Solved

bind9 : Ping Problem

Posted on 2011-03-09
18
490 Views
Last Modified: 2012-05-11
I have a domain name : "linux.local" .Sometimes i can ping it from the xp sometimes i cannot, and Sometimes i can ping just my hostname and my netbios name that i configured in smb.conf, my "linux.local" must show a response when i ping... this is confusing me, i can ping my hostname /etc/hostname and i can ping my netbios name configured in smb.conf and cannot ping my domain linux.local .... HELP PLEASE
0
Comment
Question by:david875
  • 11
  • 7
18 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 35086952
Does your XP system rely on the bind server as its sole DNS/Name server provider?
ipconfig /all
Does it point to other name servers as well as the IP of the linux server where bind is setup and running?
what is the output of
nslookup linux.local <ip_of_linux_server_where_bind_is_setup>
0
 

Author Comment

by:david875
ID: 35088657
hello @arnold how are you my friend, you know in every time i say this is resolved, something happen again and this is really annoying, my XP has the IP of the server in DNS, no other IPs.

H:\> nslookup linux.local
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100

*** UnKnown can not find linux.local: No response from
server

H:\>


H:\> nslookup linux.local 10.10.10.100
*** Can not find server name for address 10.10.10.100:
No response from server
*** Default servers are not available
Server: UnKnown
Address: 10.10.10.100

*** UnKnown can not find linux.local: No response from
server

H:\>


From XP:

H: \> ipconfig / all

Windows IP Configuration

         Hostname. . . . . . . . . . : PC1
         Primary DNS Suffix. . . . . . :
         Type of node. . . . . . . . . . : Unknown
         IP routing enabled. . . . . . . . : No
         WINS Proxy Enabled. . . . . . . . : No
         List DNS Suffix Search:            Local
                                             linux.local

Ethernet adapter Local Area Connection:

         DNS Suffix for connection:
         Description. . . . . . . . . . . : VMware Accelerated AMD PCnet Adapter

         Physical Address. . . . . . . . .: 00-0C-29-6F-C3-3B
         DHCP enabled. . . . . . . . . . . : No
         IP address. . . . . . . . .. . . : 10.10.10.12
         Subnet mask. . .. . . : 255.0.0.0
         Default gateway. . .. . . :
         DNS servers. . . . . . . . . . : 10.10.10.100


0
 

Author Comment

by:david875
ID: 35088708
named.conf

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";


named.conf.options:

options {
      directory "/var/cache/bind";

      // If there is a firewall between you and nameservers you want
      // to talk to, you may need to fix the firewall to allow multiple
      // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

      // If your ISP provided one or more IP addresses for stable
      // nameservers, you probably want to use them as forwarders.  
      // Uncomment the following block, and insert the addresses replacing
      // the all-0's placeholder.

      //forwarders {
      //       0.0.0.0;
      //};

      auth-nxdomain no;    # conform to RFC1035
      listen-on-v6 { any; };
};


named.conf.local:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "linux.local." {
    type master;
    file "/etc/bind/db.linux.local";
};

named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
      type hint;
      file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
      type master;
      file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
      type master;
      file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
      type master;
      file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
      type master;
      file "/etc/bind/db.255";
};

0
 

Author Comment

by:david875
ID: 35088812
Sorry i forgot to post another file:

db.linux.local

; linux.local
$TTL    604800
@       IN      SOA     ns1.linux.local. root.linux.local. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
              IN      NS      ns1.linux.local.
ns1           IN      A       10.10.10.100
@            IN      A      10.10.10.100
www            IN      A      10.10.10.100
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 35088914
First, the error you get nslookup linux.local 10.10.10.100 is because you do not have a
10.10.10.in-addr.arpa record with
with
100 IN PTR ns1.linux.local.
The error deals with unable to resolve 10.10.10.100.


Double check that the server 10.10.10.100 has bind/named running. /etc/init.d/named status ps -ef | grep named
Make sure that if you use iptables (software firewall) iptables -L  and make sure it has a access allow to port 53 UDP/TCP requests through the firewall.
0
 

Author Comment

by:david875
ID: 35089055
root@linux:/home/u# /etc/init.d/named status
bash: /etc/init.d/named: No such file or directory
root@linux:/home/u# /etc/init.d/bind9 status
 * could not access PID file for bind9
root@linux:/home/u#


root@linux:/home/u# ps -ef | grep named
root      2174  1749  0 15:12 pts/0    00:00:00 grep --color=auto named
root@linux:/home/u#


root@linux:/home/u# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
root@linux:/home/u#



0
 

Author Comment

by:david875
ID: 35089335
root@linux:/etc/bind# service bind9 status
 * bind9 is running
root@linux:/etc/bind#
0
 

Author Comment

by:david875
ID: 35089354
Guess what, i can ping now linux.local !!! i didn't add anything, just restarted bind9 3 times and check status as running and i can ping !!! how can you explain this? in addition i think that i have to add the file
10.10.10.in-addr.arpa right? what i have to fill in on it?
0
 
LVL 76

Expert Comment

by:arnold
ID: 35089452
It should be the same as your other:

your TTL is too large at 604800 for both positive and negative cache. This why it takes a long time for negative response to be flushed.

The part from the top up-to and including NS record is common to all your zones.
 
$ORIGIN @
$TTL    604800
@       IN      SOA     ns1.linux.local. root.linux.local. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
              IN      NS      ns1.linux.local.
100           IN      PTR     ns1.linux.local.

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:david875
ID: 35089766
ok @arnold, if "604800" is too large, please advice me with the lowerest and minimum value to put there, as you said, it takes long time and this is making me nervous....

Other thing, can you explain me what is the "100" in the config file refer to? is it the forth octet of the network address? X.Y.Z.100 ?? right? We always put the fourth octet in the configuration ?

Thank you
0
 

Author Comment

by:david875
ID: 35089800
and check about the other values, Serial, Refresh, Retry etc... i want low value please, and i appreciate every effort you do with me
0
 
LVL 76

Expert Comment

by:arnold
ID: 35092432
The way 10.10.10.100 is translated in DNS is as 100.10.10.10.in-addr.arpa
Since you define the zone as 10.10.10.in-addr.arpa
The contents within the zone represent the last octet. An unterminated entry has the zone appended to it.
100 IN PTR ns1.linux.local.
is translated into
100.10.10.10.in-addr.arpa.  IN PTR ns1.linux.local.
A TTL is often set to one day and as I believe I previously posted to another of your question will mean that should you make a change the TTL is the longest period of time that the change will take to propagate.

The longest period of time is often assigned to the Expire entry which deals with the length of time the zone will be maintained in the event of an error in the zone.
2592000 which represents 30 days.
The negative cache should be between 600 and 1800 (10 minutes to 30 minutes).
referesh should be 3600-7200 (1-3 hours)
retry 600-900

Use nslookup -q=soa <your favorite domain> as a reference for ranges.

Also when you make changes to a zone, you should consider using named-checkzone <zonename>
linux.local or 10.10.10.in-addr.arpa


0
 
LVL 76

Expert Comment

by:arnold
ID: 35108988
Double check that your netmasks match.
your workstation netmask is set to 255.0.0.0 does it match your linux box
/sbin/ifconfig -a?
alt: compare the output from running netstat -rn on both.
0
 

Author Comment

by:david875
ID: 35114226
Can you paste me the file with new Values?
0
 
LVL 76

Expert Comment

by:arnold
ID: 35117079
The information depends on what your network configuration is.
If your network is using 10.0.0.0 with netmask 255.0.0.0 and all systems conform to the same configuration, you should not have any issues.
But if some systems have 10.x.x.x with netmask 255.0.0.0 while others have 255.255.255.0 then you will have issues.
Often if you do not have a huge network where you need more than 254 hosts, you would use 255.255.255.0 as the netmask 10.10.10.2-10.10.10.254
at times, for home networks, it is better to use the 192.168.x.x 255.255.255.0 setup in the event that you need to setup a VPN to your employer where there are more hosts which means that they might use a networking block from the 172.16.0.0-172.31.255.255 network block which can include multiple class C network or if they are a very large enterprise they may use the 10.0.0.0 255.0.0.0 network.  In this case if you have/use IPs on the 10.x.x.x network and this is the IP range on the remote LAN to which you want to establish a VPN,  you will have problems because of IP overlap. (there are ways around it i.e. instead of site to site, you will have a remote VPN or use a MAP overlay for the home users' IP range i.e. users 10.x.x.x will be overlaid and will appear within the office LAN as 192.168.y.x)

The following are common network with retail routers
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0

So pick at random anything from 3-255 as X
and then configure your systems to
192.168.X.y netmask 255.255.255.0.

On windows, networking control panel, properties of the local connection, tcp/IP properties.

Alternatively, you could setup a DHCP server on your linux/centos box and have it allocate the IPs.
0
 

Author Comment

by:david875
ID: 35151031
What is PTR?

a DHCP Server will be good, can you please help me in 1 thing:

I need the lowerest values of $TTL  including (Serial, refresh and etc)

$ORIGIN @
$TTL    604800
@       IN      SOA     ns1.linux.local. root.linux.local. (
                     2006020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
0
 
LVL 76

Expert Comment

by:arnold
ID: 35153171
PTR is the reverse of an A record.
PTR is a pointer that resolves an IP to the hostname

Serial is commonly used as the form of the date:yyyymmddxx
yyyy -2011
mm - 03
dd - 16
xx - 00-99 i.e. index of changes within the same day, This way you can make 100 alterations every day by incrementing the least significant section.
referesh should be 3600-7200
retry should be 600-3600
expiry should remain large this deals with how long bind will keep the zone active in the event you make an error in the zone. 30 days (2592000) is the common time while your 28 days is fine as well.
The negative cache TTL/Default  should be between 7200-86400

0
 

Author Closing Comment

by:david875
ID: 35202326
you saved my life :) best expert ever
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now