[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2138
  • Last Modified:

Centos Bind DNS Problem

I'm having trouble setting up the Bind DNS server on a Centos 5 machine (Bind 9).
I've so far followed a guide in "O'Reilly: DNS & BIND 4th ed", and done a bit of web trawling. What i've go looks ok to me, but the bottom line is that it does not work!

Bind installed with "yum install bind" - all went in ok.
The router forwards UDP port 53 to the server.
I've put what I think is correct into /etc/named.conf and /var/named/db.domainname.org.uk.
db.cache is also in that folder.

where domainname.org.uk is the domain that i'm trying to set up.

I've copied and pasted (and replaced the actual name with domainname) these 2 files below.

I'd much appreciate some expert advice!
Thanks in advance,
Phil.


Also, if it helps, i've tried nslookup from the server itself I get this:
nslookup domainame.org.uk returns:
Server:       127.0.0.1
Address:     127.0.0.1#53

and nslookup www.domainname.org.uk returns:
Server:       127.0.0.1
Address:     127.0.0.1#53

Name:     www.domainname.org.uk
Address: 181.186.156.104
Name:     www.domainame.org.uk
Address:   192.168.2.200

From any other machine either on the local network, or remote, nslookup fails.
named.conf as follows:
----------------------------
options {
	directory "/var/named";
	//Place additional options here
};
 
zone "domainname.org.uk" in {
	type master;
	file "db.domainname.org.uk.";
};
 
zone "." in {
	type hint;
	file "db.cache";
};
 
-------------------------------------------
db.domainname.org.uk. as follows:
-------------------------------------------
$TTL 3h
domainame.org.uk. IN SOA ns1.domainname.org.uk. root.domainname.org.uk. (
	1	; Serial
	3h	; Refresh after 3 hours
	1h	; Retry after 1 hour
	1w	; Expire after 1 week
	1h )	; Negative caching TTL of 1 day	 
 
 
;
; Name Servers
;
domainame.org.uk.	IN NS	ns1.domainame.org.uk.
domainame.org.uk	IN NS	ns2.domainame.org.uk.
 
;
; Host Addresses
;
localhost.domainame.org.uk.	IN A	127.0.0.1
www.domainame.org.uk.	IN A	181.186.156.104
www.domainame.org.uk.	IN A	192.168.2.200
;
; Aliases
;
phil.domainname.org.uk.	IN CNAME domainname.org.uk.

Open in new window

0
phil8258
Asked:
phil8258
  • 5
  • 4
  • 2
  • +1
3 Solutions
 
omarfaridCommented:
did you create a reverse lookup domain for your server ip address?

What messages do you get when you start the named server?
0
 
jar3817Commented:
When you say nslookup fails from other clients, do they return NXDOMAIN or just timeout?

Did you add an exception in iptables to let the DNS traffic in? Type "/sbin/iptables-save" as root and you'll see all the firewall rules. You SHOULD see something like:

-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

If you don't you can add it by typing:

/sbin/iptables -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

I don't use CentOS, but I know it's very similar to Redhat and Fedora, so you might be able to change the firewall settings by editing the /etc/sysconfig/iptables file. If you change the file, just restart iptables with a "/etc/rc.d/init.d/iptables restart"
0
 
phil8258Author Commented:
Thank you both for your help.
1) What is a reverse lookup domain? - I've not created one...
2) /etc/init.d/named restart produces:
         Stopping named:          [   OK   ]
         Starting named:            [   OK   ]
3) nslookup from another machine (a remote one) produces:
         ;; connection timed out; no servers could be reached
4) It seemed to accept the input of port 53 to the iptabes as you suggested, and restarted without any errors. But unfortunately, this does not seem to be the answer either (though i'm in no doubt was probably necessary).
Any other ideas?
Cheers,
Phil.
 
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
phil8258Author Commented:
Actually,
I've just checked /sbin/iptables-save again and the line that should have added is not in there.
Is there an alternative way to add it?
Cheers,
Phil.
0
 
omarfaridCommented:
a reverse lookup is a zone you create to map ip address to domain name. BIND will not star if there is no reverse zones for loopback address (127.0.0.1) , see how to create 0.0.127.in-addr.arpa zone:

http://en.kioskea.net/contents/intranet/resdns.php3
0
 
phil8258Author Commented:
Hi omarfarid,
I've tried to follow that guide, two zones "0.0.127.in-addr.arpa" and "2.168.192.in-addr.arpa"
Also created two new files in /var/named/: "named.local" and "domainname.org.uk.rev"
in the local files it seemed appropriate to use the name of the server in places, which is "volcano".
I've included the contents of the files, the error that I now get on starting the server is:
Error in named configuration:
zone 0.0.127.in-addr.arpa/IN: has no NS records
_default/0.0.127.in-addr.arpa/IN: bad zone
zone 2.168.192.in-addr.arpa/IN: loaded serial 1997022700
zone domainname.org.uk/IN: loaded serial 1
[   FAILED   ]
What's wrong??
Cheers,
Phil.

named.local is as follows:
-------------------------
$TTL 3h
@	IN	SOA	volcano.localhost. root.volcano.localhost. (
		1997022700	; Serial
		28800		; Refresh
		14400		; Retry
		3600000		; Expire
		86400 )		; Minimum
IN	NS	volcano.localhost.
1	IN	PTR	localhost.
 
---------------------------------------
domainname.org.uk.rev is as follows:
---------------------------------------
 
$TTL 3h
@	IN	SOA	domainname.org.uk. root.domainame.org.uk. (
		1997022700	; Serial
		28800		; Refresh
		14400		; Retry
		3600000		; Expire
		86400 )		; Minimum
		IN	NS		domainname.org.uk.
1	IN	PTR	domainname.org.uk.
20	IN	PTR	phil.domainname.org.uk.
 
-----------------------------------
the modifications to named.conf are as follows:
-----------------------------------
 
//
// Declaring the reverse lookup zone
//
zone "0.0.127.in-addr.arpa" {
 type master;
 file "named.local";
};
zone "2.168.192.in-addr.arpa"{
 notify no;
 type master;
 file "domainname.org.uk.rev";
};

Open in new window

0
 
omarfaridCommented:
Where is the A record for  volcano.localhost. in line below

                      IN      NS      volcano.localhost.

0
 
jar3817Commented:
If you're getting ";; connection timed out; no servers could be reached" then the traffic is never actually getting to the named process. One of the problems is the firewall. Edit your /etc/sysconfig/iptables file and add
"-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT"
near the end before any REJECT or DROP lines and restart iptables.
0
 
joolsCommented:
Have you read one of the online tutorials?
something like; http://www.cyberciti.biz/faq/caching-dns-server/

0
 
phil8258Author Commented:
Hi All,
I think I've got it now... Thanks!
It started working after I got the port 53 added to the /etc/config/iptables file.
Though all the tutorials suggest the 0.0.127-in-arpa stuff, I don't understand what these really do, and the thing continues to work for domain name > IP address resolution after I comment out line 35 - 43 in the last posting of named.conf. Is there a reason why I should have these??
Thanks all!
0
 
omarfaridCommented:
the named server when it runs it looks for the loop back address (127.0.0.1) reverse address and if it does not find it fails to start. So, please configure it as it is required.
0
 
phil8258Author Commented:
I've managed it at last!!
named.local looking like the attached.
Only thing I've not got now is the reverse zone for domainname.org.uk - but it all seems just fine without it.
Cheers,
Phil.

;
;  Database file 0.0.127.in-addr.arpa.dns for 0.0.127.in-addr.arpa zone.
;      Zone version:  1
;
 
@                       IN  SOA volcano.  hostmaster. (
                                1            ; serial number
                                900          ; refresh
                                600          ; retry
                                86400        ; expire
                                3600       ) ; default TTL
 
;
;  Zone NS records
;
 
@                       NS      volcano.
 
;
;  Zone records
;

Open in new window

0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now