| View previous topic :: View next topic |
| Author |
Message |
Newbee 12
n00b
Joined: 31 Oct 2012
Posts: 38
Location: Northwest, USA
|
 Posted: Fri Aug 16, 2013 10:42 pm Post subject: [SOLVED]DNS not resolving by names only by IP |
 |
|
| Quote: | | I was able to solve the DNS issue by NOT following the the example found in the bind-guide.xml on www.gentoo.org documents |
| Quote: | | HI have configured DNS using Bind 9 followed the instructions in the Bind 9 Admin Guide, however I cannot use names to get to websites only IP addresses. Any help appreciated have I overlooked something? This DNS server goes to our gateway then to the ISP provider. |
| Quote: |
GNU nano 2.3.1 File: /etc/bind/named.conf
# named.conf for the pacificcabinets.com domain
acl pcinet { 192.168.1.0/24; };
#include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { pcinet; }
keys { "rndc-key"; };
};
options {
directory "/var/bind";
forward first;
forwarders { 64.126.133.1; 64.126.155.1; 66.82.4.8; 205.162.184.2; };
listen-on-v6 { none; };
listen-on port 53 { 127.0.0.1; 192.168.1.50; };
allow-query-cache { any; };
allow-query { pcinet; };
allow-transfer {pcinet; };
recursion no;
pid-file "/var/run/named/named.pid";
};
key "rndc-key" {
algorithm hmac-md5;
secret "0FIdFO/wBoNbzxX+knYrqQ==";
};
view "internal" {
match-clients { 192.168.1.0/24; localhost; };
# recursion yes;
zone "PACIFICCABINETS.COM" {
type master;
file "pri/PACIFICCABINETS.internal";
allow-update {none; };
# allow-transfer { any; };
# allow-query { any; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "pri/192.zone";
allow-update { none; };
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "." IN {
type hint;
file "named.cache";
};
};
view "external" {
match-clients { any; };
recursion no;
zone "PACIFICCABINETS.COM" {
type master;
file "pri/PACIFICCABINETS.external";
allow-query { pcinet; };
};
};
logging {
channel default_syslog {
file "/var/log/named/named.log" versions 3 size 5m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_syslog ;};
};
|
| Quote: |
GNU nano 2.3.1 File: /etc/bind/pri/PACIFICCABINETS.internal
$ORIGIN PACIFICCABINETS.COM.
$TTL 1D
@ IN SOA tux.PACIFICCABINETS.com. root.PACIFICCABINETS.com. (
061220136; serial
3h ; refresh
1h ; retry
1w ; expiry
1d) ; minimum
NS tux
pacificcabinets.com. MX 10 webmail
tux A 192.168.1.50
buri A 192.168.1.53
borr A 192.168.1.54
info A 192.168.1.251
webmail A 192.168.1.53
|
| Quote: |
GNU nano 2.3.1 File: /etc/bind/pri/PACIFICCABINETS.external
$TTL 1D
@ IN SOA tux.PACIFICCABINETS.com. root.PACIFICCABINETS.com. (
061220136 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1d) ; minimum
NS tux
tux A 192.168.1.50
|
| Quote: |
GNU nano 2.3.1 File: /etc/bind/pri/192.zone
$TTL 1D
@ 1D IN SOA ns.PACIFICCABINETS.com. root.PACIFICCABINETS.com. (
061220137 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS PACIFICCABINETS.
#1.0.0 1D IN PTR localhost.
|
| Quote: |
GNU nano 2.3.1 File: /etc/bind/pri/127.zone
$ORIGIN 127.in-addr.arpa.
$TTL 1D
@ 1D IN SOA localhost. root.localhost. (
061220135 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ 1D IN NS localhost.
1.0.0 1D IN PTR localhost.
|
| Quote: | | I can ping internal and external from dns server host does nothing. |
_________________
Newbee 12
Last edited by Newbee 12 on Wed Sep 11, 2013 6:23 pm; edited 1 time in total |
|
| Back to top |
|
 |
666threesixes666
Veteran
Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w
|
| Posted: Fri Aug 16, 2013 10:54 pm Post subject: |
|
|
try for me....
| Code: |
forwarders { 64.126.133.1; 64.126.155.1; 66.82.4.8; 205.162.184.2; };
|
to
| Code: |
forwarders {
x.x.x.x; // Your ISP NS
x.x.x.x; // Your ISP NS
4.2.2.1; // Level3 Public DNS
4.2.2.2; // Level3 Public DNS
8.8.4.4; // Google Open DNS
8.8.8.8; // Google Open DNS
};
|
and change x.x.x.x to your upstream DNS... if that doesnt work, remove the x.x.x.x lines and try 4.2.2.1 so on.....
here is a copy of my known working config used to resolve only...... (its very generic, and very default)
| Code: |
/*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-9 for more details.
* Online versions of the documentation can be found here:
* http://www.isc.org/software/bind/documentation
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/
acl "xfer" {
/* Deny transfers by default except for the listed hosts.
* If we have other name servers, place them here.
*/
none;
};
/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};
allow-query-cache {
/* Use the cache for the "trusted" ACL. */
trusted;
};
allow-recursion {
/* Only trusted addresses are allowed to use recursion. */
trusted;
};
allow-transfer {
/* Zone tranfers are denied by default. */
none;
};
allow-update {
/* Don't allow updates, e.g. via nsupdate. */
none;
};
/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
forward first;
forwarders {
x.x.x.x; // Your ISP NS
x.x.x.x; // Your ISP NS
4.2.2.1; // Level3 Public DNS
4.2.2.2; // Level3 Public DNS
8.8.4.4; // Google Open DNS
8.8.8.8; // Google Open DNS
};
//dnssec-enable yes;
//dnssec-validation yes;
/*
* As of bind 9.8.0:
* "If the root key provided has expired,
* named will log the expiration and validation will not work."
*/
//dnssec-validation auto;
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
};
/*
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
*/
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
zone "." in {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
notify no;
};
/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};
//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };
/* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };
/* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};
|
basically im saying document then revert your configurations, and keep introducing information until it stops running properly, to find your error.
further reading... https://wiki.archlinux.org/index.php/BIND
http://www.gentoo.org/doc/en/bind-guide.xml
(plz wiki @ wiki.gentoo.org if you get it fixed as you desire) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
