LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-29-2010, 08:24 PM   #1
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Rep: Reputation: 0
Unhappy DNS forwarders setup not working


Hi,

I am trying to setup a DNS server; where any names that can't be resolved would be forwarded to another server. In my local server, in the named.conf file, under options; I added the forwarders address as follows:

forwarders {
1.1.1.1;
};

The 1.1.1.1 above should have resolution for any outside addresses like yahoo.com and google.com ...etc

However, when I tried to ping yahoo.com from one of my internal machines, I couldn't get to yahoo.com.

What am I doing wrong? Please help.
 
Old 10-30-2010, 04:33 AM   #2
f14f21_2
LQ Newbie
 
Registered: Oct 2010
Posts: 19

Rep: Reputation: 1
Quote:
Originally Posted by babami View Post
Hi,

I am trying to setup a DNS server; where any names that can't be resolved would be forwarded to another server. In my local server, in the named.conf file, under options; I added the forwarders address as follows:

forwarders {
1.1.1.1;
};

The 1.1.1.1 above should have resolution for any outside addresses like yahoo.com and google.com ...etc

However, when I tried to ping yahoo.com from one of my internal machines, I couldn't get to yahoo.com.

What am I doing wrong? Please help.
give me output of following commands :

i suppose your dns server ip addr is 10.10.10.11/24

at ur DNS server
#dig @4.2.2.4 google.com

at one of your lan computer except dns server :
#ping 10.10.10.11
#dog @10.10.10.11 google.com
 
Old 10-30-2010, 04:33 AM   #3
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Hi,

You should add
Code:
forward first;
so your nameserver will forward the query to 1.1.1.1 before trying to answer by itself.

Regards
 
Old 10-30-2010, 10:35 AM   #4
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Bathory - thanks for the suggestion; I tried adding "forward first", but it didn't work.

Let me try explaining better:

1. I have a client computer
2. I have server A - IP is: 2.2.2.2 (just an example)
3. I have server B - IP is 1.1.1.1 (just an example)

In client A; if I put the IP of server A in the resolv.conf (nameserver 2.2.2.2), I could ping all the local domain names (eg: mydomain.com...etc).

Also, in client A; if I put the IP of server B in the resolv.conf (nameserver 1.1.1.1), I could ping yahoo.com, google.com (all external domains).

However, if I define nameserver 2.2.2.2 in the resolv.conf of client A, and on 2.2.2.2 server (in named.conf) setup my forwarders as follows:

forward first;
forwarders {
1.1.1.1;
};


I could only ping the local domains,but can't ping yahoo.com or any other external networks.

Please help.

Thanks.

Last edited by babami; 10-30-2010 at 10:49 AM.
 
Old 10-30-2010, 12:06 PM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Hi,

You should give more details about those A and B servers.
I guess that 2.2.2.2 is (a local dns) authoritative for your domain and 1.1.1.1 is a forwarder (your ISP dns or a caching dns).
If that's the case you can add the hint zone (aka ".") in 2.2.2.2 and remove the forward stuff. E.g in named.conf use:
Code:
zone "." {
        type hint;
        file "root.cache";
        };

zone "mydomain.com" {
        type master;
        file "mydomain.db";
        };
You can also have a look here, for the various types of name servers to see how you can combine them for your case.

Regards

Last edited by bathory; 10-30-2010 at 02:35 PM. Reason: missining link
 
Old 10-30-2010, 01:30 PM   #6
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Bathory; You understood correctly. The 1.1.1.1 forwards all the ISP requests, and 2.2.2.2 is my local dns, which forwards all ISP requests to 1.1.1.1.

If I remove the forward declaration in 2.2.2.2, how does it know to forward my ISP requests to 1.1.1.1? This is all new to me, so please help me understand a little more.

Thanks for your time.
 
Old 10-30-2010, 01:49 PM   #7
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Here is my named.conf file.
================
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "my-web.com" {
type master;
notify no;
allow-query { any; 127.0.0.1; };
file "my-web.com";
};

zone "192.168.1.in-addr.arpa" {
type master;
notify no;
allow-query { any; };
file "192-168-1.zone";
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
=================================

Thanks
 
Old 10-30-2010, 02:35 PM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Hi,

That is what the hint zone does. It has a list of root servers, that your server can ask to resolve domain it's not authoritative for.
Did you try to resolve external domains using your dns as the resolver?
 
Old 10-30-2010, 08:32 PM   #9
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
No, all I did was change my resolv.conf in the host to directly point to my external server (server B), and I was able to reach external domains, such as yahoo and google.

for example:

nameserver 1.1.1.1

What I really want to do change resolv.conf in my host to point to 2.2.2.2 (server A), and have it forward my request to 1.1.1.1 (server B)

for example:

nameserver 2.2.2.2

Then in my named.conf file on server A, I want to add a directive, such that any requests it can't resolve, it sends it to 1.1.1.1 (my external server)

I hope this helps to clarify what I am trying to do?

Thanks again
 
Old 10-31-2010, 05:27 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Hi,

Use 2.2.2.2 in client's /etc/resolv.conf and use the /etc/named.conf from post #7 for the nameserver configuration.
This way the nameserver can resolve your domain and ask the upsteram nameservers for the external domains it can't resolve using the hint zone.

If you, for some reason, cannot use the hint zone and need to use only 1.1.1.1 then you have to add a null forwarders for your zone(s). E.g.
Code:
zone "my-web.com" {
      type master;
      notify no;
      allow-query { any; 127.0.0.1; };
      file "my-web.com";
      forwarders {};
};
Some other things you need to change:
I don't think you need the allow-query options.
Also you should remove the "recursion yes" from the global options and use:
Code:
allow-recursion {
                127.0.0.1;
                192.168.1.0/24;
      };
The reverse zone name is wrong. It should be zone "1.168.192.in-addr.arpa"

Regards

Last edited by bathory; 10-31-2010 at 06:26 PM.
 
Old 10-31-2010, 04:40 PM   #11
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Thumbs up Thanks for putting in all the time to help

Bathory,

Thank you for puting in so much time to help me out. I will try these tomorrow, and let you know the result.

Thanks again.
 
Old 10-31-2010, 06:01 PM   #12
babami
LQ Newbie
 
Registered: Oct 2009
Posts: 11

Original Poster
Rep: Reputation: 0
Bathory,

Well, I couldn't wait till tomorrow to try this out; I came in the office and tried it. It works!
Can't find the words to express my gratitude.

Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Could not set forwarders for zone '.'. Error dalvis Linux - Server 2 10-02-2008 05:44 PM
BIND/DNS setup working(kinda) yah0m Linux - Networking 2 09-25-2008 10:30 AM
DNS forwarders not working lapthorn Linux - Networking 4 06-21-2008 02:19 PM
Update DNS forwarders in named.conf automatically? linuxuser2005 Linux - Networking 3 08-21-2004 04:26 PM
DNS forwarders and A-Records fquinteros Linux - Networking 1 08-23-2003 06:12 AM


All times are GMT -5. The time now is 04:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration