LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-13-2012, 01:44 AM   #1
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Rep: Reputation: 87
BIND - how to setup a local hostname for resolution


Hi Guys

I have BIND9 (Centos 6) . I have the DNS server at 172.16.1.1 and a Windows server at 172.16.1.4 and numerous Windows XP machines that get IPs from the Centos 6 instance via DHCP.

Everything apparently works fine, as my client machines join and get DHCP'ed by the Centos instance, their A records are automatically created in my zone file and my in.addr.arpa file. /var/log/messages contain no errors.

However, nslookup fails on every single machine to lookup other machines by name. Neither can they ping by name. Neither can the server (called "mars") at 172.16.1.4 be resolved by name - in its case, you get internet addresses if you nslookup its name, if you do not define it in my zone file?! If you do define it, it is marked as "out of zone" when it should not be...

What we're trying to do is replace a Windows 2000 DHCP / DNS server with a Centos based DHCPd and named.

The domain that is supposed to be created is verisharepdc.co.za. The machine with the IP 172.16.1.4 is to respond to the name "mars", not resolve to an internet address (or come back NXDOMAIN on nslookup) but the internal local intranet address of the machine (172.16.1.4)...

Here's my resolv.conf on the Centos instance:

Code:
timeout 0

nameserver 172.16.1.1
Here's my named.conf:

Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 172.16.1.1;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";

        forwarders {8.8.8.8; 4.4.4.4;};

        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; verisharelan; localnets;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        //dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
include "/etc/named.rfc1912.zones";

acl "verisharelan" {
        127/8; 172.16.0.1/16;
};
controls {
        inet 127.0.0.1 allow {localhost;} keys {rndc-key;};
};
include "/etc/rndc.key";
zone "." {
     file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.localhost";
};
zone "verisharepdc.co.za" {
        type master;
        file "verisharepdc.co.za.zone";
        allow-update {key "rndc-key";};
        notify yes;
};
zone "16.172.in-addr.arpa" {
        type master;
        file "16.172.in-addr.arpa";
        allow-update {key "rndc-key";};
        notify yes;
};
Here's my verisharepdc.co.za.zone file:

Code:
$ORIGIN .
$TTL 86400      ; 1 day
verisharepdc.co.za.     IN SOA  verisharepdc.co.za. a.b.co.za. (
                                20121027   ; serial
                                28800      ; refresh (8 hours)
                                14400      ; retry (4 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                IN              NS      verisharepdc.co.za.
                IN      A       172.16.1.1
mars        IN      PTR     172.16.1.4
For the "mars" line above I have also tried "mars." and "mars.verisharepdc.co.za." - for "mars." I still get NXDOMAIN when I try to nslookup the name "mars", for "mars.verisharepdc.co.za." I get "*** Can't find mars.verisharepdc.co.za: No Answer" in Centos for nslookup - yet if I ping 172.16.1.4 it comes back fine and the machine is up...

Here's my 16.172.in-addr.arpa zone file:

Code:
$ORIGIN .
$TTL 86400      ; 1 day
16.172.in-addr.arpa     IN SOA  verisharepdc.co.za. a.b.co.za. (
                                20121036   ; serial
                                28800      ; refresh (8 hours)
                                14400      ; retry (4 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                                NS      verisharepdc.co.za
When I start bind I see this in /var/log/messages:

Code:
Nov 13 09:34:07 verisharepdc named[3600]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6 -u named -t /var/named/chroot
Nov 13 09:34:07 verisharepdc named[3600]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Nov 13 09:34:07 verisharepdc named[3600]: adjusted limit on open files from 1024 to 1048576
Nov 13 09:34:07 verisharepdc named[3600]: found 2 CPUs, using 2 worker threads
Nov 13 09:34:07 verisharepdc named[3600]: using up to 4096 sockets
Nov 13 09:34:07 verisharepdc named[3600]: loading configuration from '/etc/named.conf'
Nov 13 09:34:07 verisharepdc named[3600]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv4 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv6 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface eth0, 172.16.1.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv6 interface lo, ::1#53
Nov 13 09:34:07 verisharepdc named[3600]: generating session key for dynamic DNS
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: D.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: A.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: B.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: command channel listening on 127.0.0.1#953
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 16.172.in-addr.arpa/IN: loaded serial 20121036
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost.localdomain/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Nov 13 09:34:07 verisharepdc named[3600]: zone verisharepdc.co.za/IN: loaded serial 20121027
Nov 13 09:34:07 verisharepdc named[3600]: running
Part of the problem appears to be this in the above:

Code:
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Why is 172.16.1.4 "out of zone" - where am I going wrong?

I merely want bind to return, when you nslookup "mars" on the Centos box itself and any of the XP machines DHCP'ed by the Centos box, the "mars" IP - eg. 172.16.1.4

Currently I get NXDOMAIN in nslookup if I try to lookup "mars" or "mars.verisharepdc.co.za" OR, if the 172.16.1.1 machine's gateway is correctly setup, BIND goes to the root servers and return the IP of a "mars" machine on the -internet-...

Any ideas appreciated!

Thank you,

Last edited by rylan76; 11-13-2012 at 02:03 AM.
 
Old 11-13-2012, 02:10 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

You should replace:
Quote:
mars IN PTR 172.16.1.4
with
Code:
mars    IN   A    172.16.1.4
Increase the serial and reload bind


Quote:
Currently I get NXDOMAIN in nslookup if I try to lookup "mars" or "mars.verisharepdc.co.za" OR, if the 172.16.1.1 machine's gateway is correctly setup, BIND goes to the root servers and return the IP of a "mars" machine on the -internet-...
If you want to be able to resolve both mars and mars.verisharepdc.co.za, you need to add "domain verisharepdc.co.za" or "search verisharepdc.co.za" in /etc/resolv/conf

Regards
 
1 members found this post helpful.
Old 11-13-2012, 02:30 AM   #3
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Original Poster
Rep: Reputation: 87
Hi Bathory!

Thanks for replying - it has helped a lot!

I'm almost halfway to this working right.

I added the record to verisharepdc.co.za.zone as you suggested:

Code:
.
.
in NS verisharepdc.co.za.

mars.verisharepdc.co.za. IN A 172.16.1.4
and changed resolv.conf to read

Code:
search verisharepdc.co.za
domain verisharepdc.co.za
timeout 0
nameserver 172.16.1.1
On the 172.16.1.1 Centos instance, I can now successfully do "nslookup mars" and "nslookup mars.verisharepdc.co.za" and get back 172.16.1.4 from the 172.16.1.1 local intranet DNS server.

Probably OT but how do I get Windows machines on the domain to have "resolv.conf" like behaviour?

E. g. on a test Win machine on the 172.16 net, I set the DNS server to 172.16.1.1. On that machine, if I nslookup mars I get "mars.co.za" at IP 164.109.86.65 - from the internet.

If I lookup "mars.verisharepdc.co.za" (e. g. FQDN) I get the correct local net IP 172.16.1.4 back.

I'm still missing something - if I set the Win 2000 DNS server (e. g. the machine we want to replace with the Centos machine) as the Win machine's DNS server, and I nslookup mars, I get 172.16.1.4 as I should - how can I get -this- specific behaviour from my Centos instance DNS server?

Thank you very much for your assistance! I have marked your reply as helpful.


Last edited by rylan76; 11-13-2012 at 02:34 AM.
 
Old 11-13-2012, 03:08 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
and changed resolv.conf to read

search verisharepdc.co.za
domain verisharepdc.co.za
<-snip->
You don't need both the search and domain options. Read the resolv.conf manpage to see what they do and keep just one of them


Quote:
Probably OT but how do I get Windows machines on the domain to have "resolv.conf" like behaviour?
Sorry but I haven't used Windows for quite a long time, so I don't remember how it's done. Maybe this is what you have to do.

Regards
 
1 members found this post helpful.
Old 11-13-2012, 03:46 AM   #5
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Original Poster
Rep: Reputation: 87
Hi Bathory

Thanks again you're exactly right!

It is working fine now on XP machines on which I follow the steps in the link you gave.

I'm still investigating how to push that setting down via my DHCP daemon (as there are 200 windows machines geographically spread out and it is impossible to go to each of them to manually setup the DNS search suffix) but at least I know now what is going on.

REALLY appreciate the help and I've marked your post as helpful.

Thanks again!
 
Old 11-13-2012, 04:38 AM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
You can add in dhcpd.conf:
Code:
option domain-name  "verisharepdc.co.za";
 
1 members found this post helpful.
Old 11-13-2012, 11:30 AM   #7
rylan76
Senior Member
 
Registered: Apr 2004
Location: Potchefstroom, South Africa
Distribution: Fedora 17 - 3.3.4-5.fc17.x86_64
Posts: 1,475

Original Poster
Rep: Reputation: 87
Hi

Thank you I will give this a try tomorrow.

Again, thank you for your help.

Kind regards,
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND directly resolve the hostname to internet cparapat Linux - Server 3 02-04-2011 04:22 AM
About hostname configuration on BIND. sparc86 Linux - Server 1 01-02-2010 03:47 PM
Local name resolution with BIND rmarkin Linux - Software 1 02-16-2008 08:06 AM
Setup BIND for Local Domain and hosting domain ALInux Linux - Networking 4 12-19-2006 02:26 AM
DNS bind cant resolve IP and hostname dwarf007 Linux - Software 1 01-14-2006 08:42 AM


All times are GMT -5. The time now is 04:01 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration