Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

linux dns server

Posted on 2012-03-27
11
Medium Priority
?
380 Views
Last Modified: 2012-08-14
Dear Experts:

I have enterted the below in the  named.conf.local

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; } keys { "rndc-key"; };
};



my network is 192.168.1.0 and dns server is of 192.168.1.244 now we are into the MPLS hence one spoke location workstation has been assigned 192.168.11.5 and dns of 192.168.1.244  also able to reoslve the internal but when the 11.5 tries for intenet dns is not getting resolved for 192.168.11.5 , connection refused form the 192.168.1.244

Please help to resolve this
0
Comment
Question by:D_wathi
  • 7
  • 3
11 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 37770889
Dear,

What's the value in your config of : listen-on  

Could you attach the whole config ?

Thanks

Regards
0
 

Author Comment

by:D_wathi
ID: 37770906
Thanks for the reply, attached the config
namedconfiguration.txt
0
 

Author Comment

by:D_wathi
ID: 37770929
pleae also find the attached  named.conf.options
namedconfoptions.txt
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 10

Expert Comment

by:Tobias
ID: 37770979
Ok. There's a lot of things missing.

Could you please use this tutorial for help you configure the DNS?

Tutorial Bind9

EDIT : Ok !

Why the named.conf.options is not include in the config ?

Add this :

// Load options
include "/etc/bind/named.conf.options";
0
 

Author Comment

by:D_wathi
ID: 37771213
Thank you very much for the reply, when rndc trace for the ip 192.168.11.5 i could find the below log ,

ar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#50027: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#49863: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#55663: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51154: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#51899: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64004: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64117: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#56631: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64006: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#53092: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#59725: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#58578: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57398: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64007: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#65323: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57228: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query: rss.accuweather.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#60017: query (cache) 'rss.accuweather.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#57704: query (cache) 'search.mywebsearch.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54680: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query: www.searchqu.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#64012: query (cache) 'www.searchqu.com/A/IN' denied
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query: search.mywebsearch.com IN A + (192.168.1.244)
Mar 27 18:12:09 lampsrv named[13214]: client 192.168.11.5#54625: query (cache) 'search.mywebsearch.com/A/IN' denied
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 1000 total points
ID: 37771245
Dear,

You should add something like this in named.conf :

allow-query {192.168.1.0/24; 192.168.11.0/24; };
allow-query-cache {192.168.1.0/24; 192.168.11.0/24;};
0
 

Author Comment

by:D_wathi
ID: 37772681
Sir thank you very much

Have changed the named.conf.options like the below

acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

//      query-source address * port 53;
        listen-on {localhost; myaddresses; spokes; };
allow-query { localhost; myaddresses; spokes;};
allow-query-cache {localhost; myaddresses; spokes;};

         forwarders {
                202.56.230.6;
                8.8.8.8;
         };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
------------------------------------------------------ end---------------------------


Also please let me know the below mentioned controls statement in the named.conf.local is  correct .  Is it required to add all the spoke location network which is going to use this DNS 11.0/24, 12.0/24  ---------------25/24.  Like the below

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; 192.168.1.0/24; 192.168.11.0/24; 192.168.12.0/24;  } keys { "rndc-key"; };
};


--------------------------
Please help by checking the above two files
1. named.conf.options  # acl declaration
2. named.conf.local  # control statment

Thanks in advance.
0
 

Author Comment

by:D_wathi
ID: 37772738
this is in continuation of the previous post,

can i use the controls statment like the below:

controls {
                inet 127.0.0.1 port 953
 allow { 127.0.0.1; myaddresses; spokes;}keys { "rndc-key"; };
};

doubt is already defined 127.0.0.1 is it still required to define myaddress ( this is acl declared in named.conf.options as below posted.
--------------------------named.conf.options--------------------------
acl "myaddresses" { 192.168.1.0/24; };
acl "spokes" { 192.168.11.0/24; 192.168.12.0/24; 192.168.13.0/24; 192.168.14.0/24; 192.168.15.0/24; 192.168.16.0/24; 192.168.17.0/24; 192.168.18.0/24; 192.168.19.0/24; 192.168.20.0/24; 192.168.21.0/24; 192.168.22.0/24; 192.168.23.0/24; 192.168.24.0/24; 192.168.25.0/24; };

please suggest
0
 

Author Comment

by:D_wathi
ID: 37773264
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 1000 total points
ID: 37774993
I think  defining only the local host like the below would suffice as key upates happens with localhost, please correct me if iam wrong.

controls {
        inet 127.0.0.1 port 953
                allow {127.0.0.1; } keys { "rndc-key"; };
};

The controls clause is not associated with any sort of zone updates if that is what you are thinking, your question is a bit unclear.  The controls clause allow statement should include any servers/acls/etc that you want to give remote access of the server to, mainly the rndc command.

Check out http://www.zytrax.com/books/dns/ch7/controls.html for more info on that option.
0
 

Author Comment

by:D_wathi
ID: 37775049
Sir, thank you very much got it.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question