bind9 configuration connection timed out

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I'm trying to make my own nameserver without 8.8.8.8 or 8.8.4.4, i had it set up in the beginning but i don't know where i went wrong, all i get is a ;; connection timed out; no servers could be reached

---

This is my zone file

zone "my-new-place.com" IN 
type master;
file "/etc/bind/my-new-place.com";
;

---

this is my /etc/resolv.conf file, I'm using 888 as my eth0 ipv4

search my-new-place.com
nameserver 192.168.1.888

---

this is my my nameserver file

$TTL 864
@ IN SOA k.my-new-place.com root.my-email.com (
 2
 3600
 900
 604800
 864
)
@ IN NS k.my-new-place.com

k.my-new-place.com IN A 89.31.143.1

---

This is my control file /etc/bind/named.conf.options

ACL bindMe 
192.168.1.0/24;
;

options 
directory "/var/cache/bind";
listen-on port 53 192.168.1.888; 127.0.0.1; ;
allow-query localhost; bindMe; ;
forwarders 192.168.1.1; ;
recursion yes;
;

dns

share|improve this question

asked 7 hours ago

hello moto

4091316

add a comment | 

up vote
1
down vote

favorite

I'm trying to make my own nameserver without 8.8.8.8 or 8.8.4.4, i had it set up in the beginning but i don't know where i went wrong, all i get is a ;; connection timed out; no servers could be reached

---

This is my zone file

zone "my-new-place.com" IN 
type master;
file "/etc/bind/my-new-place.com";
;

---

this is my /etc/resolv.conf file, I'm using 888 as my eth0 ipv4

search my-new-place.com
nameserver 192.168.1.888

---

this is my my nameserver file

$TTL 864
@ IN SOA k.my-new-place.com root.my-email.com (
 2
 3600
 900
 604800
 864
)
@ IN NS k.my-new-place.com

k.my-new-place.com IN A 89.31.143.1

---

This is my control file /etc/bind/named.conf.options

ACL bindMe 
192.168.1.0/24;
;

options 
directory "/var/cache/bind";
listen-on port 53 192.168.1.888; 127.0.0.1; ;
allow-query localhost; bindMe; ;
forwarders 192.168.1.1; ;
recursion yes;
;

dns

share|improve this question

asked 7 hours ago

hello moto

4091316

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I'm trying to make my own nameserver without 8.8.8.8 or 8.8.4.4, i had it set up in the beginning but i don't know where i went wrong, all i get is a ;; connection timed out; no servers could be reached

---

This is my zone file

zone "my-new-place.com" IN 
type master;
file "/etc/bind/my-new-place.com";
;

---

this is my /etc/resolv.conf file, I'm using 888 as my eth0 ipv4

search my-new-place.com
nameserver 192.168.1.888

---

this is my my nameserver file

$TTL 864
@ IN SOA k.my-new-place.com root.my-email.com (
 2
 3600
 900
 604800
 864
)
@ IN NS k.my-new-place.com

k.my-new-place.com IN A 89.31.143.1

---

This is my control file /etc/bind/named.conf.options

ACL bindMe 
192.168.1.0/24;
;

options 
directory "/var/cache/bind";
listen-on port 53 192.168.1.888; 127.0.0.1; ;
allow-query localhost; bindMe; ;
forwarders 192.168.1.1; ;
recursion yes;
;

dns

share|improve this question

asked 7 hours ago

hello moto

4091316

I'm trying to make my own nameserver without 8.8.8.8 or 8.8.4.4, i had it set up in the beginning but i don't know where i went wrong, all i get is a ;; connection timed out; no servers could be reached

---

This is my zone file

zone "my-new-place.com" IN 
type master;
file "/etc/bind/my-new-place.com";
;

---

this is my /etc/resolv.conf file, I'm using 888 as my eth0 ipv4

search my-new-place.com
nameserver 192.168.1.888

---

this is my my nameserver file

$TTL 864
@ IN SOA k.my-new-place.com root.my-email.com (
 2
 3600
 900
 604800
 864
)
@ IN NS k.my-new-place.com

k.my-new-place.com IN A 89.31.143.1

---

This is my control file /etc/bind/named.conf.options

ACL bindMe 
192.168.1.0/24;
;

options 
directory "/var/cache/bind";
listen-on port 53 192.168.1.888; 127.0.0.1; ;
allow-query localhost; bindMe; ;
forwarders 192.168.1.1; ;
recursion yes;
;

dns

dns

share|improve this question

asked 7 hours ago

hello moto

4091316

share|improve this question

asked 7 hours ago

hello moto

4091316

share|improve this question

share|improve this question

asked 7 hours ago

hello moto

4091316

asked 7 hours ago

hello moto

4091316

asked 7 hours ago

hello moto

4091316

4091316

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
3
down vote



accepted

It's not entirely clear to me what is happening. I imagine that bind is not running, due to errors in your configurations, so it is unreachable. If this isn't helpful, please edit your post to include the command you're running, and additional output.

When you interact with bind, are you using systemctl? For example:

systemctl restart bind9

When you do this, does the command spit out any errors? Normally when something is wrong, it will direct you to look at journalctl. What is the system telling you is wrong?

You can check if bind is running using systemctl status bind9, or ps aux | grep named, and possibly rndc status.

Maybe you have your /etc/bind/named.conf.local correct, but you did not post one, so be sure that you have the zone entries in that file. You will need one per domain, and one per subnet served:

zone "example.tld" 
 type master;
 file "/etc/bind/zones/example.tld.zone";
;

zone "1.168.192.in-addr.arpa" 
 type master;
 file "/etc/bind/zones/192.168.1.zone";
;

Here is a working /etc/bind/named.conf.options, however, I've adjusted the IP to read .200, since .888 is not a valid IP.

 options 
 directory "/var/cache/bind";

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk. See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders. 
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

 // forwarders 
 // 0.0.0.0;
 // ;

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys. See https://www.isc.org/bind-keys
 //========================================================================
 recursion yes;
 allow-recursion localnets; 192.168.1.0/16;;

 forwarders 
 192.168.1.1;
 ;

 dnssec-enable yes;
 dnssec-validation auto;
 dnssec-lookaside auto;

 auth-nxdomain no; # conform to RFC1035
 listen-on 192.168.1.200, 127.0.0.1; ;
 // listen-on-ipv6 any; ;
 ;

After you've double-checked the settings, restart bind and find the logs and output to determine the problem. Please post the exact commands, and logs you've found, as there may be even more wrong and it will be hard for anybody to help without all of the details.

An additional tip would be to change one thing at a time. Change your IP, verify you still have connectivity. Then, adjust bind, etc. Take an iterative approach, and ensure that each time you make a change, you haven't broken everything else.

share|improve this answer

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
  – hello moto
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
  – hello moto
  4 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1075644%2fbind9-configuration-connection-timed-out%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote



accepted

It's not entirely clear to me what is happening. I imagine that bind is not running, due to errors in your configurations, so it is unreachable. If this isn't helpful, please edit your post to include the command you're running, and additional output.

When you interact with bind, are you using systemctl? For example:

systemctl restart bind9

When you do this, does the command spit out any errors? Normally when something is wrong, it will direct you to look at journalctl. What is the system telling you is wrong?

You can check if bind is running using systemctl status bind9, or ps aux | grep named, and possibly rndc status.

Maybe you have your /etc/bind/named.conf.local correct, but you did not post one, so be sure that you have the zone entries in that file. You will need one per domain, and one per subnet served:

zone "example.tld" 
 type master;
 file "/etc/bind/zones/example.tld.zone";
;

zone "1.168.192.in-addr.arpa" 
 type master;
 file "/etc/bind/zones/192.168.1.zone";
;

Here is a working /etc/bind/named.conf.options, however, I've adjusted the IP to read .200, since .888 is not a valid IP.

 options 
 directory "/var/cache/bind";

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk. See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders. 
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

 // forwarders 
 // 0.0.0.0;
 // ;

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys. See https://www.isc.org/bind-keys
 //========================================================================
 recursion yes;
 allow-recursion localnets; 192.168.1.0/16;;

 forwarders 
 192.168.1.1;
 ;

 dnssec-enable yes;
 dnssec-validation auto;
 dnssec-lookaside auto;

 auth-nxdomain no; # conform to RFC1035
 listen-on 192.168.1.200, 127.0.0.1; ;
 // listen-on-ipv6 any; ;
 ;

After you've double-checked the settings, restart bind and find the logs and output to determine the problem. Please post the exact commands, and logs you've found, as there may be even more wrong and it will be hard for anybody to help without all of the details.

An additional tip would be to change one thing at a time. Change your IP, verify you still have connectivity. Then, adjust bind, etc. Take an iterative approach, and ensure that each time you make a change, you haven't broken everything else.

share|improve this answer

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
  – hello moto
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
  – hello moto
  4 hours ago
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

It's not entirely clear to me what is happening. I imagine that bind is not running, due to errors in your configurations, so it is unreachable. If this isn't helpful, please edit your post to include the command you're running, and additional output.

When you interact with bind, are you using systemctl? For example:

systemctl restart bind9

When you do this, does the command spit out any errors? Normally when something is wrong, it will direct you to look at journalctl. What is the system telling you is wrong?

You can check if bind is running using systemctl status bind9, or ps aux | grep named, and possibly rndc status.

Maybe you have your /etc/bind/named.conf.local correct, but you did not post one, so be sure that you have the zone entries in that file. You will need one per domain, and one per subnet served:

zone "example.tld" 
 type master;
 file "/etc/bind/zones/example.tld.zone";
;

zone "1.168.192.in-addr.arpa" 
 type master;
 file "/etc/bind/zones/192.168.1.zone";
;

Here is a working /etc/bind/named.conf.options, however, I've adjusted the IP to read .200, since .888 is not a valid IP.

 options 
 directory "/var/cache/bind";

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk. See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders. 
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

 // forwarders 
 // 0.0.0.0;
 // ;

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys. See https://www.isc.org/bind-keys
 //========================================================================
 recursion yes;
 allow-recursion localnets; 192.168.1.0/16;;

 forwarders 
 192.168.1.1;
 ;

 dnssec-enable yes;
 dnssec-validation auto;
 dnssec-lookaside auto;

 auth-nxdomain no; # conform to RFC1035
 listen-on 192.168.1.200, 127.0.0.1; ;
 // listen-on-ipv6 any; ;
 ;

After you've double-checked the settings, restart bind and find the logs and output to determine the problem. Please post the exact commands, and logs you've found, as there may be even more wrong and it will be hard for anybody to help without all of the details.

An additional tip would be to change one thing at a time. Change your IP, verify you still have connectivity. Then, adjust bind, etc. Take an iterative approach, and ensure that each time you make a change, you haven't broken everything else.

share|improve this answer

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
  – hello moto
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
  – hello moto
  4 hours ago
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

up vote
3
down vote



accepted

It's not entirely clear to me what is happening. I imagine that bind is not running, due to errors in your configurations, so it is unreachable. If this isn't helpful, please edit your post to include the command you're running, and additional output.

When you interact with bind, are you using systemctl? For example:

systemctl restart bind9

When you do this, does the command spit out any errors? Normally when something is wrong, it will direct you to look at journalctl. What is the system telling you is wrong?

You can check if bind is running using systemctl status bind9, or ps aux | grep named, and possibly rndc status.

Maybe you have your /etc/bind/named.conf.local correct, but you did not post one, so be sure that you have the zone entries in that file. You will need one per domain, and one per subnet served:

zone "example.tld" 
 type master;
 file "/etc/bind/zones/example.tld.zone";
;

zone "1.168.192.in-addr.arpa" 
 type master;
 file "/etc/bind/zones/192.168.1.zone";
;

Here is a working /etc/bind/named.conf.options, however, I've adjusted the IP to read .200, since .888 is not a valid IP.

 options 
 directory "/var/cache/bind";

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk. See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders. 
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

 // forwarders 
 // 0.0.0.0;
 // ;

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys. See https://www.isc.org/bind-keys
 //========================================================================
 recursion yes;
 allow-recursion localnets; 192.168.1.0/16;;

 forwarders 
 192.168.1.1;
 ;

 dnssec-enable yes;
 dnssec-validation auto;
 dnssec-lookaside auto;

 auth-nxdomain no; # conform to RFC1035
 listen-on 192.168.1.200, 127.0.0.1; ;
 // listen-on-ipv6 any; ;
 ;

After you've double-checked the settings, restart bind and find the logs and output to determine the problem. Please post the exact commands, and logs you've found, as there may be even more wrong and it will be hard for anybody to help without all of the details.

An additional tip would be to change one thing at a time. Change your IP, verify you still have connectivity. Then, adjust bind, etc. Take an iterative approach, and ensure that each time you make a change, you haven't broken everything else.

share|improve this answer

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

It's not entirely clear to me what is happening. I imagine that bind is not running, due to errors in your configurations, so it is unreachable. If this isn't helpful, please edit your post to include the command you're running, and additional output.

When you interact with bind, are you using systemctl? For example:

systemctl restart bind9

When you do this, does the command spit out any errors? Normally when something is wrong, it will direct you to look at journalctl. What is the system telling you is wrong?

You can check if bind is running using systemctl status bind9, or ps aux | grep named, and possibly rndc status.

Maybe you have your /etc/bind/named.conf.local correct, but you did not post one, so be sure that you have the zone entries in that file. You will need one per domain, and one per subnet served:

zone "example.tld" 
 type master;
 file "/etc/bind/zones/example.tld.zone";
;

zone "1.168.192.in-addr.arpa" 
 type master;
 file "/etc/bind/zones/192.168.1.zone";
;

Here is a working /etc/bind/named.conf.options, however, I've adjusted the IP to read .200, since .888 is not a valid IP.

 options 
 directory "/var/cache/bind";

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk. See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders. 
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

 // forwarders 
 // 0.0.0.0;
 // ;

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys. See https://www.isc.org/bind-keys
 //========================================================================
 recursion yes;
 allow-recursion localnets; 192.168.1.0/16;;

 forwarders 
 192.168.1.1;
 ;

 dnssec-enable yes;
 dnssec-validation auto;
 dnssec-lookaside auto;

 auth-nxdomain no; # conform to RFC1035
 listen-on 192.168.1.200, 127.0.0.1; ;
 // listen-on-ipv6 any; ;
 ;

After you've double-checked the settings, restart bind and find the logs and output to determine the problem. Please post the exact commands, and logs you've found, as there may be even more wrong and it will be hard for anybody to help without all of the details.

An additional tip would be to change one thing at a time. Change your IP, verify you still have connectivity. Then, adjust bind, etc. Take an iterative approach, and ensure that each time you make a change, you haven't broken everything else.

share|improve this answer

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

share|improve this answer

share|improve this answer

edited 5 hours ago

edited 5 hours ago

edited 5 hours ago

answered 6 hours ago

earthmeLon

5,8881547

answered 6 hours ago

earthmeLon

5,8881547

answered 6 hours ago

earthmeLon

5,8881547

5,8881547

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
  – hello moto
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
  – hello moto
  4 hours ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
  – hello moto
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
  – hello moto
  4 hours ago
  

  
  
  
  

Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
– hello moto
4 hours ago

Thank you, i removed everything and started over. it works now. although 192.168.1.200 needs a semi colon instead of a comma on your example :)
– hello moto
4 hours ago

I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
– hello moto
4 hours ago

I was a little confused on the @ IN SOA k.my-new-place.com, i wasn't sure if that had to match the zone on the outside and also if @ IN NS k.my-new-place.com and k.my-new-place.com IN A 89.31.143.1 were suppose to match the SOA
– hello moto
4 hours ago

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1075644%2fbind9-configuration-connection-timed-out%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email