LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 04-27-2011, 01:00 AM   #1
edu kiai
LQ Newbie
 
Registered: Apr 2011
Posts: 2

Rep: Reputation: 0
Unhappy internal and external DNS configuration in RHEL5.3 or RHEL5.4


i configured dns RHEL5.3 as follows;

a) installed all bind-* packages including the caching-nameserver package.
b) copied sample config. files e.g.
# cp -rf /usr/share/doc/bind-9.3.6/sample/etc/* /etc
# cp -rf /usr/share/doc/bind-9.3.6/sample/var/named/* /var/named
c) disabled the ddns-key in the file /etc/named.conf and made entries specifying my internal DNS and zone files. file /etc/named.conf is as follows;

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";

};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";

// include "named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
#allow-update { key ddns_key; };
file "slaves/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};


###First internal zones####

zone "domain1.example.com" {
type master;
#allow-update { key ddns_key; };
file "domain1.example.com.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
};

##disable to enable starting caching only dns####
#key ddns_key
#{
# algorithm hmac-md5;
# secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};


view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

allow-query-cache { none; };
// Disable lookups for any cached data and root hints

// all views must contain the root hints zone:
include "/etc/named.root.hints";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};

d)Finally i came up with a zone file domain1.example.com.db as follows;

$TTL 600
@ IN SOA edu.domain1.example.com. root.edu.domain1.example.com. (
2011041901 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS edu.domain1.example.com.
edu 3600 IN A 192.168.1.249


www IN CNAME edu

e) testing the configuration from a remote machine is giving me the following error;

#dig @192.168.1.249 www.google.com

; <<>> DiG 9.3.4-P1 <<>> @192.168.1.249 www.google.com
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached

WHAT AM I DOING WRONG? I NEED URGENT ASSISTANCE PLEASE...
 
Old 04-27-2011, 02:08 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,396

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
is bind even running? That's a pretty basic thing to check and you've not mentioned it. Also firewall rules would be more than likely relevant.

btw. DON'T SHOUT AND DON'T DEMAND ANYTHING URGENTLY, IT'S JUST RUDE AND MAKES YOU LOOK DUMB AND IGNORANT.
 
1 members found this post helpful.
Old 04-27-2011, 06:08 AM   #3
edu kiai
LQ Newbie
 
Registered: Apr 2011
Posts: 2

Original Poster
Rep: Reputation: 0
Thank you for the reply, and i do apologise for my naively desperate but misunderstood plea.

i attempted the dns config. again on RHEL5.4 and got the following error when restarting named. it's the same output on file /var/log/messages.


[root@ns1 ~]# service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 2011042720
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
my.internal.zone.db:1: no TTL specified; using SOA MINTTL instead
zone my.internal.zone/IN: loaded serial 1
slaves/my.ddns.internal.zone.db:1: no TTL specified; using SOA MINTTL instead
zone my.ddns.internal.zone/IN: loaded serial 1
zone domain2.example.com/IN: loading master file domain2.example.com.db: file not found
internal/domain2.example.com/IN: file not found
my.external.zone.db:1: no TTL specified; using SOA MINTTL instead
zone my.external.zone/IN: loaded serial 1
[FAILED]

this is how i attempted configuration;

a) installed bind-* packages including caching-nameserver.
b) enabled named start on system boot;
# chkconfig named on
c) copied sample config. files;
# cp -rf /usr/share/doc/bind-9.3.6/sample/etc/* /etc

# cp -rf /usr/share/doc/bind-9.3.6/sample/var/named/* /var/named

d)Edited the following files as follows;

file /etc/named.conf

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";

};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";

// include "named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
#allow-update { key ddns_key; };
file "slaves/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};

zone "domain2.example.com" {
type master;
#allow-update { key ddns_key; };
file "domain2.example.com.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};


};

#
#key ddns_key
#{
# algorithm hmac-md5;
# secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
#
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { any; };
match-destinations { any; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

allow-query-cache { none; };
// Disable lookups for any cached data and root hints

// all views must contain the root hints zone:
include "/etc/named.root.hints";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};

file /var/named/domain2.example.com.db (for this zone file i copied the existing localhost.zone and edited it)

$TTL 86400
@ IN SOA ns1.domain2.example.com. root.ns1.domain2.example.com. (
2011042720 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS ns1.domain2.example.com.
ns1 IN A 192.168.1.250

file /etc/hosts, i appended the entry;

192.168.1.250 ns1.domain2.example.com ns1

file /etc/resolv.conf;

search domain1.example.com
nameserver 192.168.1.250

Kindly suggest how to solve this, and if possible, suggest a reliable documentation on how to configure the different types of dns servers on RHEL5.4. Thank you.
 
Old 04-27-2011, 06:15 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,396

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
You haven't made any reference to you having actually *read* the error messages you've pasted in.

Quote:
zone domain2.example.com/IN: loading master file domain2.example.com.db: file not found
That should be something you've read, understood and investigated.
 
Old 05-04-2011, 08:34 PM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,267

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Quote:
a) installed all bind-* packages including the caching-nameserver package.
which means you probably installed bind-chroot package, which is a good thing, but see this page for the implications
http://www.linuxtopia.org/online_boo...roduction-bind
Quote:
Note

If you have installed the bind-chroot package, the BIND service will run in the /var/named/chroot environment. All configuration files will be moved there. As such, named.conf will be located in /var/named/chroot/etc/named.conf, and so on.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Configuration help needed (RHEL5) dilseaniket Linux - Networking 2 09-07-2009 05:30 AM
SELinux: RHEL4 to RHEL5 rules migration - unknown type var_lib_t in RHEL5 zbiggy Red Hat 2 05-12-2009 03:14 AM
How to make one rhel5 server control passwords for several rhel5 servers. folkrm Linux - Newbie 3 03-11-2009 02:17 PM
RHEL5 - I have RHEL5 DVD , how i install ofice packages like SPREADSHEET ETC, bharath@linux Linux - Newbie 3 10-12-2008 02:24 PM
DNS configuration and configuration file in RHEL5 remo1225 Linux - Newbie 1 02-20-2008 04:25 AM


All times are GMT -5. The time now is 12:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration