LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-30-2005, 09:46 PM   #1
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Rep: Reputation: 0
DNS server on Fedora Core 3


I am about to pull my hair out. This is the 5th day in a row that I have attempted to configure a DNS server on my Fedora server. I am unable to find the machine name via nslookup nor the domain. I have gone through several of the tutorials on several sites as well as on this site and have not been able to find what I am doing wrong.

I am fairly new to the OS so I am attempting to grasp several concepts at once, so forgive my ignorance. I have done searches on the net as well as the forums here to try to solve this on my own but am unable to do so. Please let me know what I am doing wrong.

My network is configured with hostname of "linux-server"

This is my named.conf
//
// named.conf for mydomain
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};

//
// mydomian.home config file
//

zone "." {
type hint;
file "named.ca";
};

zone "mydomain.home" {
type master;
file "mydomain.home.zone";
allow-update { 192.168.1/24;};
};

zone "localhost" {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { 192.168.1/24;};
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";


This is my forward zone file:
$TTL 1d

;
; The domain of mydomain.home
;
@ IN SOA linux-server.mydomain.home. my.email.address (
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.mydomain.home.
;
; Define the mail servers
; none at this time
;
; Define the hosts
;
linux-server IN A 192.168.1.101
opus IN A 192.168.1.100
;
;
;
; Define the Aliases
;
www IN CNAME linux-server.mydomain.home.

and this is my reverse lookup file:

@ IN SOA linux-server.mydomain.home. my.email.address. (
2004033001 ;Serial
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.mydomain.home.
101 IN PTR linux-server.mydomain.home.
100 IN PTR opus.mydomain.home.
 
Old 03-30-2005, 10:11 PM   #2
mrGenixus
Member
 
Registered: Dec 2004
Location: Colorado, US
Distribution: gentoo, debian, ubuntu live gnome 2.10
Posts: 440

Rep: Reputation: 30
specifically what name are you trying to resolve with nslookup? how are you using the command? can you ping the address? have you add the localhost to the /etc/resolv.conf file?
 
Old 03-30-2005, 10:31 PM   #3
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 327Reputation: 327Reputation: 327Reputation: 327
It looks like you're missing two statements. Put them after the

directory "/var/named";

First is the list of DNS servers to use if the lookup can't be resolved by your DNS entries (i.e., the world outside your LAN). For example:

forwarders { 123.45.67.89; 23.45.67.89; };

Next is who on your LAN is permitted to use this DNS server. For example:

allow-query { 123.45.67.0/24; 127.0.0.1; };

Also, normally your local domain is defined as a subdomain of your ISP (they don't need to know anything about this, but it makes the forwarding of resquest work correctly). That is, if your ISP is "myisp.net" you can define your domain as "mydomain.myisp.net".

Those are the only things that I noticed off hand. Also, remember to put your DNS server and search domain in your /etc/resolv.conf. For example:

search mydomain.myisp.net
nameserver 123.45.67.10
 
Old 03-31-2005, 05:54 AM   #4
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by mrGenixus
specifically what name are you trying to resolve with nslookup? how are you using the command? can you ping the address? have you add the localhost to the /etc/resolv.conf file?
I am doing the nslookup from my local machine. I can ping all the IP addresses in my network and they can ping what will be the DNS server. I am doing the nslookup command both ways.

#nslookup mydomain.home
and
#nslookup
>machine-name

I get servfail on the first and ** server can't find linux-server: NXDOMAIN
on the second.

How do I make the entry in the resolv.conf file? Literally "localhost" or the machine name or IP address? Here is what I have in it so far.
search mydomain.home
nameserver 192.168.1.101

Also, I am able to resolve internet addresses so my forwarding is working, however I am still unable to resolve anything on my LAN. So the caching is working properly.

Last edited by mediocrity; 03-31-2005 at 06:04 AM.
 
Old 03-31-2005, 07:40 AM   #5
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
1) Carefully check your SOA record for mydomain.home. Hint: Compare it against your other SOA records

2) Try using @ sign for the start of your NS records.

3) /etc/resolv.conf should have:
search mydomain.home
nameserver 127.0.0.1

Finally, take a look at /var/log/messages after starting named. Should point you in the right direction on resolving any syntax type errors within the zones.
 
Old 03-31-2005, 08:26 AM   #6
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Original Poster
Rep: Reputation: 0
I will try that when I get access to the machine this evening. I also am curious about what I should have in my hostname for the machine in the network configuration. Should it be the FQDN or should it just be the server name? Also on the search path for the DNS what should that be? The domain name?
 
Old 03-31-2005, 07:50 PM   #7
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Original Poster
Rep: Reputation: 0
Alright I finally got it to work. I replaced the NS record from mydomain.home to @. I am unsure as to why that made the difference could I get an explanation as to why?
 
Old 04-03-2005, 08:39 PM   #8
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Original Poster
Rep: Reputation: 0
I am still fighting with this DNS setup on my network, Here are the configurations I am using.

Named.conf
//
// named.conf for mydomain
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};

//
// mydomian.home config file
//

zone "." {
type hint;
file "named.ca";
};

zone "ferret.home" {
type master;
file "ferret.home.zone";
allow-update { none;};
allow-query {any;};
};

zone "localhost" {
type master;
file "localhost.zone";
allow-update { none; };
Named.conf};

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { none;};
allow-query {any;};
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";
Forward zone file
$TTL 1d
;
@ IN SOA linux-server.ferret.home. mharness.nc.rr.com. (
2004033001 ;serial
21600 ;refresh
1800 ;retry
4w ;expire
1h) ;negative cache TTL

NS linux-server.ferret.home
;
; mail server
; none at this time
;
linux-server IN A 192.168.1.101
opus IN A 192.168.1.100
;
;
;
;
;aliases
www IN CNAME linux-server.ferret.home.
Reverse zone file
$TTL 1d
@ IN SOA @ mharness.nc.rr.com. (
2004033001 ;Serial
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.ferret.home.
101 IN PTR linux-server.ferret.home.
100 IN PTR opus.ferret.home.


Now the problem is that on the machine running DNS I can resolve internal and external addresses. However other machines on my network and unable to do either. They get DNS timed out errors. When I do a nslookup on the machine running DNS for the domain I get the following.
[root@linux-server named]# nslookup
> ferret.home
Server: 192.168.1.101
Address: 192.168.1.101#53

*** Can't find ferret.home: No answer

What have I misconfigured? I am at my wits end trying to figure this out. I have looked at several sites on this configuration and it seems to be "by the book". So why are my other workstations unable to resolve? I have opened the firewall to allow port 53 traffic as well.
 
Old 04-03-2005, 08:55 PM   #9
aznluvsmc
Member
 
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184

Rep: Reputation: 30
On FC3, named is run within a chroot jail. The actual DNS zone file must be placed in /var/named/chroot/var/named/ and then a symbolic link must be made in /var/named/ to the file in the chroot jail.

Do an ls -l on /var/named/ and you'll see what I mean. Hope that helps.
 
Old 04-04-2005, 06:09 AM   #10
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
Quote:
Originally posted by mediocrity
Alright I finally got it to work. I replaced the NS record from mydomain.home to @. I am unsure as to why that made the difference could I get an explanation as to why?
Without the @ sign, the NS record is parsed as a continuation record from the previous line. Adding the @ sign insures the NS record is referencing the zone name from named.conf.

FWIW: I gave up on using continuation records in my zone files years ago. I just had to many self-induced problems I got tired of fighting.
 
Old 04-04-2005, 06:59 AM   #11
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
On FC3, named is run within a chroot jail. The actual DNS zone file must be placed in /var/named/chroot/var/named/

True, if ROOTDIR=/var/named/chroot is set in /etc/sysconfig/named

and then a symbolic link must be made in /var/named/ to the file in the chroot jail.

I believe redhat added the links you are referring to so that when ROOTDIR is NOT set, the same files can be referenced when named is started in a non chroot'd environment. i.e. The same named.conf file can be used for both chroot and non-chroot environments. So when running named in a chroot'd environment (fc3 default), the links you are referring to would never be referenced.
 
Old 04-04-2005, 07:28 AM   #12
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
mediocrity

The following zone files should help. I use these on my name servers. Edit then to meet your requirements.

Good Luck

Code:
[root@excelsior scowles]# cat db.192.168.9 
;##############################################################
; Zone definition for "internal view" of subnet 192.168.9.0/24
; Filename: /var/named/int/db.192.168.9
; Created: 8/8/2003 by SWC <scowles@mydomain.com>
;##############################################################
$TTL    1d
@       7d      IN      SOA             ns1.mydomain.com. (
        netadmin.mydomain.com.          ; Zone Contact
        2004052201                      ; Serial
        1h                              ; Refresh
        30m                             ; Retry
        7d                              ; Expire
        1h )                            ; Negative Cache
 
;############################################################
; mydomain.com Nameserver Records (NS)
;############################################################
@               7d      IN      NS      ns1.mydomain.com.
@               7d      IN      NS      ns2.mydomain.com.
 
;############################################################
; 192.168.9.0/24 Reverse Pointer Records (PTR)
;############################################################
 
; Specify all Pointer (PTR) Records
1               1d      IN      PTR     firewall.mydomain.com.
2               1d      IN      PTR     defiant.mydomain.com.
3               1d      IN      PTR     voyager.mydomain.com.
10              1d      IN      PTR     pserv1.mydomain.com.
11              1d      IN      PTR     wap.mydomain.com.
 
; Assign Auto-Generated DHCP reverse address ranges. If your
; using DDNS, you should probably comment these.
$GENERATE 25-254 $      PTR             dhcp-9-$.mydomain.com.


[root@excelsior scowles]# cat db.mydomain
;##############################################################
; Zone definition for "internal view" of mydomain.com
; Filename: /var/named/int/db.mydomain
; Created: 11/28/2003 by SWC <scowles@mydomain.com>
;##############################################################
$TTL    1d
@       7d      IN      SOA             ns1.mydomain.com. (
        netadmin.mydomain.com.          ; Zone Contact
        2004052201                      ; Serial
        1h                              ; Refresh
        30m                             ; Retry
        7d                              ; Expire
        1h )                            ; Negative Cache
 
;############################################################
; mydomain.com Nameserver Records (NS)
;############################################################
@               7d      IN      NS      ns1.mydomain.com.
@               7d      IN      NS      ns2.mydomain.com.
 
;############################################################
; mydomain.com A (ADDRESS) and MX Records (MAIL EXCHANGER)
;############################################################
@               1d      IN      A       192.168.9.3
@               1d      IN      MX 0    smtp.mydomain.com.
 
;############################################################
; mydomain.com Address Records (A)
;############################################################
localhost       1d      IN      A       127.0.0.1 
 
; Name Server records
ns1             1d      IN      A       192.168.9.3
ns2             1d      IN      A       192.168.8.2
 
; Router Interface Records
dmz             1d      IN      A       192.168.8.1
lab             1d      IN      A       192.168.10.1
firewall        1d      IN      A       192.168.9.1
 
; Web/Internet based records
www             1d      IN      A       192.168.8.2
chat            1d      IN      A       192.168.9.3
ftp             1d      IN      A       192.168.8.2
mail            1d      IN      A       192.168.9.3
smtp            1d      IN      A       192.168.9.2
news            1d      IN      A       192.168.9.3
 
; Server/Workstation static records
excelsior       1d      IN      A       192.168.8.2
defiant         1d      IN      A       192.168.9.2
voyager         1d      IN      A       192.168.9.3
pserv1          1d      IN      A       192.168.9.10
wap             1d      IN      A       192.168.9.11
 
; Assign DHCP address range. If your using DDNS, you should
; probably comment these.
$GENERATE 25-254  dhcp-8-$      A       192.168.8.$
$GENERATE 25-254  dhcp-9-$      A       192.168.9.$
$GENERATE 25-254  dhcp-10-$     A       192.168.10.$
 
;############################################################
; Current Aliases for mydomain.com (CNAME)
;############################################################
 
Old 04-04-2005, 10:45 AM   #13
aznluvsmc
Member
 
Registered: Aug 2004
Location: Newmarket, Ontario
Distribution: OpenSuse 10.2
Posts: 184

Rep: Reputation: 30
Quote:
So when running named in a chroot'd environment (fc3 default), the links you are referring to would never be referenced. [/B]
The symlink in /var/named is for administrators to access the zone database files in a consistent manner to the normal operation of BIND since most distros places zone files in /var/named. It is where many people expect to find them.

Anyways, I don't see anything wrong with your zone file (except that it's unformatted on the web and hard to read). Whether you use the @ sign or the name of the zone as specified in named.conf in your SOA record is irrelevant as they mean the same thing.
 
Old 04-09-2005, 09:17 AM   #14
mediocrity
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3 / Suse 9.3 Pro
Posts: 11

Original Poster
Rep: Reputation: 0
Just to update this thread in case anyone else will find it helpful. It turns out my zone records and named.conf were fine. What I was running into was that the firewall was blocking traffic for some reason. I had opened up port 443 and 53 in the firewall, however for some reason the traffic was being blocked. I disabled the firewall and now have a fully functional DNS server.

I am curious however, why even though I had opened the two ports, did my machine not respond to requests. Did I need to open them up as TCP (which I did) or UDP (which I did not). I could test this at home but am looking for an explanation. I was under the impression that all named traffic took place via TCP.
 
Old 04-09-2005, 12:38 PM   #15
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 31
DNS queries are UDP based.
DNS zone transfers are TCP based.

So you would need to open both tcp and udp port 53 on your firewall to have a fully functional DNS server from external sources.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Core 3 DNS startup wgaivin Linux - Networking 4 04-12-2005 10:55 AM
fedora core 2 / apache / dns / mail server rioguia Linux - Security 2 01-18-2005 03:01 PM
DNS in Fedora core 2 caocon Linux - Networking 11 11-12-2004 01:27 AM
On Fedora Core 2 what DNS server am I using? jlepich Linux - Networking 2 06-22-2004 06:26 PM
Dns is not working in Fedora Core 1 Mahaul Fedora 2 05-14-2004 04:41 PM


All times are GMT -5. The time now is 07:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration