Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to make a "good" linux server . At this point i wanted to install and config DDNS.
i am using CentOS 4.4 Server edition..
I have small network, server "mango" with ip 10.10.10.1, and some other computers getting ip's from dhcpd.
I made configuration that works, well it does:
-i get ip address on client machines
-with nslookup or dig i get responses from server and client
machines, also i get response from internet requests..
-after while i connect a client to network, a line is added in both zone files ..
So, i think i did ok with config files.
1) Now, i am asking: Is this configuration that i made any good? Are there some big mistakes, anything to correct or change?
dhcpd.conf
Code:
authoritative;
include "/etc/rndc.key";
#Konfiguracija strežnika
#server-identifier server;
ddns-domainname "sadovnjak.local";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
# This is the communication zone
zone sadovnjak.local. {
primary 127.0.0.1;
key rndckey;
}
zone 10.10.10.in-addr.arpa. {
primary 127.0.0.1;
key rndckey;
}
default-lease-time 21600; # 6 hours
max-lease-time 43200; # 12 hours
option routers 10.10.10.1;
option domain-name "sadovnjak.local";
option domain-name-servers 10.10.10.1;
option ip-forwarding off;
# Domaci_bazencek
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.20 10.10.10.100;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
}
named.conf
Code:
acl sadovnjak-local { 10.10.10.0/24; 127.0/8; };
controls {
inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};
options {
directory "/var/named";
allow-query { sadovnjak-local; };
forwarders { 193.2.1.66; 193.2.1.72; };
# forward-only;
};
include "/etc/rndc.key";
# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
type master;
file "sadovnjak.local.zone";
allow-update { key "rndckey"; };
notify yes;
};
# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
type master;
file "10.10.10.in-addr.arpa.zone";
allow-update { key "rndckey"; };
notify yes;
};
sadovnjak.local.zone
Code:
$TTL 1D
sadovnjak.local. IN SOA mango.sadovnjak.local. root.mango.sadovnjak.local. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS mango.sadovnjak.local.
mango.sadovnjak.local. IN A 10.10.10.1 ; RHEL server
10.10.10.in-addr.arpa
Code:
$TTL 1D
@ IN SOA mango.sadovnjak.local. root.mango.sadovnjak.local. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS mango.sadovnjak.local.
1 IN PTR mango.sadovnjak.local.
2)additional: after i added a line in fw zone
Code:
binar.sadovnjak.local. IN A 10.10.10.80
and in rew zone
Code:
80 IN PTR binar.sadovnjak.local.
everything stoped working, dhcp and ddns.. any clues??
by this i wanted to give static ip to one client machine (also i manualy entered numbers at tcp/ip on "binar")
Well on first good configuration, i made changes in zones, and in my client computer i entered static values, including dns server..
I could start both services named and dhcp with no error or any problem, but, client computers didn't get ip address from dhcpd, and in nslookup there was no response(tried from computer binar with static ip), even from server.
btw, this ddns rules! Before that, i had ISP dns, and i had Torrentflux(web-based torrent application). Many times when i wanted access page http://mango/tf i had to wait up to 20 seconds. Since i started local dns server there are no delays.
I would have problem with named and dhcpd, if i returned bottom lines(from first post) in fw and rew zone for static ip for workstation "binar". but since i rely on good linux ddns i think i will not need static ip's for clients. And saying that, there is NO problem anymore
Mostly i wanted to know how good is my configuration of ddns.
I would rip this line out of your named.conf - forwarders { 193.2.1.66; 193.2.1.72; };
That forces you to depend on your ISP's nameservers. It is possible, but unlikely, that they will have some problem where their nameservers will have a problem. BIND by itself will resolve any names by looking to the correct root/top domain servers. Having forwarders basically adds an unnecessary second step. You ask their nameservers, then their nameservers ask the root/top domain. You can go direct to the root/top, and bypass them.
in centos, there is file in /var/named/chroot/var/named/named.ca with root servers..
Is adding line like this in named.conf correct?
Code:
zone "." IN {
type hint;
file "named.ca";
};
additional, i found this in original named.conf file:
Code:
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone localdomain is like mine sadovnjak.local, right?
what is localhost for??
p.s. mine forwarders 193.2.1.66 and 193.2.1.72, they are like best dns servers in our country, they do the work "perfect" for a long time.. Isn't faster to resolve some dns request(requests that are already in their cahce, and i think most of them i am surfing, are in cache ) through them since i have less than 10ms ping time to them, but more than 60ms response time to root servers??
Yes, localdomain.zone is the same as your sadovnjak.local. Localhost.zone is just the generic IP for every computer, localhost=home=127.0.0.1. The localhost file just states that.
If you feel comfortable using the DNS servers in your country, that's fine. It still is an unnecessary step, but if they have most of the zones you surf to in their cache, it probably will be faster. Still, if you ask for a zone that those servers don't know, or the cache on them has expired, then they go to the root/toplevel domain and look it up, making it slower in this case (again, 1 extra step).
I would never use a forwarder in DNS, and I very highly doubt as a human you notice the difference between 10 ms and 60 ms, but if you want to trust those DNS servers you certainly can.
Ok, you made your point... I'll give forwarders out.
but, do i need to add root(".")zone in named.conf?
like this?
Code:
zone "." IN {
type hint;
file "named.ca";
};
About localhost.zone: for what purpose is this zone(computer can ping himself withouth this, right, and it has no purpose for lan, right? Is it for nslookup and dig function?), and is this zone needed or not?
Yes, you will need the "." zone, as provided by named.ca in your distro's package.
You can ping localhost regardless, but BIND spits some errors if you don't have the localhost zone explicitly defined. That file should be listed in named.conf, and so should the root/hint zone.
You can use your forwarders if you feel comfortable with them. I didn't mean your config was evil or anything, I just don't see the point in having a nameserver that can't get all the way to the top of the chain itself.
acl sadovnjak-local { 10.10.10.0/24; 127.0/8; }; # nekako, da je to obseg ip-jev, ki jih lahko navajamo v tej datoteki
controls {
inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};
options {
directory "/var/named";
allow-query { sadovnjak-local; }; # doloci ip naslove, ki lahko delajo poizvedbe na imenskem strezniku
};
include "/etc/rndc.key";
#where BIND can get a list of TLD servers for the particular TLD
zone "." IN {
type hint;
file "named.ca";
};
#allows resolution of the name 'localhost' to the loopback address 127.0.0.1
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
#allows reverse mapping of the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
#to prevent really stupid queries from going past this server (The zero and broadcast stuff)
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
# Forward Zone for sadovnjak.local domain
zone "sadovnjak.local" IN {
type master; # pove, da je tale primarni imenski strežnik
file "sadovnjak.local.zone"; # v kateri datoteki so zapisi za to cono
allow-update { key "rndckey"; };
notify yes;
};
# Reverse Zone for sadovnjak.local domain
zone "10.10.10.in-addr.arpa" IN {
type master;
file "10.10.10.in-addr.arpa.zone"; # v kateri datoteki so zapisi za to cono
allow-update { key "rndckey"; };
notify yes;
};
i added root zone, localhost zone and additional
- 0.0.127.in-addr.arpa (reverse localhost) and
255.in-addr.arpa and
255.in-addr.arpa
Is now everything by pro standards?
Are this three additional zones ok? I found them in original conf file and did little google search.
content of this three zones is:
named.local
Code:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
named.broadcast
Code:
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
named.zero
Code:
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
are definitions in SOA ok in zone files?
everything else ok here?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
. At this point i wanted to install and config DDNS.
