Problem with BIND - Can't resolve hostnames unless listen-on is set to the IP range

GD_19 · 07-03-2005, 08:00 PM

Hi,

I'd never run into problems with BIND before. Well, OK, I have run into problem with BIND numerous times but this one is a bit wierd... The server can resolve hostnames properly (with /etc/resolv.conf pointing to 127.0.0.1) but other computers on the same (private) subnet cannot.

At first I thought that maybe I should set allow-query to "any". This didn't work.

What did work however, was including my subnet in the listen-on configuration option:

Code:

        listen-on-v6 { none; };
        listen-on { 10.2.24.0/27; 127.0.0.1; };

This just doesn't make sense though! Listen-on is supposed to bind the local named process to a specific port/IP address (I think) so that multiple virtual name servers can be set up on the same machine (by using IP aliases and/or multiple interfaces if the former is not possible)

Here's my named.conf config anyway (in fact it's the default one after emerging BIND in gentoo. And yes, I did uncomment the allow-query part when testing)

Code:

options {
        directory "/var/bind";

        // uncomment the following lines to turn on DNS forwarding,
        // and change the forwarding ip address(es) :
        //forward first;
        //forwarders {
        //      123.123.123.123;
        //      123.123.123.123;
        //};

        listen-on-v6 { none; };
        listen-on { 10.2.24.0/27; 127.0.0.1; };

        // to allow only specific hosts to use the DNS server:
        // allow-query {
        // any;
        // };

        // if you have problems and are behind a firewall:
        //query-source address * port 53;
        pid-file "/var/run/named/named.pid";
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};

Thanks!
George

scowles · 07-03-2005, 08:27 PM

listen-on { 10.2.24.0/27; 127.0.0.1; };

I have always specifed the ip address for the listen-on statement.

Do the other hosts ip addresses on your lan IP fall within .1 ->30...

Code:

[root@excelsior etc]# ipcalc --netmask --network --broadcast 10.2.24.0/27
NETMASK=255.255.255.224
BROADCAST=10.2.24.31
NETWORK=10.2.24.0
[root@excelsior etc]#

What is the output of "netstat -rn" ? How about on the other hosts? Do the ip/network/netmask addresses match?

GD_19 · 07-07-2005, 04:56 PM

Thanks for your answer

I consider it highly unlikely to be a routing/subneting problem. Yes all hosts fall into the 10.2.24.0/27 subnet.
Here's the output of netstat -rn:

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
213.142.137.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0
10.2.24.0 0.0.0.0 255.255.255.224 U 0 0 0 eth1
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
0.0.0.0 213.142.137.144 0.0.0.0 UG 0 0 0 eth0

And if there were a problem with hosts not being part of the same subnet, then why did the listen-on statement solve the problem? The question is, why is it that I have to set listen-on to my subnet range?