LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page BIND9 - I can resolve all hosts but not internal domain
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-05-2009, 03:43 PM   #1
todd_dsm
LQ Newbie
 
Registered: Oct 2007
Location: Des Moines, IA
Distribution: Slacware 12
Posts: 23

Rep: Reputation: 16
BIND9 - I can resolve all hosts but not internal domain

Hey all, I can resolve all internal hosts but not the domain it's self. I'm no expert but it seems to be working aside from that. This is on a CentOS 5.3 server with all BIND9 with all updates, a chrooted env, and no caching-only package. Example:
Code:
# nslookup zmail
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   zmail.ptest.us
Address: 10.0.0.14

# nslookup 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

1.0.0.127.in-addr.arpa  name = localhost.
   (you get the idea)
But when I lookup only the domain I get no answer:
Code:
# nslookup ptest.us
Server:         127.0.0.1
Address:        127.0.0.1#53

*** Can't find ptest.us: No answer
Here are my configuration files:
Code:
# cat /var/named/chroot/etc/named.conf
// Allow queries from the corporate subnet
acl "corpnets" { localhost; localnets; };
options {
        directory "/var/named";      // Working directory
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        forwarders { 216.51.246.11; 216.51.246.12; };
        allow-query { corpnets; };
};
// Provide a reverse mapping for the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
     type master;
     file "named.local";
     notify no;
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "ptest.us" IN {
        type master;
        file "ptest.us.zone";
};

zone "0.0.10.in-addr.arpa" IN {
        type master;
        file "10.0.0.zone";
};

include "/etc/rndc.key";
---

# cat /var/named/chroot/var/named/ptest.us.zone
$TTL    86400
@ IN    SOA     zmail.ptest.us. root.ptest.us. (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           10.0.0.14
                IN MX   10      10.0.0.14
vault           IN A            10.0.0.10
base            IN A            10.0.0.12
slack           IN A            10.0.0.13
zmail           IN A            10.0.0.14
lilt            IN A            10.0.0.15
mini            IN A            10.0.0.16
mail            IN CNAME        zmail
---
# cat /var/named/chroot/var/named/10.0.0.zone
$TTL 1H
@       SOA     zmail.ptest.us. root.zmail.ptest.us. (
                                                42      ; serial
                                                3H      ; refresh
                                                15M     ; retry
                                                1W      ; expiry
                                                1D )    ; minimum
                NS              zmail.ptest.us.
10              PTR             vault.ptest.us.
12              PTR             base.ptest.us.
13              PTR             slack.ptest.us.
14              PTR             zmail.ptest.us.
15              PTR             lilt.ptest.us.
16              PTR             mini.ptest.us.
If anyone can tell me what I'm doing wrong I would greatly appreciate it. Thanks in advance - T
Last edited by todd_dsm; 04-05-2009 at 03:44 PM.
 
Old 04-05-2009, 04:13 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Add the following in the zone file (/var/named/chroot/var/named/ptest.us.zone)
Code:
ptest.us. ΙΝ Α xx.xx.xx.xx
where xx.xx.xx.xx is the IP you want your domain to resolve.
 
Old 04-06-2009, 08:32 AM   #3
todd_dsm
LQ Newbie
 
Registered: Oct 2007
Location: Des Moines, IA
Distribution: Slacware 12
Posts: 23

Original Poster
Rep: Reputation: 16
BIND9 - I can resolve all hosts but not internal domain / SOLVED
Thank you bathory! I had tried this before but I didn't include the trailing . (dot) at the end of the domain. It works now and the trailing dot on the domain is what made all the difference.

Before:
Code:
# cat /var/named/chroot/var/named/ptest.us.zone
$TTL    86400
@ IN    SOA     zmail.ptest.us. root.ptest.us. (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           10.0.0.14
                IN MX   10      10.0.0.14
vault           IN A            10.0.0.10
base            IN A            10.0.0.12
slack           IN A            10.0.0.13
zmail           IN A            10.0.0.14
lilt            IN A            10.0.0.15
mini            IN A            10.0.0.16
mail            IN CNAME        zmail
After:
Code:
# cat ptest.us.zone
$TTL    86400
@ IN    SOA     zmail.ptest.us. root.ptest.us. (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           10.0.0.14
                IN MX   10      10.0.0.14
vault           IN A            10.0.0.10
base            IN A            10.0.0.12
slack           IN A            10.0.0.13
zmail           IN A            10.0.0.14
lilt            IN A            10.0.0.15
mini            IN A            10.0.0.16
mail            IN CNAME        zmail
ptest.us.       IN A            10.0.0.14
        ^<-don't forget the dot :)
Now my nslookup returns the correct internal address:
Code:
# service named restart
# service network restart
# nslookup ptest.us
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   ptest.us
Address: 10.0.0.14
Last edited by todd_dsm; 04-06-2009 at 08:36 AM.
 
Old 04-06-2009, 09:02 AM   #4
todd_dsm
LQ Newbie
 
Registered: Oct 2007
Location: Des Moines, IA
Distribution: Slacware 12
Posts: 23

Original Poster
Rep: Reputation: 16
BIND9 - Resolver is going outside first, Internal resolution should be first
I thought this would solve my problem. It didn't.


Unfortunately, on my hunt last night for the answer, I found another post that said nslookup was nearly useless and that dig should be used.

My problem is that when installing Zimbra, the the Zimbra installer needs to see my internal MX record and it's not able to. Using dig shows me why:

Code:
# dig ptest.us +trace

; <<>> DiG 9.3.4-P1 <<>> ptest.us +trace
;; global options:  printcmd
.                       517575  IN      NS      I.ROOT-SERVERS.NET.
.                       517575  IN      NS      J.ROOT-SERVERS.NET.
.                       517575  IN      NS      K.ROOT-SERVERS.NET.
.                       517575  IN      NS      L.ROOT-SERVERS.NET.
.                       517575  IN      NS      M.ROOT-SERVERS.NET.
.                       517575  IN      NS      A.ROOT-SERVERS.NET.
.                       517575  IN      NS      B.ROOT-SERVERS.NET.
.                       517575  IN      NS      C.ROOT-SERVERS.NET.
.                       517575  IN      NS      D.ROOT-SERVERS.NET.
.                       517575  IN      NS      E.ROOT-SERVERS.NET.
.                       517575  IN      NS      F.ROOT-SERVERS.NET.
.                       517575  IN      NS      G.ROOT-SERVERS.NET.
.                       517575  IN      NS      H.ROOT-SERVERS.NET.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

us.                     172800  IN      NS      I.GTLD.BIZ.
us.                     172800  IN      NS      J.GTLD.BIZ.
us.                     172800  IN      NS      K.GTLD.BIZ.
us.                     172800  IN      NS      A.GTLD.BIZ.
us.                     172800  IN      NS      B.GTLD.BIZ.
us.                     172800  IN      NS      C.GTLD.BIZ.
;; Received 294 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 81 ms

ptest.us.               7200    IN      NS      NS07.DOMAINCONTROL.COM.
ptest.us.               7200    IN      NS      NS08.DOMAINCONTROL.COM.
;; Received 81 bytes from 156.154.96.126#53(I.GTLD.BIZ) in 92 ms

ptest.us.               3600    IN      A       66.43.220.149
ptest.us.               3600    IN      NS      ns07.domaincontrol.com.
ptest.us.               3600    IN      NS      ns08.domaincontrol.com.
;; Received 97 bytes from 216.69.185.4#53(NS07.DOMAINCONTROL.COM) in 80 ms
The above output shows that I'm going outside (somehow) for my resolution. I checked my resolve.conf to see why:
Code:
# cat /etc/resolv.conf
domain ptest.us
search ptest.us
If no ip-address is specified it should use 127.0.0.1. The above output shows that it is:
";; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms"

So, I removed the forwarders line from my named.conf and restarted the services:
Code:
# cat named.conf
// Allow queries from the corporate subnet
acl "corpnets" { localhost; localnets; };
options {
        directory "/var/named";      // Working directory
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-query { corpnets; };
};

# service named restart
# service network restart
# dig ptest.us +trace
I received the same output from dig again. What I need to do is keep resolution internal until there can be no resolution, then go outside for all requests that cannot be satisfied internally.

What am I doing wrong?
Last edited by todd_dsm; 04-06-2009 at 09:09 AM. Reason: didn't enter title - whoops!
 
Old 04-06-2009, 09:26 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Add your nameserver in /etc/resolv.conf
Code:
# cat /etc/resolv.conf
domain ptest.us
#search ptest.us  <--You don't need both domain and search
nameserver 127.0.0.1
Running dig +trace, does a recursive lookup starting from the root servers down to your domain. As I see you don't have a hint zone "." , bind uses a built-in one
Quote:
hint The initial set of root-servers is defined using a hint zone. When the server starts up it uses the hints zone file to find a root name server and get the most recent list of root name servers. If no hint zone is specified for class IN, the server uses a compiled-in default set of root servers. Classes other than IN have no built-in defaults hints. 'hint' zone files are covered in more detail under required zones.
Last edited by bathory; 04-06-2009 at 10:34 AM.
 
Old 04-06-2009, 09:11 PM   #6
todd_dsm
LQ Newbie
 
Registered: Oct 2007
Location: Des Moines, IA
Distribution: Slacware 12
Posts: 23

Original Poster
Rep: Reputation: 16
You are correct. After consulting the Oreilly 'DNS and BIND' book (again) it turns out that the suggestions you made are right. I've compared these modifications to the files of others that were kind enough to share.

The MX record discovery script on the part of the Zimbra installer is a bit off. The admin shouldn't have make any modifications to named.conf or the zone files past what 'dig' finds to be acceptable. Dig shows a net result of your named configuration with RFC compliance. I will just use a work around for the installer instead. Thank you for your help Bathory.
Last edited by todd_dsm; 04-06-2009 at 09:18 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure so I don't need to type domain name or FQDN for same domain hosts? lumix Linux - Newbie 1 05-22-2008 07:59 PM
DNS http:domain.com resolve to www.domain.com keysorsoze Linux - Networking 3 02-12-2007 03:03 AM
Bind9 and An Internal Website BorgKiller *BSD 4 05-28-2006 11:10 PM
External Hosts Resolve but Local Hosts Do Not kjm9 Linux - Networking 7 11-19-2005 03:51 PM
what would make ever virtual domain name resolve to one domain name on my system kuplo Linux - Newbie 1 11-14-2005 06:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:17 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration