Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am about to pull my hair out. This is the 5th day in a row that I have attempted to configure a DNS server on my Fedora server. I am unable to find the machine name via nslookup nor the domain. I have gone through several of the tutorials on several sites as well as on this site and have not been able to find what I am doing wrong.
I am fairly new to the OS so I am attempting to grasp several concepts at once, so forgive my ignorance. I have done searches on the net as well as the forums here to try to solve this on my own but am unable to do so. Please let me know what I am doing wrong.
My network is configured with hostname of "linux-server"
This is my named.conf
//
// named.conf for mydomain
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};
//
// mydomian.home config file
//
zone "." {
type hint;
file "named.ca";
};
zone "mydomain.home" {
type master;
file "mydomain.home.zone";
allow-update { 192.168.1/24;};
};
zone "localhost" {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { 192.168.1/24;};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key";
This is my forward zone file:
$TTL 1d
;
; The domain of mydomain.home
;
@ IN SOA linux-server.mydomain.home. my.email.address (
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.mydomain.home.
;
; Define the mail servers
; none at this time
;
; Define the hosts
;
linux-server IN A 192.168.1.101
opus IN A 192.168.1.100
;
;
;
; Define the Aliases
;
www IN CNAME linux-server.mydomain.home.
and this is my reverse lookup file:
@ IN SOA linux-server.mydomain.home. my.email.address. (
2004033001 ;Serial
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.mydomain.home.
101 IN PTR linux-server.mydomain.home.
100 IN PTR opus.mydomain.home.
Distribution: gentoo, debian, ubuntu live gnome 2.10
Posts: 440
Rep:
specifically what name are you trying to resolve with nslookup? how are you using the command? can you ping the address? have you add the localhost to the /etc/resolv.conf file?
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,500
Rep:
It looks like you're missing two statements. Put them after the
directory "/var/named";
First is the list of DNS servers to use if the lookup can't be resolved by your DNS entries (i.e., the world outside your LAN). For example:
forwarders { 123.45.67.89; 23.45.67.89; };
Next is who on your LAN is permitted to use this DNS server. For example:
allow-query { 123.45.67.0/24; 127.0.0.1; };
Also, normally your local domain is defined as a subdomain of your ISP (they don't need to know anything about this, but it makes the forwarding of resquest work correctly). That is, if your ISP is "myisp.net" you can define your domain as "mydomain.myisp.net".
Those are the only things that I noticed off hand. Also, remember to put your DNS server and search domain in your /etc/resolv.conf. For example:
Originally posted by mrGenixus specifically what name are you trying to resolve with nslookup? how are you using the command? can you ping the address? have you add the localhost to the /etc/resolv.conf file?
I am doing the nslookup from my local machine. I can ping all the IP addresses in my network and they can ping what will be the DNS server. I am doing the nslookup command both ways.
#nslookup mydomain.home
and
#nslookup
>machine-name
I get servfail on the first and ** server can't find linux-server: NXDOMAIN
on the second.
How do I make the entry in the resolv.conf file? Literally "localhost" or the machine name or IP address? Here is what I have in it so far.
search mydomain.home
nameserver 192.168.1.101
Also, I am able to resolve internet addresses so my forwarding is working, however I am still unable to resolve anything on my LAN. So the caching is working properly.
Last edited by mediocrity; 03-31-2005 at 05:04 AM.
1) Carefully check your SOA record for mydomain.home. Hint: Compare it against your other SOA records
2) Try using @ sign for the start of your NS records.
3) /etc/resolv.conf should have:
search mydomain.home
nameserver 127.0.0.1
Finally, take a look at /var/log/messages after starting named. Should point you in the right direction on resolving any syntax type errors within the zones.
I will try that when I get access to the machine this evening. I also am curious about what I should have in my hostname for the machine in the network configuration. Should it be the FQDN or should it just be the server name? Also on the search path for the DNS what should that be? The domain name?
Alright I finally got it to work. I replaced the NS record from mydomain.home to @. I am unsure as to why that made the difference could I get an explanation as to why?
I am still fighting with this DNS setup on my network, Here are the configurations I am using.
Named.conf
//
// named.conf for mydomain
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};
//
// mydomian.home config file
//
zone "." {
type hint;
file "named.ca";
};
zone "ferret.home" {
type master;
file "ferret.home.zone";
allow-update { none;};
allow-query {any;};
};
zone "localhost" {
type master;
file "localhost.zone";
allow-update { none; };
Named.conf};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { none;};
allow-query {any;};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};
include "/etc/rndc.key"; Forward zone file
$TTL 1d
;
@ IN SOA linux-server.ferret.home. mharness.nc.rr.com. (
2004033001 ;serial
21600 ;refresh
1800 ;retry
4w ;expire
1h) ;negative cache TTL
NS linux-server.ferret.home
;
; mail server
; none at this time
;
linux-server IN A 192.168.1.101
opus IN A 192.168.1.100
;
;
;
;
;aliases
www IN CNAME linux-server.ferret.home. Reverse zone file
$TTL 1d
@ IN SOA @ mharness.nc.rr.com. (
2004033001 ;Serial
21600 ;Refresh
1800 ;Retry
4w ;Expire
1h ) ;Negative Cache TTL
; Define the nameservers
IN NS linux-server.ferret.home.
101 IN PTR linux-server.ferret.home.
100 IN PTR opus.ferret.home.
Now the problem is that on the machine running DNS I can resolve internal and external addresses. However other machines on my network and unable to do either. They get DNS timed out errors. When I do a nslookup on the machine running DNS for the domain I get the following.
[root@linux-server named]# nslookup
> ferret.home
Server: 192.168.1.101
Address: 192.168.1.101#53
*** Can't find ferret.home: No answer
What have I misconfigured? I am at my wits end trying to figure this out. I have looked at several sites on this configuration and it seems to be "by the book". So why are my other workstations unable to resolve? I have opened the firewall to allow port 53 traffic as well.
On FC3, named is run within a chroot jail. The actual DNS zone file must be placed in /var/named/chroot/var/named/ and then a symbolic link must be made in /var/named/ to the file in the chroot jail.
Do an ls -l on /var/named/ and you'll see what I mean. Hope that helps.
Originally posted by mediocrity Alright I finally got it to work. I replaced the NS record from mydomain.home to @. I am unsure as to why that made the difference could I get an explanation as to why?
Without the @ sign, the NS record is parsed as a continuation record from the previous line. Adding the @ sign insures the NS record is referencing the zone name from named.conf.
FWIW: I gave up on using continuation records in my zone files years ago. I just had to many self-induced problems I got tired of fighting.
On FC3, named is run within a chroot jail. The actual DNS zone file must be placed in /var/named/chroot/var/named/
True, if ROOTDIR=/var/named/chroot is set in /etc/sysconfig/named
and then a symbolic link must be made in /var/named/ to the file in the chroot jail.
I believe redhat added the links you are referring to so that when ROOTDIR is NOT set, the same files can be referenced when named is started in a non chroot'd environment. i.e. The same named.conf file can be used for both chroot and non-chroot environments. So when running named in a chroot'd environment (fc3 default), the links you are referring to would never be referenced.
The following zone files should help. I use these on my name servers. Edit then to meet your requirements.
Good Luck
Code:
[root@excelsior scowles]# cat db.192.168.9
;##############################################################
; Zone definition for "internal view" of subnet 192.168.9.0/24
; Filename: /var/named/int/db.192.168.9
; Created: 8/8/2003 by SWC <scowles@mydomain.com>
;##############################################################
$TTL 1d
@ 7d IN SOA ns1.mydomain.com. (
netadmin.mydomain.com. ; Zone Contact
2004052201 ; Serial
1h ; Refresh
30m ; Retry
7d ; Expire
1h ) ; Negative Cache
;############################################################
; mydomain.com Nameserver Records (NS)
;############################################################
@ 7d IN NS ns1.mydomain.com.
@ 7d IN NS ns2.mydomain.com.
;############################################################
; 192.168.9.0/24 Reverse Pointer Records (PTR)
;############################################################
; Specify all Pointer (PTR) Records
1 1d IN PTR firewall.mydomain.com.
2 1d IN PTR defiant.mydomain.com.
3 1d IN PTR voyager.mydomain.com.
10 1d IN PTR pserv1.mydomain.com.
11 1d IN PTR wap.mydomain.com.
; Assign Auto-Generated DHCP reverse address ranges. If your
; using DDNS, you should probably comment these.
$GENERATE 25-254 $ PTR dhcp-9-$.mydomain.com.
[root@excelsior scowles]# cat db.mydomain
;##############################################################
; Zone definition for "internal view" of mydomain.com
; Filename: /var/named/int/db.mydomain
; Created: 11/28/2003 by SWC <scowles@mydomain.com>
;##############################################################
$TTL 1d
@ 7d IN SOA ns1.mydomain.com. (
netadmin.mydomain.com. ; Zone Contact
2004052201 ; Serial
1h ; Refresh
30m ; Retry
7d ; Expire
1h ) ; Negative Cache
;############################################################
; mydomain.com Nameserver Records (NS)
;############################################################
@ 7d IN NS ns1.mydomain.com.
@ 7d IN NS ns2.mydomain.com.
;############################################################
; mydomain.com A (ADDRESS) and MX Records (MAIL EXCHANGER)
;############################################################
@ 1d IN A 192.168.9.3
@ 1d IN MX 0 smtp.mydomain.com.
;############################################################
; mydomain.com Address Records (A)
;############################################################
localhost 1d IN A 127.0.0.1
; Name Server records
ns1 1d IN A 192.168.9.3
ns2 1d IN A 192.168.8.2
; Router Interface Records
dmz 1d IN A 192.168.8.1
lab 1d IN A 192.168.10.1
firewall 1d IN A 192.168.9.1
; Web/Internet based records
www 1d IN A 192.168.8.2
chat 1d IN A 192.168.9.3
ftp 1d IN A 192.168.8.2
mail 1d IN A 192.168.9.3
smtp 1d IN A 192.168.9.2
news 1d IN A 192.168.9.3
; Server/Workstation static records
excelsior 1d IN A 192.168.8.2
defiant 1d IN A 192.168.9.2
voyager 1d IN A 192.168.9.3
pserv1 1d IN A 192.168.9.10
wap 1d IN A 192.168.9.11
; Assign DHCP address range. If your using DDNS, you should
; probably comment these.
$GENERATE 25-254 dhcp-8-$ A 192.168.8.$
$GENERATE 25-254 dhcp-9-$ A 192.168.9.$
$GENERATE 25-254 dhcp-10-$ A 192.168.10.$
;############################################################
; Current Aliases for mydomain.com (CNAME)
;############################################################
So when running named in a chroot'd environment (fc3 default), the links you are referring to would never be referenced. [/B]
The symlink in /var/named is for administrators to access the zone database files in a consistent manner to the normal operation of BIND since most distros places zone files in /var/named. It is where many people expect to find them.
Anyways, I don't see anything wrong with your zone file (except that it's unformatted on the web and hard to read). Whether you use the @ sign or the name of the zone as specified in named.conf in your SOA record is irrelevant as they mean the same thing.
Just to update this thread in case anyone else will find it helpful. It turns out my zone records and named.conf were fine. What I was running into was that the firewall was blocking traffic for some reason. I had opened up port 443 and 53 in the firewall, however for some reason the traffic was being blocked. I disabled the firewall and now have a fully functional DNS server.
I am curious however, why even though I had opened the two ports, did my machine not respond to requests. Did I need to open them up as TCP (which I did) or UDP (which I did not). I could test this at home but am looking for an explanation. I was under the impression that all named traffic took place via TCP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
