LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   BIND - how to setup a local hostname for resolution (https://www.linuxquestions.org/questions/linux-networking-3/bind-how-to-setup-a-local-hostname-for-resolution-4175436882/)

rylan76 11-13-2012 01:44 AM
BIND - how to setup a local hostname for resolution
 
Hi Guys

I have BIND9 (Centos 6) . I have the DNS server at 172.16.1.1 and a Windows server at 172.16.1.4 and numerous Windows XP machines that get IPs from the Centos 6 instance via DHCP.

Everything apparently works fine, as my client machines join and get DHCP'ed by the Centos instance, their A records are automatically created in my zone file and my in.addr.arpa file. /var/log/messages contain no errors.

However, nslookup fails on every single machine to lookup other machines by name. Neither can they ping by name. Neither can the server (called "mars") at 172.16.1.4 be resolved by name - in its case, you get internet addresses if you nslookup its name, if you do not define it in my zone file?! If you do define it, it is marked as "out of zone" when it should not be...

What we're trying to do is replace a Windows 2000 DHCP / DNS server with a Centos based DHCPd and named.

The domain that is supposed to be created is verisharepdc.co.za. The machine with the IP 172.16.1.4 is to respond to the name "mars", not resolve to an internet address (or come back NXDOMAIN on nslookup) but the internal local intranet address of the machine (172.16.1.4)...

Here's my resolv.conf on the Centos instance:

Code:
timeout 0

nameserver 172.16.1.1
Here's my named.conf:

Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 172.16.1.1;};
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named";

        forwarders {8.8.8.8; 4.4.4.4;};

        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query    { localhost; verisharelan; localnets;};
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        //dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
include "/etc/named.rfc1912.zones";

acl "verisharelan" {
        127/8; 172.16.0.1/16;
};
controls {
        inet 127.0.0.1 allow {localhost;} keys {rndc-key;};
};
include "/etc/rndc.key";
zone "." {
    file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.localhost";
};
zone "verisharepdc.co.za" {
        type master;
        file "verisharepdc.co.za.zone";
        allow-update {key "rndc-key";};
        notify yes;
};
zone "16.172.in-addr.arpa" {
        type master;
        file "16.172.in-addr.arpa";
        allow-update {key "rndc-key";};
        notify yes;
};
Here's my verisharepdc.co.za.zone file:

Code:
$ORIGIN .
$TTL 86400      ; 1 day
verisharepdc.co.za.    IN SOA  verisharepdc.co.za. a.b.co.za. (
                                20121027  ; serial
                                28800      ; refresh (8 hours)
                                14400      ; retry (4 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                IN              NS      verisharepdc.co.za.
                IN      A      172.16.1.1
mars        IN      PTR    172.16.1.4
For the "mars" line above I have also tried "mars." and "mars.verisharepdc.co.za." - for "mars." I still get NXDOMAIN when I try to nslookup the name "mars", for "mars.verisharepdc.co.za." I get "*** Can't find mars.verisharepdc.co.za: No Answer" in Centos for nslookup - yet if I ping 172.16.1.4 it comes back fine and the machine is up...

Here's my 16.172.in-addr.arpa zone file:

Code:
$ORIGIN .
$TTL 86400      ; 1 day
16.172.in-addr.arpa    IN SOA  verisharepdc.co.za. a.b.co.za. (
                                20121036  ; serial
                                28800      ; refresh (8 hours)
                                14400      ; retry (4 hours)
                                3600000    ; expire (5 weeks 6 days 16 hours)
                                86400      ; minimum (1 day)
                                )
                                NS      verisharepdc.co.za
When I start bind I see this in /var/log/messages:

Code:
Nov 13 09:34:07 verisharepdc named[3600]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6 -u named -t /var/named/chroot
Nov 13 09:34:07 verisharepdc named[3600]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Nov 13 09:34:07 verisharepdc named[3600]: adjusted limit on open files from 1024 to 1048576
Nov 13 09:34:07 verisharepdc named[3600]: found 2 CPUs, using 2 worker threads
Nov 13 09:34:07 verisharepdc named[3600]: using up to 4096 sockets
Nov 13 09:34:07 verisharepdc named[3600]: loading configuration from '/etc/named.conf'
Nov 13 09:34:07 verisharepdc named[3600]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv4 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv6 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface eth0, 172.16.1.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv6 interface lo, ::1#53
Nov 13 09:34:07 verisharepdc named[3600]: generating session key for dynamic DNS
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: D.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: A.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: B.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: command channel listening on 127.0.0.1#953
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 16.172.in-addr.arpa/IN: loaded serial 20121036
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost.localdomain/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Nov 13 09:34:07 verisharepdc named[3600]: zone verisharepdc.co.za/IN: loaded serial 20121027
Nov 13 09:34:07 verisharepdc named[3600]: running
Part of the problem appears to be this in the above:

Code:
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Why is 172.16.1.4 "out of zone" - where am I going wrong?

I merely want bind to return, when you nslookup "mars" on the Centos box itself and any of the XP machines DHCP'ed by the Centos box, the "mars" IP - eg. 172.16.1.4

Currently I get NXDOMAIN in nslookup if I try to lookup "mars" or "mars.verisharepdc.co.za" OR, if the 172.16.1.1 machine's gateway is correctly setup, BIND goes to the root servers and return the IP of a "mars" machine on the -internet-...

Any ideas appreciated!

Thank you,

bathory 11-13-2012 02:10 AM
Hi,

You should replace:
Quote:
mars IN PTR 172.16.1.4
with
Code:
mars    IN  A    172.16.1.4
Increase the serial and reload bind


Quote:
Currently I get NXDOMAIN in nslookup if I try to lookup "mars" or "mars.verisharepdc.co.za" OR, if the 172.16.1.1 machine's gateway is correctly setup, BIND goes to the root servers and return the IP of a "mars" machine on the -internet-...
If you want to be able to resolve both mars and mars.verisharepdc.co.za, you need to add "domain verisharepdc.co.za" or "search verisharepdc.co.za" in /etc/resolv/conf

Regards

rylan76 11-13-2012 02:30 AM
Hi Bathory!

Thanks for replying - it has helped a lot!

I'm almost halfway to this working right.

I added the record to verisharepdc.co.za.zone as you suggested:

Code:
.
.
in NS verisharepdc.co.za.

mars.verisharepdc.co.za. IN A 172.16.1.4
and changed resolv.conf to read

Code:
search verisharepdc.co.za
domain verisharepdc.co.za
timeout 0
nameserver 172.16.1.1
On the 172.16.1.1 Centos instance, I can now successfully do "nslookup mars" and "nslookup mars.verisharepdc.co.za" and get back 172.16.1.4 from the 172.16.1.1 local intranet DNS server.

Probably OT but how do I get Windows machines on the domain to have "resolv.conf" like behaviour?

E. g. on a test Win machine on the 172.16 net, I set the DNS server to 172.16.1.1. On that machine, if I nslookup mars I get "mars.co.za" at IP 164.109.86.65 - from the internet.

If I lookup "mars.verisharepdc.co.za" (e. g. FQDN) I get the correct local net IP 172.16.1.4 back.

I'm still missing something - if I set the Win 2000 DNS server (e. g. the machine we want to replace with the Centos machine) as the Win machine's DNS server, and I nslookup mars, I get 172.16.1.4 as I should - how can I get -this- specific behaviour from my Centos instance DNS server?

Thank you very much for your assistance! I have marked your reply as helpful.

:)

bathory 11-13-2012 03:08 AM
Quote:
and changed resolv.conf to read

search verisharepdc.co.za
domain verisharepdc.co.za
<-snip->
You don't need both the search and domain options. Read the resolv.conf manpage to see what they do and keep just one of them


Quote:
Probably OT but how do I get Windows machines on the domain to have "resolv.conf" like behaviour?
Sorry but I haven't used Windows for quite a long time, so I don't remember how it's done. Maybe this is what you have to do.

Regards

rylan76 11-13-2012 03:46 AM
Hi Bathory

Thanks again you're exactly right!

It is working fine now on XP machines on which I follow the steps in the link you gave. :)

I'm still investigating how to push that setting down via my DHCP daemon (as there are 200 windows machines geographically spread out and it is impossible to go to each of them to manually setup the DNS search suffix) but at least I know now what is going on.

REALLY appreciate the help and I've marked your post as helpful.

Thanks again!

bathory 11-13-2012 04:38 AM
You can add in dhcpd.conf:
Code:
option domain-name  "verisharepdc.co.za";

rylan76 11-13-2012 11:30 AM
Hi

Thank you I will give this a try tomorrow.

Again, thank you for your help.

Kind regards,


All times are GMT -5. The time now is 07:03 PM.