Solved

Problem using bind with views

Posted on 2014-12-23
2
188 Views
Last Modified: 2014-12-24
Hi.

I'm running a debian linux where I installed bind for using it as a DNS server.

I created some zones and it's working fine. Here is the named.conf.local

//
// Do any local configuration here
//

	zone "interna" {
		type master;
		file "/etc/bind/db.interna";
	};
	zone "7.16.172.in-addr.arpa" {
		type master;
		file "/etc/bind/db.172.16.7";
		notify no;
	};


	zone "serveis.interna" {
		type master;
		file "/etc/bind/db.serveis.interna";
		notify no;
	};

	zone "grup7.gsx" {
		type master;
		file "/etc/bind/db.dmz";
	};


	zone "70.168.192.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.70";
		notify no;
	};

	zone "71.168.192.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.71";
		notify no;
	};

	zone "192.168.254.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.254";
		notify no;	
	};

	zone "192.168.255.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.255";
		notify no;
	};

Open in new window


Then I changed this file to use views:

//
// Do any local configuration here
//

view "intranet" {
//	recursion yes;
//	match-clients { 172.16.7.0/24; localhost;};
	zone "interna" {
		type master;
		file "/etc/bind/db.interna";
	};
	zone "70.168.192.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.70";
	};

	zone "71.168.192.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.71";
	};
//	include "/etc/bind/named.conf.default-zones";
};

view "public" {
//	match-clients { any; };
//	recursion no;

	zone "serveis.interna" {
		type master;
		file "/etc/bind/db.serveis.interna";
	};

	zone "grup7.gsx" {
		type master;
		file "/etc/bind/db.dmz";
	};

	zone "7.16.172.in-addr.arpa" {
		type master;
		file "/etc/bind/db.172.16.7";
		notify no;
	};

	zone "192.168.254.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.254";
	};

	zone "192.168.255.in-addr.arpa" {
		type master;
		file "/etc/bind/db.192.168.255";
		notify no;
	};
};

Open in new window


After this change, DNS seems to stop working (ping and dig fails when they worked before).  What is the problem on this version of the file?
0
Comment
Question by:gplana
2 Comments
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 40516432
OK, so first things first -- a ping test on the server failing means far more than DNS is stopping, which means far more is going on.

On the other hand, if you're using ping to test name resolution, and it's coming back unresolved, that's not a ping failure, that's a DNS failure.

The next thing I see is that you have totally different zones in the "intranet" and "public" views -- which means people on the 172.16.7.0/24 network -- and your localhost -- will NOT be able to resolve any of the "public" domains.

This is a common error -- an assumption that you'll see zones in any area you "match" -- but that is not at all true. Instead, you see the zones in the first "view" you match... and no others!

Why you might ask? For many sites, they have different "internal" views of the same domain that is also accessible from the Internet. For example:
  from the LAN: each server has a LAN IP and each desktop registers its DNS name when it gets a DHCP setup
  from the WAN: the same domain name resolves server addresses to WAN IPs, and there are no entries for desktops

SO -- redo the views with this in mind (meaning that everything in the "public" view should also be in the "intranet" view.

FWIW: I usually list these domains in an INCLUDE file so that my "intranet" view has an include for the public domains and the public view has the same include.

I hope this helps to solve your issue!

Dan
IT4SOHO
0
 
LVL 15

Author Closing Comment

by:gplana
ID: 40516489
Excellent. This was exactly the problem: my initial view should include all the zones, not just its exclusive zones.

Thank you so much.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now