Solved

linux dns server

Posted on 2012-03-27
11
376 Views
Last Modified: 2012-08-14
Dear Experts:

I have enterted the below in the  named.conf.local

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; } keys { "rndc-key"; };
};



my network is 192.168.1.0 and dns server is of 192.168.1.244 now we are into the MPLS hence one spoke location workstation has been assigned 192.168.11.5 and dns of 192.168.1.244  also able to reoslve the internal but when the 11.5 tries for intenet dns is not getting resolved for 192.168.11.5 , connection refused form the 192.168.1.244

Please help to resolve this
0
Comment
Question by:D_wathi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 37770889
Dear,

What's the value in your config of : listen-on  

Could you attach the whole config ?

Thanks

Regards
0
 

Author Comment

by:D_wathi
ID: 37770906
Thanks for the reply, attached the config
namedconfiguration.txt
0
 

Author Comment

by:D_wathi
ID: 37770929
pleae also find the attached  named.conf.options
namedconfoptions.txt
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 10

Expert Comment

by:Tobias
ID: 37770979
Ok. There's a lot of things missing.

Could you please use this tutorial for help you configure the DNS?

Tutorial Bind9

EDIT : Ok !

Why the named.conf.options is not include in the config ?

Add this :

// Load options
include "/etc/bind/named.conf.options";
0
 

Author Comment

by:D_wathi
ID: 37771213
Thank you very much for the reply, when rndc trace for the ip 192.168.11.5 i could find the below log ,

ar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query (cache) 'search.mywebsearch.com/A/IN' denied
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 250 total points
ID: 37771245
Dear,

You should add something like this in named.conf :

allow-query {192.168.1.0/24; 192.168.11.0/24; };
allow-query-cache {192.168.1.0/24; 192.168.11.0/24;};
0
 

Author Comment

by:D_wathi
ID: 37772681
Sir thank you very much

Have changed the named.conf.options like the below

acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

//      query-source address * port 53;
        listen-on {localhost; myaddresses; spokes; };
allow-query { localhost; myaddresses; spokes;};
allow-query-cache {localhost; myaddresses; spokes;};

         forwarders {
                202.56.230.6;
                8.8.8.8;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
------------------------------------------------------ end---------------------------


Also please let me know the below mentioned controls statement in the named.conf.local is  correct .  Is it required to add all the spoke location network which is going to use this DNS 11.0/24, 12.0/24  ---------------25/24.  Like the below

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; 192.168.12.0/24;  } keys { "rndc-key"; };
};


--------------------------
Please help by checking the above two files
1. named.conf.options  # acl declaration
2. named.conf.local  # control statment

Thanks in advance.
0
 

Author Comment

by:D_wathi
ID: 37772738
this is in continuation of the previous post,

can i use the controls statment like the below:

controls {
                inet 127.0.0.1 port 953
 allow { 127.0.0.1; myaddresses; spokes;}keys { "rndc-key"; };
};

doubt is already defined 127.0.0.1 is it still required to define myaddress ( this is acl declared in named.conf.options as below posted.
--------------------------named.conf.options--------------------------
acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };

please suggest
0
 

Author Comment

by:D_wathi
ID: 37773264
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 250 total points
ID: 37774993
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};

The controls clause is not associated with any sort of zone updates if that is what you are thinking, your question is a bit unclear.  The controls clause allow statement should include any servers/acls/etc that you want to give remote access of the server to, mainly the rndc command.

Check out http://www.zytrax.com/books/dns/ch7/controls.html for more info on that option.
0
 

Author Comment

by:D_wathi
ID: 37775049
Sir, thank you very much got it.
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question