Mailing List ecs-isp@2rosenthals.com Archived Message #501 previous message next message back to list

From: "Peter Moylan" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] Setting up BIND
Date: Wed, 31 May 2023 20:43:40 +1000
To: eCS-ISP list <ecs-isp@2rosenthals.com>

On 31/05/23 15:01, Steven Levine wrote:
In <list-7202669@2rosenthals.com>, on 05/30/23
    at 08:21 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

     D:\servers\BIND\bind9\sbin\named.exe -c c:\mptn\etc\named.conf
which I have placed in C:\TCPIP\BIN\tcpstart.cmd.
It's preferred to do this in tcpexit.cmd.  Tcpstart.cmd is owned by TCPIP
and will not preserve your edits.

Good idea. As you know I run my own replacements for practically everything in the TCP/IP Configuration application, so I don't have to run that application often. But rarely I have needed it, and it's easy to forget that it can delete your customisations.


Can I assume that while testing you are starting named from the command
line?

Unfortunately named.exe exits immediately with the error message
     A non-recoverable error occurred.  The process ended.
As I mentioned elsewhere, I've never seen named fail this way.  It may be
interesting when we track down the reason.

Bind ships with a tool to validate your configuration files -
named-checkconf.exe.  On your setup, run it as:

   D:\servers\BIND\bind9\sbin\\named-checkconf c:\mptn\etc\named.conf

When it runs without complaining, run it as

   D:\servers\BIND\bind9\sbin\\named-checkconf -z c:\mptn\etc\named.conf

Aha! Now here's an interesting point. Initially I accidentally did that test with the copy of bind that I had put on drive D:, and again I got that "A non-recoverable error ..." response. But then I remembered that I had put a copy on drive C:, and when I used that I got more sensible results:

[C:\BIND9\SBIN]named-checkconf C:\mptn\etc\named.conf

[C:\BIND9\SBIN]named-checkconf -z C:\mptn\etc\named.conf
zone localhost/IN: loaded serial 1
zone 0.0.127.in-addr.arpa/IN: loaded serial 1
zone 20.168.192.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
zone pmoylan.org/IN: loaded serial 2023042801
zone rbl1.pmoylan.org/IN: loaded serial 2020110201
zone ozebelg.org/IN: loaded serial 2023042801
zone lwill.org/IN: loaded serial 2023042801
zone lynnew.org/IN: loaded serial 2023042801
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
zone pmoylan.org/IN: loaded serial 2023042801
zone ozebelg.org/IN: loaded serial 2023042801
zone bind/CH: loaded serial 1

This is at last starting to look like what I expected.

Encouraged by that, I tried

start C:\bind9\sbin\named.exe -c c:\mptn\etc\named.conf

and there were no error messages.

Then, from my desktop machine, I did

[D:\]nslookup pmoylan.org
Server:  server.pmoylan.org
Address:  192.168.20.5

Name:    pmoylan.org
Address:  192.168.20.5

which is exactly the right response. (But it might have grabbed the answer from a HOSTS file, so I'll have to eliminate that potential cause of confusion.) Tomorrow I'll add your logging suggestion.

Conclusion: my startup problem was all to do with having my named executable on D: and my configuration files on C:

Of course I have not yet exposed this to the wide world. It's only doing internal lookups so far. As a next step I'll have to open up port 53, and more or less simultaneously cancel my existing nameserver arrangements. (I guess it doesn't matter too much if there's a time delay before implementing a secondary nameserver.) But that can wait until I've finished testing the internal setup.

Presumably my concern about keys is a non-issue because implementing DNSSEC is optional.

Reverse DNS is also a non-issue for my BIND setup, because my IP address belongs to my ISP. I have discovered that they have implemented reverse DNS for www.pmoylan.org, when I actually asked for it for pmoylan.org. (Everyone assumes that a URL must always start with WWW. I've hit that before when purchasing domain names.) That will have to be fixed eventually. At present my mail to some destinations bounces because rDNS gives no result for mail.pmoylan.org or for pmoylan.org.

Anyway, thanks for your help. This is excellent progress.

PS I think I'll go back to Thunderbird version 38.8. Version 45.8 does respect my "plain text" preferences (although apparently not for this message), but in a few other respects it seems to be a big step backwards.

--
Peter Moylan              http://www.pmoylan.org
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster