Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

linux dns server

Posted on 2012-03-27
11
Medium Priority
?
378 Views
Last Modified: 2012-08-14
Dear Experts:

I have enterted the below in the  named.conf.local

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; } keys { "rndc-key"; };
};



my network is 192.168.1.0 and dns server is of 192.168.1.244 now we are into the MPLS hence one spoke location workstation has been assigned 192.168.11.5 and dns of 192.168.1.244  also able to reoslve the internal but when the 11.5 tries for intenet dns is not getting resolved for 192.168.11.5 , connection refused form the 192.168.1.244

Please help to resolve this
0
Comment
Question by:D_wathi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 37770889
Dear,

What's the value in your config of : listen-on  

Could you attach the whole config ?

Thanks

Regards
0
 

Author Comment

by:D_wathi
ID: 37770906
Thanks for the reply, attached the config
namedconfiguration.txt
0
 

Author Comment

by:D_wathi
ID: 37770929
pleae also find the attached  named.conf.options
namedconfoptions.txt
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 10

Expert Comment

by:Tobias
ID: 37770979
Ok. There's a lot of things missing.

Could you please use this tutorial for help you configure the DNS?

Tutorial Bind9

EDIT : Ok !

Why the named.conf.options is not include in the config ?

Add this :

// Load options
include "/etc/bind/named.conf.options";
0
 

Author Comment

by:D_wathi
ID: 37771213
Thank you very much for the reply, when rndc trace for the ip 192.168.11.5 i could find the below log ,

ar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query (cache) 'search.mywebsearch.com/A/IN' denied
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 1000 total points
ID: 37771245
Dear,

You should add something like this in named.conf :

allow-query {192.168.1.0/24; 192.168.11.0/24; };
allow-query-cache {192.168.1.0/24; 192.168.11.0/24;};
0
 

Author Comment

by:D_wathi
ID: 37772681
Sir thank you very much

Have changed the named.conf.options like the below

acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

//      query-source address * port 53;
        listen-on {localhost; myaddresses; spokes; };
allow-query { localhost; myaddresses; spokes;};
allow-query-cache {localhost; myaddresses; spokes;};

         forwarders {
                202.56.230.6;
                8.8.8.8;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
------------------------------------------------------ end---------------------------


Also please let me know the below mentioned controls statement in the named.conf.local is  correct .  Is it required to add all the spoke location network which is going to use this DNS 11.0/24, 12.0/24  ---------------25/24.  Like the below

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; 192.168.12.0/24;  } keys { "rndc-key"; };
};


--------------------------
Please help by checking the above two files
1. named.conf.options  # acl declaration
2. named.conf.local  # control statment

Thanks in advance.
0
 

Author Comment

by:D_wathi
ID: 37772738
this is in continuation of the previous post,

can i use the controls statment like the below:

controls {
                inet 127.0.0.1 port 953
 allow { 127.0.0.1; myaddresses; spokes;}keys { "rndc-key"; };
};

doubt is already defined 127.0.0.1 is it still required to define myaddress ( this is acl declared in named.conf.options as below posted.
--------------------------named.conf.options--------------------------
acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };

please suggest
0
 

Author Comment

by:D_wathi
ID: 37773264
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 1000 total points
ID: 37774993
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};

The controls clause is not associated with any sort of zone updates if that is what you are thinking, your question is a bit unclear.  The controls clause allow statement should include any servers/acls/etc that you want to give remote access of the server to, mainly the rndc command.

Check out http://www.zytrax.com/books/dns/ch7/controls.html for more info on that option.
0
 

Author Comment

by:D_wathi
ID: 37775049
Sir, thank you very much got it.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question