LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Installing BIND Locally (https://www.linuxquestions.org/questions/linux-newbie-8/installing-bind-locally-4175475359/)

joeswat 08-30-2013 07:28 PM
Installing BIND Locally
 
I got BIND installed (CentOS) all is good I can do dns etc.

What I do want to do is install BIND (Dns) locally as we have 2 networks and I want only the intranet to work with that server. All I really need is 10.x.x.x/24 servers to do a dns lookups (BIND Dns Cache) and thats it.

Not sure what I need all to put in named.conf to get that all done.

Please if you could guide me bit through what I need to place in named.conf (I dont need a domain name) so I am assuming zone can be taken off?

So here it is what I got so far.
Code:
// /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; };  // I Tried placing ; any ;
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query    { localhost; 10.x.x.x/24; };
        allow-query-cache    { localhost; 10.x.x.x/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

zone "." IN {
        type hint;
        file "named.ca";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

include "/etc/named.rfc1912.zones";


It works locally on the server it self, but if I put this dns server on windows as (primary dns server) its not resolving. I get timeout..

Not sure what I am missing, iptables?


Thank you a lot!

bathory 08-31-2013 02:31 AM
Quote:
listen-on port 53 { 127.0.0.1; }; // I Tried placing ; any ;
listen-on-v6 port 53 { ::1; };
Remove or comment out the above lines, so named listens on all available interfaces. Of course if you want you can use the following:
Code:
      listen-on port 53 { 127.0.0.1; 10.x.y.z;};  // I Tried placing ; any ;
      listen-on-v6 port 53 { ::1; X:Y:Z;};
wher 10.x.y.z and X:Y:Z are the ipv4 and ipv6 addresses of your dns server.
Also check if your firewall blocks port 53 udp/tcp.
And better restrict recursion to your LAN using
Code:
allow-recursion {10.x.x.x/24; };
instead of
Quote:
recursion yes;
Regards

joeswat 09-01-2013 09:29 AM
Thank you, ill try.
One thing to mention is that the 10. is private network (does not go out) yet lets say 11.x network is going out through nat fw

FYI locally on server it works just fine

nslookup mydomain.com 10.x.x.x


All times are GMT -5. The time now is 11:32 PM.