asked on
bind9 : Ping Problem
I have a domain name : "linux.local" .Sometimes i can ping it from the xp sometimes i cannot, and Sometimes i can ping just my hostname and my netbios name that i configured in smb.conf, my "linux.local" must show a response when i ping... this is confusing me, i can ping my hostname /etc/hostname and i can ping my netbios name configured in smb.conf and cannot ping my domain linux.local .... HELP PLEASE
Linux NetworkingLinuxLinux Security
Last Comment
david875
ASKER
hello @arnold how are you my friend, you know in every time i say this is resolved, something happen again and this is really annoying, my XP has the IP of the server in DNS, no other IPs.
H:\> nslookup linux.local
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100
*** UnKnown can not find linux.local: No response from
server
H:\>
H:\> nslookup linux.local 10.10.10.100
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100
*** UnKnown can not find linux.local: No response from
server
H:\>
From XP:
H: \> ipconfig / all
Windows IP Configuration
Hostname. . . . . . . . . . : PC1
Primary DNS Suffix. . . . . . :
Type of node. . . . . . . . . . : Unknown
IP routing enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
List DNS Suffix Search: Local
linux.local
Ethernet adapter Local Area Connection:
DNS Suffix for connection:
Description. . . . . . . . . . . : VMware Accelerated AMD PCnet Adapter
Physical Address. . . . . . . . .: 00-0C-29-6F-C3-3B
DHCP enabled. . . . . . . . . . . : No
IP address. . . . . . . . .. . . : 10.10.10.12
Subnet mask. . .. . . : 255.0.0.0
Default gateway. . .. . . :
DNS servers. . . . . . . . . . : 10.10.10.100
H:\> nslookup linux.local
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100
*** UnKnown can not find linux.local: No response from
server
H:\>
H:\> nslookup linux.local 10.10.10.100
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100
*** UnKnown can not find linux.local: No response from
server
H:\>
From XP:
H: \> ipconfig / all
Windows IP Configuration
Hostname. . . . . . . . . . : PC1
Primary DNS Suffix. . . . . . :
Type of node. . . . . . . . . . : Unknown
IP routing enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
List DNS Suffix Search: Local
linux.local
Ethernet adapter Local Area Connection:
DNS Suffix for connection:
Description. . . . . . . . . . . : VMware Accelerated AMD PCnet Adapter
Physical Address. . . . . . . . .: 00-0C-29-6F-C3-3B
DHCP enabled. . . . . . . . . . . : No
IP address. . . . . . . . .. . . : 10.10.10.12
Subnet mask. . .. . . : 255.0.0.0
Default gateway. . .. . . :
DNS servers. . . . . . . . . . : 10.10.10.100
ASKER
named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/READM
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.opti
include "/etc/bind/named.conf.loca
include "/etc/bind/named.conf.defa
named.conf.options:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 0.0.0.0;
//};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "linux.local." {
type master;
file "/etc/bind/db.linux.local"
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/READM
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.opti
include "/etc/bind/named.conf.loca
include "/etc/bind/named.conf.defa
named.conf.options:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 0.0.0.0;
//};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "linux.local." {
type master;
file "/etc/bind/db.linux.local"
};
named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
Sorry i forgot to post another file:
db.linux.local
; linux.local
$TTL 604800
@ IN SOA ns1.linux.local. root.linux.local. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
IN NS ns1.linux.local.
ns1 IN A 10.10.10.100
@ IN A 10.10.10.100
www IN A 10.10.10.100
db.linux.local
; linux.local
$TTL 604800
@ IN SOA ns1.linux.local. root.linux.local. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
IN NS ns1.linux.local.
ns1 IN A 10.10.10.100
@ IN A 10.10.10.100
www IN A 10.10.10.100
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
root@linux:/home/u# /etc/init.d/named status
bash: /etc/init.d/named: No such file or directory
root@linux:/home/u# /etc/init.d/bind9 status
* could not access PID file for bind9
root@linux:/home/u#
root@linux:/home/u# ps -ef | grep named
root 2174 1749 0 15:12 pts/0 00:00:00 grep --color=auto named
root@linux:/home/u#
root@linux:/home/u# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@linux:/home/u#
bash: /etc/init.d/named: No such file or directory
root@linux:/home/u# /etc/init.d/bind9 status
* could not access PID file for bind9
root@linux:/home/u#
root@linux:/home/u# ps -ef | grep named
root 2174 1749 0 15:12 pts/0 00:00:00 grep --color=auto named
root@linux:/home/u#
root@linux:/home/u# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@linux:/home/u#
ASKER
root@linux:/etc/bind# service bind9 status
* bind9 is running
root@linux:/etc/bind#
* bind9 is running
root@linux:/etc/bind#
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Guess what, i can ping now linux.local !!! i didn't add anything, just restarted bind9 3 times and check status as running and i can ping !!! how can you explain this? in addition i think that i have to add the file
10.10.10.in-addr.arpa right? what i have to fill in on it?
10.10.10.in-addr.arpa right? what i have to fill in on it?
It should be the same as your other:
your TTL is too large at 604800 for both positive and negative cache. This why it takes a long time for negative response to be flushed.
The part from the top up-to and including NS record is common to all your zones.
your TTL is too large at 604800 for both positive and negative cache. This why it takes a long time for negative response to be flushed.
The part from the top up-to and including NS record is common to all your zones.
$ORIGIN @
$TTL 604800
@ IN SOA ns1.linux.local. root.linux.local. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
IN NS ns1.linux.local.
100 IN PTR ns1.linux.local.
ASKER
ok @arnold, if "604800" is too large, please advice me with the lowerest and minimum value to put there, as you said, it takes long time and this is making me nervous....
Other thing, can you explain me what is the "100" in the config file refer to? is it the forth octet of the network address? X.Y.Z.100 ?? right? We always put the fourth octet in the configuration ?
Thank you
Other thing, can you explain me what is the "100" in the config file refer to? is it the forth octet of the network address? X.Y.Z.100 ?? right? We always put the fourth octet in the configuration ?
Thank you
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
and check about the other values, Serial, Refresh, Retry etc... i want low value please, and i appreciate every effort you do with me
The way 10.10.10.100 is translated in DNS is as 100.10.10.10.in-addr.arpa
Since you define the zone as 10.10.10.in-addr.arpa
The contents within the zone represent the last octet. An unterminated entry has the zone appended to it.
100 IN PTR ns1.linux.local.
is translated into
100.10.10.10.in-addr.arpa.
A TTL is often set to one day and as I believe I previously posted to another of your question will mean that should you make a change the TTL is the longest period of time that the change will take to propagate.
The longest period of time is often assigned to the Expire entry which deals with the length of time the zone will be maintained in the event of an error in the zone.
2592000 which represents 30 days.
The negative cache should be between 600 and 1800 (10 minutes to 30 minutes).
referesh should be 3600-7200 (1-3 hours)
retry 600-900
Use nslookup -q=soa <your favorite domain> as a reference for ranges.
Also when you make changes to a zone, you should consider using named-checkzone <zonename>
linux.local or 10.10.10.in-addr.arpa
Since you define the zone as 10.10.10.in-addr.arpa
The contents within the zone represent the last octet. An unterminated entry has the zone appended to it.
100 IN PTR ns1.linux.local.
is translated into
100.10.10.10.in-addr.arpa.
A TTL is often set to one day and as I believe I previously posted to another of your question will mean that should you make a change the TTL is the longest period of time that the change will take to propagate.
The longest period of time is often assigned to the Expire entry which deals with the length of time the zone will be maintained in the event of an error in the zone.
2592000 which represents 30 days.
The negative cache should be between 600 and 1800 (10 minutes to 30 minutes).
referesh should be 3600-7200 (1-3 hours)
retry 600-900
Use nslookup -q=soa <your favorite domain> as a reference for ranges.
Also when you make changes to a zone, you should consider using named-checkzone <zonename>
linux.local or 10.10.10.in-addr.arpa
Double check that your netmasks match.
your workstation netmask is set to 255.0.0.0 does it match your linux box
/sbin/ifconfig -a?
alt: compare the output from running netstat -rn on both.
your workstation netmask is set to 255.0.0.0 does it match your linux box
/sbin/ifconfig -a?
alt: compare the output from running netstat -rn on both.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Can you paste me the file with new Values?
The information depends on what your network configuration is.
If your network is using 10.0.0.0 with netmask 255.0.0.0 and all systems conform to the same configuration, you should not have any issues.
But if some systems have 10.x.x.x with netmask 255.0.0.0 while others have 255.255.255.0 then you will have issues.
Often if you do not have a huge network where you need more than 254 hosts, you would use 255.255.255.0 as the netmask 10.10.10.2-10.10.10.254
at times, for home networks, it is better to use the 192.168.x.x 255.255.255.0 setup in the event that you need to setup a VPN to your employer where there are more hosts which means that they might use a networking block from the 172.16.0.0-172.31.255.255 network block which can include multiple class C network or if they are a very large enterprise they may use the 10.0.0.0 255.0.0.0 network. In this case if you have/use IPs on the 10.x.x.x network and this is the IP range on the remote LAN to which you want to establish a VPN, you will have problems because of IP overlap. (there are ways around it i.e. instead of site to site, you will have a remote VPN or use a MAP overlay for the home users' IP range i.e. users 10.x.x.x will be overlaid and will appear within the office LAN as 192.168.y.x)
The following are common network with retail routers
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
So pick at random anything from 3-255 as X
and then configure your systems to
192.168.X.y netmask 255.255.255.0.
On windows, networking control panel, properties of the local connection, tcp/IP properties.
Alternatively, you could setup a DHCP server on your linux/centos box and have it allocate the IPs.
If your network is using 10.0.0.0 with netmask 255.0.0.0 and all systems conform to the same configuration, you should not have any issues.
But if some systems have 10.x.x.x with netmask 255.0.0.0 while others have 255.255.255.0 then you will have issues.
Often if you do not have a huge network where you need more than 254 hosts, you would use 255.255.255.0 as the netmask 10.10.10.2-10.10.10.254
at times, for home networks, it is better to use the 192.168.x.x 255.255.255.0 setup in the event that you need to setup a VPN to your employer where there are more hosts which means that they might use a networking block from the 172.16.0.0-172.31.255.255 network block which can include multiple class C network or if they are a very large enterprise they may use the 10.0.0.0 255.0.0.0 network. In this case if you have/use IPs on the 10.x.x.x network and this is the IP range on the remote LAN to which you want to establish a VPN, you will have problems because of IP overlap. (there are ways around it i.e. instead of site to site, you will have a remote VPN or use a MAP overlay for the home users' IP range i.e. users 10.x.x.x will be overlaid and will appear within the office LAN as 192.168.y.x)
The following are common network with retail routers
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
So pick at random anything from 3-255 as X
and then configure your systems to
192.168.X.y netmask 255.255.255.0.
On windows, networking control panel, properties of the local connection, tcp/IP properties.
Alternatively, you could setup a DHCP server on your linux/centos box and have it allocate the IPs.
ASKER
What is PTR?
a DHCP Server will be good, can you please help me in 1 thing:
I need the lowerest values of $TTL including (Serial, refresh and etc)
$ORIGIN @
$TTL 604800
@ IN SOA ns1.linux.local. root.linux.local. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
a DHCP Server will be good, can you please help me in 1 thing:
I need the lowerest values of $TTL including (Serial, refresh and etc)
$ORIGIN @
$TTL 604800
@ IN SOA ns1.linux.local. root.linux.local. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
PTR is the reverse of an A record.
PTR is a pointer that resolves an IP to the hostname
Serial is commonly used as the form of the date:yyyymmddxx
yyyy -2011
mm - 03
dd - 16
xx - 00-99 i.e. index of changes within the same day, This way you can make 100 alterations every day by incrementing the least significant section.
referesh should be 3600-7200
retry should be 600-3600
expiry should remain large this deals with how long bind will keep the zone active in the event you make an error in the zone. 30 days (2592000) is the common time while your 28 days is fine as well.
The negative cache TTL/Default should be between 7200-86400
PTR is a pointer that resolves an IP to the hostname
Serial is commonly used as the form of the date:yyyymmddxx
yyyy -2011
mm - 03
dd - 16
xx - 00-99 i.e. index of changes within the same day, This way you can make 100 alterations every day by incrementing the least significant section.
referesh should be 3600-7200
retry should be 600-3600
expiry should remain large this deals with how long bind will keep the zone active in the event you make an error in the zone. 30 days (2592000) is the common time while your 28 days is fine as well.
The negative cache TTL/Default should be between 7200-86400
ASKER
you saved my life :) best expert ever
ipconfig /all
Does it point to other name servers as well as the IP of the linux server where bind is setup and running?
what is the output of
nslookup linux.local <ip_of_linux_server_where_