Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Desktop - Ubuntu, Server - Debian, CentOS
Posts: 72
Rep:
Local DNS problems
I have installed BIND9 on my CentOS 6.3 Server (called carbon.localdomain). This server has two network cards, an internal interface to the LAN on eth0 with network 10.0.0.0, and an external interface on eth1 to the internet router on 192.168.0.0. If I do:
[root@carbon ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders {
208.67.222.222;
208.67.220.220;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "localdomain.rr.zone";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
File localdomain.zone
Code:
[root@carbon ~]# cat /var/named/localdomain.zone
$ORIGIN localdomain.
$TTL 86400
@ IN SOA dns1.localdomain. hostmaster.localdomain. (
2001062523
21600
3600
604800
86400 )
IN NS dns1.localdomain.
IN MX 10 mail.localdomain.
IN A 10.0.0.6
dns1 IN A 10.0.0.6
carbon IN A 10.0.0.6
ftp IN A 10.0.0.6
mail IN CNAME carbon
www IN CNAME carbon
hydrogen.localdomain. IN A 10.0.0.1
helium.localdomain. IN A 10.0.0.2
lithium.localdomain. IN A 10.0.0.3
beryllium.localdomain. IN A 10.0.0.4
boron.localdomain. IN A 10.0.0.5
My first thought is that BIND is not listening to external addresses and will only listen for the localhost. So, I'm wondering if I should change the line with allow-query on it. But I'm not sure what I should change it to.
All I want to do is have a caching nameserver for internet addresses, but also use the DNS server for local machines from the LAN. Any input appreciated.
keymoo , boron.localdomain is not resolvable in internet. You can bypass this by adding ip for boron.localdomain in hosts file or set dns servers IP in resolv.conf. I'm not sure why are doing nslookup
Distribution: Desktop - Ubuntu, Server - Debian, CentOS
Posts: 72
Original Poster
Rep:
Quote:
Originally Posted by qweeak
keymoo , boron.localdomain is not resolvable in internet. You can bypass this by adding ip for boron.localdomain in hosts file or set dns servers IP in resolv.conf. I'm not sure why are doing nslookup
Yes I know that, I want to use a local DNS server for boron.localdomain. However I don't want to have to do this on all my machines at home (I have a lot).
I have installed BIND9 on my CentOS 6.3 Server (called carbon.localdomain). .
... internal interface to the LAN on eth0 with network 10.0.0.0, and an external interface on eth1 to the internet router on 192.168.0.0.
My first thought is that BIND is not listening to external addresses and will only listen for the localhost. So, I'm wondering if I should change the line with allow-query on it. But I'm not sure what I should change it to.
....
Hi,
I hope I can help you with this (and some examples from my config).
You are right about your BIND listening to only itself (localhost), so you will need to change that to listen to eth0 and external (eth1 ?)
Code:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
then you will need to allow querying your DNS from "trusted" IP ranges (your local 10.0.0.0 as you wrote) and possibly from "outer" router address 192.168.0.0 (I presume your router has an address 192.168.0.1 not ...0)
Code:
allow-query { any; };
I don't know about forwarders which I presume (I didn't search) all the queries on your server are forwarded to the IP's set.
So I don't think you need them if you want your server to cache all queries and serve your network
then there comes a lot of definitions on how, who, where is allowed to query your server and what response it will give.
So I will give you my config file from working caching server, for you to compare and modify according to what you need (file attached).
You will probably have to set on your router (192.168.0.1) the DNS IP to your server's IP if you have many computers and they use DHCP to set them to use your "local" DNS server (and not your ISP's or some other).
Distribution: Desktop - Ubuntu, Server - Debian, CentOS
Posts: 72
Original Poster
Rep:
too hasty!
Quote:
Originally Posted by lithos
Thanks for reporting back! I'm glad it helped you.
Hmm, I think I was a little hasty. It "seemed" to work before, however I am getting problems.
If I ping a server called nitrogen by hostname on my network from a linux (Debian) machine called boron (10.0.0.7) I get this:
Code:
boron:~# ping nitrogen
PING nitrogen (67.215.65.132) 56(84) bytes of data.
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_req=1 ttl=57 time=809 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_req=2 ttl=57 time=684 ms
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_req=3 ttl=57 time=830 ms
--- nitrogen ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 2999ms
rtt min/avg/max/mdev = 684.121/774.890/830.749/64.754 ms
However, if I ping by FQDN it works fine:
Code:
boron:~# ping nitrogen.localdomain
PING nitrogen.localdomain (10.0.0.7) 56(84) bytes of data.
64 bytes from nitrogen.localdomain (10.0.0.7): icmp_req=1 ttl=64 time=0.142 ms
64 bytes from nitrogen.localdomain (10.0.0.7): icmp_req=2 ttl=64 time=0.182 ms
64 bytes from nitrogen.localdomain (10.0.0.7): icmp_req=3 ttl=64 time=0.198 ms
64 bytes from nitrogen.localdomain (10.0.0.7): icmp_req=4 ttl=64 time=0.245 ms
--- nitrogen.localdomain ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.142/0.191/0.245/0.040 ms
If I do the same thing from a new Xubuntu 12.04 machine it works fine by hostname and FQDN(!)
If I do the same thing from a Windows 7 machine:
Code:
C:\Users\mark>ping nitrogen
Pinging nitrogen.localdomain [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=12ms TTL=57
Reply from 67.215.65.132: bytes=32 time=13ms TTL=57
Reply from 67.215.65.132: bytes=32 time=28ms TTL=57
Reply from 67.215.65.132: bytes=32 time=28ms TTL=57
Ping statistics for 67.215.65.132:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 28ms, Average = 20ms
with FQDN
Code:
C:\Users\mark>ping nitrogen.localdomain
Pinging nitrogen.localdomain [67.215.65.132] with 32 bytes of data:
Reply from 67.215.65.132: bytes=32 time=19ms TTL=57
Reply from 67.215.65.132: bytes=32 time=12ms TTL=57
Reply from 67.215.65.132: bytes=32 time=11ms TTL=57
Reply from 67.215.65.132: bytes=32 time=12ms TTL=57
Ping statistics for 67.215.65.132:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 19ms, Average = 13ms
When I pinged nitrogen earlier from my Windows 7 machine it worked fine. Not sure what's going on. Any ideas?
Code:
C:\Users\mark>ping nitrogen
Pinging nitrogen.localdomain [10.0.0.7] with 32 bytes of data:
Reply from 10.0.0.7: bytes=32 time<1ms TTL=64
Reply from 10.0.0.7: bytes=32 time<1ms TTL=64
Ping statistics for 10.0.0.7:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
If you want to use hostnames instead of FQDNs, you should add a "Domain localdomain", or "Search localdomain" in /etc/resolv.conf.
I'm not familiar with Windows, but I guess you have do something similar using its network configuration tool.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.