I have a SOHO test network in the shop with boxes running both linux and windows. All servers are statically addressed. The connection to the Internet is via cable modem thru a dual homed, firewalled Red Hat Enterprise 4 linux server.
The same server is also running the dhcpd daemon to dish out IP addresses to laptops that occasionally connect and the Bind9 named daemon, in a non-chroot environment, setup up to run split DNS with “inside” and “outside” views.
Both dhcp and dns work fine *by them selves*, meaning a static dns service/config edited only when a new server is added to the network.
The trouble starts when I edit dhpd.conf to have dhcp modify dns on the fly and the problem is *only* with linux laptops; the windows laptops are able to find any host on any subnet by both name only and a qualified name i.e.
#ping alpha
and
#ping alpha.mycompany.net
Before trying to make dns/dhcp dynamic all linux boxes had two entries in /etc/resolv.conf
nameserver 172.16.1.1
search mycompany.net
After editing /etc/dhcpd.conf, dhcpd still assigns IP address in the proper subnets but dhclient-script clobbers /etc/resolv.conf.
Dhclient saves the original as resolv.conf.predhclient but replaces it with a file with only one entry.
Nameservers 172.16.1.1
A newly attaching "inside" linux laptop is able to ping qualified names i.e. #ping alpha.mycompany.net, but not by host name alone i.e.
#ping alpha.
My questions are (besides what did I miss)….
1) Do I not have the correct syntax in the /etc/dhcpd.conf file OR… did I mess up the original dns configuration and just got lucky that it worked at all (for more than year) ?
2) *should* I have to include the "search mycompany.net" statement in /etc/resolv.conf file for "inside" machines to ping by name only?
getting back to did I mess up the dns config.
Below are the config and zone files in question. Any input would be greatly appreciated.
I only registered and posted my intro with LQ this week and I am not familiar with site etiquette. Is this too much information, not enough, or is it okay ?
Thank you,
Steve
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// file: dhcpd.conf
ddns-domainname "mycompany.net";
ddns-update-style interim;
option routers 172.16.1.254;
option routers 192.168.1.254;
option domain-name-servers 172.16.1.1;
option netbios-name-servers 172.16.1.1;
option netbios-node-type 8;
key "rndckey" {
algorithm hmac-md5;
secret "nFWjUHiUAs3qj5R2Yjsd92JfjvEQL7fFIcIUXLIkmdUnZoSIzet3C1mPrNNf";
};
subnet 172.16.1.0 netmask 255.255.255.0
{
ddns-domainname "mycompany.net";
option domain-name-servers 172.16.1.1;
allow client-updates;
allow unknown-clients;
ddns-update-style interim;
ddns-updates on;
authoritative;
option routers 172.16.1.254;
range dynamic-bootp 172.16.1.10 172.16.1.111;
option subnet-mask 255.255.255.0;
default-lease-time 21600;
max-lease-time 43200;
}
subnet 192.168.1.0 netmask 255.255.255.0
{
ddns-domainname "mycompany.net";
option domain-name-servers 172.16.1.1;
allow client-updates;
allow unknown-clients;
ddns-update-style interim;
ddns-updates on;
authoritative;
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.10 192.168.1.249;
default-lease-time 21600;
max-lease-time 43200;
}
zone mycompany.net
{
primary 172.16.1.1;
key "rndckey";
}
zone 1.16.172.in-addr.arpa
{
primary 172.16.1.1;
key "rndckey";
}
zone 1.168.192.in-addr.arpa
{
primary 172.16.1.1;
key "rndckey";
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// named.conf
// last modified: 14dec07 by sjp
//
options
{
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
forwarders
{
123.123.123.123; //This is just fill for now
234.234.234.234; //will put real one in later
};
forward first;
listen-on { any; };
notify no;
};
key "rndckey" {
algorithm hmac-md5;
secret "nFWjUHiUAs3qj5R2Yjsd92JfjvEQL7fFIcIUXLIkmdUnZoSIzet3C1mPrNNf";
};
acl "mycompany-lan" { 127/8; 172.16.1.0/24; 192.168.1.0/24; };
controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; };
view "inside"
{
match-clients { "mycompany-lan"; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "/var/named/localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN{
type master;
file "/var/named/127.0.0.zone";
};
//*
zone "mycompany.net" {
type master;
file "mycompany.net.inside";
allow-update { key "rndckey"; };
};
zone "1.16.172.in-addr.arpa" {
type master;
file "172.16.1.zone";
allow-update { key "rndckey"; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1.zone";
allow-update { key "rndckey"; };
};
};
view "outside"
{
match-clients { any; };
recursion no;
zone "mycompany.net" {
type master;
file "mycompany.net.outside";
};
zone "." IN {
type hint;
file "named.ca";
};
};
//include "/etc/rndc.key";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;File: mycompany.net.inside
$TTL 86400
mycompany.net. IN SOA mycompany.net. root.mycompany.net.(
2007121003 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ;min
)
; Name Server for mycompany.net
mycompany.net. IN NS dns.mycompany.net.
; Private clients on LAN forward mappings (name-to-Addr)
alpha IN A 172.16.1.1
bravo IN A 172.16.1.2
;charlie IN A 192.168.1.1
;delta IN A 192.168.1.2
; Most Servers/Services are running on the same box (Alpha) but
; want each service to be referenced by a diferent name so we
; will add Canonical Name (CNAME) records here. (i.e. aliases)
dns.mycompany.net. IN CNAME alpha.mycompany.net.
www.mycompany.net. IN CNAME alpha.mycompany.net.
ftp.mycompany.net. IN CNAME alpha.mycompany.net.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
;File: mycompany.net.outside
$TTL 86400
mycompany.net. IN SOA mycompany.net. root.mycompany.net.(
2007121004 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
86400 ;min
)
; Name Server for mycompany.net
mycompany.net. IN NS dns.mycompany.net.
; Public servers
alpha.mycompany.net. IN A 12.34.56.78
; Most Servers/Services are running on the same box (Alpha) but
; want each service to be referenced by a diferent name so we
; will add Canonical Name (CNAME) records here. (i.e. aliases)
dns.mycompany.net. IN CNAME alpha.mycompany.net
www.mycompany.net. IN CNAME alpha.mycompany.net.
ftp.mycompany.net. IN CNAME alpha.mycompany.net.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File: 127.0.0.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File: 172.16.1.zone
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
;File 192.168.1.zone
;//Last Modified: 12dec07
$TTL 86400
1.168.192.in-addr.arpa. IN SOA dns.mycompany.net. root.mycompany.net.(
2007120900 ;serial #
28800 ;refresh
14400 ;retry
3600000 ;expire
84600; ;min
)
IN NS dns.mycompany.net.
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 86400