Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi All,
I have a new RHEL 7 installation, and I'm configuring it as a DNS server. I can get local name resolution to work, but any attempts by other systems on the same subnet fail.
-
This is a local network - 192.168.5.0/24.
RHEL/DNS is 192.168.5.51.
-
Here is an example of the error from a vCenter appliance:
vcenter:~ # nslookup rhns1
;; connection timed out; no servers could be reached
vcenter:~ # nslookup rhns1
;; connection timed out; no servers could be reached
vcenter:~ # cat /etc/resolv.conf
nameserver 192.168.5.51
vcenter:~ # ping 192.168.5.51
PING 192.168.5.51 (192.168.5.51) 56(84) bytes of data.
64 bytes from 192.168.5.51: icmp_seq=1 ttl=64 time=0.440 ms
64 bytes from 192.168.5.51: icmp_seq=2 ttl=64 time=0.636 ms
^C
--- 192.168.5.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.440/0.538/0.636/0.098 ms
-
And here is what it looks like from a Win 2k8 system:
C:\Users\Administrator>nslookup rhns1.wood.org
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.5.51
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\Administrator>ping 192.168.5.51
Pinging 192.168.5.51 with 32 bytes of data:
Reply from 192.168.5.51: bytes=32 time<1ms TTL=64
Reply from 192.168.5.51: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.5.51:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
-
But it works fine from localhost.
-
[root@rhns1 named]# nslookup rhns1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: rhns1.wood.org
Address: 192.168.5.51
[root@rhns1 named]# hostname
rhns1
[root@rhns1 named]# netstat -tanpl|grep named
tcp 0 0 192.168.5.51:53 0.0.0.0:* LISTEN 28463/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 28463/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 28463/named
tcp6 0 0 ::1:53 :::* LISTEN 28463/named
tcp6 0 0 ::1:953 :::* LISTEN 28463/named
[root@rhns1 named]# ifconfig -a
enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.5.51 netmask 255.255.255.0 broadcast 192.168.5.255
inet6 fe80::219:d1ff:fee0:ce37 prefixlen 64 scopeid 0x20<link>
ether 00:19:d1:e0:ce:37 txqueuelen 1000 (Ethernet)
RX packets 22131 bytes 2893813 (2.7 MiB)
RX errors 0 dropped 20 overruns 0 frame 0
TX packets 6461 bytes 1025190 (1001.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 21 memory 0xdffe0000-e0000000
-
Here are my config files:
/etc/named.conf:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
zone "wood.org" IN {
type master;
file "forward.zone";
/* allow-update { none; }; */
};
zone "5.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
And the forward and reverse zone files (in /var/named):
[root@rhns1 named]# cat forward.zone
; BIND data file for wood.org
$TTL 86400
@ IN SOA rhns1.wood.org. admin.wood.org. (
6 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
IN NS rhns1.wood.org.
rhns1 IN A 192.168.5.51
[root@rhns1 named]# cat reverse.zone
; BIND data file for wood.org reverse lookups.
$TTL 86400
@ IN SOA rhns1.wood.org. admin.wood.org. (
5 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
NS rhns1.wood.org.
51 PTR rhns1.wood.org.
[root@rhns1 named]#
Thoughts?
Any more information I should gather?
Thanks in advance!
Mike
Thanks for the reply.
UDP listener is good.
iptables is off on RHEL.
[root@rhns1 named]# netstat -uanpl|grep named
udp 0 0 192.168.5.51:53 0.0.0.0:* 28463/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 28463/named
udp6 0 0 ::1:53 :::* 28463/named
[root@rhns1 named]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
And the windows firewall is off on the Wintel box (which is also running VMware workstation, which has the virtual vCenter appliance).
-
I've also checked my router (192.168.5.1) - and no special access rules are defined.
-
[root@rhns1 named]# netstat -uanpl|grep named
udp 0 0 192.168.5.51:53 0.0.0.0:* 28463/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 28463/named
udp6 0 0 ::1:53 :::* 28463/named
[root@rhns1 named]# service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
[root@rhns1 named]#
So I decided to run a port scanner from every other computer in my house, and came to the conclusion that my RHEL 7 box was only listening on port 22.
A google search on RHEL 7 blocked ports yielded a hit on firewalld - which is new to me, but I'm no Linux expert (yet.. ). After turning it off, the problem was resolved.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.