• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

name server configuration

Hi
I have configured my dnsserver( workshop.example.local and all the clients( bkworkshop) is looking to this dns server via /etc/resolv.conf : nameserver 192.168.2.116  

from clients if do dns query like whichi working fine :
 [root@bkworkshop etc]# nslookup workshop
Server:         192.168.2.116
Address:        192.168.2.116#53

Name:   workshop.example.local
Address: 192.168.2.116

but form server do nslookup to itslef or even any clients, it will fail

[root@workshop etc]# nslookup bkworkshop
Server:         192.168.2.116
Address:        192.168.2.116#53

** server can't find bkworkshop: NXDOMAIN

Ok : initially, i added example.local.zone reference in named.rfc1912 , then from server i was able to do any internal dns query.

now i have change example.local.zone in named.conf , and now clients and do any internal query but server cant!!!

i guess, i need to enable some allow-query options
but dont understand why

and also : why when i insert example.local.zone in named.rfc1912 , then server was ablel to query but as soon as i insert that one in named.conf server is unable to query


named.txt
named.rfc1912.txt
0
fosiul01
Asked:
fosiul01
  • 11
  • 10
1 Solution
 
RowleyCommented:
I assume you can resolve the fqdn of bkworkshop OK? Hhave you specified the default domain and or search options in your servers resolv.conf?

domain example.com
search example2.com

See the resolv.conf man page for more detailed info. Relevant excerpt:

"domain Local domain name.
Most queries for names within this domain can use short names relative to the local domain.  If no domain entry is present, the domain is determined from the local host name  returned  by  gethost- name();  the domain part is taken to be everything after the first ..  Finally, if the host name does not contain a domain part, the root domain is assumed.
0
 
fosiul01Author Commented:
[root@workshop etc]# cat resolv.conf
search example.local

nameserver 192.168.2.116
0
 
RowleyCommented:
In your named.conf file, this looks wrong to me:

zone "example.local" IN {

Specifically the IN. Shouldn't be there afaik.

on the server:

dig example.local

You should get some output similar to the following dig on my server for test.com if you've configured the zone properly:

; <<>> DiG 9.5.0-P1 <<>> test.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 169
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;test.com.                      IN      A

;; AUTHORITY SECTION:
test.com.               21600   IN      SOA     centos01.test.com. root.centos01.test.com. 2008082901 10800 3600 604800 21600

;; Query time: 1 msec
;; SERVER: 192.168.128.101#53(192.168.128.101)
;; WHEN: Tue Nov  4 10:46:47 2008
;; MSG SIZE  rcvd: 76

Also, check your log files, usually messages file for errors, warnings etc.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
fosiul01Author Commented:
Ok dig from client pc :

[root@bkworkshop sysconfig]# dig example.local

; <<>> DiG 9.3.4-P1 <<>> example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1488
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.local.                 IN      A

;; ANSWER SECTION:
example.local.          604800  IN      A       192.168.2.116

;; AUTHORITY SECTION:
example.local.          604800  IN      NS      workshop.example.local.

;; ADDITIONAL SECTION:
workshop.example.local. 604800  IN      A       192.168.2.116

;; Query time: 4 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 12:38:18 2008
;; MSG SIZE  rcvd: 86



and dig from server

[root@workshop etc]# dig example.local

; <<>> DiG 9.3.4-P1 <<>> example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.local.                 IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2008110400 1800 900 604800 86400

;; Query time: 133 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 10:52:23 2008
;; MSG SIZE  rcvd: 106



note : you will see cliet pc is getting all the information but server there is some information missing
0
 
RowleyCommented:
just saw, zone class IN is defaulted, ergo its not required but not incorrect.
0
 
RowleyCommented:
your name servers resolver seems to think some other server is authoritative for the zone. Have you got some rogue entries in your nscd cache? Restart nscd if you can, or flush the entries running nscd -i hosts then try again. Also, have you anything meaningful in the messages file?
0
 
fosiul01Author Commented:
but my server unable to find any client pc, what shall i do with that ??

as i said, nslookup bkworkshop  [ it will fail]
                host bkworkshop      [it will fail]
0
 
RowleyCommented:
- are you clients listed in your zone file?
0
 
fosiul01Author Commented:
yes, wait

; example.local
$TTL    604800
@       IN      SOA     workshop.example.local. root.example.local. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
@           IN      NS      workshop
            IN      MX      10 mail
            IN      A       192.168.2.116
workshop    IN      A       192.168.2.116
bkworkshop  IN      A       192.168.2.117
mail        IN      A       192.168.2.116 ; We have our mail server somewhere else.
www         IN      A       192.168.2.116
;client1     IN      A       192.0.2.201 ; We connect to client1 very often.
~


i tryed : service nscd restart  
but what do you mean by this :

or flush the entries running nscd -i hosts
0
 
RowleyCommented:
OK - for some reason, dig is not honouring the search or domain values in resolv.conf or the value from gethostname:

# domainname
test.com.
# hostname
centos01.test.com

# dig centos02

; <<>> DiG 9.5.0-P1 <<>> centos02
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27668
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;centos02.                      IN      A

;; AUTHORITY SECTION:
.                       9621    IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 192.168.128.101#53(192.168.128.101)
;; WHEN: Tue Nov  4 11:38:32 2008
;; MSG SIZE  rcvd: 101
# dig centos02

; <<>> DiG 9.5.0-P1 <<>> centos02
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27668
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;centos02.                      IN      A

;; AUTHORITY SECTION:
.                       9621    IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 192.168.128.101#53(192.168.128.101)
;; WHEN: Tue Nov  4 11:38:32 2008
;; MSG SIZE  rcvd: 101


# getent hosts centos02
192.168.128.102 centos02.asil.com
#
#ping centos02
PING centos02.test.com (192.168.128.102) 56(84) bytes of data.

--- centos02.test.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms

It does work using the fqdn:

# dig centos02.test.com

; <<>> DiG 9.5.0-P1 <<>> centos02.asil.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42667
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;centos02.test.com.             IN      A

;; ANSWER SECTION:
centos02.test.com.      21600   IN      A       192.168.128.102

;; AUTHORITY SECTION:
test.com.               21600   IN      NS      centos01.test.com.

;; ADDITIONAL SECTION:
centos01.test.com.      21600   IN      A       192.168.128.101

;; Query time: 4 msec
;; SERVER: 192.168.128.101#53(192.168.128.101)
;; WHEN: Tue Nov  4 11:40:00 2008
;; MSG SIZE  rcvd: 90

Does your system exhibit the same behaviour?
0
 
fosiul01Author Commented:
from the client pc which bkworkshop every thing is running fine , all the command bellow is from client pc

[root@bkworkshop sysconfig]# dig bkworkshop

; <<>> DiG 9.3.4-P1 <<>> bkworkshop
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21746
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bkworkshop.                    IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERI                                                                                                    SIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 43 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:38:56 2008
;; MSG SIZE  rcvd: 103

[root@bkworkshop sysconfig]# dig workshop.example.com

; <<>> DiG 9.3.4-P1 <<>> workshop.example.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 611
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.example.com.          IN      A

;; AUTHORITY SECTION:
example.com.            10800   IN      SOA     dns1.icann.org. hostmaster.ica                                                                                                    nn.org. 2007051703 7200 3600 1209600 86400

;; Query time: 389 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:40:39 2008
;; MSG SIZE  rcvd: 99

[root@bkworkshop sysconfig]# dig bkworkshop.example.local

; <<>> DiG 9.3.4-P1 <<>> bkworkshop.example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47211
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;bkworkshop.example.local.      IN      A

;; ANSWER SECTION:
bkworkshop.example.local. 604800 IN     A       192.168.2.117

;; AUTHORITY SECTION:
example.local.          604800  IN      NS      workshop.example.local.

;; ADDITIONAL SECTION:
workshop.example.local. 604800  IN      A       192.168.2.116

;; Query time: 3 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:40:50 2008
;; MSG SIZE  rcvd: 97

[root@bkworkshop sysconfig]# clear
[root@bkworkshop sysconfig]# dig workshop

; <<>> DiG 9.3.4-P1 <<>> workshop
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42897
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.                      IN      A

;; AUTHORITY SECTION:
.                       10637   IN      SOA     a.root-servers.net. nstld.veri                                                                                                    sign-grs.com. 2008110400 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:41:29 2008
;; MSG SIZE  rcvd: 101

[root@bkworkshop sysconfig]# dig bkworkshop

; <<>> DiG 9.3.4-P1 <<>> bkworkshop
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5959
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bkworkshop.                    IN      A

;; AUTHORITY SECTION:
.                       10644   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERI                                                                                                    SIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:41:32 2008
;; MSG SIZE  rcvd: 103

[root@bkworkshop sysconfig]# dig workshop.example.locaol

; <<>> DiG 9.3.4-P1 <<>> workshop.example.locaol
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13449
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.example.locaol.       IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERI                                                                                                    SIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 69 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:41:42 2008
;; MSG SIZE  rcvd: 116

[root@bkworkshop sysconfig]# clear
[root@bkworkshop sysconfig]# dig workshop

; <<>> DiG 9.3.4-P1 <<>> workshop
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12175
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.                      IN      A

;; AUTHORITY SECTION:
.                       10617   IN      SOA     a.root-servers.net. nstld.veri                                                                                                    sign-grs.com. 2008110400 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:41:49 2008
;; MSG SIZE  rcvd: 101

[root@bkworkshop sysconfig]# dig bkworkshop

; <<>> DiG 9.3.4-P1 <<>> bkworkshop
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47969
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bkworkshop.                    IN      A

;; AUTHORITY SECTION:
.                       10622   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERI                                                                                                    SIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:41:54 2008
;; MSG SIZE  rcvd: 103

[root@bkworkshop sysconfig]# dig workshop.example.local

; <<>> DiG 9.3.4-P1 <<>> workshop.example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29288
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.example.local.                IN      A

;; ANSWER SECTION:
workshop.example.local. 604800  IN      A       192.168.2.116

;; AUTHORITY SECTION:
example.local.          604800  IN      NS      workshop.example.local.

;; Query time: 3 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:42:01 2008
;; MSG SIZE  rcvd: 70

[root@bkworkshop sysconfig]# dig bkworkshop.example.local

; <<>> DiG 9.3.4-P1 <<>> bkworkshop.example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6422
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;bkworkshop.example.local.      IN      A

;; ANSWER SECTION:
bkworkshop.example.local. 604800 IN     A       192.168.2.117

;; AUTHORITY SECTION:
example.local.          604800  IN      NS      workshop.example.local.

;; ADDITIONAL SECTION:
workshop.example.local. 604800  IN      A       192.168.2.116

;; Query time: 3 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:42:09 2008
;; MSG SIZE  rcvd: 97





[ NOte ] but from dns server it self none of this work, it will dig out side domain but not internal
0
 
RowleyCommented:
you are using the fqdn. when you use the short name you're not getting anything back. This is the same as on my client, this behaviour is expected. Use "dig bkworkshop +search" if you don't to use the search list in resolv.conf.
0
 
fosiul01Author Commented:
search is included as   search.example.local for both resolv.conf

as i said, earlier,

from client if i type : host workshop
it will return
[root@bkworkshop ]# host workshop
workshop.example.local has address 192.168.2.116
[root@bkworkshop ]# host workshop.example.local
workshop.example.local has address 192.168.2.116

but from dns server it self, if i type this,

[root@workshop ]# host workshop
Host workshop not found: 3(NXDOMAIN)
[root@workshop ]# host workshop.example.local
Host workshop.example.local not found: 3(NXDOMAIN)


what the solution of this problem ??
thats mean, dnsserver it self unable to get local zone file information
is not it ??



0
 
RowleyCommented:
On the server:
does your nsswitch.conf have:
hosts:      files dns

Is your resolv.conf world readable?
What does "getent hosts workshop" give you?
have you checked for errors in the messages file?
Have you recreated your resolv.conf from scratch?
what about dig @ip.address.of.server workshop.example.com ?
have you any incorrect entries in your hosts file?

I'm fast running out of ideas here...
0
 
fosiul01Author Commented:
/etc/hosts :

127.0.0.1 workshop workshop.example.local
192.168.2.116   workshop

 getent hosts workshop
127.0.0.1       workshop workshop.example.local

[root@workshop etc]# ls -l | grep resolv.conf
-rw-r--r--  2 root root      70 Nov  4 09:05 resolv.conf

[root@workshop etc]# ls -l | grep resolv.conf
-rw-r--r--  2 root root      70 Nov  4 09:05 resolv.conf
[root@workshop etc]#
[root@workshop etc]# dig 192.168.2.116 workshop.example.local
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62885
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;192.168.2.116.                 IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008110400 1800 900 604800 86400

;; Query time: 62 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:12:55 2008
;; MSG SIZE  rcvd: 106


; <<>> DiG 9.3.4-P1 <<>> 192.168.2.116 workshop.example.local
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55828
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;workshop.example.local.                IN      A

;; AUTHORITY SECTION:
.                       5752    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2008110400 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 192.168.2.116#53(192.168.2.116)
;; WHEN: Tue Nov  4 13:12:55 2008
;; MSG SIZE  rcvd: 115


[note] I belived, i will have to do something in either named.conf or named.rfc1912 file

as i said earlier : if i put zone information in named.rfc1912 file then dns server is fine, it would be able to resolve any internal query, but then internal pc would not be able to do any internal dns query

but if if if put zone information in named.conf , internal client can do dns query for internal netwokr but server is unable

what does it mean ?? this mean, there is something i need to do in named.conf or named.rfc1912 file

does it make sense ??
0
 
fosiul01Author Commented:
ok fix it

as i said
if i put zone information in named.rfc1912 file then dns server is fine, it would be able to resolve any internal query, but then internal pc would not be able to do any internal dns query

but if if if put zone information in named.conf , internal client can do dns query for internal netwokr but server is unable

what does it mean ?? this mean, there is something i need to do in named.conf or named.rfc1912 file


what i have done is : i included example.zone file in both named.conf and named.rfc1912 file!!!
i dont know if its the right way or not

but both server and client can do dns query now

0
 
fosiul01Author Commented:
thanks to stay with me.
0
 
RowleyCommented:
the named.rfc1912 file is an sample file showing you the syntax. Put all your config in named.conf. I have attached a copy of my test servers named.conf file showing you examples of root hints, forward and reverse zones as an example.

You can also check what files your named binary expects to see by default at startup by running:

# strings `which named` | grep /etc/
[example output]
/etc/named.conf
/etc/rndc.key
/etc/lwresd.conf
/etc/resolv.conf
0
 
RowleyCommented:
...the example file.
named.conf.txt
0
 
fosiul01Author Commented:
Hi yah
yes the file you have sent,
i configured other dns server same as like this. i know that one is the basic for every dns server

but i am studying toward RHCe, thats why i was following the book for the exam.

in there its saying put localzone file in named.rfc1912.zone file so i was trying to make this test dns server as the test exam lab saying and i was facing this problem
0
 
RowleyCommented:
ahh ok. You can call this file whatever you like. Good luck with your studies...
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 11
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now