VietTrung
asked on
Windows clients do not recognize Linux DNS Server in LAN !
Hi all,
A nice day to you !
My LAN contains both Windows and Linux hosts.
I have built DNS on a Linux box for my LAN following the steps below:
1. Build a zone file.
2. Declare the zone in the /etc/named.conf.
3. Start the named service.
-->The log file /var/log/messages shows no errors.
4.Test using dig command on the Linux box itseft for resolving some hostname considered in the zone file.
-->It works well !!!
5. Set the preffered DNS of each Windows in LAN to the Linux box (DNS Server) IP (in this case is 10.10.1.44).
6. Some more:
All Windows clients and the Linux box have the same subnet mask (in this case is 255.255.0.0) and can be able to ping well to each other by IP address.
**************
My problem is:
On a Windows client in LAN, I use nslookup command to test some hostname considered in the zone file in the Linux box :
------------------------
C:/>nslookup hostname.mydomain
------------------------
The bad result appears:
--------------------------
*** Can't find server name for address 10.10.1.44: No response from server
Server: UnKnown
Address: 10.10.1.44
*** UnKnown can't find hostname.mydomain: No response from server
--------------------------
Please note that 10.10.1.44 is the IP of the Linux box (DNS Server).
So I think, that means the Windows client does not recognize the Linux DNS Server somehow.
How can I fix the problem ?
The question is important for me, so warmly welcome any suggest from you !
Thanks in advance.
.VietTrung.
A nice day to you !
My LAN contains both Windows and Linux hosts.
I have built DNS on a Linux box for my LAN following the steps below:
1. Build a zone file.
2. Declare the zone in the /etc/named.conf.
3. Start the named service.
-->The log file /var/log/messages shows no errors.
4.Test using dig command on the Linux box itseft for resolving some hostname considered in the zone file.
-->It works well !!!
5. Set the preffered DNS of each Windows in LAN to the Linux box (DNS Server) IP (in this case is 10.10.1.44).
6. Some more:
All Windows clients and the Linux box have the same subnet mask (in this case is 255.255.0.0) and can be able to ping well to each other by IP address.
**************
My problem is:
On a Windows client in LAN, I use nslookup command to test some hostname considered in the zone file in the Linux box :
------------------------
C:/>nslookup hostname.mydomain
------------------------
The bad result appears:
--------------------------
*** Can't find server name for address 10.10.1.44: No response from server
Server: UnKnown
Address: 10.10.1.44
*** UnKnown can't find hostname.mydomain: No response from server
--------------------------
Please note that 10.10.1.44 is the IP of the Linux box (DNS Server).
So I think, that means the Windows client does not recognize the Linux DNS Server somehow.
How can I fix the problem ?
The question is important for me, so warmly welcome any suggest from you !
Thanks in advance.
.VietTrung.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Well, my setup will be very close to what da99rmd posted, but not the same. For redhat or fedora looks:
# dns
-A INPUT -p tcp -m tcp -d 10.10.1.44 --dport 53 -j ACCEPT
-A INPUT -p udp -m udp -d 10.10.1.44 --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -d 10.10.1.44 -j ACCEPT
or from command line or shell script:
# dns
/sbin/iptables -A INPUT -p tcp -m tcp -d 10.10.1.44 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp -d 10.10.1.44 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 53 -d 10.10.1.44 -j ACCEPT
There is a typo at the first line da99rmd posted. I don't know a command "allowed" with IP tables so be careful when copy and paste. I don't know is command like --source-port works. Never used it that way. I'm using --sport.
Note: If you are using redhat or fedora and you do not type "-m protocol" you will get an error and iptables will not start.
# dns
-A INPUT -p tcp -m tcp -d 10.10.1.44 --dport 53 -j ACCEPT
-A INPUT -p udp -m udp -d 10.10.1.44 --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -d 10.10.1.44 -j ACCEPT
or from command line or shell script:
# dns
/sbin/iptables -A INPUT -p tcp -m tcp -d 10.10.1.44 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp -d 10.10.1.44 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --sport 53 -d 10.10.1.44 -j ACCEPT
There is a typo at the first line da99rmd posted. I don't know a command "allowed" with IP tables so be careful when copy and paste. I don't know is command like --source-port works. Never used it that way. I'm using --sport.
Note: If you are using redhat or fedora and you do not type "-m protocol" you will get an error and iptables will not start.
Ahhh 1 more thing. Because these address you are using are private (10.10.0.0/16) you can add in your firewall setup these lines in the begging also:
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.10.0.0/16 -j ACCEPT
or for command line/shell script:
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -s 10.10.0.0/16 -j ACCEPT
That means:
- accept any connection if it's coming from interface local (127.0.0.1/8)
- accept any connection with source ip from network 10.10.0.0/16 (in that case your network).
Put these rules before the rules for the dns. This will allow all internal machines to have access to the linux box and you don't have to worry about the firewall every time you are installing new service.
Btw instead setting up manually dns and ip to any windows machine, if I was you I was going to setup DHCPD on my linux machine and make each windows to take an IP from the DHCPD. Just my point of view.
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.10.0.0/16 -j ACCEPT
or for command line/shell script:
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -s 10.10.0.0/16 -j ACCEPT
That means:
- accept any connection if it's coming from interface local (127.0.0.1/8)
- accept any connection with source ip from network 10.10.0.0/16 (in that case your network).
Put these rules before the rules for the dns. This will allow all internal machines to have access to the linux box and you don't have to worry about the firewall every time you are installing new service.
Btw instead setting up manually dns and ip to any windows machine, if I was you I was going to setup DHCPD on my linux machine and make each windows to take an IP from the DHCPD. Just my point of view.
ASKER
A nice day to you, jozatan and da99rmd !
I am very glad to receive all your supports. Especially jozatan, you have given me the very useful and detail help more than I would expect.
I shall try to your suggestions.
Thank you very much, jozatan and da99rmd.
Cheers,
.VietTrung.
ASKER
Absolutely as you said !
When I disable the firewall on Linux box, the thing comes right at once !
THAT'S GREAT!!!
One more favour I am expecting from you, that is:
You said that I should open the following ports in Linux box for DNS:
--------------------------
destination 53/tcp open for everybody
destination 53/udp open for everybody
source 53/udp open for everybody
--------------------------
I have to admit that I am a new comer with Linux, so would you mind showing me the way to do so ?
Thank you very much for your support and sorry for any inconvenience.
Best regards,
VietTrung