Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks again for this great resource. I wish I had the knowledge to be more help to other people with their questions.
I am setting up my third generation linux firewall. This time around there is no gui installed. The base os is debian lenny. I have the system locked down as best I can and have started the install of the rest of the system. My snag is with the interaction between dhcp and bind.
What I am trying to do is to get local name resolution with a fqdn. I have a small testing network set up that I can connect to. In the dhcp config file I have several static ip's set for the various machines that will eventually be connected when I bring this firewall online.
When I do a nslookup on the firewall box for the firewall it comes back with the ip. But when I try with the name of the other box I get nothing. The instructions I have been using for this phase, page 3 ( http://www.debuntu.org/how-to-set-a-...es-debian-etch ) say that I should have full local name res now. I have tried to follow exactly only using my ip's and domain name and I have not gone on to page 4.
I did read in one thread that the key had to be in the file on all the machines or the authentication would fail when it tried to update the data base. I don't seam to be getting the data base updated. It occurs to me that this may be because I have set the ip's assigned by dhcp to be static. If this is the case do I need to build the data base by hand?
The last time I tried to setup dns I failed miserably and gave up, I just couldn't get my head around it.
I wonder also if part of my problem is that the instructions are for etch and I am running lenny. I think some of my problem is that the local machine is not setup to access the setup on the firewall correctly. I know that changing things in resolve.conf get over writen on reboot, I learned that much the last time I tried this.
Some more info; from the firewall nslookup www.google.com resolves, but nslookup Torah.disiple.local does not with
Code:
** server can't find Torah.disiple.local: NXDOMAIN
These don't work from the other machine on this small network and it spits back [CODE};; connection timed out; noserver could be reached[/CODE]
I am not able to ping outside this testing network because I have not gotten that far yet, but I am able to ping the firewall from the other box.
From the system installs I have done I remember that the domain name has to be recorded in the system somewhere but I am not sure I am using the correct file. I did add a line in /etc/hosts
Code:
192.168.7.11 Torah.disiple.local distraction
I connected my laptop up to the testing network and it was assigned one of the dynamic ip's like it should have been but the dns data base files were not updated with it's info. All other commands work like they do from the desktop.
Another thing I have noticed that is not nessessarally related to this is that my linux boxes don't report their machine name to my production firewall/dhcp server. How do I change that?
OK this is strange. I have rebooted both machines on the testing network and I ran "nslookup distraction" from the firewall and it returned two ip's that are not the ip of the desktop. I still get nothing from the desktop. So I ran nslookup again with the firewall name and it came back with the same two ip's that it gave for the desktop.
One of the ip's comes back as belonging to Verizon Business. The other one comes back to an Internet search provider. I used a local name I and I thought that it should resolve a local ip.
So I did ifdown eth0 and disable the connection to the plastic box router that gives my testing network access to my local network and now nslookup returns the same on the firewall as it does on the desktop. So it seams that I am not getting any local name res. I would post my config files but the server has no gui and getting the files off it and to another box with access to the internet is a hassel, but I will do so if it will help.
i know how to setup dns server primary and secondary. but from the info you given i am a bit blur, first what i see is youre building internal dns server (invalid for external)
btw i will try to help, go to your DNS SERVER TERMINAL do
nslookup 192.168.7.11 localhost
--what output you get--
nslookup Torah.disiple.local localhost
--what output you get --
#nslookup 192.168.7.11 localhost
;;Got SERVFAIL reply form 127.0.0.1, trying next server
;;Got SERVFAIL reply form 127.0.0.1, trying next server
Server: localhost
Address: ::1#53
**server can't find 11.7.168.192.in-addr.arpa: SERVFAIL
Mind you I had some spelling inconsistencies in my files and I may still have so the naming has changed a little.
Code:
# nslookup Torah_disciple.local localhost
;; Got SERVFAIL reply from 127.0.0.1q trying next server
Server: localhost
Address: ::#:53
** server can'd find Torah_disciple.local: NXDOMAIN
Also I am entering this by hand so there may be errors hear too.
;
; Zone file for Torah_disciple.local
;
; The full zone file
;
$TTL 3D
@ IN SOA ns.Torah_disciple.local. (
20090212; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
@ IN NS ns.Torah_disciple.local.
@ IN A 192.168.7.1 ; IP address
;
bamod-aish IN A 192.168.7.1
netgear IN A 192.168.7.2
rest of database
db.7.168.192
Code:
$TTL 3D
@ IN SOA Torah_disciple.local.
20090212; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ; minimum, seconds
;
@ IN NS ns.
1 IN PTR Torah_disciple.local.
;
1 IN PTR bamod-aish
2 IN PTR netgear
rest of database
To clarify my objective. I want this to be a local nameserver that is also a caching nameserver. Eventually I want to bring a webserver and a mailserver online with this dns/firewall hosting my dynamic-dns as primary. But to start with I need the local part to work so that as I learn more I can add things in.
DNS servers have to be specified by IP, not by hostname. How are you supposed to lookup the name of a DNS server to know what IP to do DNS lookups at if you don't have a DNS server IP yet?
Quote:
@ IN NS ns.Torah_disciple.local.
@ IN A 192.168.7.1 ; IP address
;
bamod-aish IN A 192.168.7.1
netgear IN A 192.168.7.2
rest of database
Where's the A record for ns.Torah_disciple.local.? How do we know what IP it is?
Quote:
@ IN NS ns.
Huh? That's not going to work at all. It needs to be a fully-qualified domain name. I'm assuming it should be ns.Torah_disciple.local.
Quote:
1 IN PTR Torah_disciple.local.
;
1 IN PTR bamod-aish
2 IN PTR netgear
rest of database
You have two PTRs defined for 192.168.7.1, you can't do that. Also, bamod-aish and netgear must be fully-qualified. Right now 2.7.168.192.in-addr.arpa. points to netgear.7.168.192.in-addr.apra. That's nonsense.
There are probably some other problems that haven't jumped out at me yet.
Please post the full zone file for Torah_disciple.local and 7.168.192.in-addr.arpa. Also, restart named (after making the changes I pointed out) and do this:
$ sudo grep named /var/log/messages
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
# Should I enable this line?
//include "/etc/bind/zones.rfc1918";
# ****** the following added per instructions ******
# allow dns updates from localhost with key "rndc-key"
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
# defines Torah_disciple.local
zone "Torah_disciple.local" {
type master;
file "db.Torah_disciple.local";
allow-update { key "rndc-key"; };
};
# defines our local subnet 192.168.7.0/24
zone "7.168.192.in-addr.arpa" {
type master;
notify no;
file "db.7.168.192";
allow-update { key "rndc-key"; };
};
# end added section
I have not changed this file since it was installed.
named.conf
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
I have a question about the line
"option routers router.Torah_disiple.local;" Should this be changed too because the name router does not exist in my setup or is this a generic name?
Also I have read somewhere that I need to generate a rndc key and place it (or a link to it) in these files in place of "rndc-key" on the dns/router and on the machines that will be dynamically updating the data base. That seamed like more work than to just assign static ip's to all the machines that are regularly connected to my network, so I opted to use the static method. Should I comment out (remove) those lines?
dhcpd.conf
Code:
server-identifier router;
authoritative;
ddns-update-style interim;
include "/etc/bind/rndc.key";
zone Torah_disiple.local. {
primary 127.0.0.1;
key "rndc-key";
}
option domain-name "Torah_disiple.local";
option domain-name-servers 192.168.7.1, 24.247.15.53, 24.247.24.53;
default-lease-time 21600;
max-lease-time 43200;
log-facility local7;
subnet 192.168.7.0 netmask 255.255.255.0 {
range 192.168.7.20 192.168.7.23;
option routers router.Torah_disiple.local;
# option ip-forwarding off;
zone 7.168.192.in-addr.arpa. {
primary bamod-aish.Torah_disiple.local;
key "rndc-key";
}
zone Torah_disiple.local. {
primary bamod-aish.Torah_disiple.local;
key "rndc-key";
}
}
# static addresses
host Netgear-wireless { # Do these names have to match the names in the other files,
# and do they have to match the actual name of the machine?
hardware ethernet 00:18:4d:22:c8:63;
fixed-address 192.168.7.2;
}
rest of assigned static ip's just like the assignment above except for my comment line question.
db.Torah_disciple.local
Code:
;
; Zone file for Torah_disciple.local
;
; The full zone file
;
$TTL 3D
@ IN SOA bamod-aish.Torah_disciple.local. (
20090212; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
bamod-aish IN A 192.168.7.1
netgear IN A 192.168.7.2
rest of database just like the lines above
db.7.168.192
Code:
$TTL 3D
@ IN SOA Torah_disciple.local.
20090212; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ; minimum, seconds
;
1 IN PTR bamod-aish.Torah_disciple.local
2 IN PTR netgear.Torah_disciple.local
rest of database just like the lines above
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
PHP Code:
$TTL 3D @ IN SOA Torah_disciple.local.
That should be bamod-aish.Torah_disciple.local. The SOA record points to the authoritative DNS server.
PHP Code:
20090212; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ; minimum, seconds ; 1 IN PTR bamod-aish.Torah_disciple.local 2 IN PTR netgear.Torah_disciple.local
You need periods at the end of your PTR records. All names need to be fully qualified, including the final period. The reason you can use unqualified names on the left side is because it will automatically append the name of the zone. In the case of forward zones, that would append .Torah_disciple.local., in the case of reverse zones it will append .7.168.192.in-addr.arpa. .
I don't have time to look at the rest of it right now. I'll follow up in a bit.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Come to think of it, I don't think BIND accepts "_" as a valid character in domain names. Try replacing every instance of Torah_disciple.local with Torah-disciple.local. Try that in addition to the other fixes I recommended. If it still doesn't work, please remember to attach the output of $ sudo grep named /var/log/messages. BIND is probably telling you exactly what the problem is, but you've been ignoring it.
I have made the changes but now on bind9 restart I get "Starting domain name service..: bind9 failed. I greped dmesg but got nothing.
Quote:
The 192.168.3.1 ip is to the 3rd nic in this machine to connect my future mail/webserver to.
grep named /var/log/messages returns nothing
hosts
After some looking around I found this in syslog
Code:
Feb 15 09:26:08 bamod-aish named[2855]: dns_rdata_fromtext: db.7.168.192:2: near eol: unexpected end of input
Feb 15 09:26:08 bamod-aish named[2855]: zone 7.168.192.in-addr.arpa/IN: loading from master file db.7.168.192 failed: unexpected end of input
Feb 15 09:26:08 bamod-aish named[2855]: zone 255.in-addr.arpa/IN: loaded serial 1
Feb 15 09:26:08 bamod-aish named[2855]: zone Torah_disciple.local/IN: loading from master file db.Torah_disciple.local failed: file not found
Feb 15 09:26:08 bamod-aish named[2855]: zone localhost/IN: loaded serial 2
Feb 15 09:26:08 bamod-aish named[2855]: running
The instructions I was following said to put the db. files in /var/cache/bind/. That didn't seam to be working for me so I put a copy in /etc/bind with the rest of the config files and it seamed to be working at one time. The files in /var/cache/bind were the unmodified versions so I replaced them with the current ones and these two errors are gone.
I do have a different error
Code:
Feb 15 09:26:08 bamod-aish named[2855]: zone localhost/IN: loaded serial 2
Feb 15 09:26:08 bamod-aish named[2855]: running
Feb 15 09:45:11 bamod-aish dhcpd: router: host unknown.
Feb 15 09:45:11 bamod-aish dhcpd: dhcp.c(3958): non-null pointer
Feb 15 09:45:11 bamod-aish dhcpd: DHCPREQUEST for 192.168.7.11 from 00:13:20:54:30:db via eth1
Feb 15 09:45:11 bamod-aish dhcpd: router.Torah_disiple.local: host unknown.
Feb 15 09:45:11 bamod-aish dhcpd: DHCPACK on 192.168.7.11 to 00:13:20:54:30:db via eth1
I went ahead and changed router.Torah_disciple.local to bamod-aish.Torah_disciple.local. It seams that something is calling for the name router but I can't find anything in the config file. OK found it. It was right at the start of the dhcpd.conf
syslog after the most recient restart of bind
Code:
Feb 15 10:42:53 bamod-aish named[3233]: starting BIND 9.5.0-P2 -u bind
Feb 15 10:42:53 bamod-aish named[3233]: found 1 CPU, using 1 worker thread
Feb 15 10:42:53 bamod-aish named[3233]: loading configuration from '/etc/bind/named.conf'
Feb 15 10:42:53 bamod-aish named[3233]: listening on IPv6 interfaces, port 53
Feb 15 10:42:53 bamod-aish named[3233]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 15 10:42:53 bamod-aish named[3233]: listening on IPv4 interface eth0, 192.168.1.101#53
Feb 15 10:42:53 bamod-aish named[3233]: listening on IPv4 interface eth1, 192.168.7.1#53
Feb 15 10:42:53 bamod-aish named[3233]: listening on IPv4 interface eth2, 192.168.3.1#53
Feb 15 10:42:53 bamod-aish named[3233]: default max-cache-size (33554432) applies
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: D.F.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: A.E.F.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: automatic empty zone: B.E.F.IP6.ARPA
Feb 15 10:42:53 bamod-aish named[3233]: default max-cache-size (33554432) applies: view _bind
Feb 15 10:42:53 bamod-aish named[3233]: command channel listening on 127.0.0.1#953
Feb 15 10:42:53 bamod-aish named[3233]: zone 0.in-addr.arpa/IN: loaded serial 1
Feb 15 10:42:53 bamod-aish named[3233]: zone 127.in-addr.arpa/IN: loaded serial 1
Feb 15 10:42:53 bamod-aish named[3233]: dns_rdata_fromtext: db.7.168.192:2: near eol: unexpected end of input
Feb 15 10:42:53 bamod-aish named[3233]: zone 7.168.192.in-addr.arpa/IN: loading from master file db.7.168.192 failed: unexpected end of input
Feb 15 10:42:53 bamod-aish named[3233]: zone 255.in-addr.arpa/IN: loaded serial 1
Feb 15 10:42:53 bamod-aish named[3233]: dns_rdata_fromtext: db.Torah-disciple.local:8: near '8H': not a valid number
Feb 15 10:42:53 bamod-aish named[3233]: zone Torah-disciple.local/IN: loading from master file db.Torah-disciple.local failed: not a valid number
Feb 15 10:42:53 bamod-aish named[3233]: zone localhost/IN: loaded serial 2
Feb 15 10:42:53 bamod-aish named[3233]: running
If 8H is not a valid number why doesn't it complain about the 2H in the next line?
I am at a loss, but still working at it.
Which folder should my db files be in? /etc/bind or /var/cache/bind I do plan on chrooting bind after i get it working and I know that normally that is done in /var
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.