caching only DNS server
Souza Simbota
SouzaSimbota at BURCOMW.COM
Wed Apr 18 12:26:49 UTC 2007
Thanx Jason. Only the tcp port 53 was open. The udp port 53 was not open.
Its now working fine.
Regards,
SOUZA
-----Original Message-----
From: jm [mailto:jm at hcn.com.au]
Sent: Wednesday, April 18, 2007 9:23 AM
To: Souza Simbota
Cc: bind-users at isc.org
Subject: Re: caching only DNS server
Hi Souza,
Is there a firewall running on 10.0.0.103? # iptables -L -n
Is bind listening on port 53 UDP/TCP on 10.0.0.103? # netstat
--numeric-hosts | grep domain
Is there a listen-on directive in named.conf?
Cheers,
Jason
Souza Simbota wrote:
> I followed the procedure below on configuring a caching only DNS server
> (http://kbase.redhat.com/faq/FAQ_42_9609.shtm) but it works on the same
> machine. When I dig from another machine to this one (dig yahoo.com
> @10.0.0.103) it doesn't work and gives a message
>
> ; <<>> DiG 9.2.4 <<>> yahoo.com @10.0.0.103
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> What could be the problem. Will appreciate your help.
>
> SOUZA
>
>
>
> The packages which needs to be installed are:
> bind-9.2.4-16.EL4.i386.rpm
> bind-chroot-9.2.4-16.EL4.i386.rpm
> caching-nameserver-7.3-3.noarch.rpm
>
> These packages can be installed from the CD using the command:
> # rpm -ivh <PACKAGE NAME>
>
> or using the up2date command:
> # up2date <PACKAGE NAME>
>
> The configuration files associated with the caching name server are:
> /etc/sysconfig/named
> /var/named/chroot/etc/named.conf
> /var/named/chroot/var/named/named.local
> /var/named/chroot/var/named/named.ca
> /var/named/chroot/var/named/localhost.zone
> /var/named/chroot/var/named/localdomain.zone
>
> Edit /etc/sysconfig/named and ensure that the following entry is made in
the
> file, which tells named to run the chroot environment.
> ROOTDIR=/var/named/chroot
> Note: /etc/named.conf is a symbolic link to
/var/named/chroot/etc/named.conf
> file.
>
> To configure the /etc/named.conf file for a simple caching name server,
use
> this configuration for all servers that don't act as a master or slave
name
> server. Setting up a simple caching server for local client machines will
> reduce the load on the network's primary server. Many users on dialup
> connections may use this configuration along with bind for such a purpose.
> Ensure that the file /etc/named.conf highlights the entries below:
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> forwarders { A.B.C.D; W.X.Y.Z; };
> forward only;
> };
>
> // a caching only nameserver config
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
>
> With the forwarders option, A.B.C.D and W.X.Y.Z are the IP addresses of
the
> Primary/Master and Secondary/Slave DNS server on the network in question.
> They can also be the IP addresses of the ISPs DNS server and another DNS
> server, respectively. With the forward only option set in the named.conf
> file, the name server doesn't try to contact other servers to find out
> information if the forwarders does not give it an answer.
>
> Now, /etc/resolv.conf should look like this:
> nameserver 127.0.0.1
>
> Start the caching-dns server
> # /sbin/chkconfig named on
> # service named start
>
> Test the caching-name server
> # nslookup
>> Default
> Server: localhost
> Address: 127.0.0.1
>
> Now enter a query in nslookup. For example: www.redhat.com
>> www.redhat.com
> Server: localhost
> Address: 127.0.0.1
>
> Name: www.redhat.com
> Address: 209.132.177.50
> nslookup now asked the named to look for the machine www.redhat.com. It
then
> contacted one of the name server machines named in the root.cache file,
and
> asked it's way from there. It might take a while before the result is
shown,
> as it searches all the domains the user entered in /etc/resolve.conf. When
> tried again, the result should be similar to this example:
>> www.redhat.com
> Server: localhost
> Address: 127.0.0.1
>
> Non-authoritative answer:
> Name: www.redhat.com
> Address: 209.132.177.50
>
> Note the Non-authoritative answer in the result this time. This means that
> named did not go out on the network to ask this time, it instead looked up
> in its cache and found it there. But the cached information might be out
of
> date. So the user is informed of this danger by it saying
Non-authoritative
> answer. When nslookup says this the second time when a user ask for a
host,
> it is a sign that it caches the information and that it's working. Now
exit
> nslookup by giving the command exit.
> ###########################################
>
> This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
> For more information, connect to http://www.F-Secure.com/
> or contact sales at burcomw.com
>
>
>
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/
or contact sales at burcomw.com
More information about the bind-users
mailing list