Solved

linux dns server

Posted on 2012-03-27
11
374 Views
Last Modified: 2012-08-14
Dear Experts:

I have enterted the below in the  named.conf.local

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; } keys { "rndc-key"; };
};



my network is 192.168.1.0 and dns server is of 192.168.1.244 now we are into the MPLS hence one spoke location workstation has been assigned 192.168.11.5 and dns of 192.168.1.244  also able to reoslve the internal but when the 11.5 tries for intenet dns is not getting resolved for 192.168.11.5 , connection refused form the 192.168.1.244

Please help to resolve this
0
Comment
Question by:D_wathi
  • 7
  • 3
11 Comments
 
LVL 10

Expert Comment

by:MadShiva
ID: 37770889
Dear,

What's the value in your config of : listen-on  

Could you attach the whole config ?

Thanks

Regards
0
 

Author Comment

by:D_wathi
ID: 37770906
Thanks for the reply, attached the config
namedconfiguration.txt
0
 

Author Comment

by:D_wathi
ID: 37770929
pleae also find the attached  named.conf.options
namedconfoptions.txt
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 10

Expert Comment

by:MadShiva
ID: 37770979
Ok. There's a lot of things missing.

Could you please use this tutorial for help you configure the DNS?

Tutorial Bind9

EDIT : Ok !

Why the named.conf.options is not include in the config ?

Add this :

// Load options
include "/etc/bind/named.conf.options";
0
 

Author Comment

by:D_wathi
ID: 37771213
Thank you very much for the reply, when rndc trace for the ip 192.168.11.5 i could find the below log ,

ar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query (cache) 'search.mywebsearch.com/A/IN' denied
0
 
LVL 10

Assisted Solution

by:MadShiva
MadShiva earned 250 total points
ID: 37771245
Dear,

You should add something like this in named.conf :

allow-query {192.168.1.0/24; 192.168.11.0/24; };
allow-query-cache {192.168.1.0/24; 192.168.11.0/24;};
0
 

Author Comment

by:D_wathi
ID: 37772681
Sir thank you very much

Have changed the named.conf.options like the below

acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

//      query-source address * port 53;
        listen-on {localhost; myaddresses; spokes; };
allow-query { localhost; myaddresses; spokes;};
allow-query-cache {localhost; myaddresses; spokes;};

         forwarders {
                202.56.230.6;
                8.8.8.8;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
------------------------------------------------------ end---------------------------


Also please let me know the below mentioned controls statement in the named.conf.local is  correct .  Is it required to add all the spoke location network which is going to use this DNS 11.0/24, 12.0/24  ---------------25/24.  Like the below

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; 192.168.12.0/24;  } keys { "rndc-key"; };
};


--------------------------
Please help by checking the above two files
1. named.conf.options  # acl declaration
2. named.conf.local  # control statment

Thanks in advance.
0
 

Author Comment

by:D_wathi
ID: 37772738
this is in continuation of the previous post,

can i use the controls statment like the below:

controls {
                inet 127.0.0.1 port 953
 allow { 127.0.0.1; myaddresses; spokes;}keys { "rndc-key"; };
};

doubt is already defined 127.0.0.1 is it still required to define myaddress ( this is acl declared in named.conf.options as below posted.
--------------------------named.conf.options--------------------------
acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };

please suggest
0
 

Author Comment

by:D_wathi
ID: 37773264
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 250 total points
ID: 37774993
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};

The controls clause is not associated with any sort of zone updates if that is what you are thinking, your question is a bit unclear.  The controls clause allow statement should include any servers/acls/etc that you want to give remote access of the server to, mainly the rndc command.

Check out http://www.zytrax.com/books/dns/ch7/controls.html for more info on that option.
0
 

Author Comment

by:D_wathi
ID: 37775049
Sir, thank you very much got it.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question