LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 12-12-2009, 01:33 PM   #1
Vimuth
Member
 
Registered: Sep 2009
Posts: 59

Rep: Reputation: 15
Unhappy bind9 server fails to resolve locally


Im a newbie and I configured my first bind server on my home network. when I try to dig the dns server by just being in it none get resolved. but when I do this from another machine in my network it resolves.

DNS server- 192.168.1.12
box1 -192.168.1.9
box2 - 192.168.1.7

when i dig from box1
dig @192.168.1.12 box2.mynet.internal --> it resolves the address of box2
when i dig from box2
dig @192.168.1.12 box1.mynet.internal --> it resolves the address of box1

BUT
When I dig from DNS server by being logged in it
dig box1.mynet.internal --> Nothings getting resolved. Number of answers=0

Here's how my dns servers /etc/resolv.conf looks
nameserver 127.0.0.1
nameserver 192.168.1.12

PLease help out
 
Old 12-12-2009, 03:32 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Hi,

Could you post /etc/named.conf?
Also the whole dig output would be useful.
 
Old 12-13-2009, 06:57 AM   #3
Vimuth
Member
 
Registered: Sep 2009
Posts: 59

Original Poster
Rep: Reputation: 15
Certainly sir here goes.
named.conf- (Note my zone is homenet.internal)
######################################### named.conf- (Note my zone is homenet.internal)###############################
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
// file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;
query-source-v6 port 53;


// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";

};
logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
# all views must contain the root hints zone:
include "/etc/named.root.hints";

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { 127.0.0.1; localnets; };
match-destinations { 127.0.0.1; localnets; };
recursion yes;
// all views must contain the root hints zone:
include "/etc/named.root.hints";

// include "named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "my.internal.zone" {
type master;
file "my.internal.zone.db";
};
zone "my.slave.internal.zone" {
type slave;
file "slaves/my.slave.internal.zone.db";
masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
// put slave zones in the slaves/ directory so named can update them
};
zone "my.ddns.internal.zone" {
type master;
#allow-update { key ddns_key; };
file "slaves/my.ddns.internal.zone.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
zone "homenet.internal" {
type master;
#allow-update { key ddns_key; };
file "homenet.internal.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};
zone "1.168.192.in-addr.arpa" {
type master;
#allow-update { key ddns_key; };
file "1.168.192.in-addr.arpa.db";
// put dynamically updateable zones in the slaves/ directory so named can update them
};






};
#key ddns_key
#{
# algorithm hmac-md5;
# secret "use /usr/sbin/dns-keygen to generate TSIG keys";
#};
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
include "/etc/named.root.hints";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

zone "my.external.zone" {
type master;
file "my.external.zone.db";
};
};

##################################### My zonefile- ##################################################################

$TTL 600
@ IN SOA homeboy1.homenet.internal. root.homeboy1.homenet.internal. (
2009113001 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

IN NS homeboy1.homenet.internal.
IN NS homeboy2.homenet.internal.

homeboy1 3600 IN A 192.168.1.12
vimuth-laptop IN A 192.168.1.9
homeboy2 IN A 192.168.1.11
###################################################Dig output from the NS server #######################################
[root@homeboy1 ~]# dig vimuth-laptop.homenet.internal

; <<>> DiG 9.3.4-P1 <<>> vimuth-laptop.homenet.internal
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30222
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;vimuth-laptop.homenet.internal. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009121300 1800 900 604800 86400

;; Query time: 367 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 13 23:55:17 2009
;; MSG SIZE rcvd: 123

[root@homeboy1 ~]#

#################################################################################################### ######################
I'd mention it again All the records are resolving when I dig from the client machines. But when I do it by staying in the NS server(192.168.1.12) fails.
WAITING TO HEAR FROM YOU SOON. Thank you very much..
 
Old 12-13-2009, 11:47 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
I guess it's working if you use:
Code:
dig vimuth-laptop.homenet.internal @192.168.1.12
You have to remove or comment out the view "localhost_resolver" as you don't need it, if you want your dns be authoritative for your domain for the other 2 views.

Regards
 
1 members found this post helpful.
Old 12-14-2009, 09:16 AM   #5
Vimuth
Member
 
Registered: Sep 2009
Posts: 59

Original Poster
Rep: Reputation: 15
Oh thank you thank you thank you and thank you very much sire. It did the trick. I have been banging my head on the wall on this one but finally you made it happen. IF you wouldn't mind sir can you please elaborate on what you mentioned at the end of your reply? About being an authoritative server .....? Thanks again Sir Mr Bathory.
 
Old 12-14-2009, 10:55 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,159
Blog Entries: 1

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Authoritative is a name server that has all the information (not cached) for a domain. That kind of server, is the master(s) and the slave(s) for that domain.
So, your server is authoritative for the domains listed in the zones of named.conf

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND9 - I can resolve all hosts but not internal domain todd_dsm Linux - Server 5 04-06-2009 09:11 PM
Email server set up locally then to public sir_oasis214 *BSD 8 02-28-2008 01:03 AM
How to properly setup the dict server locally? me-macias Linux - Software 3 06-14-2006 02:41 PM
BIND - Locally OK, LAN cleints unable to resolve? Xaque208 Linux - Networking 2 08-08-2005 09:32 AM
Can only access server locally. netquest1 Linux - Software 9 11-12-2004 05:54 PM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 05:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration