help for the bind problem.
Kevin Darcy
kcd at daimlerchrysler.com
Mon Mar 20 22:58:31 UTC 2006
ChangShen wrote:
>Hi, all,
>I have set up a loca cache only DNS using bind-chroot. No SELinux yet.
> From the DNS server itself, I can ping with name, say ping xyz or
>xyz.home.net. The query.log file says Bind got query from 127.0.0.1 at
>53 port. The named.log says named is running and zone files have been
>loaded ok.
>This dns ip is 192.168.1.2 and its name is mydns.home.net
>
>The named.conf has a control entry like this:
>acl loaclnet { 192.168.1.0/8; 127.0.0.1; };
>and it includes a line of rndckey file.
>
>The resolv.conf in dns server like this:
>domain home.net
>nameserver 127.0.0.1
>
>>From xyz, its resolve.conf is
>domain home.net
>nameserver 192.168.1.2
>
>>From xyz, I can ping ip, sya ping 192.168.1.2, no problem.
>but when I try to ping mydns.home.net, it returns erro, says something
>like this:
>connection timeout, no server can be find.
>xyz's ip is 192.168.1.100
>
>Why? since its resolve.conf has this 192.168.1.2. Why xyz can not
>find that dns server?
>The query.log did not shows any query call from xyz. Since there is no
>SELinux and the acl says 192.168.1.0/8 can access dns. So
>xyz(192.168.1.100) should be able to access mydns.home.net. Right?
>
First of all, the name of the file is /etc/resolv.conf, not
"resolve.conf". Spelling is fundamental.
Secondly, 192.168.1.0/8 is an invalid prefix notation. Either you mean
192.0.0.0/8 or 192.168.1.0/24. I suspect the latter.
Lastly, the fact that you don't see the query show up on the server
suggests the client is having a problem using that DNS server to resolve
names. Check your nsswitch.conf file (or the equivalent) to verify that
the box is actually configured to *use* DNS. Run "dig" to see if it has
any more luck than "ping" does. Check routing, firewall (e.g. iptables
or whatever) configs. Run a packet sniffer if necessary.
- Kevin
More information about the bind-users
mailing list