named

YaaY · 11-13-2011, 05:25 AM

Hi,

I'm trying to configure a simple caching server and receive some errors wich I dond understand why.

The network I'm working in is like this :
Desktop (192.168.56.100) -> Server (192.168.56.10) -> Google's DNS (8.8.8.8)

named.conf :
[root@Server etc]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.56.0/24; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.1; 192.168.56.0/24; };
recursion yes;
forward only;
forwarders { 8.8.8.8; };

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";
};

view "localhost_resolver"
{
match-clients { localhost; };
recursion yes;

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

include "/etc/named.rfc1912.zones";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

when running nslookup :
[root@kickstartp1 etc]# nslookup www.google.com
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find www.google.com: SERVFAIL

In the messages file :
Nov 13 13:25:03 kickstartp1 named[3893]: error (chase DS servers) resolving 'com/DS/IN': 8.8.8.8#53
Nov 13 13:25:03 kickstartp1 named[3893]: error (no valid DS) resolving 'www.google.com/A/IN': 8.8.8.8#53
Nov 13 13:25:03 kickstartp1 named[3893]: error (chase DS servers) resolving 'com/DS/IN': 8.8.8.8#53
Nov 13 13:25:03 kickstartp1 named[3893]: error (no valid DS) resolving 'www.google.com/A/IN': 8.8.8.8#53

Any Idea ?
Thanks ahead.

lithos · 11-13-2011, 06:04 AM

yes,

try removing or disabling:

Code:

forward only;
forwarders { 8.8.8.8; };

because this is no IP address with DNS server,
you don't want or need this IP, use your ISP's DNS address or just don't use "forwarders" to try out if it works.

YaaY · 11-13-2011, 06:23 AM

Thanks - It works.

But I cant understand how the serve knows to forward the request ? to where does it forward it ?

lithos · 11-13-2011, 08:37 AM

well, it depends whether you have configured to your server
"/etc/resolv.conf"
nameserver 127.0.0.1 <-- means your 'localhost' to respond

or
nameserver 123.324.546.567 <-- your ISP's DNS IP (this is just an example IP)

then,
you configured your "named.conf" to use

Code:

# all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

which tells : for all other addresses go look at "named.ca".

I use the "root.cache" (or bind.cache or whatever you want to name it)
where it has all the root DNS servers addresses:

Code:

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jun 8, 2011
;       related version of root zone:   2011060800
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
; End of File

to find out other domains DNS servers, for example "somedomain.com" goes through this TOP level domain servers, which then resolve to the "somedomain.com" DNS IP (some of my basic explanation).

etc...

If you think that you find this solution appropriate, please use the Thread Tools - Mark the thread as Solved to "close" this thread.
Thank you.

YaaY · 11-14-2011, 01:30 AM

Thanks a lot, that does make a lot of sense.

But, the question is, if I don't want to use the root DNS servers and I want to use Google's instead (8.8.8.8), where do I put it ?

lithos · 11-14-2011, 06:22 AM

Well, I don't think Google has 'open' DNS servers (for anyone anywhere - except I think Google APPS) which in this case isn't 8.8.8.8 IP but something else
The IP 8.8.8.8
I think is the 'root's servers IP.

So if you want your DNS nameserver working, just leave that IP out and it will do it's work for any address name you need, because it will go asking root nameservers.

salasi · 11-14-2011, 03:00 PM

Err, oh yes they do, and oh yes it is (well, along with 8.8.4.4). See here.

And, the root servers don't tend to have snappy IP addresses (if that has any meaning):

Code:

A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

(Although, could easily be out of date by now - it is what my install says, and I haven't done anything to check, because that isn't where I get resolves from).