DNS Understanding Part 2

metallica1973 · 12-18-2006, 11:43 PM

If you setup a caching server to forward DNS requests to an outside DNS server then do you have to setup a master authoritative server for local DNS request inside your lan? In other words if you setup a caching server can you setup up a master authoritative server as well. Can somebody please clarify! I have a setup my caching server at home to foward requests to an outside DNS server, but what do I need to do to have an DNS server within my LAN. I do not want to edit a bunch of host files. help!

acid_kewpie · 12-19-2006, 01:52 AM

yes you can totally do that. basically a caching only name server is laregly BIND without a local config. it's only doing it's last resort action of forwarding to other name servers. if you wich to serve local dns too then it simply becomes a standard BIND service. just acase of making your forward and reverse zone files and the likes.

metallica1973 · 12-20-2006, 07:21 PM

I think that I have setup my named.conf and my zones files and reverse zone file but I still cannot ping anybody my name on my domain?

farslayer · 12-20-2006, 08:00 PM

What does your /etc/resolv.conf look like ? is it pointed to your local DNS server ?

metallica1973 · 12-20-2006, 09:02 PM

yes I have

nameserver 127.0.0.1
nameserver 192.168.3.1 (DNS server)
searchsite localhost

?

farslayer · 12-20-2006, 10:30 PM

Have you tried using dig to do specific queries against your DNS server ?

dig @192.168.3.1 myhost.mydomain.com

Code:

default@crackle:~$ dig @912.168.2.1  www.google.com

; <<>> DiG 9.3.2-P1 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62505
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 6, ADDITIONAL: 6

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         308951  IN      CNAME   www.l.google.com.
www.l.google.com.       270     IN      A       72.14.203.104
www.l.google.com.       270     IN      A       72.14.203.99

;; Query time: 35 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Dec 20 23:28:31 2006
;; MSG SIZE  rcvd: 276

default@crackle:~$

You should get back a response to your query and it should show what server gave the response...

chort · 12-20-2006, 10:43 PM

DNS servers in /etc/resolv.conf aren't tried until one finds the name you're looking for, they're tried until one responds. If the first one responds that no such name exists (as far as it knows) then the next server will not be tried and that's your final answer.

You either need to configure you caching-only server to forward requests about your internal zone to your authoritative server, or you need to configure your authoritative server for inside zones to also perform recursive queries (for internal clients-only!) in order to replace the caching-only server. One server can both perform recursive requests on behalf of clients (and cache them), and also server zone files authoritatively. Those are not mutually exclusive tasks.

metallica1973 · 12-21-2006, 07:36 AM

Snort,

Here is the output from the dig@192.168.3.1 January.Myhomedomain.com

PHP Code:



;<<>> DiG 9.3.1 <<>> @192.168.3.1 January.Myhomedomain.com
; (! server found)
:: global options: printcmd
;; connection time out; no servers could be reached

Here is a very stupid question:

When you say domain, I obviously have several domains registered but when I am talking about my lan, when you say domain, for example when one creates a domain in windows, do you have to do so in linux as well or do just my linux boxes have to have Myhost.Mydomain.com as the hostname or node name? Example ( January.Example.com) I am a bit confused. How does one create a domain in linux and how do you add clients to them. I am thinking that maybe I do not have my domain setup right?

My pc names are:

January (Firewall/DNS/Router)
Febuary (Proxy/Filter/Router)
March (RADIUS/LDAP/LAM/SAMBA)
April (Linux Laptop)
May (windows pc)
June (windows pc)
July (Linux PC)

How would I create a domain for these nodes in linux?

Annother thing that I would like to add is that my clients are able to go to the internet and type in websites and go to them. I think that reason they work is because I have added two public DNS servers to my DHCPD.

farslayer · 12-21-2006, 08:05 AM

Well from the dig response your DNS server isn't responding to requests at all..
You made a directed query to a specific address and it responded "no servers could be reached"
This tells me that either BIND isn't running, or there are firewall rules blocking the port..

On the box running dns check to see if bind is running an easy way to do this is to query for an open listening port for dns.. which is port 53

netstat -plan | grep :53

I don't have bind running on a nearby machine so I'll use SSH as an example..

Code:

itg-debian:/proc# netstat -plan | grep :22
tcp6       0      0 :::22                   :::*                    LISTEN     3795/sshd

That should kick back any process that is listening on that port, and the pid/name of the process.

If you see BIND listening then I would check your firewall rules next.. iptables -L

metallica1973 · 12-21-2006, 09:58 AM

Here is the result:

PHP Code:



January:/home/dabeast # netstat -pantu|grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      4401/named          
tcp        0      0 :::53                   :::*                    LISTEN      4401/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           4401/named          
udp        0      0 :::53                   :::*                                4401/named

This is the same machine as my firewall. Is is possible to block request to the localhost? Also I can ping January and get a reply. Do you think that it could be a firewall rule that is preventing my DNS from working?

farslayer · 12-21-2006, 07:27 PM

Quote:

Originally Posted by metallica1973

This is the same machine as my firewall. Is is possible to block request to the localhost? Also I can ping January and get a reply. Do you think that it could be a firewall rule that is preventing my DNS from working?

OK Bind is definately running...

Absolutely it could be a firewall rule... did you try the other command I posted ? iptables -L....

metallica1973 · 12-26-2006, 07:33 PM

Yes I did and here are the results:

PHP Code:



Chain CHECKBADFLAG (2 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x29  
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x37  
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F  
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00  
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06  
    0     0 LBADFLAG   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03  
 
Chain ICMPINBOUND (0 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 5/sec burst 10  
    0     0 LPINGFLOOD  icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 13  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 14  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 17  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 18  
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain ICMPOUTBOUND (1 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 code 0  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 code 1  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 13  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 14  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 17  
    0     0 LDROP      icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 18  
 1909  284K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain INPUT (policy DROP 1 packets, 60 bytes) 
 pkts bytes target     prot opt in     out     source               destination          
   62  4731 LINVALID   all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID  
 8171 7008K CHECKBADFLAG  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            
 2316  249K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            
    0     0 LREJECT    all  --  *      *       0.0.0.0/0            127.0.0.0/27         
    0     0 DROP       tcp  --  *      *      !127.0.0.1            0.0.0.0/0           tcp dpt:3128  
    0     0 DROP       tcp  --  *      *      !127.0.0.1            0.0.0.0/0           tcp dpt:80  
36089 3174K ACCEPT     all  --  eth2   *       192.168.3.0/27       0.0.0.0/0            
    0     0 ACCEPT     all  --  eth2   *       192.168.3.0/27       0.0.0.0/0            
  972 64821 ACCEPT     all  --  eth2   *       192.168.4.0/27       0.0.0.0/0            
    0     0 ACCEPT     all  --  eth2   *       192.168.4.0/27       0.0.0.0/0            
 8157 7048K SMB        all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113 reject-with tcp-reset  
    0     0 TCPACCEPT  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 state RELATED,ESTABLISHED  
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 state RELATED,ESTABLISHED  
 8157 7048K SPECIALPORTS  all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            
 8130 7037K ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED  
    0     0 TCPACCEPT  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 state RELATED,ESTABLISHED  
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:1024:65535 state RELATED,ESTABLISHED  
   50 18143 LDROP      all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain FORWARD (policy DROP 1 packets, 84 bytes) 
 pkts bytes target     prot opt in     out     source               destination          
   94  4000 LINVALID   all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID  
3662K 2730M CHECKBADFLAG  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            
1663K  145M SMB        all  --  *      eth0    0.0.0.0/0            0.0.0.0/0            
    0     0 ACCEPT     tcp  --  *      eth0    192.168.3.0/27       0.0.0.0/0           tcp spt:3128  
1538K  136M ACCEPT     tcp  --  eth2   eth0    192.168.3.0/27       0.0.0.0/0           tcp spts:1024:65535  
75313 5288K ACCEPT     udp  --  eth2   eth0    192.168.3.0/27       0.0.0.0/0           udp spts:1024:65535  
    0     0 ACCEPT     tcp  --  eth2   eth0    192.168.4.0/27       0.0.0.0/0           tcp spts:1024:65535  
 2051  136K ACCEPT     udp  --  eth2   eth0    192.168.4.0/27       0.0.0.0/0           udp spts:1024:65535  
    0     0 ACCEPT     tcp  --  eth2   eth0    0.0.0.0/0            192.168.3.0/27      tcp spts:1024:65535  
    0     0 ACCEPT     udp  --  eth2   eth0    0.0.0.0/0            192.168.3.0/27      udp spts:1024:65535  
    0     0 ACCEPT     tcp  --  eth2   eth0    0.0.0.0/0            192.168.4.0/27      tcp spts:1024:65535  
    0     0 ACCEPT     udp  --  eth2   eth0    0.0.0.0/0            192.168.4.0/27      udp spts:1024:65535  
2183K 2601M ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED  
    0     0 TCPACCEPT  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 state RELATED  
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:1024:65535 state RELATED  
52399 4725K LDROP      all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LBADFLAG (6 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=BADFLAG:1 a=DROP '  
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LDROP (16 references) 
 pkts bytes target     prot opt in     out     source               destination          
    8  4232 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=TCP:1 a=DROP '  
 4219  692K LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=UDP:2 a=DROP '  
48151 4034K LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=ICMP:3 a=DROP '  
    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=FRAGMENT:4 a=DROP '  
52449 4743K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LINVALID (2 references) 
 pkts bytes target     prot opt in     out     source               destination          
  156  8731 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=INVALID:1 a=DROP '  
  156  8731 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LPINGFLOOD (1 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=PINGFLOOD:1 a=DROP '  
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LREJECT (1 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=TCP:1 a=REJECT '  
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=UDP:2 a=REJECT '  
    0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=ICMP:3 a=REJECT '  
    0     0 LOG        all  -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=FRAGMENT:4 a=REJECT '  
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset  
    0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable  
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable  
 
Chain LSPECIALPORT (10 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=SPECIALPORT:1 a=DROP '  
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain LSYNFLOOD (1 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/sec burst 10 LOG flags 0 level 4 prefix `fp=SYNFLOOD:1 a=DROP '  
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain OUTPUT (policy DROP 0 packets, 0 bytes) 
 pkts bytes target     prot opt in     out     source               destination          
 2316  249K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0            
27070 2540K ACCEPT     all  --  *      eth2    0.0.0.0/0            0.0.0.0/0            
 1909  284K ICMPOUTBOUND  icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0            
 6798 1242K ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            
  534 41464 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            
    0     0 ACCEPT     all  --  *      eth2    0.0.0.0/0            0.0.0.0/0            
    0     0 ACCEPT     tcp  --  *      eth0    192.168.3.0/27       0.0.0.0/0           tcp spts:1024:65535  
    0     0 ACCEPT     udp  --  *      eth0    192.168.3.0/27       0.0.0.0/0           udp spts:1024:65535  
    0     0 ACCEPT     tcp  --  *      eth0    192.168.4.0/27       0.0.0.0/0           tcp spts:1024:65535  
    0     0 ACCEPT     udp  --  *      eth0    192.168.4.0/27       0.0.0.0/0           udp spts:1024:65535  
    0     0 LDROP      all  --  *      *       0.0.0.0/0            0.0.0.0/0            
 
Chain SMB (2 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:137  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:138  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:139  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:445  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:137  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:138  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:139  
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:445  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:138  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:139  
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:445  
 
Chain SPECIALPORTS (1 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6670  
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1243  
    0     0 LSPECIALPORT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1243  
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27374  
    0     0 LSPECIALPORT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:27374  
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:6711:6713  
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:12345:12346  
    0     0 LSPECIALPORT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20034  
    0     0 LSPECIALPORT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:31337:31338  
    0     0 LSPECIALPORT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:28431  
 
Chain TCPACCEPT (3 references) 
 pkts bytes target     prot opt in     out     source               destination          
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 5/sec burst 10  
    0     0 LSYNFLOOD  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02  
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02

homey · 12-26-2006, 09:59 PM

I have a FC6 box that is my dhcpd and named server. It has one nic connected to the cable modem and the other nic is connected to the local network switch or crossover cable ( depending on what I'm doing ).
The Internet side is firewalled but the local net has free access to each other and I can ping them by name because the dhcp server updates my dns zones.

You may be interested in these articles but, the second one is for setup to ping within the lan by computer name. In fact, I removed the package called caching-nameserver and it still works fine for Linux and Windows clients.
http://www.redhat.com/magazine/025nov06/features/dns/
http://www.redhat.com/magazine/026dec06/features/dns/

From my notes:

At the fedora client machines /etc/sysconfig/network-scripts/ifcfg-eth0
DHCP_HOSTNAME=mudd.mydomain.com
causes the dns reverse zone entry to look like this...
set ddns-fwd-name = "mudd.mydomain.com.mydomain.com";

That also causes ping to fail when using just the host name: ping mudd

To correct this, use just the host name
DHCP_HOSTNAME=mudd

The file /etc/sysconfig/network can use the full name without problems.
HOSTNAME=mudd.mydomain.com

Make sure the /etc/resolv.conf is using your server address at the server and linux clients.

Code:

search mydomain.com
nameserver 192.168.0.1

Save the named.conf file and then assign 644 permissions:
chmod 644 /var/named/chroot/etc/named.conf
Check the syntax using the named-checkconf utility provided by the bind RPM:
named-checkconf named.conf

/var/named/chroot/etc/named.conf

Code:

//
// named.conf for Red Hat caching-nameserver 
//

acl internal_net { 192.168.0.0/24; 127.0/8; };

options {
	directory "/var/named";
	dump-file "/var/named/data/cache_dump.db";
	statistics-file "/var/named/data/named_stats.txt";
	listen-on { 127.0.0.1; 192.168.0.1; };
	allow-query { 127.0.0.1; 192.168.0.0/24; };
	query-source address * port 53;

# Use Your Own ISP Servers Here
	forwarders {
		123.123.123.100;
		123.123.123.200;
		123.123.123.300;
		};
};


zone "0.168.192.in-addr.arpa" IN {
   type master;
   file  "192.168.0.zone";
   allow-update { internal_net; };
};

zone "mydomain.com." IN {
   type master;
   file "mydomain.com.zone";
   allow-update { internal_net; };
};

/var/named/chroot/var/named/192.168.0.zone

Code:

$TTL 1D

@       IN      SOA     server.mydomain.com. root.localhost (
200612060       ; serial
2H              ; refresh slaves
5M              ; retry
1W              ; expire
1M              ; Negative TTL
)

        IN      NS      server.mydomain.com.
1       IN      PTR     server.mydomain.com.

/var/named/chroot/var/named/mydomain.com.zone

Code:

$TTL 1D

@    IN      SOA     server.mydomain.com. root.localhost (
200612060       ; serial
2H              ; refresh slaves
5M              ; retry
1W              ; expire
1M              ; Negative TTL
)

                      IN      NS      server.mydomain.com.

server.mydomain.com.       IN      A       192.168.0.1     ; server

Note: it is important to set chown and chmod for these files.

Code:

chown named:named /var/named/chroot/var/named/mydomain.com.zone
chown named:named /var/named/chroot/var/named/192.168.0.zone
chmod 644 /var/named/chroot/var/named/mydomain.com.zone
chmod 644 /var/named/chroot/var/named/192.168.0.zone

/etc/dhcpd.conf

Code:

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample

ddns-update-style interim;
ddns-updates on;
allow client-updates;
ddns-domainname "mydomain.com";
server-name "192.168.0.1";
max-lease-time 86400;
default-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
	option domain-name-servers 192.168.0.1;
	option domain-name "mydomain.com";
	option broadcast-address 192.168.0.255;
	option subnet-mask 255.255.255.0;
	option routers 192.168.0.1;
	range 192.168.0.2 192.168.0.50;
	}

Restart dhcpd and named.
When a client gets an address, you may not notice changes in the zones right away but that's ok if you can ping by name.
The /var/lib/dhcpd/dhcpd.leases file does show changes right away and should have the correct info.
For example:

Code:

lease 192.168.0.49 {
  starts 3 2006/12/27 03:15:15;
  ends 4 2006/12/28 03:15:15;
  binding state active;
  next binding state free;
  hardware ethernet 00:40:f4:6f:d5:fc;
  uid "\001\000@\364o\325\374";
  set ddns-rev-name = "49.0.168.192.in-addr.arpa.";
  set ddns-txt = "319e51316b19d15e4208cbaec7b83ae39e";
  set ddns-fwd-name = "e050.mydomain.com";
  client-hostname "e050";
}

metallica1973 · 12-27-2006, 10:33 AM

Wow, I will read this material and go over my settings and see what is wrong. For the most part I have already done this but I must have made a mistake somewhere.

metallica1973 · 12-30-2006, 10:02 PM

what should the file permission be(ownership and permission)?