howto have internal BIND resolve "host" (internal host name/no dots)?
L. A. Walsh
bind at tlinx.org
Mon Feb 23 22:29:12 UTC 2015
Something seems to have changed on my network setup
(windows workstation using a linux-server for internet-interaction
including DNS running bind).
For some reason when I look up a local host name,
'myputer' I can't get it to return an addr,
and instead it appears to be querying root servers
for domain 'myputer'.
when I try using a "dig myputer" on the server,
it comes back with NXDOMAIN.
How can I tell bind server that if a hostname has no dots, don't
go off and query somewhere?
(below is checked and local information)...
Thanks (I hope)...
my /etc/resolv.conf
has an options "ndots:2", but even if not used,
doesn't dig default to a minimum of 1 'dot' as
normal cutoff before treating it as an absolute name?
I have "+search" for it to use my searchlist
in resolv.conf as well to only search in internal domains:
search hs.tlinx.org sc.tlinx.org
Current version am using:
BIND 9.9.2-P2 built with '--prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var'
'--libdir=/usr/lib64' '--includedir=/usr/include/bind'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl'
'--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2'
'--with-dlz-mysql' '--with-dlz-ldap' 'CFLAGS=-fmessage-length=0
-grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector
-funwind-tables -fasynchronous-unwind-tables -g -DNO_VERSION_DATE
-fno-strict-aliasing' 'LDFLAGS=-L/usr/lib64'
using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
Below is my named.conf. While it references some ipv6 addrs,
I am currently not using ipv6 (not configured in kernel).
Also, while I have an "external view", given the ports it is listening
on right now, I don't believe it is actively being used either.
(i.e. the nameserver is only serving internal clients).
# /etc/named.conf
#
# A description of all available options can be found in
# /usr/share/doc/packages/bin8/html/options.html
#
# logging needs to go first to order subsequent messages
#
logging {
#
# destinations within channels: null, file, syslog, stderr
# Options for use with all: print-time,
print-category, print-severity
# Options for file: size and versions
# Options for syslog: severity
channel sys_log { syslog local3; severity notice;
print-category yes; print-severity yes; };
channel lame_servers {
print-time yes; print-category yes; print-severity yes;
file "/var/log/named/lame-servers" versions 3 size 3m; };
channel std_err { stderr; severity warning; };
channel named_log {
file "/var/log/named/named" versions 8 size 1m; severity notice;
print-time yes; print-category yes; print-severity yes; };
channel named_info_log {
file "/var/log/named/named.inf" versions 8 size 1m; severity info;
print-time yes; print-category yes; print-severity yes; };
channel named_debug_log {
file "/var/log/named/named.dbg" versions 4 size 1m; severity debug;
print-time yes; print-category yes; print-severity yes; };
channel named_queries {
file "/var/log/named/queries" versions 1 size 1m;
print-time yes; print-category yes; print-severity yes; };
channel unmatched {
file "/var/log/named/unmatched" versions 4 size 1m; severity
debug;
print-time yes; print-category yes; print-severity yes; };
#
# categories of messages can be sent to predefined or above defined
# channels
# possible categories: default, general, database, security, config
# resolver, xfer-in, xfer-out, notify, client, unmatched,
# network, update, queries, dispatch, dnssec, lame-servers,
# delegation-only
#
category "queries" { "named_queries"; };
category "lame-servers" { "lame_servers"; };
category "default" { named_log; named_info_log; std_err;};
category "unmatched" { "unmatched"; };
};
# category lame-servers { lame_servers; };
options {
# The directory statement defines the name server's
# working directory
directory "/var/lib/named";
dnssec-lookaside auto;
dnssec-validation auto;
memstatistics-file "/var/log/named/memstatistics.log";
statistics-file "/var/log/named/statistics.log";
zone-statistics yes;
# the default is to fail, if the master file is not correct
check-names master ignore;
pid-file "/var/run/named/named.pid";
datasize default; stacksize default; coresize default; files default;
allow-recursion { internalnets; localhost; };
recursion yes; // default=yes
sortlist {
{192.168.4.0/24;};
};
lame-ttl 1800; // lame cache: default=600sec,
max=1800
cleaning-interval 300; # default = 60 minutes
listen-on port 53 { 127.0.0.1; 192.168.3.1; 192.168.4.1; };
include "/etc/named.d/forwarders.conf";
# include "/etc/named.d/ipv6.options";
# notify no; # global value; OR set/zone below
};
include "/etc/bind.keys";
# clamp down record size as claimed by error messages for srvs in:
include "/etc/named.d/named-512-srvbyIP.inc";
server 0.0.0.0 { transfer-format many-answers; };
server 192.168.3.2 { transfer-format many-answers; };
acl "internalnets" {
127.0.0.0/8;
192.168.3.0/24;
192.168.4.0/24; };
acl "slave" { 192.168.3.2; };
view "external" {
zone "." in { type hint; file "root.db"; };
zone "localhost" in {
type master;
file "master/localhost";
allow-update { localhost; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "master/127.0.0.zone";
allow-update { localhost; };
};
zone "tlinx.org" in {
type master;
file "master/tlinx.org.bin";
allow-transfer { localhost; internalnets; };
allow-query { localnets; localhost; };
notify yes;
};
zone "175.164.173.in-addr.arpa" in {
type master;
file "master/173.164.175.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { localnets; localhost; };
# check-names warn;
notify yes;
};
zone
"f.a.4.a.d.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.0.8.d.f.ip6.arpa" in {
type master;
file "master/fd80-3-0-0-0-0-173.164.175.zone.db";
allow-transfer { localhost; localnets; };
allow-query { localnets; localhost; };
notify yes;
};
};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
include "/etc/named.conf.include";
include "/etc/rndc.key";
include "/etc/dhcpd.key";
controls {
inet 127.0.0.1 allow { 127.0.0.0/8; } keys {rndc-key; };
inet 192.168.4.1 allow { 127.0.0.0/8; 192.168.4.0/24; } keys
{rndc-key; };
inet 192.168.3.1 allow { 127.0.0.0/8; 192.168.3.0/24;} keys
{rndc-key; };
};
view "internal" {
match-clients { localhost; internalnets; };
zone "hs.tlinx.org" in {
type master;
file "master/hs.tlinx.org.bin";
allow-transfer { localhost; internalnets; };
allow-query { localhost; internalnets; };
allow-update { key dhcp-bind ;};
notify yes;
};
zone "sc.tlinx.org" in {
type master;
file "master/sc.tlinx.org.bin";
allow-transfer { localhost; internalnets; };
allow-query { localhost; internalnets; };
allow-update { key dhcp-bind ;};
notify yes;
};
zone "4.168.192.in-addr.arpa" in {
type master;
file "master/4.168.192.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
allow-update { key dhcp-bind ;};
notify yes;
};
zone "3.168.192.in-addr.arpa" in {
type master;
file "master/3.168.192.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
allow-update { key dhcp-bind ;};
notify yes;
};
zone
"3.0.8.a.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.0.8.d.f.ip6.arpa" in {
type master;
file "master/fd80-3-0-0-0-0-192.168.3.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
notify yes;
};
zone
"4.0.8.a.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.0.8.d.f.ip6.arpa" in {
type master;
file "master/fd80-3-0-0-0-0-192.168.4.zone.db";
allow-transfer { localhost; internalnets; };
allow-query { internalnets; localhost; };
notify yes;
};
};
# vim:tw=78:ts=2
# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
More information about the bind-users
mailing list