OVH Community, votre nouvel espace communautaire.

Bind9 / Probleme pour ajouter un sous-domaine dans mon fichier de zone


watcha
07/11/2014, 09h20
Solution ;
J'avais oublie de declarer la zone dans /etc/bind/named.conf.local.
je sors -> []

--------------------------

Bonjour,

Je souhaite ajouter un domaine (dont le registrar n'est pas OVH) sur mon VPS Classic 2 (Debian 7, 64).

J'ai installe Bind9 sur le VPS puisqu'OVH n'a pas de serveur DNS primaire pour les VPS. Pour ajouter mon domaine sur le serveur DNS secondaire d'OVH, le message du Manager V6 demande de prouver que je suis le proprietaire du domaine en ajoutant un sous-domaine 'ownercheck' avec la valeur : '8f027de5'.
An error occurred on requesting to add a domain to the secondary DNS (First we need to verify you are the owner of this domain. To do so, please add a TXT field on your DNS zone for the domain yunik.com.my, with the subdomain 'ownercheck' and the following value: '8f027de5'. Once done and your zone reloaded, try again (you don't need to wait for DNS propagation).)
Je n'arrive pas a passer cette etape.

Voila mes fichiers de zones et fichier de config Bind9 :

/etc/bind/db.domaine.com
Code:
$ttl 12H
domaine.com.           IN      SOA             vpsxxxxxx.ovh.net. support.domaine.com. (
                                                        2014110601              ; Serial
                                                        28800                   ; Refresh (8 hours)
                                                        1800                    ; Retry (30 minutes)
                                                        1209600                 ; Expire (2 weeks)
                                                        28800                   ; Minimum TTL (8 hours)
                                                )
                        IN      NS              vpsxxxxxx.ovh.net.
                        IN      NS              sdns2.ovh.net.
domaine.com.            IN      A               xxx.xxx.xxx.xxx
www.domaine.com.        IN      CNAME           domaine.com.
ownercheck              IN      TXT             "8f027de5"

/etc/bind/xxx.ip-xxx-xxx-xxx.eu.in-addr.arpa
Code:
$ttl 12H
domaine.com.   IN      SOA             vpsxxxxxx.ovh.net. support.domaine.com. (
                                                2014110601              ; Serial
                                                28800                   ; Refresh (8 hours)
                                                1800                    ; Retry (30 minutes)
                                                1209600                 ; Expire (2 weeks)
                                                28800                   ; Minimum TTL (8 hours)
                                           )
                IN      NS              vpsxxxxxx.ovh.net.
                IN      NS              sdns2.ovh.net.
                IN      PTR             domaine.com.
/etc/bind/named.conf.options
Code:
# Limiting access to local networks only.
acl "trusted_clients" {
        127.0.0.0/8;
};

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035

        # make it comment if not use IPV6
        # listen-on-v6 { any; };

        // le reste a ete ajoute par Watcha
        listen-on port 53 { any; };

        # Accept queries from our "trusted_clients" ACL. This prevents us from becoming a free DNS server to the masses.
        allow-query {
                # trusted_clients;
                any;
        };

        # Use the cache for the "trusted_clients" ACL.
        allow-query-cache {
                trusted_clients;
        };

        # Only trusted addresses are allowed to use recursion.
        allow-recursion {
                # trusted_clients;
                any;
        };

        # Zone tranfers are denied by default.
        allow-transfer {
                none;
        };

        # Don't allow updates, e.g. via nsupdate.
        allow-update {
                none;
        };

        # Disable built-in server information zones.
        version none;
        hostname none;
        server-id none;
};
Apres reload de Bind9 j'obtiens le meme message sur le manager V6 (meme 24H plus tard).
Et lorsque j'essaie par moi-meme de recuperer la valeur du sous-domaine ownercheck je n'ai pas de reponse :

Code:
watcha@watcha:~$ dig @vpsxxxxxx.ovh.net ownercheck.domaine.com

; <<>> DiG 9.9.5-3-Ubuntu <<>> @vpsxxxxxx.ovh.net ownercheck.domaine.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23104
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ownercheck.domaine.com.	IN	A

;; Query time: 592 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Fri Nov 07 16:46:51 HKT 2014
;; MSG SIZE  rcvd: 52
Est-ce que qqun voit ou se trouve mon erreur ?
Merci infiniment.