MikeL's FreeBSD howto - named
Some useful testing tools:
dnssy.com (seems to be broken today 20200428)
tools.dnsstuff.com
mxtoolbox.com
dnsqueries.com
intodns.com
ultratools.com (only for speed test)
zonemaster.net
Note that all these tests have been bitching at me that TCP is not accepted. I finally looked at this closely. I have two twin servers, one at home on a DSL, the other co-lo'd at a high speed location. The latter was allowing DNS TCP, the former was not. This means it's my modem... Sure enough, added a rule to allow TCP port 53 to my DSL modem and all was well.
[20240229]
Once you've built your zone files, there are sanity testers.
cd /etc/namedb
named-checkzone <your domain name> primary/<your domain name>.hosts
and:
named-checkconf -z | more
[20210215]

Was getting Unable to fetch DNSKEY set '.': timed out in /var/log/messages soon after bootup. Google search said to add "-4" to named_flags in rc.conf, assuming it was related to starting up ipv6 even though I have no ipv6 interface defined. Tried this, nope, no difference.

Messed with adding dnssec-enable no; to named.conf, nope just got an error about that being obsolete.

Tried adding managed-keys-directory "/etc/namedb/";. Also had to do a touch managed-keys.bind. It did get rid of the previous error, but now I'm getting "unable to synchronize managed keys" and "failed to initialize managed-keys". I guess that's progress, but I'm not going to pursue at this time. Removed directives and file.

[20200428]

When I did a pkg update recently, it ended with a comment that Bind9 was deprecated and needs to be upgraded soon. I did:
service named stop
pkg delete bin914
pkg install bin916
All appears to have gone well -- however...
service named start
is not found. Merde.
Tried calling out the service script directly:
/usr/local/etc/rc.d/named start
WARNING: failed to start named
tail /var/log/messages
  named[27147]: could not get query source dispatcher (63.226.250.177#53)
  named[27147]: loading configuration: address in use
  named[27147]: exiting (due to fatal error)
I checked for old named process running with ps ax | grep named -- nope. Tried netstat -Lan | grep 53 -- still nope. Rebooted just in case there was something still silently hanging in there, nope.
Went in to /etc/namedb/named.conf and commented out the line:
      query-source address 63.226.250.177 port 53;
This fixed it. I don't have any explanation, this is the address it should be using. I've checked from outside the domain, and the server is answering -- no explanation...
[20181009]
I'm getting logspam like the following: 
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/A: too many questions
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/AAAA: non-improving referral
  named[537]: DNS format error from a.b.c.d#53 resolving some.bogus.domainname/AAAA: Name bogus.domainname (SOA) not subdomain of zone some.bogus.domainname -- invalid response
These may be real issues, but they're not my issues -- they are not under my control, I cannot fix them (their sysadmins are idiots or oblivious).

Some Google searching and reading man pages tells me to add:
logging {
    category lame-servers { null; };
    category edns-disabled { null; };
    category resolver { null; };
};
to the /etc/named.conf.options file. If you don't already have this file (I didn't), you can scrounge a copy from the Ports tree - find the version you have installed, copy the sample file into place and make the above change.

(28-Feb-2011)

I think I finally got rid of that dang blasted "working directory is not writable" error...

chown bind /var/named/etc/namedb

Copyright © 1995-2024 Mike Lempriere (running on host bayanus)