Hi Guys
I have BIND9 (Centos 6) . I have the DNS server at 172.16.1.1 and a Windows server at 172.16.1.4 and numerous Windows XP machines that get IPs from the Centos 6 instance via DHCP.
Everything apparently works fine, as my client machines join and get DHCP'ed by the Centos instance, their A records are automatically created in my zone file and my in.addr.arpa file. /var/log/messages contain no errors.
However, nslookup fails on every single machine to lookup other machines by name. Neither can they ping by name. Neither can the server (called "mars") at 172.16.1.4 be resolved by name - in its case, you get internet addresses if you nslookup its name, if you do not define it in my zone file?! If you do define it, it is marked as "out of zone" when it should not be...
What we're trying to do is replace a Windows 2000 DHCP / DNS server with a Centos based DHCPd and named.
The domain that is supposed to be created is verisharepdc.co.za. The machine with the IP 172.16.1.4 is to respond to the name "mars", not resolve to an internet address (or come back NXDOMAIN on nslookup) but the internal local intranet address of the machine (172.16.1.4)...
Here's my resolv.conf on the Centos instance:
Code:
timeout 0
nameserver 172.16.1.1
Here's my named.conf:
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 172.16.1.1;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
forwarders {8.8.8.8; 4.4.4.4;};
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; verisharelan; localnets;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
acl "verisharelan" {
127/8; 172.16.0.1/16;
};
controls {
inet 127.0.0.1 allow {localhost;} keys {rndc-key;};
};
include "/etc/rndc.key";
zone "." {
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.localhost";
};
zone "verisharepdc.co.za" {
type master;
file "verisharepdc.co.za.zone";
allow-update {key "rndc-key";};
notify yes;
};
zone "16.172.in-addr.arpa" {
type master;
file "16.172.in-addr.arpa";
allow-update {key "rndc-key";};
notify yes;
};
Here's my verisharepdc.co.za.zone file:
Code:
$ORIGIN .
$TTL 86400 ; 1 day
verisharepdc.co.za. IN SOA verisharepdc.co.za. a.b.co.za. (
20121027 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
IN NS verisharepdc.co.za.
IN A 172.16.1.1
mars IN PTR 172.16.1.4
For the "mars" line above I have also tried "mars." and "mars.verisharepdc.co.za." - for "mars." I still get NXDOMAIN when I try to nslookup the name "mars", for "mars.verisharepdc.co.za." I get "*** Can't find mars.verisharepdc.co.za: No Answer" in Centos for nslookup - yet if I ping 172.16.1.4 it comes back fine and the machine is up...
Here's my 16.172.in-addr.arpa zone file:
Code:
$ORIGIN .
$TTL 86400 ; 1 day
16.172.in-addr.arpa IN SOA verisharepdc.co.za. a.b.co.za. (
20121036 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16 hours)
86400 ; minimum (1 day)
)
NS verisharepdc.co.za
When I start bind I see this in /var/log/messages:
Code:
Nov 13 09:34:07 verisharepdc named[3600]: starting BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6 -u named -t /var/named/chroot
Nov 13 09:34:07 verisharepdc named[3600]: built with '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=x86_64-unknown-linux-gnu' 'host_alias=x86_64-unknown-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Nov 13 09:34:07 verisharepdc named[3600]: adjusted limit on open files from 1024 to 1048576
Nov 13 09:34:07 verisharepdc named[3600]: found 2 CPUs, using 2 worker threads
Nov 13 09:34:07 verisharepdc named[3600]: using up to 4096 sockets
Nov 13 09:34:07 verisharepdc named[3600]: loading configuration from '/etc/named.conf'
Nov 13 09:34:07 verisharepdc named[3600]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv4 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: using default UDP/IPv6 port range: [1024, 65535]
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv4 interface eth0, 172.16.1.1#53
Nov 13 09:34:07 verisharepdc named[3600]: listening on IPv6 interface lo, ::1#53
Nov 13 09:34:07 verisharepdc named[3600]: generating session key for dynamic DNS
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: D.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: A.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: automatic empty zone: B.E.F.IP6.ARPA
Nov 13 09:34:07 verisharepdc named[3600]: command channel listening on 127.0.0.1#953
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone 16.172.in-addr.arpa/IN: loaded serial 20121036
Nov 13 09:34:07 verisharepdc named[3600]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost.localdomain/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: zone localhost/IN: loaded serial 0
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Nov 13 09:34:07 verisharepdc named[3600]: zone verisharepdc.co.za/IN: loaded serial 20121027
Nov 13 09:34:07 verisharepdc named[3600]: running
Part of the problem appears to be this in the above:
Code:
Nov 13 09:34:07 verisharepdc named[3600]: verisharepdc.co.za.zone:12: ignoring out-of-zone data (mars)
Why is 172.16.1.4 "out of zone" - where am I going wrong?
I merely want bind to return, when you nslookup "mars" on the Centos box itself and any of the XP machines DHCP'ed by the Centos box, the "mars" IP - eg. 172.16.1.4
Currently I get NXDOMAIN in nslookup if I try to lookup "mars" or "mars.verisharepdc.co.za" OR, if the 172.16.1.1 machine's gateway is correctly setup, BIND goes to the root servers and return the IP of a "mars" machine on the -internet-...
Any ideas appreciated!
Thank you,