caching only DNS server

jm jm at hcn.com.au
Wed Apr 18 07:22:35 UTC 2007 

Hi Souza,

Is there a firewall running on 10.0.0.103? # iptables -L -n
Is bind listening on port 53 UDP/TCP on 10.0.0.103? # netstat 
--numeric-hosts | grep domain
Is there a listen-on directive in named.conf?

Cheers,

Jason

Souza Simbota wrote:
> I followed the procedure below on configuring a caching only DNS server
> (http://kbase.redhat.com/faq/FAQ_42_9609.shtm) but it works on the same
> machine. When I dig from another machine to this one (dig yahoo.com
> @10.0.0.103) it doesn't work and gives a message
> 
> ; <<>> DiG 9.2.4 <<>> yahoo.com @10.0.0.103
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> 
> What could be  the problem. Will appreciate your help.
> 
> SOUZA
> 
> 
> 
> The packages which needs to be installed are:
> bind-9.2.4-16.EL4.i386.rpm 
> bind-chroot-9.2.4-16.EL4.i386.rpm 
> caching-nameserver-7.3-3.noarch.rpm 
> 
> These packages can be installed from the CD using the command:
> # rpm -ivh <PACKAGE NAME>
> 
> or using the up2date command:
> # up2date <PACKAGE NAME>
> 
> The configuration files associated with the caching name server are:
> /etc/sysconfig/named 
> /var/named/chroot/etc/named.conf 
> /var/named/chroot/var/named/named.local 
> /var/named/chroot/var/named/named.ca 
> /var/named/chroot/var/named/localhost.zone 
> /var/named/chroot/var/named/localdomain.zone 
> 
> Edit /etc/sysconfig/named and ensure that the following entry is made in the
> file, which tells named to run the chroot environment.
> ROOTDIR=/var/named/chroot
> Note: /etc/named.conf is a symbolic link to /var/named/chroot/etc/named.conf
> file. 
> 
> To configure the /etc/named.conf file for a simple caching name server, use
> this configuration for all servers that don't act as a master or slave name
> server. Setting up a simple caching server for local client machines will
> reduce the load on the network's primary server. Many users on dialup
> connections may use this configuration along with bind for such a purpose.
> Ensure that the file /etc/named.conf highlights the entries below:
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> forwarders { A.B.C.D; W.X.Y.Z; };
> forward only;
> };
> 
> // a caching only nameserver config
> 
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> 
> zone "." IN {
> type hint;
> file "named.ca";
> };
> 
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
> 
> With the forwarders option, A.B.C.D and W.X.Y.Z are the IP addresses of the
> Primary/Master and Secondary/Slave DNS server on the network in question.
> They can also be the IP addresses of the ISPs DNS server and another DNS
> server, respectively. With the forward only option set in the named.conf
> file, the name server doesn't try to contact other servers to find out
> information if the forwarders does not give it an answer.
> 
> Now, /etc/resolv.conf should look like this:
> nameserver 127.0.0.1
> 
> Start the caching-dns server
> # /sbin/chkconfig named on
> # service named start
> 
> Test the caching-name server
> # nslookup
>> Default 
> Server: localhost
> Address: 127.0.0.1
> 
> Now enter a query in nslookup. For example: www.redhat.com 
>> www.redhat.com
> Server: localhost
> Address: 127.0.0.1
> 
> Name: www.redhat.com
> Address: 209.132.177.50
> nslookup now asked the named to look for the machine www.redhat.com. It then
> contacted one of the name server machines named in the root.cache file, and
> asked it's way from there. It might take a while before the result is shown,
> as it searches all the domains the user entered in /etc/resolve.conf. When
> tried again, the result should be similar to this example: 
>> www.redhat.com
> Server: localhost
> Address: 127.0.0.1
> 
> Non-authoritative answer:
> Name: www.redhat.com
> Address: 209.132.177.50
> 
> Note the Non-authoritative answer in the result this time. This means that
> named did not go out on the network to ask this time, it instead looked up
> in its cache and found it there. But the cached information might be out of
> date. So the user is informed of this danger by it saying Non-authoritative
> answer. When nslookup says this the second time when a user ask for a host,
> it is a sign that it caches the information and that it's working. Now exit
> nslookup by giving the command exit.
> ###########################################
> 
> This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
> For more information, connect to http://www.F-Secure.com/
> or contact sales at burcomw.com
> 
> 
>

More information about the bind-users mailing list