LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-03-2009, 03:52 PM   #1
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Rep: Reputation: 30
DNS Config Issues


I have moved my dns server in a different machine and installed Bind9 and dns utils.

The old server had Bind version 8 and I copied all configs and moved it to the new DNS server.

However reloading the configs of the new dns server returned an error:
* Reloading domain name service...bind rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.
[fail]

I have also check permissions and seems to be ok.

Please advise.

Cheers!
DB
 
Old 08-03-2009, 04:14 PM   #2
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Have you tried to make a new key?
 
Old 08-03-2009, 04:32 PM   #3
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by micxz View Post
Have you tried to make a new key?
Yes I did this:
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2

and inputted the new key in named.conf but still an error.

Thanks!
DB
 
Old 08-03-2009, 04:43 PM   #4
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
so your new key is in /etc and and in the conf hum.... Anything in the logs when you restart?
 
Old 08-03-2009, 05:02 PM   #5
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
New key is in rndc.conf and named.conf ?
 
Old 08-03-2009, 06:14 PM   #6
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by micxz View Post
so your new key is in /etc and and in the conf hum.... Anything in the logs when you restart?
I dont see any in /var/log/messages.

Any other logs that I should be aware about?

Thanks.
 
Old 08-03-2009, 06:33 PM   #7
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
This will depend on how syslog is setup. On my system it is named logs to messages.
Anything else you can post maybe named.conf
 
Old 08-05-2009, 12:27 PM   #8
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by micxz View Post
This will depend on how syslog is setup. On my system it is named logs to messages.
Anything else you can post maybe named.conf
Ok I got this going, didnt know that I have to restart the entire server in order to work properly (didnt say in the instructions). But i finally got the new dns server running in our network.

Now I have two primaries svr-dns1 (old dns) and svr-dns1.1 (new dns). I am planning to totally retire svr-dns1 and replace it with svr-dns1.1 but here's the problem.

While testing the svr-dns1.1 with a couple of client machines and pointed them to the new dns, the machines werent able to go out of the internet. After further research it turned out that I can ping IP addresses internal and external but not by names.

So accessing linuxquestions.org by name - no go but accessing it by it's ip address - yes. Same thing by accessing internal hosts im unable to access them by names.

Can someone give me an idea or point me to the right direction on how to resolve this?

Thanks!
DB
 
Old 08-05-2009, 07:39 PM   #9
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
These are linux clients? You should put in the DNS IP's given by your ISP and put them in /etc/resolv.conf
 
Old 08-07-2009, 12:31 PM   #10
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by micxz View Post
These are linux clients? You should put in the DNS IP's given by your ISP and put them in /etc/resolv.conf
Actually these are a mix of linux and windows machines.

Yes I confirmed resolv.conf and all pertinent ips are set in there.

Also I noticed that when I assign a static IP in one of the machines using this new DNS server, they wont go out the internet by name (i.e.linuxquestions.org) or any websites nor i cannot ping them by name - but I can successfully ping/access by IP.

So basically it works only via IP address.

Any advise on what else to look for?

Cheers!
 
Old 08-07-2009, 03:54 PM   #11
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
I assigned an IP address (10.10.1.33) the same subnet this test machine is on - this went just fine can resolve hosts by names but only can resolve names within its subnet.

However crossing on to another subnet and pinging machines wont resolve by name.

Any ideas?
 
Old 08-07-2009, 04:23 PM   #12
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Quote:
Originally Posted by deibertine View Post
only can resolve names within its subnet.
This may be a "hosts" file doing it's work. As for the new name server not working I'm not sure why. Is there a firewall blocking the new server from making queries (port 53) possibly. You can have named log better and watch that as you test.
 
Old 08-10-2009, 02:37 PM   #13
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by micxz View Post
This may be a "hosts" file doing it's work. As for the new name server not working I'm not sure why. Is there a firewall blocking the new server from making queries (port 53) possibly. You can have named log better and watch that as you test.
I dont know, but basically this new DNS server is not serving up multiple subnets.

Bind doesnt work across subnets having this DNS server statically inputted in a client machine.

It resolves names within its subnet but not outside its range.
 
Old 08-10-2009, 03:16 PM   #14
settntrenz
Member
 
Registered: Aug 2009
Location: Orlando, Florida
Distribution: RHEL, Ubuntu
Posts: 49

Rep: Reputation: 19
Quote:
Originally Posted by deibertine View Post
I dont know, but basically this new DNS server is not serving up multiple subnets.

Bind doesnt work across subnets having this DNS server statically inputted in a client machine.

It resolves names within its subnet but not outside its range.
Basically, what is happening is that BIND is preventing your server from acting as a caching name server for any host that tries to connect to it. You need to implicitly define which subnets can recursively query the server. In order to do this, you will need to edit named.conf and add pertinent networks to the allow-query {} and allow-recursion {} sections.

http://www.zytrax.com/books/dns/ch7/queries.html has more details.

Last edited by settntrenz; 08-10-2009 at 03:22 PM.
 
Old 08-11-2009, 12:24 AM   #15
deibertine
Member
 
Registered: Mar 2009
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by settntrenz View Post
Basically, what is happening is that BIND is preventing your server from acting as a caching name server for any host that tries to connect to it. You need to implicitly define which subnets can recursively query the server. In order to do this, you will need to edit named.conf and add pertinent networks to the allow-query {} and allow-recursion {} sections.

http://www.zytrax.com/books/dns/ch7/queries.html has more details.
Thanks for the post, I guess this is where I'm confused about...
As stated on my previous posts, I just basically replicated all old configs from the old DNS server and copied them over into this new DNS server.

Eventually this new server will take over the primary function and the old primary will then be retired.

Can you please tell me on which part I'm missing in my named.conf file.

options {
directory "/etc/bind";
dump-file "/etc/bind/data/cache_dump.db";
statistics-file "/etc/bind/data/named_stats.txt";
allow-transfer { 10.10.1.4; };
/*
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "csaa.com" IN {
type master;
file "pri.csaa.com";
allow-update { none; };
};

zone "nv.csaa.com" IN {
type master;
file "pri.nv.csaa.com";
allow-update { none; };
};

zone "sf.csaa.com" IN {
type master;
file "pri.sf.csaa.com";
allow-update { none; };
};

zone "ca.csaa.com" IN {
type master;
file "pri.ca.csaa.com";
allow-update { none; };
};

zone "vpn.csaa.com" IN {
type master;
file "pri.vpn.csaa.com";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

zone "1.11.10.in-addr.arpa" IN {
type master;
file "pri.1.10.10.in-addr.arpa";
allow-update { none; };
};

zone "12.10.10.in-addr.arpa" IN {
type master;
file "pri.12.10.10.in-addr.arpa";
allow-update { none; };
};

zone "10.10.10.in-addr.arpa" IN {
type master;
file "pri.10.10.10.in-addr.arpa";
allow-update { none; };
};

zone "13.10.10.in-addr.arpa" IN {
type master;
file "pri.13.10.10.in-addr.arpa";
allow-update { none; };
};

zone "11.10.10.in-addr.arpa" IN {
type master;
file "pri.11.10.10.in-addr.arpa";
allow-update { none; };
};

zone "8.10.10.in-addr.arpa" IN {
type master;
file "pri.8.10.10.in-addr.arpa";
allow-update { none; };
};

zone "6.10.10.in-addr.arpa" IN {
type master;
file "pri.6.10.10.in-addr.arpa";
allow-update { none; };
};

zone "7.10.10.in-addr.arpa" IN {
type master;
file "pri.7.10.10.in-addr.arpa";
allow-update { none; };
};

include "/etc/bind/rndc.key";

Cheers,
DB
 
  


Reply

Tags
bind, dns, named


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dns issues - seems to be skipping my dns server... freefall235 Linux - Server 2 06-29-2007 10:39 AM
Sendmail - Config for IP Block's & Config Issues Thom_Redhat Linux - Software 1 04-07-2006 01:29 PM
lame dns servers etc and general dns issues suse_linux9.1 Linux - Networking 3 06-01-2004 01:50 PM
Help with DNS config garrepi Linux - Networking 3 09-24-2002 03:45 AM


All times are GMT -5. The time now is 05:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration