named.conf

elliot01 · 10-16-2009, 04:45 AM

Hi all,

Looking for some assistance with DNS forwarding, if someone would be so kind.

My network has two domains, each with their own DNS servers.

my-domain.co.uk (linux servers) 10.11.1.1 = DNS Server
my-domain.local (Windows servers) 10.11.254.1 = DNS Server

The Active Directory servers are configured to forward any requests for 'my-domain.co.uk' to my linux 10.11.1.1 server.

I would like to configure my linux server to do the same (ie: point requests for 'my-domain.local' resolution to my Active Directory server (10.11.254.1)).

I need some help with this though please.

I have tried adding the following to my /etc/named.conf:

Code:

zone "my-domain.local" {
        type slave;
        masters { 10.11.254.1; 10.11.254.2; };
};

After restarting the service and trying an 'nslookup' on a host within 'my-domain.local' though, it doesn't seem to work.

Could someone please advise exactly what I need to add to my named.conf in order for this to work?

My existing named.conf:

Code:

options {
        directory "/var/named";
        version "666";
        allow-transfer { key "ns01-ns02.key"; };
        allow-query { any; };
        allow-recursion { 10.11.1.0/16; 127.0.0.1; };
        forwarders { 158.152.1.43; 158.152.1.58; };
        pid-file "/var/run/named/named.pid";
};

logging {
   channel systemlog {
      file "/var/log/named/named.log";
      severity debug;
      print-time yes;
   };
   channel audit_log {
      file "/var/log/named/security.log";
      severity debug;
      print-time yes;
   };
   channel xfer_log {
      file "/var/log/named/xfer.log";
      severity debug;
      print-time yes;
   };
   category default { systemlog; };
   category security { audit_log; systemlog; };
   category config { systemlog; };
   category xfer-in { xfer_log; };
   category xfer-out { xfer_log; };
   category notify { audit_log; };
   category update { audit_log; };
   category queries { audit_log; };
   category lame-servers { audit_log; };
};


zone "." {
        type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "pz/127.0.0";
};

zone "my-domain.co.uk" {
        type master;
        notify no;
        file "pz/localdomain";
        allow-update { 10.11.1.1; 127.0.0.1; };
};

zone "11.10.in-addr.arpa" {
        type master;
        notify no;
        file "pz/localnet";
        allow-update { 10.11.1.1; 127.0.0.1; };
};

zone "my-domain.local" {
        type slave;
        masters { 10.11.254.1; 10.11.254.2; };
};

Thank you very much for your time.

Elliot

carltm · 10-16-2009, 07:12 PM

I would add the line 'file "dbs.my-domain.local";' to the my-domain.local
zone. This tells it to save a copy of the zone file, which is can be
helpful.

Otherwise what you have should work. Technically it is not forwarding,
it is making your Linux server authoritative for the zone.

Look in /var/log/messages or /var/log/syslog after restarting named
services. I'll bet that you'll find that your server isn't getting
a zone transfer from your Windows servers.

Forrest Coredump · 10-16-2009, 09:13 PM

You can add the forwarders the main section of your named.conf file (I removed the secondary forwarder becauser you are limited to a maximum of three). This is probably the easiest solution and should work...

options {
directory "/var/named";
version "666";
allow-transfer { key "ns01-ns02.key"; };
allow-query { any; };
allow-recursion { 10.11.1.0/16; 127.0.0.1; };
forwarders { 158.152.1.43; 10.11.254.1; 10.11.254.2; };
pid-file "/var/run/named/named.pid";
};

logging {
channel systemlog {
file "/var/log/named/named.log";
severity debug;
print-time yes;
};
channel audit_log {
file "/var/log/named/security.log";
severity debug;
print-time yes;
};
channel xfer_log {
file "/var/log/named/xfer.log";
severity debug;
print-time yes;
};
category default { systemlog; };
category security { audit_log; systemlog; };
category config { systemlog; };
category xfer-in { xfer_log; };
category xfer-out { xfer_log; };
category notify { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};

zone "." {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
type master;
notify no;
file "pz/127.0.0";
};

zone "my-domain.co.uk" {
type master;
notify no;
file "pz/localdomain";
allow-update { 10.11.1.1; 127.0.0.1; };
};

zone "11.10.in-addr.arpa" {
type master;
notify no;
file "pz/localnet";
allow-update { 10.11.1.1; 127.0.0.1; };
};

elliot01 · 10-17-2009, 05:56 AM

Hi guys,

I sincerely appreciate the time you have spent responding to my query. Thank you very much for the feedback - I'll put it into practice!

elliot01 · 10-19-2009, 06:47 AM

Quote:

Originally Posted by carltm

I would add the line 'file "dbs.my-domain.local";' to the my-domain.local
zone. This tells it to save a copy of the zone file, which is can be
helpful.

Otherwise what you have should work. Technically it is not forwarding,
it is making your Linux server authoritative for the zone.

Look in /var/log/messages or /var/log/syslog after restarting named
services. I'll bet that you'll find that your server isn't getting
a zone transfer from your Windows servers.

I'm back!

I have updated my named.conf as follows (adding the "file " suggestion as well as other bits I have picked up via this forum and Google):

Code:

options {
        directory "/var/named";
        version "666";
        allow-transfer { key "ns01-ns02.key"; };
        allow-query { any; };
        allow-recursion { 10.11.1.0/16; 127.0.0.1; };
        forwarders { 10.11.254.1; 158.152.1.43; 158.152.1.58; };
        pid-file "/var/run/named/named.pid";
        };

key rndc {
algorithm hmac-md5 ;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc; };
};

logging {
   channel systemlog {
      file "/var/log/named/named.log";
      severity debug;
      print-time yes;
   };
   channel audit_log {
      file "/var/log/named/security.log";
      severity debug;
      print-time yes;
   };
   channel xfer_log {
      file "/var/log/named/xfer.log";
      severity debug;
      print-time yes;
   };
   category default { systemlog; };
   category security { audit_log; systemlog; };
   category config { systemlog; };
   category xfer-in { xfer_log; };
   category xfer-out { xfer_log; };
   category notify { audit_log; };
   category update { audit_log; };
   category queries { audit_log; };
   category lame-servers { audit_log; };
};

zone "." {
        type hint;
        file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "pz/127.0.0";
};

zone "my-domain.co.uk" {
        type master;
        notify no;
        file "pz/localdomain";
        allow-update { 10.11.1.1; 127.0.0.1; };
};

zone "11.10.in-addr.arpa" {
        type master;
        notify no;
        file "pz/localnet";
        allow-update { 10.11.1.1; 127.0.0.1; };
};

zone "my-domain.local" {
        type slave;
        file "slave/my-domain.local";
        allow-update {10.11.254.1;};
        masters { 10.11.254.1; 10.11.254.2; };
};

Problem at the moment is that my slave/my-domain.local file isn't being updated in any way. It's just a blank file, do I need to write some form of structure or template into it?

Thanks.

Forrest Coredump · 10-19-2009, 11:26 AM

Oops! One more thing, don't forget to increment the serial number on the zone file after making your update. e.g.,

FROM:
version "666";

TO:
version "667";

elliot01 · 10-19-2009, 12:43 PM

Eek, thanks