Bonjour,
Je n'arrive pas a setup mes dns avec ma dedibox online.net. J'ai attendu 24h apres le setup et il me met toujours dans la console online.net "Erreur : Impossible de valider le SOA pour cette entrée.". Je suis sur centos 7. J'ai suivit ces instructions
https://documentation.online.net/fr/dedicated-server/tutorials/administration/configure-secondary-dns
Voici mon fichier /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 62.210.124.191; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 62.210.124.191; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";
Voici mon fichier /etc/named/named.conf.local
zone "tripasor.com" {
type master; #Définit le serveur comme serveur primaire
notify yes; #Notifie les autres DNS en cas de changement
allow-transfer { 62.210.16.8; }; #Autorise le transfert de Zone vers les autres DNS
file "/etc/named/zones/db.tripasor.com"; #Chemin vers le fichier de Zone
};
Voici mon fichier /etc/named/zones/db.tripasor.com
$TTL 86400
@ IN SOA sd-58578.dedibox.fr. root.tripasor.com. (
2016090533
8H
2H
4W
1D )
IN NS sd-58578.dedibox.fr.
IN NS nssec.online.net.
IN MX 10 mail.tripasor.com.
tripasor.com. A 62.210.124.191
ns IN A 62.210.124.191
mail IN A 62.210.124.191
www CNAME tripasor.com.
ftp CNAME tripasor.com.
Voici le resultat de dig tripasor.com @localhost
[root@sd-58578 named]# dig tripasor.com @localhost
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> tripasor.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47229
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tripasor.com. IN A
;; ANSWER SECTION:
tripasor.com. 86400 IN A 62.210.124.191
;; AUTHORITY SECTION:
tripasor.com. 86400 IN NS sd-58578.dedibox.fr.
tripasor.com. 86400 IN NS nssec.online.net.
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Sep 05 13:39:29 CEST 2016
;; MSG SIZE rcvd: 120
named-checkconf /etc/named.conf ne retourne rien car il est valide
named-checkconf /etc/named/named.conf.local ne retourne rien car il est valide
named-checkzone named.conf.local /etc/named/zones/db.tripasor.com retourne cette erreur:
named-checkzone named.conf.local /etc/named/zones/db.tripasor.com
/etc/named/zones/db.tripasor.com:12: ignoring out-of-zone data (tripasor.com)
zone named.conf.local/IN: getaddrinfo(mail.tripasor.com) failed: Temporary failure in name resolution
zone named.conf.local/IN: loaded serial 2016090533
OK
J'ai bien sur redemarrer named.
Merci pour votre aide.
