Hi guys.. I'm new to the forum and hoping to seek some help in my issue.

I've setup an internal DNS server using the CENTOS flavor and the problem is the local computers cannot resolve the hosts in the CENTOS DNS server.

here's my zone:


$ORIGIN vls.local.
$TTL 86400
@ IN SOA ns1.vls.local. hostmaster.vls.local. (
2001062501 ; serial
21600 ;refresh after 6 hours
3600 ;retry after 1 hour
604800 ;expire after 1 week
86400 ) ;minimum TTL 1 day
IN NS ns1.vls.local.
IN MX 10 mail.vls.local.
IN A 10.0.0.88
ns1 IN A 10.0.0.88
machine IN A 10.0.0.88
ftp IN A 10.0.0.88
mail IN CNAME machine
www IN CNAME machine

Everything resolves in the DNS server but if I use my client computer, it cannot.

Appreciate your help in advance.

Thanks!

You'd need to provide more detail. Is this BIND? DNSMASQ? Something else?

For BIND what is in named.conf? If not BIND what config files?

Are you running iptables and/or a firewall device between the DNS server and the client? If so have you opened port 53?

On the clients what is in /etc/resolv.conf? /etc/nsswitch.conf?

hi thanks for the reply.

i'm using BIND on the CENTOS and here is the named.conf

=================================
options {
listen-on port 53 { 10.0.0.88; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "vls.local" IN {
type master;
file "vls.local.zone";
allow-update { none; };
};

zone "0.0.10.in-addr.arpa" IN {
type master;
file "vls.local.rr.zone";
allow-update { none; };
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
======================

this is the resolv.conf in the CENTOS server

========
search vls.local
nameserver 10.0.0.88
=============

my test client is a windows 7 desktop and no firewall between the CENTOS server and win7 desktop. i've even disabled the firewall in the CENTOS server.

on the win7 client, the dns server configured is 10.0.0.88

thanks!

Hi,

Remove or comment out
Regards

hi bathory.. this did the trick for a while but after a few minutes, the hostname of the DNS server is not accessible again from the win7 desktop. any ideas? thanks!

What you mean by hostname? The FQDN (ns1.vls.local), or just the hostname (ns1)?
What is the output of:
from the win7 client?
The only thing that comes in mind, is that your win7 box gets its network connection by a dhcp server that overwrites the dns IP settings.

Regards

i'm trying to ping ns1.vls.local and all the A records in the zone but i'm not getting any reply.

my win7 client has static ip and everything is set manually even the dns ip.

Getting no reply from ping means nothing. Could be a firewall or something like that, that blocks icmp packets.
Does your win7 box resolve correctly the hosts you're trying to ping?
Run the nslookup command above and post the complete output.

From the Windows 7 client's CMD window run "telnet <dnsserver> 53" to see if you can get to port 53 of the DNS server.

Note that by default Windows 7 has telnet client (and server) disabled. You can enable it by going to:

Start

Control Panel

Programs And Features

Turn Windows features on or off

Check Telnet Client

Hit OK

After that you can start Telnet via Command Prompt.

You may need to close the CMD window and reopen to get telnet
command line to start working.

Note this only enables the client to give you access to the command line. It does not activate the server so no one will have telnet access to your Win 7 box. Telnet is a good command to verify you can get to a specific server/port combination.

i have turned off the win7 client firewall and on the centos server. i can resolve the hosts on the dns server using nslookup but the think is if i browse www.vls.local from the win7 client.. i get "page cannot be displayed" i'am sure that the default page is running on 10.0.0.88 because if i use http://10.0.0.88 on the win7 client, it displays the website.

hi.. whenever i telnet to the dns server it connects and give me a blank screen.. i'm assuming that it connects to the dns server? thanks!

Telnet tests connectivity using tcp protocol, while dns uses primarily udp.
So once again, run nslookup and post the results.

here's the output:

C:\Users\allan>nslookup www.vls.local 10.0.0.88
Server: machine.vls.local
Address: 10.0.0.88

Name: machine.vls.local
Address: 10.0.0.88
Aliases: www.vls.local

but like I said when I browse www.vls.local the page in not showing up.

DNS uses both udp and tcp. If you can get to tcp its a good bet you can get to udp. (That is it isn't uncommon to see port 53 blocked but it IS uncommon to see TCP port 53 open without UDP port 53 also being open.) A blank screen rather than a timeout indicates you did connect. You hit Ctrl and the right square bracket "]" to get telnet command line and type "close" to exit the telnet connection.

Notice that your command tells you both which name server responded:


And the response it gave:

What happens if you try only:
nslookup www.vls.local

Specifically which SERVER does it say responded?

In your command you specified the server to try the lookup on it may be that it isn't finding the server that is your problem.

If you DO get the response from the the right server with the right address from the above nslookup without specifying server then it means your issue is in the Web setup NOT the DNS setup.

I get the same result if I do nslookup www.vls.local only

I can't do ftp using ftp.vls.local aside from the web problem. I'm really stuck..