Solved

Host not found: 3(NXDOMAIN)

Posted on 2014-07-24
5
762 Views
Last Modified: 2014-07-31
I keep having trouble with this one. I have implemented DNS with DHCP update on my Linux Slackware distro 14.1, bind version 9.9.3. I did have this working once, I was able to resolve dhcp clients:
$ host hplaptop
hplaptop.hprs.local has address 192.168.0.100

Open in new window

I don't know that I've done anything at all to this basic bind/dhcpd configuration, but now I cannot resolve them:
$ host hplaptop
Host hplaptop not found: 3(NXDOMAIN)

Open in new window

I need help!

My named.conf:
options {
        directory "/var/named";
        forwarders {            // These are the ISP provided name servers
            66.193.88.3;
            66.192.88.4;
        };

        allow-query {           // Permit querying by others in the domain
            192.168.0.0/24;
            127.0.0.1;
        };
};

zone "localhost" {
        type master;
        file "db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "db.127";
};

zone "hprs.local" in {
    type master;
    allow-update { 192.168.0.2; 127.0.0.1; };         // local DHCP server
    file "db.hprs.local";
};

zone "0.168.192.in-addr.arpa" in {
    type master;
    allow-update { 192.168.0.2; 127.0.0.1; };           // local DHCP server
    file "db.192.168.0";
};

Open in new window

Zone file /var/named/db.hprs.local
$ORIGIN .
$TTL 14400      ; 4 hours
hprs.local              IN SOA  mail.hprs.local. sysadmin.mail.ohprs.org. (
                                3          ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
                        NS      mail.hprs.local.
$ORIGIN hprs.local.
$TTL 14400      ; 4 hours
mail                    A       192.168.0.2
$TTL 14400      ; 4 hours
richo                   A       192.168.0.20

Open in new window

dhcpd.conf:
authoritative;

ddns-updates on;
update-static-leases on;
allow unknown-clients;
ddns-update-style interim;
default-lease-time 86400;

zone hprs.local. { primary 192.168.0.2; }
zone 0.168.192.in-addr.arpa. { primary 192.168.0.2; }

subnet 192.168.0.0 netmask 255.255.255.0 {
    option routers 192.168.0.2;
    range 192.168.0.100 192.168.0.254;
    option domain-name-servers 192.168.0.2;
    option domain-name "hprs.local";
    ddns-domainname = "hprs.local.";
    ddns-rev-domainname = "in-addr.arpa.";
}

Open in new window

Releasing/renewing the client appears to work:
Jul 24 16:07:01 mail named[4966]: client 192.168.0.2#62764: updating zone '0.168.192.in-addr.arpa/IN': deleting rrset at '100.0.168.192.in-addr.arpa' PTR
Jul 24 16:07:01 mail dhcpd: DHCPRELEASE of 192.168.0.100 from 00:25:b3:bf:f5:42 (hplaptop) via eth1 (found)
Jul 24 16:07:01 mail dhcpd: Removed reverse map on 100.0.168.192.in-addr.arpa.
Jul 24 16:07:01 mail dhcpd: DHCPDISCOVER from 00:25:b3:bf:f5:42 via eth1
Jul 24 16:07:01 mail dhcpd: DHCPOFFER on 192.168.0.100 to 00:25:b3:bf:f5:42 (hplaptop) via eth1
Jul 24 16:07:01 mail named[4966]: client 192.168.0.2#62764: updating zone '0.168.192.in-addr.arpa/IN': deleting rrset at '100.0.168.192.in-addr.arpa' PTR
Jul 24 16:07:01 mail named[4966]: client 192.168.0.2#62764: updating zone '0.168.192.in-addr.arpa/IN': adding an RR at '100.0.168.192.in-addr.arpa' PTR
Jul 24 16:07:01 mail dhcpd: DHCPREQUEST for 192.168.0.100 (192.168.0.2) from 00:25:b3:bf:f5:42 (hplaptop) via eth1
Jul 24 16:07:01 mail dhcpd: DHCPACK on 192.168.0.100 to 00:25:b3:bf:f5:42 (hplaptop) via eth1
Jul 24 16:07:02 mail dhcpd: Added reverse map from 100.0.168.192.in-addr.arpa. to hplaptop.hprs.local

Open in new window

But I can't resolve hplaptop from the Linux DNS server and there is no db.hprs.local.jnl file created.

Interestingly, a db.192.169.0.jnl file *is* created and I can resolve by IP:
$ host 192.168.0.100
100.0.168.192.in-addr.arpa domain name pointer hplaptop.hprs.local.

Open in new window

Please help! I'm stuck!
0
Comment
Question by:jmarkfoley
  • 4
5 Comments
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40218666
more info: I am getting the error:
Jul 25 02:42:41 mail named[4890]: client 192.168.0.100#53970: update 'hprs.local/IN' denied

Open in new window

Odd that it can update the reverse zone file, but not the forward zone file.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40218692
I believe I've figured this one out. I needed "ignore client-updates" in my dhcpd.conf file in the general option section. I'm going to give it a day or so because I've had this problem intermittently in the past.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40219151
Were both host commands done on the same computer?

If not, I would also verify your resolver.conf file on each computer is correct.  Make sure you have the "search hprs.local"  Since you are just putting in the host name and not the FQDN it will try to look up just plain "hplaptop", which would not exist on DNS server.  It might exist in a local hosts file, but not on a DNS server.
0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
ID: 40219523
> Were both host commands done on the same computer?

yes

resolv.conf does have "search hprs.local". /etc/resolv.conf
domain hprs.local
search hprs.local
nameserver 192.168.0.2

Open in new window

I think the "ignore client-updates" in dhcpd.conf might have fixed it. This person had the same problem: updating reverse-DNS, but not forward-DNS zone files: https://www.centos.org/forums/viewtopic.php?t=29256.  Here's and excerpt from the dhcpd.conf man page:

       ... the  DHCP server does not necessarily always update both the A and the PTR records.  The FQDN
       option includes a flag which, when sent by the client, indicates that the  client  wishes  to
       update  its  own  A  record.   In that case, the server can be configured either to honor the
       client's intentions or ignore them.  This is done with the statement allow client-updates; or
       the statement ignore client-updates;.  By default, client updates are allowed.

       If  the server is configured to allow client updates, then if the client sends a fully-quali-
       fied domain name in the FQDN option, the server will use that name the  client  sent  in  the
       FQDN  option  to update the PTR record.  For example, let us say that the client is a visitor
       from the "radish.org" domain, whose hostname is "jschmoe".  The  server  is  for  the  "exam-
       ple.org"   domain.   The  DHCP  client  indicates  in  the  FQDN  option  that  its  FQDN  is
       "jschmoe.radish.org.".  It also indicates that it wants to update its own A record.  The DHCP
       server therefore does not attempt to set up an A record for the client, but does set up a PTR
       record for the IP address that it assigns the client, pointing at  jschmoe.radish.org.   Once
       the  DHCP  client  has  an  IP  address,  it  can  update its own A record, assuming that the
       "radish.org" DNS server will allow it to do so.

Apparently my server is NOT allowing client A record updates. I get the error
Jul 25 10:20:26 mail named[10244]: client 192.168.0.100#51807: update 'hprs.local/IN' denied

Open in new window

Which, I assume, is the client wanting to do the update. Putting that option in the dhcpd.conf file causes dhcpd to go ahead and do the update itself. These are Windows clients, so I have to decide whether to figure out how to let them to do update, or if my solution is the correct one or a Band-Aid.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 40231257
my solution of "ignore client-updates" did the trick
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now