Can't get my head around dns configuration.
Ladies & Gents,
Thanks again for this great resource. I wish I had the knowledge to be more help to other people with their questions. I am setting up my third generation linux firewall. This time around there is no gui installed. The base os is debian lenny. I have the system locked down as best I can and have started the install of the rest of the system. My snag is with the interaction between dhcp and bind. What I am trying to do is to get local name resolution with a fqdn. I have a small testing network set up that I can connect to. In the dhcp config file I have several static ip's set for the various machines that will eventually be connected when I bring this firewall online. When I do a nslookup on the firewall box for the firewall it comes back with the ip:). But when I try with the name of the other box I get nothing:(. The instructions I have been using for this phase, page 3 ( http://www.debuntu.org/how-to-set-a-...es-debian-etch ) say that I should have full local name res now. I have tried to follow exactly only using my ip's and domain name and I have not gone on to page 4. I did read in one thread that the key had to be in the file on all the machines or the authentication would fail when it tried to update the data base. I don't seam to be getting the data base updated. It occurs to me that this may be because I have set the ip's assigned by dhcp to be static. If this is the case do I need to build the data base by hand? The last time I tried to setup dns I failed miserably and gave up, I just couldn't get my head around it:scratch:. I wonder also if part of my problem is that the instructions are for etch and I am running lenny. I think some of my problem is that the local machine is not setup to access the setup on the firewall correctly. I know that changing things in resolve.conf get over writen on reboot, I learned that much the last time I tried this. Thanks for what help you can give. |
I am sorry that I tend to ramble.
Some more info; from the firewall nslookup www.google.com resolves, but nslookup Torah.disiple.local does not with Code:
** server can't find Torah.disiple.local: NXDOMAIN I am not able to ping outside this testing network because I have not gotten that far yet, but I am able to ping the firewall from the other box. From the system installs I have done I remember that the domain name has to be recorded in the system somewhere but I am not sure I am using the correct file. I did add a line in /etc/hosts Code:
192.168.7.11 Torah.disiple.local distraction Another thing I have noticed that is not nessessarally related to this is that my linux boxes don't report their machine name to my production firewall/dhcp server. How do I change that? Thanks for the help. |
OK this is strange. I have rebooted both machines on the testing network and I ran "nslookup distraction" from the firewall and it returned two ip's that are not the ip of the desktop. I still get nothing from the desktop. So I ran nslookup again with the firewall name and it came back with the same two ip's that it gave for the desktop.
One of the ip's comes back as belonging to Verizon Business. The other one comes back to an Internet search provider. I used a local name I and I thought that it should resolve a local ip. So I did ifdown eth0 and disable the connection to the plastic box router that gives my testing network access to my local network and now nslookup returns the same on the firewall as it does on the desktop. So it seams that I am not getting any local name res. I would post my config files but the server has no gui and getting the files off it and to another box with access to the internet is a hassel, but I will do so if it will help. Thanks |
i know how to setup dns server primary and secondary. but from the info you given i am a bit blur, first what i see is youre building internal dns server (invalid for external)
btw i will try to help, go to your DNS SERVER TERMINAL do nslookup 192.168.7.11 localhost --what output you get-- nslookup Torah.disiple.local localhost --what output you get -- cat /etc/resolv.conf --what output you get -- let us see maybe someone could help |
It's impossible to help with this problem if you don't post the contents of named.conf and your zone files.
|
Thanks for responding.
routers Code:
#nslookup 192.168.7.11 localhost Mind you I had some spelling inconsistencies in my files and I may still have so the naming has changed a little. Code:
# nslookup Torah_disciple.local localhost resolv.conf Code:
domain Torah_disciple.local named.local.conf Code:
# allow dns updates from localhost with key "rndc-key" Code:
server-identifier router; Code:
; Code:
$TTL 3D Thanks for any help you can give me. |
Quote:
Quote:
Quote:
Quote:
There are probably some other problems that haven't jumped out at me yet. Please post the full zone file for Torah_disciple.local and 7.168.192.in-addr.arpa. Also, restart named (after making the changes I pointed out) and do this: $ sudo grep named /var/log/messages Post the output. |
PS Also put your full named.conf. If you have an rndc-key in there, you can blank it out.
|
DNS Server /etc/resolv.conf , this for testing nameserver
Code:
domain Torah_disciple.local # cat /etc/hosts |grep local # netstat -tanp |grep 53 |
Thanks
Reposting the modified files. named.conf.local Code:
// named.conf Code:
// This is the primary configuration file for the BIND DNS server named. "option routers router.Torah_disiple.local;" Should this be changed too because the name router does not exist in my setup or is this a generic name? Also I have read somewhere that I need to generate a rndc key and place it (or a link to it) in these files in place of "rndc-key" on the dns/router and on the machines that will be dynamically updating the data base. That seamed like more work than to just assign static ip's to all the machines that are regularly connected to my network, so I opted to use the static method. Should I comment out (remove) those lines? dhcpd.conf Code:
server-identifier router; Code:
; Code:
$TTL 3D Code:
tcp 0 0 192.168.3.1:53 0.0.0.0:* LISTEN 2791/named grep named /var/log/messages returns nothing hosts Code:
127.0.0.1 localhost.localdomain localhost Still getting the same responses from nslookup Thanks |
PHP Code:
PHP Code:
I don't have time to look at the rest of it right now. I'll follow up in a bit. |
PS you still didn't do this:
PHP Code:
|
Come to think of it, I don't think BIND accepts "_" as a valid character in domain names. Try replacing every instance of Torah_disciple.local with Torah-disciple.local. Try that in addition to the other fixes I recommended. If it still doesn't work, please remember to attach the output of $ sudo grep named /var/log/messages. BIND is probably telling you exactly what the problem is, but you've been ignoring it.
|
Thanks
I am working on it. Will post asap. I did do the grep thing on messages but it returned nothing. I did find some output in syslog that I am working my way through. thanks |
Thanks
I have made the changes but now on bind9 restart I get "Starting domain name service..: bind9 failed. I greped dmesg but got nothing. Quote:
Code:
Feb 15 09:26:08 bamod-aish named[2855]: dns_rdata_fromtext: db.7.168.192:2: near eol: unexpected end of input I do have a different error Code:
Feb 15 09:26:08 bamod-aish named[2855]: zone localhost/IN: loaded serial 2 syslog after the most recient restart of bind Code:
Feb 15 10:42:53 bamod-aish named[3233]: starting BIND 9.5.0-P2 -u bind I am at a loss, but still working at it. Which folder should my db files be in? /etc/bind or /var/cache/bind I do plan on chrooting bind after i get it working and I know that normally that is done in /var |
All times are GMT -5. The time now is 03:14 AM. |