Hi all

I am new to this forum i would like to introduce my self my name is Lano and i am 23 years of age and studying Network Engineering in Australia Sydney.

I was wondering you all could be kind enough to help me figure out how to migrate windows 2000 server DNS on to SUSE 9 DNS server.

My problem is I am new to Linux and not that good at it but I managed to work out what it needs to be done, I already have set up the slave DNS (BIND) and I can resolve the named from Linux box but only if I set the server as slave and forward the address to master dns server which is located on windows 200 box.

What I need to try and do is migrate all the DNS entry that is on Windows 2000 server box and move it over to SUSE BIND dns now, is there any tools that can be done automatically or do I have to enter it manually.

Could you please help me out

Thanks you very much in advance.

Lano

It's fairly easy to do it manually but I can't remember the details!

You set up the new server as a slave for the required zone(s), get working, then trigger a full zone transfer with the master, then reconfigure to swap master/slave roles. The alternative is to use 'dig <zone> AXFR' to get a copy of the live DNS entries and hack together a new zone file.

Either way you'll need to allow zone transfers from the Windows server to the new server.

Hi DaveG

This is what i have but i don’t think its working would you be able to help me fix my problem well i can resolve the name from windows dns box but not sure why it isn’t displaying primary dns i will show u what i mean look below.

this is my 127.0.0.db file

$TTL 1W
@ IN SOA mydomain.com.au. root.mydomain.com.au (
42 ;Serial
2D ;Refresh
4H ;retry
6W ;expiry
1W) ;minimum
IN NS dns.mydomain.com.au.<-- now this WINDOWS DNS BO
IN NS dns.mydomain.com.au.<-- THis is linux BIND

40 IN PTR dns.mydomain.com.au
50 IN PTR dns.tasl1.secl.com.au

Now this is my test.db
;
; BIND data file for mydomain.com.au
;
@ IN SOA mydomain.com.au. root.mydomain.com.au
2005120101 ;Serial
604800 ;Refresh
86400 ;Retry
2419200 ;Expire
604800 ;Defoult TT1
IN NS dns.mydomain.com.au.<-- now this WINDOWS DNS BO
IN NS dns.mydomain.com.au.<-- THis is linux BIND

dns IN A 127.0.0.1 <----where this is my win2k DNS server
dns IN A 127.0.0.2 <---- where this is my suse dns


and thi sis my named.conf

zone "mydomain.com.au" {
type slave;
file "test.db";
master { 127.0.0.1; };
};

zone "0.0.127.in-addr.arpa; {
type slave;
file "127.0.0.db";
masters { 127.0.0.1; };
}:

and this is my resoult

when i type nslookup and press enter all i see is this

>
and if i enter gtr-srv-001.dcp.prd <-- which is my domain that computer belongs in the result returns with he name of the computer and correct ip address.

Now i am confused coz i was reading manuals and when they type nslookup this is what it comes up

Defaoult Server: dns.foo.org
Address: 192.168.100.40

that is just example above what m i doing wrong

thanks heaps

Lano

PLZ could someone help me out plz i really need help

thank you very much

Lano

Lano,

Your nslookup is correct. When people talk of typing nslookup and getting the answers, they mean they are entering appropriate values at the nslookup prompt and getting these results. Try 'man nslookup'.

I'm not sure where you see your problem to be. Can you clarify?

Carl.

I use 'dig' in preference to 'nslookup' - much simpler and more powerful from the command line, easy to script etc.

OK, you need to be sure how your domain name-space is configured. If you have a registered domain name and an assigned IP range then you will need all of the "glue" details to plug your DNS in to the Internet DNS hierarchy and things can be a bit difficult to test. If however you just want to run a "private" network, using a router for Internet access then it's a lot simpler. I'll assume the latter.

First, don't use a domain name that could be assigned to anyone else. I use "localnet" as my private, top-level domain name, substitute your network name. That way no-one can hijack your network using DNS.

Second, make sure you know the IP addresses of your local network and all of the name servers you need to work with: the original Windows box and the DNS servers provided by your service provider.

Also make sure that the Windows box will allow zone transfers to local machines.

Now we need to get your Suse box bind working on it's own. The standard installation should include a decent configuration file and a default set of zone files. Other things to check include the resolver library configuration file '/etc/resolv.conf' and the "name service switch" configuration file '/etc/nsswitch.conf'. These two determine how the Suse box resolves names for itself.

I'm running Fedora Core 4 so the details may differ but initially your resolv.conf should be:
+++++
domain localnet
nameserver dns.localnet # Your original Windows DNS box
-----
and your nsswitch.conf something like:
+++++
passwd: files
shadow: files
group: files
hosts: files dns # use /etc/hosts then DNS for name lookups
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files
-----
unless you use nis, nisplus or ldap.

Your initial named.conf needs to look something like:
+++++
acl "localnet" { 192.168.100.0/24; };
options {
directory "/var/named";
allow-transfer { "localnets"; };
allow-recursion { "localnets"; };
allow-query { "localnets"; };
};
// For a caching name server use this...
//zone "." IN {
// type hint;
// file "named.ca";
//};
// For a smarter solution let your ISP do the work
// Just plug in the IPs of your ISP's DNS servers
zone "." IN {
type forward;
forward only;
forwarders {
195.7.224.143;
195.7.224.57;
};
};
// Loopback
zone "127.in-addr.arpa" IN {
type master;
file "loop.rdb";
};
// Your private net forward database
zone "localnet" IN {
type slave;
masters { 192.168.100.40; };
file "localnet.fdb";
};

// Your private net reverse database
zone "100.168.192.in-addr.arpa" IN {
type slave;
masters { 192.168.100.40; };
file "localnet.rdb";
};
-----
/var/named/loop.rdb:
+++++
$TTL 1W
@ IN SOA localhost. hostmaster.localhost. (
2005010100 ; YYYYMMDDnn
4W ; refresh period
1D ; retry interval
10W ; expiry
1W ; minimum TTL
)
NS localhost.
-----
Create the empty slave database files and make sure that named can write to them - make them owned by the same user that named runs under. They only need an initial SOA record.
/var/named/localnet.fdb:
+++++
$ORIGIN .
$TTL 604800 ; 1 week
localnet IN SOA dns.localnet. hostmaster.localnet. (
2005010112 ; serial
28800 ; refresh (8 hours)
3600 ; retry (1 hour)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
-----
and similar for /var/named/localnet.rdb:
+++++
$ORIGIN .
$TTL 604800 ; 1 week
100.168.192.in-addr.arpa IN SOA dns.localnet. hostmaster.localnet. (
2005010108 ; serial
28800 ; refresh (8 hours)
3600 ; retry (1 hour)
2419200 ; expire (4 weeks)
86400 ; minimum (1 day)
)
-----

Start up named and check the system logs for any reported problems. Track down and fix any.

You will now have a DNS system with a single master and a single slave, both with the same data. Verify that you can resolve names with bind on the Suse box with:
$ dig @127.0.0.1 dns.localnet
This asks dig to ask bind on the local host to resolve the domain name of your master DNS server.
If it returns a good reply then you can continue. Update your /etc/resolv.conf:
+++++
domain localnet
nameserver 127.0.0.1 # Ask bind directly now
-----

Bind should now have a full set of records for the local network, forward and reverse. You could decide to stop here, update DHCP to provide both nameserver IPs and have a decent system.

The next task is to swap over the roles of the two servers or drop the Windows box out of the equation. You will need a quiet network to do this and a clear plan - you could be left unable to resolve any addresses at some point. Will the Suse box take over the original IP addresses or run in tandem? How do client machines get the IP address for nameservers - DHCP? What will you do if it doesn't work and the Boss starts shouting?

Stop everything and set up the networking of the two boxes to what you want. Also edit the zone files to reflect any changes - on both machines. Increment the serial number on any zone files you edit. Update the SOA records to indicate the master server for that zone.

In /etc/named.conf change the "type" for the local zone files from "slave" to "master" and remove or comment out the "masters" lines.

Start up named on the Suse box and check that everything is working - do a few 'dig' queries for local and Internet names. If everything looks OK then you can update your DHCP server, if needed, and do a final read through to check the configuration and zone files.

Restart everything, boot up a client machine and check that the client can resolve names properly. Reconfigure the Windows box as a slave if required.

Lastly, heave a sigh of relief and retire to the bar for a well earned "break".

Hope this is helpful.

Dave

Firstly i would like to thanks you very much for taking time and effort on helping me out it work fine but the only thing that i am confused now is how do i know if my windows dns zones have been transfer over to linux? is there a file that i can check that contains the zones ?


For some reason it doesnt look like my zones are getting trenfered from master ....
Dave if you need me to post any of y config pleas ask as i am really starting to pull my hair.

Here is my log i cant seem to get anythign from it does this look okay

Dec 22 15:35:05 suse1 named[11631]: shutting down: flushing changes
Dec 22 15:35:05 suse1 named[11631]: stopping command channel on 127.0.0.1#953
Dec 22 15:35:05 suse1 named[11631]: stopping command channel on ::1#953
Dec 22 15:35:05 suse1 named[11631]: no longer listening on 127.0.0.1#53
Dec 22 15:35:05 suse1 named[11631]: no longer listening on 168.217.20.230#53
Dec 22 15:35:05 suse1 named[11631]: exiting
Dec 22 15:35:08 suse1 named[11718]: starting BIND 9.2.3 -u named
Dec 22 15:35:08 suse1 named[11718]: using 2 CPUs
Dec 22 15:35:08 suse1 named[11718]: loading configuration from '/etc/named.conf'
Dec 22 15:35:08 suse1 named[11718]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 22 15:35:08 suse1 named[11718]: listening on IPv4 interface eth0, 168.217.20.230#53
Dec 22 15:35:08 suse1 named[11718]: command channel listening on 127.0.0.1#953
Dec 22 15:35:08 suse1 named[11718]: command channel listening on ::1#953
Dec 22 15:35:08 suse1 named[11718]: zone 168.in-addr.arpa/IN: loaded serial 2005122101
Dec 22 15:35:08 suse1 named[11718]: zone 20.217.168.in-addr.arpa/IN: loaded serial 42
Dec 22 15:35:08 suse1 named[11718]: zone tasl.secl.com.au/IN: loaded serial 42
Dec 22 15:35:08 suse1 named[11718]: running
Dec 22 15:35:08 suse1 named[11718]: zone 168.in-addr.arpa/IN: sending notifies (serial 2005122101)


just another question

In the code that you typed you have localnet should i change that with my windows 2000 DNS name or is that new name for BIND ? iam just little confuesd sorry about that Dave if you dont mind explaining little bit ..

thanks heaps

Lano

plz any suggestions thanks heaps guys

If you own the domain name then it's OK to use it. I don't have a registered domain name - just a dynamic ADSL connection to the Internet so I use a private address range and the network name "localnet", neither of which should resolve to anything on the Internet, which is what I want. The zone files themselves can be named anything - the association is in named.conf.

For the initial zone transfer, yes, the domain name and reverse zone name must match those used on the Windows DNS server. Sorry, an oversight on my part. They can be renamed afterwards if required.

bind should update its slave zone files from the master soon after starting by performing a full zone transter - a complete rip of the information from the master zone server. You should be able to read the zone files and see the information it has retrieved. It will periodically update that data by retrieving changes from the master server. If the files are empty then it has not performed a transfer yet. You should be able to force a re-load and zone update using 'rndc reload' if the control channel is functioning.

I think the "empty" zone files might need an "NS" record to track down the master server. A line " NS dns.mydomain.com.au." in each should do the trick. If bind still has problems locating the Windows server then I'd also put an "A" record in there to provide an IP address. I could well be wrong on this. It might actually need completely empty files since the master is declared in the config file. The SOA record caries a serial number that gets incremented on each master update that the slave will check before doing any updates itself. You may need to experiment.

To check if the Windows DNS server supports zone transfers use 'dig @192.168.100.40 mydomain.com.au AXFR'. i.e. Ask 192.168.100.40 (your Windows box) for a full zone transfer of the "mydomain.com.au" domain.

The bind distribution should also include 'named-checkconf' and 'named-checkzone' tools to check the syntax of the config file and zone files. They might help in tracking down any inconsistencies.

Keep at it!

-- DaveG.

Hey Dave

Every time i do rcnamed start i get the following message and i got no idea why i have never touched that file or seen that file plz help

Warning: File, /etc/named.d/createNamedConfInclude not found. Skipping Please check the settings of NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/name.
Warning: File, /etc/named.d/createNamedConfInclude not found. Skipping

PLEAS HELP ME

thanks

anyone plz help iam almost there my revers zones got transfered but i still am not able to get my forward zones to transfer any suggestions and the only error i get is the error in my above message pleas

thanks guys

The NAMED_CONF_INCLUDE_FILES bit sounds like Suse rc stuff to me. Check through the rc file (/etc/init.d/named?) and the config file (/etc/sysconfig/named) for clues.

If the reverse zone has transfered then the mechanism is working OK. Check the domain name and master server are correct in the forward zone declaration in the config file, empty the zone file and try again.

Thanks heaps Dave i will try that when i get back to from from seasson holidays wish you and every1 one all the best and thanks for your healp man thanks heaps

woo hoo it work thanks heaps heaps

woo hoo it work thanks heaps heaps



but the only thing i am little confused do you need this

/var/named/loop.rdb:
+++++
$TTL 1W
@ IN SOA localhost. hostmaster.localhost. (
2005010100 ; YYYYMMDDnn
4W ; refresh period
1D ; retry interval
10W ; expiry
1W ; minimum TTL
)
NS localhost.

as i am not using i only for forward and reverse entrees in my named.conf.

and last question

why is it making 2 weird files like db-XXmUg3Wy and db-XXWs5Bt4 is this suppouse to be doing.
thanks heaps