Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have configured a DNS server in cent os 7 with IP 10.30.1.5 and allowed 10.0.0.0/24 full network. But my clients are having different ip addresses like 10.20.x.x, 10.29.x.x, 10.24.x.x, 10.22.x.x all with /24 subnet.But when I configured a client to use 10.20.x.x it is not able to communicate with server and says request timed out
/etc/named.conf
options {
# listen-on port 53 { 127.0.0.1; 10.30.1.5; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.0.0/24;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
view "internal" {
match-clients {localhost; 10.0.0.0/24;};
zone "." IN {
type hint;
file "named.ca";
};
zone "old.samp.com" IN {
type master;
file "for.samp.com";
allow-update { none; };
};
zone "1.30.10.in-addr.arpa" IN {
type master;
file "rev.samp.com";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};
/var/named/for.samp.com
$TTL 86400
@ IN SOA old.samp.com. root.old.samp.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS old.samp.com.
IN A 10.30.1.5
IN A 10.29.1.1
IN A 10.20.1.10
IN A 10.22.10.3
old IN A 10.30.1.5
cl1 IN A 10.29.1.1
cl2 IN A 10.20.1.10
cl3 IN A 10.22.10.3
/var/named/rev.samp.com
$TTL 86400
@ IN SOA old.samp.com. root.samp.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS old.samp.com.
IN PTR samp.com.
IN A 255.255.255.0
5 IN PTR old.samp.com.
1 IN PTR cl1.samp.com.
10 IN PTR cl2.samp.com.
3 IN PTR cl3.samp.com.
when dig from server
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 10.20.1.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40938
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;10.1.20.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
10.in-addr.arpa. 86400 IN SOA 10.in-addr.arpa. . 0 28800 7200 604800 86400
;; Query time: 0 msec
;; SERVER: 10.30.1.5#53(10.30.1.5)
;; WHEN: Wed Mar 04 10:52:22 EST 2015
;; MSG SIZE rcvd: 89
10.0.0.0/24 means it will allow only clients from 10.0.0.0 to 10.0.0.255. You really should be using 10.0.0.0/8 which will allow 10.0.0.0 to 10.255.255.255 as clients.
Also, why support IPV6 if you only allow the box to resolve for itself in IPV6? I would allow it to listen on all ports IPv4 and IPv6 were I you.
There may be more, this is just what caught my eye on the first glance.
I hope it helps.
Even after making the change as 10.0.0.0/8,the server is not able to output the answer. from client it says request timed out.
You did restart bind9 right? (just making sure)
Can you ping the server? do your clients and server have away to get to each other?
since your server is on 10.30.x.x and your clients aren't I am assuming the server and clients can talk to each other via gateway?
Yes, restarted the service and I can ping from server to client and viceversa. When I dig from the server the answer is not proper, the server only answers in the zone 10.30.1.x and not for other IP segments. When ping from client I get request timed out.
I found out the mistake I committed, went through the DNS manual; zone and zone file was not created for every different subnets. 10.30.1.x series clients were resolving as I have zone file but for 10.29.x.x, 10.20.x.x zone was not there so it was not able to resolve it. so my final config looks as below.
zone "old.samp.com" IN {
type master;
file "for.samp.com";
allow-update { none; };
};
zone "1.30.10.in-addr.arpa" IN {
type master;
file "rev.samp.com";
allow-update { none; };
};
zone "1.29.10.in-addr.arpa" IN {
type master;
file "29.samp.com";
allow-update { none; };
};
zone "1.20.10.in-addr.arpa" IN {
type master;
file "20.samp.com";
allow-update { none; };
};
created zone files for every subnet for reverse lookup. thanks for the support.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
