LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-26-2015, 03:42 AM   #1
tesla75
LQ Newbie
 
Registered: May 2013
Posts: 15

Rep: Reputation: Disabled
Trying to configure DNS using BIND package in Oracle Linux 6.6


Version: Oracle Linux 6.6

I am trying to set up DNS for forward and reverse lookups. I am new to BIND package.

The domain I am trying to configure : openhex.com
DNS Server IP : 10.194.135.185

This is for Oracle RAC cluster build.
I want the hostname rac-scan.openhex.com to resolve to the following 3 IPs . This is for the SCAN functionality in Oracle RAC

10.194.135.82
10.194.135.83
10.194.135.84
Following are the 3 configuration files I am using

1. /etc/named.conf
2. /var/named/openhex.com.zone (For foward lookup )
3. /var/named/135.194.10.in-addr.arpa (For reverse lookup )

#### 1. /etc/named.conf

Code:
[root@oem12cdns185 etc]# cat /etc/named.conf
options {
        listen-on port 53 {127.0.0.1; 10.194.135.185; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 127.0.0.1; 10.194.135.185; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

zone "openhex.com" IN {
type master;
file "openhex.com.zone";
allow-update { none; };
};

zone "135.194.10.in-addr.arpa." IN {
type master;
file "135.194.10.in-addr.arpa";
allow-update { none; };
};
### 2. forward zone file
### /var/named/openhex.com.zone

Code:
[root@oem12cdns185 etc]# cat /var/named/openhex.com.zone
$TTL    86400
@               IN SOA  localhost root.localhost (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           localhost
localhost       IN A            127.0.0.1
pravda178-oravip.openhex.com  IN A  10.194.135.217
pravda179-oravip.openhex.com  IN A  10.194.135.218
rac-scan.openhex.com IN A  10.194.135.82
rac-scan.openhex.com IN A  10.194.135.83
rac-scan.openhex.com IN A  10.194.135.84
### 3. reverse zone file
####/var/named/135.194.10.in-addr.arpa

Code:
[root@oem12cdns185 etc]# cat /var/named/135.194.10.in-addr.arpa
$ORIGIN 135.194.10.in-addr.arpa.
$TTL 1H
@       IN      SOA     openhex.com. root.openhex.com.   (      2
3H
1H
1W
1H )
35.194.10.in-addr.arpa.         IN NS      openhex.com.
217 IN PTR pravda178-oravip.openhex.com.
218 IN PTR pravda179-oravip.openhex.com.
82 IN PTR rac-scan.openhex.com.
83 IN PTR rac-scan.openhex.com.
84 IN PTR rac-scan.openhex.com.
When I try to start the named service, I get the following error which seems to be related to reverse zone file:

Code:
[root@oem12cdns185 etc]# service named start
Starting named:
Error in named configuration:
zone openhex.com/IN: loaded serial 42
135.194.10.in-addr.arpa:8: ignoring out-of-zone data (35.194.10.in-addr.arpa)
zone 135.194.10.in-addr.arpa/IN: has no NS records
zone 135.194.10.in-addr.arpa/IN: not loaded due to errors.
_default/135.194.10.in-addr.arpa./IN: bad zone
                                                           [FAILED]
[root@oem12cdns185 etc]#
Output of named-checkconf and named-checkzone utilties

Code:
[root@oem12cdns185 etc]# named-checkconf /etc/named.conf
[root@oem12cdns185 etc]#
[root@oem12cdns185 etc]#
[root@oem12cdns185 etc]# named-checkzone openhex.com /var/named/135.194.10.in-addr.arpa
/var/named/135.194.10.in-addr.arpa:3: ignoring out-of-zone data (135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:8: ignoring out-of-zone data (35.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:9: ignoring out-of-zone data (217.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:10: ignoring out-of-zone data (218.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:11: ignoring out-of-zone data (82.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:12: ignoring out-of-zone data (83.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:13: ignoring out-of-zone data (84.135.194.10.in-addr.arpa)
zone openhex.com/IN: has 0 SOA records
zone openhex.com/IN: has no NS records
zone openhex.com/IN: not loaded due to errors.
[root@oem12cdns185 etc]#
[root@oem12cdns185 etc]# named-checkzone openhex.com /var/named/openhex.com.zone
zone openhex.com/IN: loaded serial 42
OK
[root@oem12cdns185 etc]#
Any idea what is the root cause of this issue ?
 
Old 05-26-2015, 04:42 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,189
Blog Entries: 1

Rep: Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051
Quote:
<snip>
Error in named configuration:
zone openhex.com/IN: loaded serial 42
135.194.10.in-addr.arpa:8: ignoring out-of-zone data (35.194.10.in-addr.arpa)
<snip>
This error is because you have a typo in the NS RR. You wrote 35.194.10.in-addr.arpa while the correct is
Code:
135.194.10.in-addr.arpa. IN NS openhex.com.
Note that you don't have an A RR for openhex.com, so you should add one


I also noticed that you miss all the trailing dots after the hostnames in the forward zone.


Regards

Last edited by bathory; 05-26-2015 at 06:00 AM.
 
1 members found this post helpful.
Old 05-26-2015, 07:12 AM   #3
tesla75
LQ Newbie
 
Registered: May 2013
Posts: 15

Original Poster
Rep: Reputation: Disabled
Hi Bathory,
THANK YOU for pointing out the typo (missing 1 ) in /var/named/135.194.10.in-addr.arpa . I've corrected it now.

You said "Note that you don't have an A RR for openhex.com, so you should add one"

Didn't get you. Should this be added in the Forward zone file /var/named/openhex.com.zone ?
Could you please provide a sample or a URL for this .


You said "I also noticed that you miss all the trailing dots after the hostnames in the forward zone. "

I did this based on the config seen in the following URLs. Forward zone files used in the below links didn't have trailing dots after the hostnames.
If you still think there are dots missing Could you please put those dots in red in the below mentioned config files.

http://oracle-base.com/articles/linu....php#var_named

https://balakumarnair.wordpress.com/...1gr2-scan-vip/


After the typo was was corrected, I managed to start the named service. But nslookup from DNS client still errors out with the same error message.
named-checkzone still shows same errors for the reverse zone file /var/named/135.194.10.in-addr.arpa

Firewall stopped on both DNS server and Client. So this is not an issue.
Following are the 3 config files which I am currently using

[root@oem12cdns185 named]#
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# cat /etc/named.conf
options {
listen-on port 53 {127.0.0.1; 10.194.135.185; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.1; 10.194.135.185; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

zone "openhex.com" IN {
type master;
file "openhex.com.zone";
allow-update { none; };
};

zone "135.194.10.in-addr.arpa." IN {
type master;
file "135.194.10.in-addr.arpa";
allow-update { none; };
};



### Reverse zone file
[root@oem12cdns185 named]# cat /var/named/135.194.10.in-addr.arpa
$ORIGIN 135.194.10.in-addr.arpa.
$TTL 1H
@ IN SOA openhex.com. root.openhex.com. ( 2
3H
1H
1W
1H )
135.194.10.in-addr.arpa. IN NS openhex.com.
217 IN PTR pravda178-oravip.openhex.com.
218 IN PTR pravda179-oravip.openhex.com.
82 IN PTR rac-scan.openhex.com.
83 IN PTR rac-scan.openhex.com.
84 IN PTR rac-scan.openhex.com.



#Forward zone file
[root@oem12cdns185 named]# cat /var/named/openhex.com.zone
$TTL 86400
@ IN SOA localhost root.localhost (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
localhost IN A 127.0.0.1
pravda178-oravip.openhex.com IN A 10.194.135.217
pravda179-oravip.openhex.com IN A 10.194.135.218
rac-scan.openhex.com IN A 10.194.135.82
rac-scan.openhex.com IN A 10.194.135.83
rac-scan.openhex.com IN A 10.194.135.84

[root@oem12cdns185 named]#
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped
[root@oem12cdns185 named]#
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# service named start
Starting named: [ OK ]
[root@oem12cdns185 named]#
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 18
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 3691) is running...
[root@oem12cdns185 named]#
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# named-checkzone openhex.com /var/named/openhex.com.zone
zone openhex.com/IN: loaded serial 42
OK
[root@oem12cdns185 named]#
[root@oem12cdns185 named]# named-checkzone openhex.com /var/named/135.194.10.in-addr.arpa
/var/named/135.194.10.in-addr.arpa:3: ignoring out-of-zone data (135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:8: ignoring out-of-zone data (135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:9: ignoring out-of-zone data (217.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:10: ignoring out-of-zone data (218.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:11: ignoring out-of-zone data (82.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:12: ignoring out-of-zone data (83.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:13: ignoring out-of-zone data (84.135.194.10.in-addr.arpa)
zone openhex.com/IN: has 0 SOA records
zone openhex.com/IN: has no NS records
zone openhex.com/IN: not loaded due to errors.
[root@oem12cdns185 named]#

Last edited by tesla75; 05-26-2015 at 07:50 AM.
 
Old 05-26-2015, 08:51 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,189
Blog Entries: 1

Rep: Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051
Quote:
You said "Note that you don't have an A RR for openhex.com, so you should add one"
Since you use openhex.com as your (primary) NS you should add an A RR for it:
Code:
openhex.com.   A 10.194.135.185
or else both forward and reverse zone could not be resolved


Quote:
You said "I also noticed that you miss all the trailing dots after the hostnames in the forward zone. "
...
Could you please put those dots in red in the below mentioned config files.
If you don't add the trailing dots after a hostname, then the zone name is concatenated to it, so for example pravda178-oravip.openhex.com becomes pravda178-oravip.openhex.com.openhex.com. So use the following forward zone:
Code:
$TTL 86400
@ IN SOA localhost root.localhost (
 42 ; serial (d. adams)
 3H ; refresh
 15M ; retry
 1W ; expiry
 1D ) ; minimum
 IN NS openhex.com.
;localhost IN A 127.0.0.1 ;;No needed
openhex.com.   A 10.194.135.185
pravda178-oravip.openhex.com. IN A 10.194.135.217
pravda179-oravip.openhex.com. IN A 10.194.135.218
rac-scan.openhex.com. IN A 10.194.135.82
rac-scan.openhex.com. IN A 10.194.135.83
rac-scan.openhex.com. IN A 10.194.135.84

Quote:
named-checkzone openhex.com /var/named/135.194.10.in-addr.arpa
/var/named/135.194.10.in-addr.arpa:3: ignoring out-of-zone data (135.194.10.in-addr.arpa)
<snip>
This is because you used the wrong zone name. You're supposed to chect the reverse zone, so use
Code:
named-checkzone 135.194.10.in-addr /var/named/135.194.10.in-addr.arpa
 
1 members found this post helpful.
Old 05-26-2015, 09:32 AM   #5
tesla75
LQ Newbie
 
Registered: May 2013
Posts: 15

Original Poster
Rep: Reputation: Disabled
THANK YOU Bathory for taking time to look at this issue.

I made the changes as you've suggested. But, nslookup from a remote node (DNS Client) still fails.

Following is what I did


[root@oem12cdns185 named]# service named stop
Stopping named: [ OK ]


### Modified the forward zone file as shown below (as you had suggested )

[root@oem12cdns185 named]# cat /var/named/openhex.com.zone
$TTL 86400
@ IN SOA localhost root.localhost (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS openhex.com.
;localhost IN A 127.0.0.1 ;;No needed
openhex.com. A 10.194.135.185
pravda178-oravip.openhex.com. IN A 10.194.135.217
pravda179-oravip.openhex.com. IN A 10.194.135.218
rac-scan.openhex.com. IN A 10.194.135.82
rac-scan.openhex.com. IN A 10.194.135.83
rac-scan.openhex.com. IN A 10.194.135.84



[root@oem12cdns185 named]# service named start
Starting named: [ OK ]


[root@oem12cdns185 named]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6
CPUs found: 1
worker threads: 1
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 8987) is running...


### Reverse zone file still has the same error

[root@oem12cdns185 named]# named-checkzone 135.194.10.in-addr /var/named/135.194.10.in-addr.arpa
/var/named/135.194.10.in-addr.arpa:3: ignoring out-of-zone data (135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:8: ignoring out-of-zone data (135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:9: ignoring out-of-zone data (217.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:10: ignoring out-of-zone data (218.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:11: ignoring out-of-zone data (82.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:12: ignoring out-of-zone data (83.135.194.10.in-addr.arpa)
/var/named/135.194.10.in-addr.arpa:13: ignoring out-of-zone data (84.135.194.10.in-addr.arpa)
zone 135.194.10.in-addr/IN: has 0 SOA records
zone 135.194.10.in-addr/IN: has no NS records
zone 135.194.10.in-addr/IN: not loaded due to errors.


In my case, is the reverse zone name 135.194.10.in-addr or 135.194.10.in-addr. ?

### Reverse zone file

[root@oem12cdns185 named]# cat /var/named/135.194.10.in-addr.arpa
$ORIGIN 135.194.10.in-addr.arpa.
$TTL 1H
@ IN SOA openhex.com. root.openhex.com. ( 2
3H
1H
1W
1H )
135.194.10.in-addr.arpa. IN NS openhex.com.
217 IN PTR pravda178-oravip.openhex.com.
218 IN PTR pravda179-oravip.openhex.com.
82 IN PTR rac-scan.openhex.com.
83 IN PTR rac-scan.openhex.com.
84 IN PTR rac-scan.openhex.com.




---- From a remote node (DNS Client) when I try nslookup

[root@pravda178 ~]# nslookup rac-scan.openhex.com
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
 
Old 05-26-2015, 03:10 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,189
Blog Entries: 1

Rep: Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051
Quote:
named-checkzone 135.194.10.in-addr /var/named/135.194.10.in-addr.arpa
/var/named/135.194.10.in-addr.arpa:3: ignoring out-of-zone data (135.194.10.in-addr.arpa)
<snip>
In my case, is the reverse zone name 135.194.10.in-addr or 135.194.10.in-addr. ?
My bad! The zone name is 135.194.10.in-addr.arpa
And you should increase the serial every time you do changes in the zone file, prior reloading bind


Quote:
---- From a remote node (DNS Client) when I try nslookup

[root@pravda178 ~]# nslookup rac-scan.openhex.com
;; connection timed out; trying next origin
;; connection timed out; no servers could be reached
You should open port 53 for both UDP/TCP in your firewall
 
1 members found this post helpful.
Old 05-27-2015, 07:49 AM   #7
tesla75
LQ Newbie
 
Registered: May 2013
Posts: 15

Original Poster
Rep: Reputation: Disabled
Found the cause of no servers could be reached issue.
While troubleshooting the issue, I mistakenly removed the DNS Server entries in /etc/resolv.conf from the DNS Client server

I had to remove allow-query { 127.0.0.1; 10.194.135.185; }; from /etc/named.conf as well .This was the IP of the DNS server. This meant bind can answer queries only from the DNS server !!!


THANK YOU VERY MUCH bathory. Without your help , I couldn't have fixed this issue.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure DNS mask in bind 9 dmond27 Linux - Newbie 1 07-22-2013 02:31 AM
Help me out in configure bind DNS (MUST READ) hassandit Linux - Server 3 08-31-2010 07:41 AM
how to configure bind when using dynamic dns for webserver zogthegreat Linux - Networking 5 04-04-2010 07:10 PM
do i have to use Bind to configure DNS? nasirjones Linux - Newbie 18 07-29-2006 11:45 AM
help configure these BIND /DNS files adengua Linux - Networking 0 03-02-2004 06:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration