i can see there's no errors that are shown, i'm probably wrong as this is the first time with centos 7 as i normally use centos 6.

Here's the output of systemctl status -l named

Code: Select all

[root@server ~]# systemctl status -l named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2019-11-17 08:30:27 CST; 3s ago
  Process: 28821 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 38281 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 38279 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 38283 (named)
   CGroup: /system.slice/named.service
           └─38283 /usr/sbin/named -u named -c /etc/named.conf -4

Nov 17 08:30:27 server.domain.com named[38283]: command channel listening on 127.0.0.1#953
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: journal file is out of date: removing journal file
Nov 17 08:30:27 server.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: loaded serial 7
Nov 17 08:30:27 server.domain.com named[38283]: zone domain.com/IN: loaded serial 1001
Nov 17 08:30:27 server.domain.com named[38283]: all zones loaded
Nov 17 08:30:27 server.domain.com named[38283]: running
Nov 17 08:30:27 server.domain.com named[38283]: zone domain.com/IN: sending notifies (serial 1001)
Nov 17 08:30:27 server.domain.com named[38283]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Nov 17 08:30:27 server.domain.com named[38283]: resolver priming query complete
[root@server ~]#

Here's what my /etc/named file looks like

Code: Select all

 //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
    	listen-on port 53 { 127.0.0.1; };
    	listen-on-v6 port 53 { ::1; };
    	directory 	"/var/named";
    	dump-file 	"/var/named/data/cache_dump.db";
    	statistics-file "/var/named/data/named_stats.txt";
    	memstatistics-file "/var/named/data/named_mem_stats.txt";
    	recursing-file  "/var/named/data/named.recursing";
    	secroots-file   "/var/named/data/named.secroots";
    	allow-query     { localhost; };
    
    	/* 
    	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
    	   recursion. 
    	 - If your recursive DNS server has a public IP address, you MUST enable access 
    	   control to limit queries to your legitimate users. Failing to do so will
    	   cause your server to become part of large scale DNS amplification 
    	   attacks. Implementing BCP38 within your network would greatly
    	   reduce such attack surface 
    	*/
    	recursion yes;
    
    	dnssec-enable yes;
    	dnssec-validation yes;
    
    	/* Path to ISC DLV key */
    	bindkeys-file "/etc/named.root.key";
    
    	managed-keys-directory "/var/named/dynamic";
    
    	pid-file "/run/named/named.pid";
    	session-keyfile "/run/named/session.key";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
    	type hint;
    	file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

Here's What my /etc/named.rfc1912.zones file looks like

Code: Select all

 // named.rfc1912.zones:
    //
    // Provided by Red Hat caching-nameserver package 
    //
    // ISC BIND named zone configuration for zones recommended by
    // RFC 1912 section 4.1 : localhost TLDs and address zones
    // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
    // (c)2007 R W Franks
    // 
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    zone "domain.com" IN {
             type master;
             file "domain.com.db";
             allow-update { none; };
    };

Here's what my /var/named/domain.com.db file looks like

Code: Select all

$TTL    38400
    @       IN      SOA     ns1.domain.com.   postmaster.domain.com. (
                            1001    ;Serial
                            3H      ;Refresh
                            15M     ;Retry
                            1W      ;Expire
                            1D      ;Minimum TTL
                                                    )
     
    domain.com.   14400   IN   NS   ns1.domain.com.
    domain.com.   14400   IN   NS   ns2.domain.com.
     
    ns1   14400   IN   A   185.181.8.67
    ns2   14400   IN   A   185.181.8.67
     
    domain.com.   14400   IN   A   185.181.8.67
     
    localhost   14400   IN   A   127.0.0.1
     
    domain.com.   14400   IN   MX   0   domain.com.
     
    server   IN   A   185.181.8.67
    www   IN   A   185.181.8.67
     
    mail0   IN   A   185.181.8.67
     
    domain.com.   IN   TXT   "v=spf1 a mx ptr a:domain.com ip4:185.181.8.0/24 ?all"
    
    _adsp._domainkey.domain.com.   IN   TXT   "dkim=all"
    
    _domainkey.domain.com.   IN   TXT   "o=~; r=abuse@domain.com"
    
    _dmarc.domain.com.   IN   TXT   "v=DMARC1; pct=100; ruf=mailto:abuse@domain.com; rua=mailto:abuse@domain.com; p=reject; adkim=r; aspf=r"
    
    
    
    default._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
    	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqQE3rXZsyP2usd8vI3211hgt9zEs1zIVddGmMcq8u8RQKOB+xBI87xdiVSURo6epNbYiO/lZFAqKIWGCJDUlzsgMSWOn6+aX6HfcRfsDkIKOxcYCvAKzzmI4HgV8vnC/iIgG2g2lfW5DaBBwULVTcvIZDeUn84MbXO7FZuuqksQIDAQAB" )  ; ----- DKIM key default for domain.com

I haven't got a clue where i'm going wrong with this.

Thanks,
Chris

[TrevorH]

You don't actually tell us what is wrong other than "it doesn't work".

Your dns server is only listening on 127.0.0.1 so will only be of use on this one machine. It'll also need a "nameserver 127.0.0.1" line ahead of all the others in /etc/resolv.conf.

[chrisj383]

sorry i'm not used to centos 7 on centos 6, i'm wanting the domain name to resolve so i can view the website on my chrome browser, the domain name is propagated so it's not that, i just dont know where i'm going wrong, i've also updated the named status output in the main post.

[TrevorH]

listen-on port 53 { 127.0.0.1; };

This says only listen on localhost. That means that no-one else other than this machine can get to it. At all.

[chrisj383]

ok what should i put to replace 127.0.0.1, sorry for the dumb question just with centos 6 i never had to do this

[KernelOops]

I think it would be easier to just modify your hosts file to point to the correct address, than building your own named, especially when you don't know that 127.0.0.1 is localhost.