DNS error, from a newbee to the real experts..
Weeltin
weeltinl at gmail.com
Fri Jul 17 19:18:33 UTC 2020
Hello all,
I’m trying to implement a DNS structure, containing a recursive and
authoritative server, but in doing so, I have run into a small problem. I
can make DNS queries from a client toward the net, but when I try to do the
same toward my internal domain, I get no result. I have spent days trying
to figure out what is going on, but to no avail, I there for hope that
someone on this list can point me in the right direction or right out tell
what is wrong.
/Weeltin.
-----DIG troubleshoots
[weeltin at c1 ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.14.10
[weeltin at c1 ~]$ dig google.com
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48932
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c1bc4a11c40bd755905c8c705f11f5ffe699cc0116ed8ba5 (good)
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 300 IN A 216.58.211.142
;; Query time: 179 msec
;; SERVER: 192.168.14.10#53(192.168.14.10)
;; WHEN: Fri Jul 17 15:03:27 EDT 2020
;; MSG SIZE rcvd: 83
[weeltin at c1 ~]$ dig c1.example.home
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> c1.example.home
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62602
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: cf8876e3b35138f47040188e5f11f64a91445aa4f8310f5a (good)
;; QUESTION SECTION:
;c1.example.home. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020071701 1800
900 604800 86400
;; Query time: 263 msec
;; SERVER: 192.168.14.10#53(192.168.14.10)
;; WHEN: Fri Jul 17 15:04:42 EDT 2020
;; MSG SIZE rcvd: 147
[weeltin at c1 ~]$ dig @192.168.14.20 c1.example.home
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> @192.168.14.20 c1.example.home
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20704
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 747289c94876cf349034aec35f11f794a29c6747bb6a694f (good)
;; QUESTION SECTION:
;c1.example.home. IN A
;; ANSWER SECTION:
c1.example.home. 604800 IN A 192.168.14.1
;; Query time: 0 msec
;; SERVER: 192.168.14.20#53(192.168.14.20)
;; WHEN: Fri Jul 17 15:10:12 EDT 2020
;; MSG SIZE rcvd: 88
----- informations and configurations ----
OS: Alpine 3.12
Bind: bind 9.14.12
Ns1: 192.168.14.10 (recursive)
Ns2: 192.168.14.20 (authoritative)
C1: 192.168.14.1 (client)
--- recursive config (NS1)
// recursive named.conf
//
acl trusted {
192.168.14.0/24;
localhost;
};
acl rfc1918 {
10.0.0.0/8;
172.16.0.0/12;
!192.168.14.0/24;
192.168.0.0/16;
};
acl rfc5735 {
0.0.0.0/8;
169.254.0.0/16;
192.0.0.0/24;
192.0.2.0/24;
192.88.99.0/24;
198.18.0.0/15;
198.51.100.0/24;
203.0.113.0/24;
224.0.0.0/4;
};
options {
directory "/var/bind";
listen-on {
127.0.0.1;
192.168.14.10;
};
listen-on-v6 {
none;
};
allow-query {
trusted;
};
//query-source address * port 53;
allow-query-cache {
trusted;
};
blackhole {
rfc1918;
rfc5735;
};
allow-transfer {
none;
};
pid-file "/var/run/named/named.pid";
// Changing this is NOT RECOMMENDED; see the notes above and in
// named.conf.recursive.
allow-recursion {
trusted;
};
recursion yes;
};
zone "." IN {
type hint;
file "root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "example.home" {
type forward;
forwarders { 192.168.14.20; };
};
--- authoritative config (NS2)
// authoritative named.conf
//
acl trusted {
192.168.14.0/24;
localhost;
};
acl rfc1918 {
10.0.0.0/8;
172.16.0.0/12;
!192.168.14.0/24;
192.168.0.0/16;
};
acl rfc5735 {
0.0.0.0/8;
169.254.0.0/16;
192.0.0.0/24;
192.0.2.0/24;
192.88.99.0/24;
198.18.0.0/15;
198.51.100.0/24;
203.0.113.0/24;
224.0.0.0/4;
};
options {
directory "/var/bind";
// Configure the IPs to listen on here.
listen-on {
127.0.0.1;
192.168.14.20;
};
listen-on-v6 {
none;
};
allow-query {
trusted;
};
//query-source address * port 53;
allow-query-cache {
trusted;
};
blackhole {
rfc5735;
rfc1918;
};
allow-transfer {
none;
};
// Cryptographic authentication of DNS information
// ENABLE LATER
//dnssec-enable yes;
//dnssec-validation yes;
pid-file "/var/run/named/named.pid";
// Changing this is NOT RECOMMENDED for a authoritative nameserver
allow-recursion { none; };
recursion no;
};
zone "example.home" {
type master;
file "/etc/bind/db.example.home.zone";
};
zone "14.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.14.168.192.zone";
};
; ZONE file for example.home.
;
$TTL 604800
@ IN SOA ns2.example.home. hostmaster.example.home. (
2 ; Serial
604800 ; Refresh 1week
86400 ; Retry
2419200 ; Expire 28days
604800 ; Negative Cache TTL
)
;; name servers (NS)
;; only authoritative servers
@ IN NS ns2.example.home.
ns2 IN A 192.168.14.20
;; hosts (A)
ns1 IN A 192.168.14.10
c1 IN A 192.168.14.1
;; alias (CNAME)
client IN CNAME c1
; ZONE file for 14.168.192.in-addr.arpa.
;
$TTL 604800
@ IN SOA ns2.example.home. hostmaster.example.home. (
1 ; Serial
604800 ; Refresh 1week
86400 ; Retry
2419200 ; Expire 28days
604800 ; Negative Cache TTL
)
;; name servers (NS)
;; only authoritative servers
@ IN NS ns2.example.home.
20 IN PTR ns2.example.home.
;; pointer records (PTR)
1 IN PTR c1.example.home.
10 IN PTR ns1.example.home.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200717/6198e4dc/attachment-0001.htm>
More information about the bind-users
mailing list