Reverse DNS problems

ninjaz · 09-22-2006, 11:04 PM

I just recently set up a DNS server and I'm having problems with it trying to resolve internal ip addresses. As of right now everything seems to be working ok except for when I try to ping a box or telnet to a router by the name it can't find it unless I type the domain along with it. For instance:
typing hostname.domain.net works fine however,
typing hostname results in nothing.

I had it setup where it would do it once before but the box got hosed and now I have to start from scratch and don't remember how I had it set up from before.

Reverse domain:
$ttl 38400
0.0.10.in-addr.arpa. IN SOA Boss.Saleen.net.
. (
1158883990
10800
3600
604800
38400 )
0.0.10.in-addr.arpa. IN NS dns.saleen.net.
1.0.0.10.in-addr.arpa. IN PTR saleen2611.
2.0.0.10.in-addr.arpa. IN PTR saleenwap.
3.0.0.10.in-addr.arpa. IN PTR saleen2950.
4.0.0.10.in-addr.arpa. IN PTR saleen1901.
5.0.0.10.in-addr.arpa. IN PTR saleen1902.
6.0.0.10.in-addr.arpa. IN PTR saleen2503.
11.0.0.10.in-addr.arpa. IN PTR dns.saleen.net.
10.0.0.10.in-addr.arpa. IN PTR shelby.

Forward domain:
$ttl 38400
Saleen.net. IN SOA Boss.Saleen.net. (
1158884078
10800
3600
604800
38400 )
Saleen.net. IN NS Boss.Saleen.net.
saleen2611.Saleen.net. IN A 10.0.0.1
saleenwap.Saleen.net. IN A 10.0.0.2
saleen2950.Saleen.net. IN A 10.0.0.3
saleen1901.Saleen.net. IN A 10.0.0.4
saleen1902.Saleen.net. IN A 10.0.0.5
saleen2503.Saleen.net. IN A 10.0.0.6
shelby.Saleen.net. IN A 10.0.0.10
boss.Saleen.net. IN A 10.0.0.11
10.0.0.1.Saleen.net. IN PTR saleen2611

config file:
//
// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
forwarders {
24.247.24.53;
24.247.15.53;
};
forward first;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; rndc-key; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
{
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

include "/etc/rndc.key";
zone "0.0.10.in-addr.arpa" {
type master;
file "/var/named/10.0.0.rev";
};
zone "Saleen.net" {
type master;
file "/var/named/Saleen.net.hosts";
};
key rndc-key {
algorithm hmac-md5;
secret "itsMySecret";
};

Thanks in advance.

hob · 09-23-2006, 07:26 AM

I think that this a client issue: you may need to specify a default domain on the client in order to use hostnames without a domain. On Linux this may be manually set in /etc/resolv.conf, but the default search domain probably ought to be issued by DHCP if the system uses it.

ninjaz · 09-23-2006, 07:56 AM

Its all specified by the my DHCP server.

hob · 09-23-2006, 09:40 AM

Try using nslookup to see what happens. If nslookup for a registered system on your network without a domain name result in NXDOMAIN I would double-check that the both the DNS server and the clients have the correct search domain set. Since a lookup by FQDN succeeds, DNS itself is probably operating correctly.

ninjaz · 09-23-2006, 10:32 AM

nslookup saleen2611.saleen.net
Server: dns.saleen.net
Address: 10.0.0.11

Name: saleen2611.saleen.net
Address: 10.0.0.1

nslookup saleen2950.saleen.net
Server: dns.saleen.net
Address: 10.0.0.11

Name: saleen2950.saleen.net
Address: 10.0.0.3

nslookup saleen2950
Server: dns.saleen.net
Address: 10.0.0.11

*** dns.saleen.net can't find saleen2950: Non-existent domain

more /etc/resolv.conf
search dns.saleen.net
nameserver 10.0.0.11

I hope that was the results you were looking for. If it's the problem you're suggesting I don't know the steps on how to correct it. Thanks for your help so far.

hob · 09-23-2006, 01:39 PM

The "search" setting in /etc/resolv.conf needs to specify the domain name, rather than the DNS server, e.g.:

search saleen.net
nameserver 10.0.0.11

I would also remove the "forwarders-first" directive in named.conf, and set up the DNS servers in the /etc/resolv.conf of your DNS server instead, like this:

nameserver 127.0.0.1
nameserver 24.247.24.53
nameserver 24.247.15.53
search saleen.net

Although this isn't likely to be the issue, you probably ought to use lowercase for names of hosts and domains. Although DNS will cope, the fact that UNIX systems are case-sensitive means that names like Boss.Saleen.net may cause problems later. For example, I've had mail systems break because of issues with case-sensitivity.

rhoekstra · 09-24-2006, 05:52 AM

Additionally, I would add the domain to the hostnames in the reverse lookup domain. eg:

Code:

6.0.0.10.in-addr.arpa. IN PTR saleen2503.saleen.net

and so on

ninjaz · 09-24-2006, 10:39 AM

Well half of it is working now. The Linux server is now able to resolve the host names but my Windows clients are not. Is it something with my dhcp server?

/etc/dhcp.conf
ddns-updates on;
server-name "dns.saleen.net";
max-lease-time 691200;
default-lease-time 604800;
use-host-decl-names on;
option broadcast-address 10.0.0.255;
authoritative;
allow client-updates;
allow unknown-clients;
ddns-update-style interim;
option netbios-name-servers 10.0.0.10;
option ntp-servers 10.0.0.11;
option domain-name-servers 10.0.0.11;
option subnet-mask 255.255.255.0;
option routers 10.0.0.1;
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
# Shelby
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.1 10.0.0.20;
}
key rndckey {
secret MySecret;
algorithm hmac-md5;
}
zone Saleen.net. {
primary 10.0.0.11;
key rndckey;
}

rhoekstra · 09-24-2006, 04:06 PM

Well, I see some differences with my setup.. Here's mine that works fine.. I think I can see what's wrong in your config... namely.. what domain does your dhcp server distribute??? None, apparently..

Code:

ddns-update-style interim;
option domain-name "hoekstra.local";
option domain-name-servers 192.168.0.254;
option netbios-name-servers 192.168.0.254;
option netbios-node-type 8;
option smtp-server 192.168.0.254;
default-lease-time 172800;
max-lease-time 172800;
ignore client-updates;

key updatekey {
  algorithm hmac-md5;
  secret "cestmonsecret";
}

zone hoekstra.local. {
  primary 127.0.0.1;
  key updatekey;
}

zone 0.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key updatekey;
}

subnet 192.168.0.0 netmask 255.255.255.0
{ range 192.168.0.231 192.168.0.250;
  option routers 192.168.0.254;
  authoritative;

  host one {
    hardware ethernet 00:11:22:33:44:55;
    fixed-address one.hoekstra.local;
  }

  host two {
    hardware ethernet 11:22:33:44:55:66;
    fixed-address two.hoekstra.local;
  }


}

ninjaz · 09-25-2006, 02:08 PM

I tried adding what have in your config file compared to mine and it still does not work

SELinux wouldn't have anything to do with it would it?

ninjaz · 09-25-2006, 06:17 PM

Its working now. I dumped them and started it over from scratch. Thanks to the both of you for your help.

rhoekstra · 09-26-2006, 02:59 AM

Glad to be of help

Cheers,