LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-20-2004, 05:25 AM   #1
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Rep: Reputation: 15
Mandrake 10.1 DNS problems


Hi,

I'm having trouble with DNS... (i think )

I upgraded from mdk9.0 to mdk10.1.
I configured my linux to be a dns server for the rest of the network. (which is obviously not working) -> this WAS working in mdk9.0
I configured DHCP (successfully) All clients receive DHCP packages correcly. -> this was also working in mdk9.0

On my linuxbox (server) i can access the internet corectly using hostnames.
On my windowsbox i am only able to access the internet using ip-adresses. (i ping them on the linux, then feed the ips in internet explorer)
I checked my firewall settings (tail -f /var/log/syslog) and there are no messages which indicate shorewall is blocking something. (default policy fw -> loc and loc -> fw = ACCEPT). and i also have FW -> NET port 53 ACCEPT

This is my /etc/resolv.conf:
# domain STARFLEET.COM
search STARFLEET.COM SKYNET.BE
nameserver 192.168.1.1
nameserver 195.238.2.21
nameserver 195.238.2.22

/var/named/STARFLEET.COM.db:
$ORIGIN .
$TTL 86400 ; 1 day
STARFLEET.COM IN SOA STARFLEET.COM. root.STARFLEET.COM. (
2004011700 ; Serial number
3600 ; 1 hour refresh
300 ; 5 minutes retry
172800 ; 2 days expiry
43200 ) ; 12 hours minimum

; List the name servers in use. Unresolved (entries in other zones)
; will go to our ISP's name server isp.domain.name.com
IN NS ENTERPRISE.


IN MX 10 ENTERPRISE.

$ORIGIN STARFLEET.COM.
$TTL 86400 ; 1 day

IN A 192.168.1.1

localhost IN A 127.0.0.1

; Alias (canonical) names
ftp IN CNAME ENTERPRISE.
www IN CNAME ENTERPRISE.
mail IN CNAME ENTERPRISE.

; List of machine names & addresses
;box2 IN A 192.168.0.2 ; comment
;box3 IN A 192.168.0.3 ; comment

/var/named/zone/db.STARFLEET.COM.hosts
$TTL 3D
@ IN SOA ENTERPRISE.STARFLEET.COM. root.ENTERPRISE.STARFLEET.COM. (
06112004 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
TXT dns Wizard
IN NS ENTERPRISE.STARFLEET.COM.
localhost A 127.0.0.1
dnsmaster IN CNAME ENTERPRISE.STARFLEET.COM.
ENTERPRISE.STARFLEET.COM. IN A 192.168.1.1
; use tab to retrieve data in drakwizard bind
; xp2400.guibland.com. IN A 10.0.1.34

I dont know what to do with the last 2 files but i've been reading some stuff about BIND and configuring DNS but as far as my knowledge goes, i cant seem to find anything wrong with them either. I used the Mandrake configuration tool to set up DNS. I think i got about 30 backups now for resolv.conf :s

Note: i am also using a eicon diva adsl modem to connect to the internet therefor i have to use a usermode driver for this called ECIADSL (http://eciadsl.flashtux.org/) but this has never given me any trouble before... Of course some wizard may have f****d up things somewhere because my modem is not detected by default. Just a thought.

Does any one have a solution for this? Had the same trouble or something? hints? any help will be much appreciated.

thanx
wingcom
 
Old 11-20-2004, 06:46 AM   #2
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
The simple solution, which would bypass the DNS server you are using in Linux, is to add the nameservers that you get from your ISP (the router feeds them to Linux through it's DHCP) into your DHCP server, add nameserver 195.238.2.21 and nameserver 195.238.2.22 to your /etc/dhcpd.conf. This will get the windows boxes resolving names until you get your DNS server set up and then you can change that to nameserver 192.168.1.1.

Try reading the docs at http://www.isc.org/ for more information to get DNS working; You probably just have to tweak your zonefiles, some troubleshooting commands for BIND are named-checkconf and then named-checkzone starfleet.com /var/named/starfleet.com.db and named-checkzone 1.168.192.in-addr.arpa /var/named/db.starfleet.com.hosts
 
Old 11-20-2004, 08:15 AM   #3
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Original Poster
Rep: Reputation: 15
Hi Arin,

First of all, thanx for the quick reply!

I tried bypassing DNS through DHCP by replacing this in /etc/dhcp.conf:
Code:
option domain-name-servers  192.168.1.1;
by this:
Code:
option domain-name-servers  195.238.2.21;
whereafter i restarted DHCPD and did a ipconfig /renew in windows ... no result bu f course i only changed the obvious values in /etc/dhcpd.conf, dunno if i did it right...

then i changed it back and tried the troubleshooting commands:
Code:
[root@ENTERPRISE wingcom]# named-checkconf
[root@ENTERPRISE wingcom]# named-checkzone starfleet.com /var/named/STARFLEET.COM.db
zone starfleet.com/IN: loaded serial 2004011700
OK
[root@ENTERPRISE wingcom]# named-checkzone 1.168.192.in-addr-arpa /var/named/zone/db.STARFLEET.COM.hosts
/var/named/zone/db.STARFLEET.COM.hosts:12: ignoring out-of-zone data (ENTERPRISE.STARFLEET.COM)
zone 1.168.192.in-addr-arpa/IN: loaded serial 6112004
OK
As you can see, the first one didnt return anything and the last 2 ended OK accept for the warning/ignore :s.

Anyway i''m gonna start reading the docs now at http://www.isc.org/ and keep people posted on my progress (IF there will ever be progress lol)

bbiab, wingcom needs some reading on dns now
greetz wingcom
 
Old 11-20-2004, 08:57 AM   #4
Butt-Ugly
Member
 
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
Wingcon

Change your /etc/resolv.conf to:
Code:
search starfleet.com skynet.be
nameserver 127.0.0.1
This tells the server that it's running a dns, and to query itself.
Will also do host searching in both domains.

Then in /etc/named.conf put the following entries:

Code:
options {
  query-source address * port 53;
  forward first;
  forwarders {
    195.238.2.21;
    195.238.2.22;
  }
}
Then tells the server to use port 53, and to forward all unknown local queries to the 2 external IPs

Then restart dns service.

Do some digging from localhost, if it's all running ok change the /etc/dhcp.conf back to:

Code:
option domain-name-servers  192.168.1.1;
Then restart dhcp, and renew the workstation leases.

Make sure they have access thru any firewall on the server, and test them with the new configs.

If everything's configured correctly it should be ok.

BU
 
Old 11-20-2004, 09:50 AM   #5
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Original Poster
Rep: Reputation: 15
Arin: I was mistaking in saying that your bypass didn't work... i had been messing with it for so long that i had hard-code the ip 192.168.1.1 in the dns settings in windows so the hack you supplied DID work indeed wherefor i am ever gratefull !!! (-> I needed to perform a clean windows installation for my uncle's pc :s and tested it on his pc... it was working so thats when i remembered: wingcom, you morron, you hardcoded (static) the dns in you windows pc :s Sorry 'bout that

Butt-Ugly: I tried your configuration and did some digging from localhost but unfortunatly without succes.

i changed resolv.conf to hold only nameserver 127.0.0.1 with search domains STARFLEET.COM and SKYNET.BE.

then i changed named.conf adding all variables you gave me like this:
Code:
 #options {
#    	query-source address * port 53;
#    	directory "/var/named";
#    	pid-file "/var/named/named.pid";
#    	version "Wizard drake";
#    	allow-query { any; };
#    	forward first;
#    	allow-transfer { any; };
#	forwarders { 
#		195.238.2.21; 
#		195.238.2.22;
#	};
#};
-> of course without the #'s

When this wasn't working i commented it out and put it like you told me to:
Code:
options {
  query-source address * port 53;
  forward first;
  forwarders {
    195.238.2.21;
    195.238.2.22;
  }
Whatever i tried, i couldn't connect to a internet hostname...

What i DID notice is that when i restart the named service via Mandrake Control -> services, it gives me an error on stopping the service (start button there does a restart actually) --> "Stopping named: rndc: connect failed: connection refused [FAILED]

I also openend up my firewall for all OUTGOING traffic so i added these policies:
fw -> net ACCEPT
loc -> net ACCEPT
I dont plan to leave it like that but i hope it will speed up my testing...

I'm not sure if i want to spend that much hours on it while i got a bypass off course. My DNS server has always worked in mdk9.0. -> i thought upgrading to 10.1 instead of performing a clean install would save me alot of time but when i look at it afterwards i have spend much more time in reconfiguring it then i spend on it when installed mdk9.0. But off course you learn alot and what else can i do on a saturday afternoon

Thanx for the support you guys, if i find something i will post it here
 
Old 11-20-2004, 09:54 AM   #6
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Oh yea, another thing I was thinking is do you have root servers in your dns config?

Maybe just post your whole named.conf, but specifically what I mean is do you have a zone "." section that points to a root domains file (they usually have names line named.ca or root.hints although you can call it anything)

Another good check is to use dig, try dig @localhost localhost and see if the query comes back and then also try a domain such as dig @localhost linuxquestions.org and see if it went out to a root server.
 
Old 11-20-2004, 10:28 AM   #7
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Original Poster
Rep: Reputation: 15
uhm, i thinks so...
According to your description i can see a "." zone in my named.conf ... is that bad?

my named.conf (complete now)
Code:
key mykey {
    algorithm hmac-md5;
    secret "";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { mykey; };
};

options {
	query-source address * port 53;
	directory "/var/named";
	pid-file "/var/named/named.pid";
	version "Wizard drake";
	allow-query { any; };
	allow-transfer { any; };
	forward first;
	forwarders { 
		195.238.2.21; 
		195.238.2.22;
	};
};

zone "localhost" {
    type master;
    file "zone/db.localhost";
};

zone "0.0.127.in-addr.arpa" {
    type master;
    file "zone/db.127.0.0.1";
};

zone "." {
    type hint;
    file "zone/root.hints";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "zone/db.1.168.192.hosts";
    forwarders { };
};

zone "STARFLEET.COM" {
    type master;
    notify no;
    allow-query { 192.168.1.0/24; };
    file "zone/db.STARFLEET.COM.hosts";
    forwarders { };
};
This is what the root.hints file looks like:
Code:
; <<>> DiG 8.2 <<>> 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;;	., type = NS, class = IN

;; ANSWER SECTION:
.			2d11h37m30s IN NS  I.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  E.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  D.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  A.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  H.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  C.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  G.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  F.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  B.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  J.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  K.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  L.ROOT-SERVERS.NET.
.			2d11h37m30s IN NS  M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
I.ROOT-SERVERS.NET.	3d11h37m30s IN A  192.36.148.17
E.ROOT-SERVERS.NET.	3d11h37m30s IN A  192.203.230.10
D.ROOT-SERVERS.NET.	3d11h37m30s IN A  128.8.10.90
A.ROOT-SERVERS.NET.	3d11h37m30s IN A  198.41.0.4
H.ROOT-SERVERS.NET.	3d11h37m30s IN A  128.63.2.53
C.ROOT-SERVERS.NET.	3d11h37m30s IN A  192.33.4.12
G.ROOT-SERVERS.NET.	3d11h37m30s IN A  192.112.36.4
F.ROOT-SERVERS.NET.	3d11h37m30s IN A  192.5.5.241
B.ROOT-SERVERS.NET.	3d11h37m30s IN A  128.9.0.107
J.ROOT-SERVERS.NET.	3d11h37m30s IN A  198.41.0.10
K.ROOT-SERVERS.NET.	3d11h37m30s IN A  193.0.14.129
L.ROOT-SERVERS.NET.	3d11h37m30s IN A  198.32.64.12
M.ROOT-SERVERS.NET.	3d11h37m30s IN A  202.12.27.33

;; Total query time: 7 msec
;; FROM: keima.mandrakesoft.com to SERVER: default -- 192.168.1.11
;; WHEN: Fri Mar 24 21:01:57 2000
;; MSG SIZE  sent: 17  rcvd: 436
But to be honest, this is the first time i ever heard of a file like this :s
In addition i also changed my resolv.conf back to 127.0.0.1 and tried the dig commands, these are the results:

Code:
[root@ENTERPRISE wingcom]# dig @localhost localhost

; <<>> DiG 9.3.0 <<>> @localhost localhost
;; global options:  printcmd
;; connection timed out; no servers could be reached
I guessed the second one wouldn't be necessary since i couldn't even contact localhost but i did it anyway:

Code:
[root@ENTERPRISE wingcom]# dig @localhost linuxquestions.org

; <<>> DiG 9.3.0 <<>> @localhost linuxquestions.org
;; global options:  printcmd
;; connection timed out; no servers could be reached
now i'm goin to read the man pages for dig since its the first time i used that command
 
Old 11-21-2004, 08:44 AM   #8
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
Dig is just one of the ISC tools for DNS, used to look up domain info either generically to whatever DNS server your machine uses (dig domain-name) or to query a specific DNS server for info (dig @dnsserver domain-name.) Dig is handy if you are using other DNS servers while trying to get yours working because you can dig @mydnsserver to see if it's working rather than having to change your resolve.conf back and forth.

If queries to localhost time out then your DNS server is either not started or not getting your requests. I think in MDK it's just service named start or service named status to start or see if DNS is running. ps -ef | grep named should show if it's running too, that works on almost any *nix machine. You could also try dig @127.0.0.1 or dig @192.168.1.1 just in case localhost doesn't resolve right or named isn't listening on loopback.

The "." zone is good, you need that to look up anything besides the domains you configure (localhost, starfleet.com) and your setup looks right there. The rest of named.conf looks like it should work too. You can also check logs like /var/log/messages for any DNS server errors.

The restart and stop error from Mandrake ("Stopping named: rndc: connect failed: connection refused [FAILED]") is something I've seen before in RedHat too, something about the security keys not being set up right or the named script not doing something correctly. You can always stop it with killall named which happens to be the way Slackware's script does it. I haven't even looked at the RedHat script to see what it does (Mandrake is based on RedHat.) I probably should make a point to see what it's doing and what would fix it at some point, just to know
 
Old 11-22-2004, 06:00 AM   #9
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Original Poster
Rep: Reputation: 15
Allright, thank you Darin!

I am goin to do some "dig"ing tonight when i get back from work. Sorry for the late response, i had a ruff saturdaynight
I will also try to locate that script, see what it does and try to fix it

i will keep you posted on my progress

kind regards
wingcom
 
Old 11-22-2004, 02:44 PM   #10
wingcom
Member
 
Registered: Feb 2003
Location: Belgium
Distribution: Mandrake
Posts: 38

Original Poster
Rep: Reputation: 15
Darin...

You are my new favourite person The hints you gave ma worked like a charm!. It was a security/ file permission mistake :s... If I had looked at /var/log/message all along i would have saved myself alot of pain But hey i learned in the process

the grep named service only returned me the running grep command so it wasn't running at all :s. I'll never trust a wizard again. It wasn't returning any kind of error :s and service named start eiter --> Starting named: [ OK ] :s

/etc/named.conf and zone/hints had root permissions only, so named user couldnt access it:
Code:
Nov 22 21:17:01 ENTERPRISE named[23478]: starting BIND 9.3.0 -u named
Nov 22 21:17:01 ENTERPRISE named[23478]: found 1 CPU, using 1 worker thread
Nov 22 21:17:01 ENTERPRISE named: named startup succeeded
Nov 22 21:17:02 ENTERPRISE named[23478]: loading configuration from '/etc/named.conf'
Nov 22 21:17:02 ENTERPRISE named[23478]: none:0: open: /etc/named.conf: permission denied
Nov 22 21:17:02 ENTERPRISE named[23478]: loading configuration: permission denied
Nov 22 21:17:02 ENTERPRISE named[23478]: exiting (due to fatal error)
Next Step:

Code:
Nov 22 21:19:40 ENTERPRISE named[23702]: starting BIND 9.3.0 -u named
Nov 22 21:19:40 ENTERPRISE named[23702]: found 1 CPU, using 1 worker thread
Nov 22 21:19:41 ENTERPRISE named: named startup succeeded
Nov 22 21:19:41 ENTERPRISE named[23702]: loading configuration from '/etc/named.conf'
Nov 22 21:19:41 ENTERPRISE named[23702]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 22 21:19:41 ENTERPRISE named[23702]: listening on IPv4 interface eth0, 192.168.1.1#53
Nov 22 21:19:41 ENTERPRISE named[23702]: listening on IPv4 interface ppp0, 217.136.147.80#53
Nov 22 21:19:41 ENTERPRISE named[23702]: could not configure root hints from 'zone/root.hints': permission denied
Nov 22 21:19:41 ENTERPRISE named[23702]: loading configuration: permission denied
Nov 22 21:19:41 ENTERPRISE named[23702]: exiting (due to fatal error)
Then after that i finally got it WORKING! I changed my dhcp.conf configuration back to my LAN dns and i could access the internet on my laptop using my own dns server! mission completed

Thanx for all your help!

cheers
wiNGCom
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mandrake 10.2 and stopping dns salterl Linux - Networking 5 10-07-2005 06:06 AM
DNS problems with cisco vpn client / mandrake 10 rennard Linux - Networking 15 10-06-2004 01:55 AM
DNS server in Mandrake 9.1 AZDAVE Linux - Newbie 3 04-27-2004 09:07 AM
DNS problem with Mandrake 9.2 balder12 Linux - Newbie 0 03-02-2004 12:53 PM
Mandrake DNS problems bigswifty Linux - Networking 0 01-28-2002 03:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration