Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I have my own network with 2 Linux systems and one XP. My workstat-on is running FC3 and my server is LFS. I have two domains one for external consumption and one for my internal use. My internal domain is ".local". FQDNs for the internal domain work but the CNAMEs don't. I will include the A and CNAME records for one of my systems below. The errors in the log for the CNAME records is "dns_master_load: local.zone:18: stender1.local: CNAME and other data" when the records look like this:
stender1.local. IN A 192.168.77.221
stender1 IN CNAME stender1.local
and if I add a trailing '.' to the stender1 in the CNAME record I get something like the following for the CNAME record.
local.zone:18: ignoring out-of-zone data (stender1)
I haven't found any examples for CNAME in Bind 9 documentation. The first example above is all I could find but it may not be for Bind 9. Not that it matters much because it doesn't work. Is there anyone out there that can point me in the right direction?? Thanks in advance.
I'm sorry, I can't see your name in this screen so I can't address this directly to the person who just posted the reply to my question. What I am trying to accomplish with the CNAME records is to allow DNS to resolve "short" names. It will resolve if I say "ping stender1.local" but it won't if I say "ping stender1". I can't remember what version I was using at the time but when I set up a DNS at work quite a while back, I was able to create CNAME records which would resolve the "short" host name. Am I the only one who doesn't want to have to type in the FQDN to access systems on my local network? How does everyone else do it? I don't want to have to support host files on each system.
Bathory,
OK I tried what you said and added the following line to my zone file.
stender5 IN CNAME stender1.local
The load did not generate any errors for the line but the command "host stender5" generated the error "Host stender5 not found: 3(NXDOMAIN)". This by the way is what I get for any other "short" name lookup.
If all you want is to be able to search a domain for a hostname, you can put the domain name in /etc/resolve.conf with a search directive:
Code:
search local
nameserver 127.0.0.1
Looking at that, makes me wonder if local is a key word that might cause problems... Anyway, ping stender1.local should (love that word) work the same as ping stender1 with this configuration.
Hi Steve,
I tried what you said. It still won't resolve the short name (stender1). I'm using vim for a text editor and it does things like highlight or underline words depending on what it thinks about what you are typing and it seems to be dependent on what the file name is. I haven't looked at the code so I don't know if it does everything it is supposed to (for that matter I don't know what it is supposed to be doing in this case) but when I put the 'search local' in the resolv.conf 'local' was highlited so you may be right about local being a keyword. I started thinking about renaming the domain but got confused real quick. What would you call the local domain if not "local". I can't name it .com, .edu, .net etc. That would send requests to the top level for those domains. I'll ask the question again. I know there are more people than me who have an internal network as well as an external internet presence. How do you handle the local resolving. The main reason I am messing with this at all is because sendmail goes bonkers when it can't figure out what it's own domain is. I haven't been sucessful in building sendmail yet. Maybe I should get that running first. it may turn out I don't need to mess with this at all. Suggestions anyone???
Arnie
I'd recommend avoiding using the local domain. If you have a LAN as well as external Internet access do you have a second network card? If so, use it for your "local" domain. For example, in my /etc/hosts I have:
The external (Internet) network isn't listed because it's handled by DHCP with my ISP. In my /etc/resolv.conf I can have:
Code:
search guitars.com.au
nameserver 127.0.0.1
And with that I can type ping fender and have it return the echos from 192.168.1.10. Although I am running a caching name server, this functionality is separate from the stuff it does.
I hope that helps, I realise it's kind of sketchy...
Hi Steve,
I guess I have a different topology that you have. The WAN connection on my DSL internet router (LinkSys) has the static address supplied by my ISP. The router supplies a 4 port switch. I use static addresses and all systems default to the router. All systems resolv.conf use 'nameserver address-of-my-DNS-server'. My BIND server has two domains, aagstender.org for external consumption and .local for internal use. The BIND is set up to forward requests for unknown domains to the ISP nameservers. The FQDNs that are listed in my local zone file resolve nicely. The only way I have been able to resolve the short names is by including them in each systems hosts file. In your example above the ping resolves fender from the host file not DNS. My network is getting too large to continue using files. I know there is a way of getting DNS to resolve short names. I have done it before. I just can't seem to come up with the right CNAME lines to do it. The documentation I have that gives examples for CNAME records must not be from BIND 9 because they don't work and the documentation that came with the BIND source doesn't seem to have any examples. I did a Google for documetation but didn't come up with anything I didn't already have. If push come to shove I'll just have to use files. I just hate using a chisle when a knife has been invented. I just don't have it in my hand yet. :-( Thanks for you input.
I know there is a way of getting DNS to resolve short names.
All DNS queries are fully qualified. The use of short names comes from each systems resolver lib configuration -and- whether or not the command is compiled to use the resover lib.
My BIND server has two domains, aagstender.org for external consumption and .local for internal use.
Are you using bind 9 "views" to accomplish this? Or are you just loading to separate zones in the same "view"? View example:
Code:
#cat named.conf
...stuff deleted...
acl "trusted-nets" {
192.168.8.0/22;
127.0.0.1;
};
view "internal" in {
//Only allow trusted nets
match-clients { trusted-nets; };
// Enable recursion for this view
recursion yes;
// Cache data retrieved in this view
additional-from-auth yes;
additional-from-cache yes;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root filename
};
// Load the internal mydomain.com zone
zone "mydomain.com" in {
type master; // Zone is a master
notify no; // Send notifies?
allow-query { any; }; // Allow anyone to query zone
file "int/db.mydomain"; // Load zone file
};
...many more zones loaded...
};
view "external" in {
//Allow anyone to query view
match-clients { any; };
// Disable recursion for this view
recursion no;
// Do NOT cache data retrieved in this view
//additional-from-auth no;
//additional-from-cache no;
// Load the "root" (hints) zone
zone "." in {
type hint; // Zone is of type hint
file "root.cache"; // Specify the root filename
};
// Load the external mydomain.com zone
zone "mydomain.com" in {
type master; // Zone is a master
notify yes; // Send notifies?
allow-query { any; }; // Allow anyone to query zone
file "ext/db.mydomain"; // Load zone file
};
...many more zones loaded...
};
A few of things to notice about the above...
1) Same domain name is loaded twice, but loads a different zone file. i.e. internal/external. Separate zone files answer with public/private IP addresses.
2) Internal view does not notify other SOA. i.e. notify no
3) Recursion is turned off in external view
4) The order in which the views are defined is critical
5) My name server has one ethernet card. Firewall forwards external DNS requests to this server. External requests are answered by external view. i.e. match-clients { any; };
I just can't seem to come up with the right CNAME lines to do it. The documentation I have that gives examples for CNAME records must not be from BIND 9 because they don't work and the documentation that came with the BIND source doesn't seem to have any examples.
Others have posted the proper syntax for using CNAMES in a zone file. If you are not able to use short names, but the FQDN resolves properly (even the cname), then your problem is with your resolver lib configuration, not your DNS configuration.
Hint:
Stop using any command that is compiled to use the resolver lib to debug DNS problems (like host). Use "dig" instead and get all fqdn queries (including cnames) to properly resolve first. Then work on your resolver lib configuration. i.e. short names
The main reason I am messing with this at all is because sendmail goes bonkers when it can't figure out what it's own domain is.
If I remember correctly, sendmail does a "gethostbyname" call at startup. If your systems hostname/domainname are not properly configured, then sendmail will stall waiting for timeouts.
Issue the following commands, if your results are not "exactly" as shown (obviously your host/domain name will be different), then "Do not pass go, do not collect $200.00". Fix your systems hostname/domain name configuration first. On redhat/fedora, I enter the fqdn in /etc/sysconfig/network for the HOSTNAME variable. The redhat network init scripts will set the proper host/domain name based on using the fqdn. Also, (this is my preference) just in case DNS does not start, add this name to /etc/hosts. This way, sendmail will always start. You can change the name sendmail uses (announces as) by editing sendmail.mc
Code:
[root@excelsior sysconfig]# cat network
NETWORKING=yes
HOSTNAME=excelsior.mydomain.com
[root@excelsior sysconfig]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.8.2 excelsior.mydomain.com excelsior
[root@excelsior etc]# hostname --fqdn
excelsior.mydomain.com
[root@excelsior etc]# hostname --domain
mydomain.com
[root@excelsior etc]# hostname --short
excelsior
[root@excelsior etc]#
The topology does have some differences, but the entry in my hosts file is only to allow resolution on the server when BIND is down (I sometimes take it down when testing other network components). All of my hosts use the resolv.conf file and the search entry to complete hostnames prior to name resolution.
What problem are you having with sendmail? Is it something about not being able to resolve the domain (but being able to use host.domain)? If it is, I use the following in my setup to get around that (obviously, this is only a partial copy of the file):
Code:
IN NS fender.guitars.com.au.
localhost IN A 127.0.0.1
guitars.com.au. A 192.168.1.10
MX 0 guitars.com.au.
fender IN A 192.168.1.10
MX 0 fender
Hi Steve,
Right now my problem with sendmail is that I can't get a clean compile to run. What I was referring to is the fact that I have had systems hang on boot trying to start sendmail and finally getting the error about sendmail not being able to figure out what it's domain was. Hmmm, it has been a while since I tried to compile it and I wanted to let you know what the error was so I started a compile while I started the reply and it just finished. It seems to have compiled without errors. Now I guess I'll have to get my mail server up. Thanks for the input. I am going to try to set up the BIND 9 views so I'll probably shut down external access to my nameserver till I get it up with that configuration. Thanks again.
Jus thought I'd post a follow up to this thread. I took the suggestion od scowles and re-configured my DNS to use one domain with two views. That coupled with the search line in my resolve.conf file fixed my problem and my short names resolve correctly and everything works great. Thanks to all for the great advice. As I stated in the original post the main reason I wanted to get DNS working properly is because I am trying to put up my own mail server for my own domain. I finally got the sendmail to compile but I ma having one more problem I can't seem to fix. I posted a help request to the software group and am now thinking I should have cross posted it here. I'll start a new thread though so it will have a relevant subject. Thanks again.
Arnie
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
