LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-23-2007, 07:51 PM   #1
aclarke
LQ Newbie
 
Registered: Feb 2006
Location: Embro, ON Canada
Distribution: Ubuntu, Debian
Posts: 20

Rep: Reputation: 0
Bind, DNS, Shorewall question


Hello. I just bought a new domain, say example.com, to point to my home network. I have an old computer running Debian that I use as my router/firewall box in front of all my other computers here. I'd like different subdomains of example.com to be forwarded to different computers on my network. For example, if someone goes to computer1.example.com, I want that to go to computer1. computer2.example.com would go to computer2. This could be ssh, ftp, telnet, http, or whatever I decide to let through my network.

I also would want aliases, so I could have http://client1demo.example.com going through to a demo site I've set up for client 1 on some computer.

I've had shorewall and iptables set up for a year or so, running successfully. I just set up bind yesterday, but this is where my knowledge ends. I THINK I have to use my nameserver here, say ns1.example.com, as the nameserver I give to my registrar, right? Currently I'm using easydns.net for the name servers. If I understand correctly what I need to do, I need to scrap using easydns.net and use my own nameservers.

I also read that I need at least two nameservers. Can I use the same nameserver for both? For instance put a slave zone on my nameserver to my master zone, and then have ns1.example.com and ns2.example.com point to the same name server on the same internal IP on my network? I know this isn't recommended, but I also don't really care about this domain right now and am using it as a learning experience. Once I get bind set up correctly and working on one computer I can put it on another.

Or, am I going about this all the wrong way? Is there a way to set this up in shorewall? So basically IPTables reads the domain name that's been requested and forwards it based on that? I haven't figure out any way to do that.

Thanks VERY MUCH for any help on this.
- Andrew.
 
Old 05-24-2007, 09:50 AM   #2
aclarke
LQ Newbie
 
Registered: Feb 2006
Location: Embro, ON Canada
Distribution: Ubuntu, Debian
Posts: 20

Original Poster
Rep: Reputation: 0
Update - a littler further along.

I've managed to get a little further ahead, and I'm hoping maybe someone can help me figure out where I'm going wrong now.

I found out that everydns.net will provide secondary nameservers that propagate off my primary nameserver. I think I have everything set up correctly on my end, but when I try to set things up at everydns.net I get this error:

zone transfer failed: master nameserver does not give 64.158.219.3 permission for AXFR - please refer to http://faq.everybox.com/secondary-do...t-IP-for-AXFRs

I've added in allow-transfer { any; }; where I think it ought to be in named.conf but things still aren't working for me. I'll enclose my files and maybe someone can see where I'm going wrong:

named.conf

Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";
named.conf.options
Code:
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you might need to uncomment the query-source
	// directive below.  Previous versions of BIND always asked
	// questions using port 53, but BIND 8.1 and later use an unprivileged
	// port by default.

	query-source address * port 53;

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	forwarders {
		207.179.130.2;
		207.179.130.3;
	};

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	allow-transfer { any; };
};
named.conf.local
Code:
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "clarke.homeip.net" {
	type master;
	file "/etc/bind/net.homeip.clarke.db";
};

zone "andrewclarke.ca" {
	type master;
	file "/etc/bind/ca.andrewclarke.db";
	allow-transfer { any; };
};

zone "16.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/192.rev";
};
ca.andrewclarke.db
Code:
;
; BIND data file for andrewclarke.ca
;
@	IN	SOA	andrewclarke.ca.	root.andrewclarke.ca.	(
	2007052401	; Serial
	604800	; Refresh
	86400	; Retry
	2419200	; Expire
	604800	)	; Default TTL

	IN	NS	ns.andrewclarke.ca.
	IN	MX	10	mail.andrewclarke.ca.

	www	IN	A	192.168.16.2
	ns	IN	A	192.168.16.1
	mail	IN	A	192.168.16.17
Thank you very much for any pointers anyone might have,
- Andrew.
 
  


Reply

Tags
bind, bind9, dns, shorewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS/BIND question - HELP!!! r_deckard9 Linux - Networking 4 04-18-2006 10:53 PM
Bind DNS question little_ball Linux - Networking 8 02-23-2004 05:33 AM
DNS Bind question phowarth Linux - Networking 1 10-31-2003 02:31 AM
??? DNS or Bind Question ??? Viper Slackware 23 08-10-2002 12:01 PM
DNS Bind Question 360 Linux - Networking 1 08-14-2001 12:51 AM


All times are GMT -5. The time now is 12:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration