DNS Trouble
Kevin Darcy
kcd at chrysler.com
Wed Jun 15 15:35:51 UTC 2011
On 6/12/2011 4:00 PM, Rodrigo Faria Tavares wrote:
> Hello,
>
> I installed bind in CentOS release 5.6 (Final).
> My DNS Server not ping alias (with cname), so the steps:
>
> I installed this packages:
>
> [root at centos ~]# rpm -qa | grep bind
> ypbind-1.19-12.el5
> bind-libs-9.3.6-16.P1.el5
> bind-chroot-9.3.6-16.P1.el5
> bind-9.3.6-16.P1.el5
> bind-utils-9.3.6-16.P1.el5
>
> [root at centos ~]# rpm -qa | grep nameserver
> caching-nameserver-9.3.6-16.P1.el5
> [root at centos ~]#
>
> Then i'm using chroot.
>
> [root at centos ~]# cd /var/named/
> [root at centos named]# ls -las
> total 32
> 8 drwxr-x--- 5 root named 4096 Jun 12 14:58 .
> 8 drwxr-xr-x 24 root root 4096 Jun 12 10:04 ..
> 8 drwxr-x--- 7 root named 4096 Fev 22 19:35 chroot
> 4 drwxrwx--- 2 named named 4096 Jun 12 14:58 data
> 0 lrwxrwxrwx 1 root named 45 Jun 12 14:58 localdomain.zone
> -> /var/named/chroot//var/named/localdomain.zone
> 0 lrwxrwxrwx 1 root named 43 Jun 12 14:58 localhost.zone
> -> /var/named/chroot//var/named/localhost.zone
> 0 lrwxrwxrwx 1 root named 44 Jun 12 14:58 named.broadcast
> -> /var/named/chroot//var/named/named.broadcast
> 0 lrwxrwxrwx 1 root named 37 Jun 12 14:58 named.ca
> -> /var/named/chroot//var/named/named.ca
> 0 lrwxrwxrwx 1 root named 44 Jun 12 14:58 named.ip6.local
> -> /var/named/chroot//var/named/named.ip6.local
> 0 lrwxrwxrwx 1 root named 40 Jun 12 14:58 named.local
> -> /var/named/chroot//var/named/named.local
> 0 lrwxrwxrwx 1 root named 39 Jun 12 14:58 named.zero
> -> /var/named/chroot//var/named/named.zero
> 0 lrwxrwxrwx 1 root named 43 Jun 12 14:58 redefariat.com
> -> /var/named/chroot//var/named/redefariat.com
>
> Now I configured the domain.
>
> [root at centos named]# cat /var/named/chroot//var/named/redefariat.com
> $TTL 43200
> @ IN SOA redefariat.com. root.redefariat.com. (
> 2011061214 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ; Minimum
> )
> @ IN NS redefariat.com.
> @ IN MX 0 mail.redefariat.com
> @ IN A 192.168.1.100
>
> wwww IN CNAME redefariat.com.
> ftp IN CNAME redefariat.com.
> mail IN CNAME redefariat.com.
> pop IN CNAME redefariat.com.
> pop3 IN CNAME redefariat.com.
> smtp IN CNAME redefariat.com.
> rodrigo IN A 192.168.1.100
>
> rodrigo.redefariat.com. IN A 192.168.1.100
>
> So I put in /etc/named.caching-nameserver.conf.
>
> options {
> listen-on port 53 { 127.0.0.1; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
>
> // Those options should be used carefully because they disable
> port
> // randomization
> // query-source port 53;
> // query-source-v6 port 53;
>
> allow-query { localhost; };
> allow-query-cache { localhost; };
> };
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
> view localhost_resolver {
> match-clients { localhost; };
> match-destinations { localhost; };
> recursion yes;
> include "/etc/named.rfc1912.zones";
> };
>
>
> view "redefariat" {
> match-clients {192.168.1.0/24;};
> recursion yes;
> zone "redefariat.com" {
> type master;
> file "/var/named/redefariat.com";
> allow-transfer { none; };
> };
> };
>
> The logs :
>
> root at centos named]# tail -f /var/log/messages
> Jun 12 16:54:35 centos named[3343]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Jun 12 16:54:35 centos named[3343]: command channel listening on
> 127.0.0.1#953
> Jun 12 16:54:35 centos named[3343]: zone
> 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jun 12 16:54:35 centos named[3343]: zone
> 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
> Jun 12 16:54:35 centos named[3343]: zone
> 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
> Jun 12 16:54:35 centos named[3343]: zone
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
> Jun 12 16:54:35 centos named[3343]: zone
> localdomain/IN/localhost_resolver: loaded serial 42
> Jun 12 16:54:35 centos named[3343]: zone
> localhost/IN/localhost_resolver: loaded serial 42
> Jun 12 16:54:35 centos named[3343]: zone redefariat.com/IN/redefariat:
> loaded serial 2011061214
> Jun 12 16:54:35 centos named[3343]: running
>
>
> I try use ping www.redefariat.com
>
> root at centos named]# ping www.redefariat.com
> ping: unknown host www.redefariat.com
>
> What is wrong ?
The "localhost" ACL in BIND refers not only to the loopback address, but
also to all addresses local to the machine/instance on which named is
running.
I'm guessing your query is matching the "localhost_resolver" view before
it even gets to the "redefariat" view. Have you tried this query from
some _other_ device in the 192.168.1.0/24 range?
For that matter, do you really need views at all? If you're just trying
to restrict who can query what, and you don't need to serve different
versions of zones to different clients, then that's doable with
allow-query ACLs and no views at all (or, more technically, with just
the implicit "default" view).
- Kevin
More information about the bind-users
mailing list