Hey everyone, I have a dns server running in a DMZ. before it just handled 1 external zone but today I attemped to follow the howto "Two-in-one DNS server with BIND9" so that it could also serve my internal windows xp clients. I don't think things are working properly and I need some serious help :/ My external zone seems to be resolving fine, I tried flushing my cache and using a different IP but I don't know if the name server I'm using is just looking at its cache:/ My internal clients can't seem to ping any of the internal zones clients or anything externally :/ Here is some info Fedora Core 4 running Bind9 named.conf = /etc/named.conf example.local zone file = /var/named/chroot/var/named/data/example.local example.ca zone file = /var/named/chroot/var/named/data/example.local /var/log/message output on startup... starting BIND 9.3.1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv4 interface lo, 127.0.0.1#53 listening on IPv4 interface eth0, 192.168.1.4#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone iainc.ca/IN/external: loaded serial 2007071901 zone iainc.local/IN/internal: loaded serial 2007071902 running zone iainc.local/IN/internal: sending notifies (serial 2007071902) named.conf contains... options { directory "/var/named"; }; acl internals { 127.0.0.1/8; 192.168.0.0/24; 192.168.1.0/24; }; view "external" { match-clients { any; }; recursion no; zone "example.ca" { type master; file "data/example.ca"; }; }; view "internal" { match-clients { internals; }; recursion yes; zone "example.local" { type master; file "data/example.local"; }; }; Zone files contain... $TTL 1D @ IN SOA ns1.example.ca. support.example.ca. ( 2007071901; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Minimum ;name server IN NS ns1.example.ca. ;hosts www IN A ip ns1 IN A 1.ip mail IN A ip @ IN A ip ;mail entry example.ca. MX 1 mail $TTL 1D @ IN SOA ns1.example.local. support.example.ca. ( 2007071902; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Minimum ;name server IN NS ns1.example.local ;hosts bubbles IN A 192.168.0.56
Well as of this morning my external zone seems to be working fine, so I'm starting to think that this is a DMZ issue. Can anyone help? I can post more info if needed.
Well I have found another issue with my setup. I am unable to do lookups off the machine locally. Here are my configuration files. My servers IP is 192.168.1.4 My servers network is 192.168.1.0/24 (DMZ network) named.conf Code: options { directory "/var/named"; }; acl internals { 127.0.0.1/8; 192.168.0.0/24; 192.168.1.0/24; 172.168.0.0/24; }; view "external" { match-clients { any; }; zone "iainc.ca" { type master; file "data/zone.iainc.ca"; }; }; view "internal" { match-clients { internals; }; zone "iainc.local" { type master; file "data/zone.iainc.local"; }; zone "." { type hint; file "named.ca"; }; }; resolve.conf Code: nameserver 127.0.0.1
I'm not sure if this helps, but I think you should use Code: 127.0.0.0/8; instead of Code: 127.0.0.1/8; in named.conf.
I got lookups running correctly thanks. My localhost IP was wrong and I had to take my recursion statements out of my views and do the following in named.conf... Code: allow-recursion { localhost; internals;}; allow-query { any;}; The only thing that isn't working for me is my internal zone. I am unable to resolve any hosts within that zone :/ I will post my named.conf file again and my internal zone file. I'm pretty sure my named.conf is working properly now. A copy of the error when I try to ping. Code: [root@localhost ~]# ping bubbles ping: unknown host bubbles [root@localhost ~]# ping bubbles.iainc.local ping: unknown host bubbles.iainc.local Internal Zone File Code: $TTL 1D @ IN SOA ns1.iainc.local. support.iainc.ca. ( 2007072001; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Minimum ;name server IN NS ns1.iainc.local ;hosts bubbles IN A 192.168.0.56 toshiba IN A 192.168.0.57 Named.conf Code: // Default named.conf generated by install of bind-9.3.1-14_FC4 options { directory "/var/named"; allow-recursion { localhost; internals;}; allow-query { any;}; }; acl internals { 127.0.0.0/8; 192.168.0.0/24; 192.168.1.0/24; 172.168.0.0/24; }; view "external" { match-clients { any; }; zone "iainc.ca" { type master; file "data/zone.iainc.ca"; }; }; view "internal" { match-clients { internals; }; zone "iainc.local" { type master; file "data/zone.iainc.local"; }; zone "." { type hint; file "named.ca"; }; };
You forgot a dot in your zone file: Code: ;name server IN NS ns1.iainc.local[B][COLOR="Red"].[/COLOR][/B]
Thanks for your help so far Falko. I corrected this and reloaded named. Still same problem. Can't seem to resolve any hosts on my internal zone. This box is in a DMZ, however I should be able to resolve these hosts :/ Do you see any other issues? I'll post what named is spitting out in /var/log/messages... Code: starting BIND 9.3.1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv4 interface lo, 127.0.0.1#53 listening on IPv4 interface eth0, 192.168.1.4#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone iainc.ca/IN/external: loaded serial 2007071901 zone iainc.local/IN/internal: loaded serial 2007072001 running [root@localhost ~]#
I added an A record for ns1.iainc.local but still getting... Code: [root@localhost data]# ping bigal.iainc.local ping: unknown host bigal.iainc.local This box is located in a DMZ behind an IPCOP box. I don't see how this could be affecting resolving as the machine I'm pinging from is the DNS server who is authoritative for that zone :/
Here is an updated copy on my internal zone file and my named.conf. Internal zone file Code: $TTL 1D @ IN SOA ns1.iainc.local. support.iainc.local. ( 2007072610; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ); Minimum ;name server IN NS ns1.iainc.local. ;office hosts ns1 IN A 192.168.1.4 ipcop IN A 192.168.0.1 bigal IN A 192.168.0.2 terminator IN A 192.168.0.50 gunn IN A 192.168.0.51 test IN A 192.168.0.52 sandwich IN A 192.168.0.54 staples IN A 192.168.0.55 bubbles IN A 192.168.0.56 toshiba IN A 192.168.0.57 bowser IN A 192.168.0.69 named.conf Code: options { directory "/var/named"; allow-recursion { localhost; internals;}; allow-query { any;}; }; acl internals { 127.0.0.0/8; 192.168.0.0/24; 192.168.1.0/24; 172.168.0.0/24; }; view "external" { match-clients { any; }; zone "iainc.ca" { type master; file "data/zone.iainc.ca"; }; zone "." { type hint; file "named.ca"; }; }; view "internal" { match-clients { internals; }; zone "iainc.local" { type master; file "data/zone.iainc.local"; }; };
AH falko don't give up on me. My install of bind9 was from yum repositories, so nothing wacky was done to get DNS running. Does anyone have any ideas ? My Sever is located in a DMZ so could this be preventing it somehow? No idea how because all the box has to do is do lookups off itself :/
Perhaps I should clean up my named.conf file by placing my zones inside a few file? I just don't get how I can do lookups on everything else but on my local zone :/ There must be something wrong with that zone file falko :/
