Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 934
  • Last Modified:

BIND : Ping Failed when i ping my CentOS Server

when i reboot the server i couldn't ping linux.local

here is my linux.local file config


$TTL    1H
@               IN      SOA    ns1.linux.local.      root (
                        2009091114 ; serial
                        1H ; refresh
                        15M ; retry
                        4W ; expire
                        1H ; Negative caching TTL of 1 hour
                        )
; Name servers
                 IN      NS      ns1.linux.local.
ns1              IN      A       10.10.10.100
www              IN      A       10.10.10.100
ftp              IN      A       10.10.10.100
linux.local      IN      A       10.10.10.100


Any idea?

screenshot.JPG
0
david875
Asked:
david875
  • 9
  • 6
1 Solution
 
_iskywalker_Commented:
not in the windows host files? not in the dns serve?!
0
 
david875Author Commented:
hold on but what you mean, i didn't understand what you said, forgive me
0
 
arnoldCommented:
run the following command on your centos box and it will be clear why you have an issue.
dig @localhost axfr linux.local

pay attention to the linux.local (unterminated line)
replace the linux.local with @ or add a period at the end of the linux.local. IN A line and update the serial number to correct the issue.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
david875Author Commented:
It didnt work with what you said, i tried to replace linux.local with an "@" and nthing, i tried also to add a dot "." after linux.local. but nothing, here is what your command gives:

[linux.local named]# dig @localhost axfr linux.local

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @localhost axfr linux.local
; (1 server found)
;; global options:  printcmd
linux.local.            3600    IN      SOA     ns1.linux.local. root.linux.local. 2009091114 3600 900 2419200 3600
linux.local.            3600    IN      NS      ns1.linux.local.
ftp.linux.local.        3600    IN      A       10.10.10.100
linux.local.linux.local. 3600   IN      A       10.10.10.100
ns1.linux.local.        3600    IN      A       10.10.10.100
www.linux.local.        3600    IN      A       10.10.10.100
linux.local.            3600    IN      SOA     ns1.linux.local. root.linux.local. 2009091114 3600 900 2419200 3600
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 20 15:35:10 2011
;; XFR size: 7 records (messages 1)

[linux.local named]#
0
 
arnoldCommented:
Did you update the serial number? Did you issue rndc reload linux.local (to have bind reload the zone)
0
 
david875Author Commented:
no i didn't, i don't have rndc in my config files in /var/named

How to do all this?

I just discovered a funny thing, i started the samba server and i can ping linux.local again but i tried 1 thing, i stopped samba and i can still ping, that's strange , in addition i deleted the line that has

linux.local IN A 10.10.10.100 and saved the config, restarted named, then no ping, but now i see that i can ping, this will make me crazy
0
 
arnoldCommented:
Note that your TTL the number between the left most record and the IN directive is 3600.  This is how long the record is kept on any one system.
so you ping linux.local that fails the negative response is cached on the system.
You then update the record and reload named. While the server now has a new set of information, the system that has a negative cache will not check with the server until the time runs out.

To setup RNDC you need to run /usr/sbin/rndc-confgen
You then copy the output as directed. one portion into /etc/rndc.cong and one portion into the top of the /etc/named.conf file.  You would once again need to restart named /etc/init.d/named restart.
rndc reconfig deals if you are adding a zone and do not want the whole named to restart
rndc reload tells named to reload all information
rndc reload zonename tells named that zonename has changed and it should be reprocessed.

0
 
david875Author Commented:
thank you for the useful information @arnold, you're doing a  great effort with me :)

I configured now rndc and everything is OK

I must tell you something, i'm not experienced with BIND, i'm doing my first experiences with it, you said TTL mustbe 3600? in config all TTL are 3600 so what should i do?

0
 
arnoldCommented:
It is not an issue of what you should do it was just a statement that your current zone config has the setting for the TTL at 3600 (seconds)
The issue is as follows. if you set the TTL low changes within the zone will propagate quicker.
However, the tradeoff is that your DNS server will see many more requests.
i.e. your TTL is 3600 which means the same system that looks up any record will not lookup the same record for 3600 seconds and this is the maximum length of time this system will have to wait to see an update you make to the same record. At 3600 seconds, the maximum number of queries the server will see from this system for this record is 24.
If you lower the TTL to 90 seconds. When you make a change in the zone, it will take 90 seconds for it to be seen, but your server will see a max of 960 queries from this system for this record.
Usually, a higher TTL is better, but if you are planning on making a change, you should lower the TTL a day before such that when the change is made it propagates at a quicker pace and then you can increase it again to limit the number of queries that are generated against your server.(network traffic that might not be necessary)

0
 
david875Author Commented:
ok so this is why the ping fail against linux.local? the strange thing is that i can ping ns1.linux.local or www.linux.local from the first time without any problem
0
 
david875Author Commented:
and i think that the Negative caching TTL of 1 hour is much time, maybe i should lower it to 90 seconds as you said, what do you think?
0
 
david875Author Commented:
just to understand 1 thing and sorry to post many questions because they come time after time, if i can't ping linux.local the system will wait 1 H to update and see that ping again?
0
 
arnoldCommented:
The negative caching only deals with a record that could not be looked up.
could you post the new info
dig @localhost axfr linux.local
as well as the contents of the linux.local zone.
0
 
david875Author Commented:
[linux.local ~]# dig @localhost axfr linux.local

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @localhost axfr linux.local
; (1 server found)
;; global options:  printcmd
linux.local.            3600    IN      SOA     ns1.linux.local. root.linux.local. 2009091114 3600 900 2419200 3600
linux.local.            3600    IN      NS      ns1.linux.local.
ftp.linux.local.        3600    IN      A       10.10.10.100
ns1.linux.local.        3600    IN      A       10.10.10.100
www.linux.local.        3600    IN      A       10.10.10.100
linux.local.            3600    IN      SOA     ns1.linux.local. root.linux.local. 2009091114 3600 900 2419200 3600
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 20 18:06:30 2011
;; XFR size: 6 records (messages 1)

[linux.local ~]#nano /var/named/linux.local

$TTL    1H
@               IN      SOA    ns1.linux.local.      root (
                        2009091114 ; serial
                        1H ; refresh
                        15M ; retry
                        4W ; expire
                        1H ; Negative caching TTL of 1 hour
                        )
; Name servers
                 IN      NS      ns1.linux.local.
ns1              IN      A       10.10.10.100
www              IN      A       10.10.10.100
ftp              IN      A       10.10.10.100





0
 
arnoldCommented:
you removed the
@ IN A 10.10.10.100
or
linux.local. IN A 10.10.10.100

This is why linux.local can not be pinged. There is no record for it in your zone's configuration

Add one of the above into your linux.local zone and then run rndc reload linux.local and you should be good to go.

The local system likely has the hosts entry that points linux.local to the IP which is why it can be pinged.
0
 
david875Author Commented:
you're the best
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now