Re: Problems getting bind working on F11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2009-08-09 at 21:26 +0930, Tim wrote:
> On Sat, 2009-08-08 at 20:33 -0400, Braden McDaniel wrote:
> >                 listen-on port 53 { 127.0.0.1; };
> >                 listen-on-v6 port 53 { ::1; };
> 
> It's only listening on the local loopback address, so you won't get
> anything when trying to access it through another interface.

Okay... so (with respect to this) it *does* matter
whether /etc/resolv.conf points to 127.0.0.1 or the locally-known IP
address.

And, in fact, changing /etc/resolv.conf to point to 127.0.0.1 for the
nameserver gets things working--on the nameserver box itself.

> The "dig" tool is used for testing domain name stuff.  Run it on the
> same box as the server, and try it on other boxes, too.
> 
> dig name-to-look-up @server-to-query
> 
> e.g. dig example.com @127.0.0.1
> 
> It'll use the servers listed in your resolv.conf file, instead, if you
> don't specify which server to query.

Thanks for that.  This is what I get when I try to look up something
from a different machine on the local network:

        # dig front @192.168.1.20
        
        ; <<>> DiG 9.6.1-P1-RedHat-9.6.1-4.P1.fc11 <<>> front @192.168.1.20
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 5627
        ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
        ;; WARNING: recursion requested but not available
        
        ;; QUESTION SECTION:
        ;front.				IN	A
        
        ;; Query time: 8 msec
        ;; SERVER: 192.168.1.20#53(192.168.1.20)
        ;; WHEN: Sun Aug  9 13:57:03 2009
        ;; MSG SIZE  rcvd: 23

So... "REFUSED"?  What might be the cause of that?

> Using localhost in the domain configurations (such as your NS records)
> is only going to give you problems if you want to use it with other
> machines on your LAN, or with other addresses.  So many things expect it
> to only ever point to 127.0.0.1, and it's not going to work across
> different machines.

Okay... I think I've corrected that.  Here's the current state of
things:

        # cat /etc/named.conf
        //
        // named.conf
        //
        // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
        // server as a caching only nameserver (as a localhost DNS resolver only).
        //
        // See /usr/share/doc/bind*/sample/ for example named configuration files.
        //
        
        
        options {
        	listen-on port 53 {
        	127.0.0.1;
        	192.168.1.20;
        };
        
        dnssec-enable yes
        
        ;
        
        	listen-on-v6 port 53 { ::1; };
        	directory 	"/var/named";
        	dump-file 	"/var/named/data/cache_dump.db";
                statistics-file "/var/named/data/named_stats.txt";
                memstatistics-file "/var/named/data/named_mem_stats.txt";
        	allow-query     { localhost; };
        	recursion yes;
        	
        	dnssec-validation yes;
        	dnssec-lookaside . trust-anchor dlv.isc.org.;
        };
        
        logging {
                channel default_debug {
                        file "data/named.run";
                        severity dynamic;
                };
        };
        
        zone "1.168.192.IN-ADDR.ARPA." IN {
        	type master;
        	file "192.168.1.db";
        };
        zone "endoframe.net." IN {
        	type master;
        	file "endoframe.net.db";
        };
        zone "." IN {
        	type hint;
        	file "named.ca";
        };
        
        include "/etc/named.rfc1912.zones";
        
        include "/etc/pki/dnssec-keys//named.dnssec.keys";
        include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";


        # cat /var/named/endoframe.net.db
        $TTL 1H		
        @	SOA	front	root.front.endoframe.net. (	5
        						3H
        						1H
        						1W
        						1H )
        			NS	front	
        front	IN	1H	A	192.168.1.20	
        hinge	IN	1H	A	192.168.1.21	
        door	IN	1H	A	192.168.1.1	
        glyph	IN	1H	A	192.168.1.10	
        chime	IN	1H	A	192.168.1.22	
        stile	IN	1H	A	192.168.1.24	
        bolt	IN	1H	A	192.168.1.25	
        
        
        # cat /var/named/192.168.1.db
        $TTL 1H		
        @	SOA	front.endoframe.net.	root.front.endoframe.net. (	4
        						3H
        						1H
        						1W
        						1H )
        			NS	front.endoframe.net.	
        20	PTR	front.endoframe.net.	
        21	PTR	hinge.endoframe.net.	
        1	PTR	door.endoframe.net.	
        10	PTR	glyph.endoframe.net.	
        22	PTR	chime.endoframe.net.	
        24	PTR	stile.endoframe.net.	
        25	PTR	bolt.endoframe.net.	

-- 
Braden McDaniel <braden@xxxxxxxxxxxxx>

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux