How to access external website through constructed DNS?

your_shadow03 · 12-10-2009, 06:53 AM

I have setup internal DNS Server. It resolves and work fine within the network.
But how can I perform digging to yahoo.com:

DNS Server

Code:

#dig -x yahoo.com

No output.

rweaver · 12-10-2009, 09:08 AM

Sounds like you disabled recursion on your dns server.

Re-enable it and you should be able to perform off site look ups (provided you haven't tinkered with configs to the point of break the root servers or something similar... that is also assuming you don't have a firewall blocking the requests out.)

bathory · 12-10-2009, 11:03 AM

To resolve a domain you don't need the -x option (it's used for reverse lookups). So you have to run:

Code:

dig yahoo.com

to test your dns

your_shadow03 · 12-10-2009, 12:17 PM

Thats Ok Bathory..
But I need is this specific scenerio:
Explanation:

I have setup a personal DNS Server through bind in the intranet.Its resolving fine and working from Client Machine too.I have a corporate DNS too which can help me connect to the internet.But Since this is my personal DNS setup how can it be possible to access the internet.Can I perform some forwarding rule so that we can make it work.

Code:

       Intranet==========Client1
          ||  \
          ||   \
          ||    \ Internet
       Client2

bathory · 12-10-2009, 12:38 PM

I cannot fully understand what you mean by

Quote:

.Its resolving fine and working from Client Machine too.

You mean that it can resolve local domains/hostnames that is authoritative for, but cannot resolve all other internet domains such as yahoo.com?
If that's the case, you have to either setup forward and use your corporate dns server in the forwarders statement, or add the hint "." zone, so you'll have a caching dns server.

your_shadow03 · 12-10-2009, 12:38 PM

All I have done till now:

Code:

[root@localhost ~]# rpm -qa bind*
bind-libs-9.2.4-24.EL4
bind-utils-9.2.4-24.EL4
bind-9.2.4-24.EL4
bind-chroot-9.2.4-24.EL4
bind-devel-9.2.4-24.EL4
bind-libs-9.2.4-24.EL4
[root@localhost ~]#

The IP Details of my Machine are:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:17:C6:BE:47
inet addr:10.14.77.33 Bcast:10.14.77.127 Mask:255.255.255.128
inet6 addr: fe80::216:17ff:fec6:be47/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36287 errors:0 dropped:0 overruns:0 frame:0
TX packets:19141 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5408275 (5.1 MiB) TX bytes:2370680 (2.2 MiB)
Interrupt:201

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18714 errors:0 dropped:0 overruns:0 frame:0
TX packets:18714 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10174891 (9.7 MiB) TX bytes:10174891 (9.7 MiB)

[root@localhost ~]#

The Exact Steps I followed are mentioned Below:

1. Open a file /etc/hosts and make it look like this:


[root@localhost ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost

[root@localhost ~]#

2.Edit the file /etc/resolv.conf:

[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script

search tuxbuddy.logica.com
nameserver 10.14.77.33
[root@localhost ~]#

3. Run this Command:

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:16:17:C6:BE:47
ONBOOT=yes
TYPE=Ethernet
PEERDNS=no
[root@localhost ~]#

4. Follow this step:

[root@localhost etc]# pwd
/var/named/chroot/etc
[root@localhost etc]# vi named.conf

//
// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "tuxbuddy.logica.com" IN {
type master;
file "tuxbuddy.logica.com.zone";
allow-update { none; };
};

zone "33.77.14.10.in-addr.arpa" IN {
type master;
file "10.14.77.33.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

include "/etc/rndc.key";


Save the file.

5.Edit the Database Files:

[root@localhost named]# pwd
/var/named/chroot/var/named
[root@localhost named]#vi tuxbuddy.logica.com

$TTL 86400
@ IN SOA station1.tuxbuddy.logica.com. root.station1.tuxbuddy.logica.com. (
2009091100; Serial
28800 ; Refresh
14400 ; Retry
3600000 ;Expire
0 ) ; Negative

@ IN NS station1.tuxbuddy.logica.com.
@ IN A 10.14.77.33

station1.tuxbuddy.logica.com. IN A 10.14.77.33
www IN A 10.14.77.33
ftp IN A 10.14.77.33
pop IN A 10.14.77.33

www1 IN CNAME station1.tuxbuddy.logica.com.
www2 IN CNAME station2.tuxbuddy.logica.com.
www.station1.tuxbuddy.logica.com IN A 10.14.77.33
Innovation2.groupinfra.com. IN A 10.14.16.215
@ IN MX 10 station1.tuxbuddy.logica.com.
station1 IN MX 10 station1.tuxbuddy.logica.com.
~


[root@localhost named]#

6. Edit this file too:

[root@localhost named]# pwd
/var/named/chroot/var/named
[root@localhost named]#

[root@localhost named]# cat 10.14.77.33.zone
$TTL 86400
@ IN SOA station1.tuxbuddy.logica.com. root.station1.tuxbuddy.logica.com. (
4 10800 3600 604800 86400 )
IN NS station1.tuxbuddy.logica.com.
33.77.14.10.IN-ADDR.ARPA. IN PTR station1.tuxbuddy.logica.com.
[root@localhost named]#

[root@localhost named]# dig -x 10.14.77.33

; <<>> DiG 9.2.4 <<>> -x 10.14.77.33
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48322 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;33.77.14.10.in-addr.arpa. IN PTR ;; ANSWER SECTION: 33.77.14.10.in-addr.arpa. 86400 IN PTR station1.tuxbuddy.logica.com. ;; AUTHORITY SECTION: 33.77.14.10.in-addr.arpa. 86400 IN NS station1.tuxbuddy.logica.com.

;; ADDITIONAL SECTION:
station1.tuxbuddy.logica.com. 86400 IN A 10.14.77.33

;; Query time: 1 msec
;; SERVER: 10.14.77.33#53(10.14.77.33)
;; WHEN: Wed Oct 7 07:28:30 2009
;; MSG SIZE rcvd: 114

your_shadow03 · 12-10-2009, 12:39 PM

Bathory,
The Entry:

Code:

zone "." IN {
type hint;
file "named.ca";
};

Is that what you are talking about?

bathory · 12-10-2009, 12:48 PM

Yes that's the hint zone.
Can you get an answer running:

Code:

dig +trace yahoo.com

your_shadow03 · 12-10-2009, 12:51 PM

it displays:

Code:

[root@bangmediasrv1 etc]# dig +trace yahoo.com

; <<>> DiG 9.2.4 <<>> +trace yahoo.com
;; global options:  printcmd
.                       3600000 IN      NS      K.ROOT-SERVERS.NET.
.                       3600000 IN      NS      L.ROOT-SERVERS.NET.
.                       3600000 IN      NS      M.ROOT-SERVERS.NET.
.                       3600000 IN      NS      A.ROOT-SERVERS.NET.
.                       3600000 IN      NS      B.ROOT-SERVERS.NET.
.                       3600000 IN      NS      C.ROOT-SERVERS.NET.
.                       3600000 IN      NS      D.ROOT-SERVERS.NET.
.                       3600000 IN      NS      E.ROOT-SERVERS.NET.
.                       3600000 IN      NS      F.ROOT-SERVERS.NET.
.                       3600000 IN      NS      G.ROOT-SERVERS.NET.
.                       3600000 IN      NS      H.ROOT-SERVERS.NET.
.                       3600000 IN      NS      I.ROOT-SERVERS.NET.
.                       3600000 IN      NS      J.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
dig: couldn't get address for 'K.ROOT-SERVERS.NET': failure

saagar · 12-10-2009, 01:01 PM

I think, in your main configuration file named.conf the following should be added..:

options
{
blah;;;

forwarders { <your isp dns server ip>;
<your isp dns server ip>;
};

blah;;;

};

your_shadow03 · 12-10-2009, 01:10 PM

I can see that there is /var/named/chroot/etc/named.conf under which I tried entering:

Code:

cat named.conf|more
//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        forwarders { 10.236.1.252; };
        forward only;
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost;192.168.0.0; } keys { rndckey; };
};

zone "." IN {
--More--

I tried making the following entry but it dint work.The IP is my company DNS Server.
[root@bangmediasrv1 etc]# dig +trace yahoo.com

; <<>> DiG 9.2.4 <<>> +trace yahoo.com
;; global options: printcmd
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

;; connection timed out; no servers could be reached

bathory · 12-10-2009, 01:32 PM

Quote:

;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
dig: couldn't get address for 'K.ROOT-SERVERS.NET': failure

Are you sure you have the file named.ca, because according to this you need also the package caching-nameserver.
And you don't need forward(ers) if you go to a caching dns solution

your_shadow03 · 12-10-2009, 09:12 PM

Yes I have that there:

Code:

# cat named.ca
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File

bathory · 12-11-2009, 12:39 AM

Can you resolve a domain using either a root server, or your corporate dns?

Code:

dig yahoo.com @193.0.14.129
dig yahoo.com @10.236.1.252

your_shadow03 · 12-11-2009, 02:32 AM

Bathory,
Its working now.
I can resolve yahoo without any issue.
I have new requirement:
I have a DNS Server where I constructed DNS. This Machine has two interfaces- eth0 and eth1.Whatever I did was for eth0 now my project manager exactly wanted is on eth1 ( 192.168.x.x)series so that the 192.168 LAN can access DNS on only DNS Server eth1 not on eth0.
My entire scenrios is :

Code:

                    eth0 --Machine(DNS Server)<--eth1- LAN

Now 192.168 series is running ESX Servers which should request to DNS Server at eth1 only not on eth0.Also, the requirement is through eth0 it should connect to my company DNS through NAT and connect to outside network for accessing Yahoo.