LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Problems w/ caching-only nameserver (BIND9.3.3-10) (https://www.linuxquestions.org/questions/linux-server-73/problems-w-caching-only-nameserver-bind9-3-3-10-a-626854/)

KaniGT5 03-09-2008 03:55 PM
Problems w/ caching-only nameserver (BIND9.3.3-10)
 
Hey guys,

I pushed down bind, bind-chroot, bind-utils, and caching-nameserver all via up2date.

Having trouble when I startup BIND, DNS is not working properly, whenever bind starts, I loose my own forwarders im assuming? from /etc/resolv.conf

I am very new to BIND, and reading as much info as I can grasp on the subject.

forgot to mention - OS is RHEL5 , named.conf is located in /var/named/chroot/etc

named.conf:

Code:
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory        "/var/named";
        dump-file        "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        query-source    port 53;       
        query-source-v6 port 53;
        allow-query    { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients            { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};
named.rfc.1912.zones :

Code:
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};
I have not generated an rdnc.key yet. At this point my objective is to make this caching-only nameserver work so I can ultimately ping other hosts over the LAN, and have each person that is obtaining an IP via dhcpd to also be able to get out to the internet.

Any help on this subject is greatly appreciated.

dkm999 03-10-2008 02:07 PM
What you have is a (new to BIND 9) configuration for a cacheing-only local nameserver. This configuration will only respond to queries from "localhost" and for "localhost", because you have nearly all your config info specified within a view. This may in fact be what you want, but unless the hostname of your RHEL 5 box is "localhost", maybe not. The most troublesome of the substatements in your view specification seems to be
Code:
match-destinations {localhost;};
This substatement says that the view only applies to queries for the address of "localhost". This is almost certainly not what you want. I would recommend removing (or commenting out) this line and seeing how things stand once you restart named.

Perhaps you can tell us a little more about what does and does not work when named is running; at the same time, if there are any complaints in the logfile from named, please post them as well. I think the default for error messages (since you have nothing for them in your logging section) is syslog, which will put them into /var/log/messages.

The things to check are:

1. Using dig or nslookup, can your box resolve "localhost" to 127.0.0.1 ?
2. Can it do the reverse (given 127.0.0.1, does the name come back "localhost") ?
3. Can it reach a root server (the names and addresses are listed in /var/named/chroot/var/named/named.ca) ?
4. Can it reach a well-known Internet site (eg www.google.com) ?

After that, let us know what else does not work. As things are configured now, no other machine on your local net will be able to use the cacheing nameserver. You can change that by creating an access control list (acl, specifying addresses or address ranges, and then substituting that acl name for "localhost" in two places: in allow-query, and in match-clients.


All times are GMT -5. The time now is 01:45 PM.