[PLUG] clinic from dec. 15 named.conf question

Vince Winter vince.winter at freegeek.org
Thu Dec 19 21:09:31 UTC 2019 

Just learned that the list doesn't allow attachments.

named.conf
-----

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { 127.0.0.1; 192.168.150.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";
allow-query     { localhost; 192.168.150.0/24; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
  recursion.
- If your recursive DNS server has a public IP address, you MUST enable
access
  control to limit queries to your legitimate users. Failing to do so will
  cause your server to become part of large scale DNS amplification
  attacks. Implementing BCP38 within your network would greatly
  reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "vmnetwork.local" IN {
type master;
file "forward.vmnetwork.local";
allow-update { none; };
};
zone "150.168.192.in-addr.arpa" IN {
type master;
file "reverse.vmnetwork.local";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";



forward.vmnetwork.local
----

$TTL 1D
@ IN SOA dhcp-server.vmnetwork.local. root.vmnetwork.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dhcp-server.vmnetwork.local.
@ IN A 192.168.150.1
dhcp-server IN A 192.168.150.1
dhcp IN A 192.168.150.1
pxe-server IN A 192.168.150.2
pxe IN A 192.168.150.2



reverse.vmnetwork.local
---

$TTL 1D
@ IN SOA dhcp-server.vmnetwork.local. root.vmnetwork.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dhcp-server.vmnetwork.local.
@ IN PTR vmnetwork.local.
dhcp-server IN A 192.168.150.1
1 IN PTR dhcp-server.vmnetwork.local.
dhcp IN A 192.168.150.1
1 IN PTR dhcp.vmnetwork.local.
pxe-server IN A 192.168.150.2
2 IN PTR pxe-server.vmetwork.local.
pxe IN A 192.168.150.2
2 IN PTR pxe.vmnetwork.local.


On Tue, Dec 17, 2019 at 1:56 PM Vince Winter <vince.winter at freegeek.org>
wrote:

> Hello,
>
> dig didn't work.
>
> Context:
> I am running 3 virtual machines on my laptop;there is DHCP/DNS Bind
> server, Pxe/NFS server, and test workstation. There is 2 virtual networks;
> Network External is just a connection Host(My Laptop) and DHCP server,
> Network Internal is just a connection between DHCP server, Pxe server, and
> the workstation. The DHCP/DNS server is running iptables, DNS Bind, and
> dhcp.
>
> Goal:
> Have the DNS running for internal computers and be able to pass DNS
> internally, this setup as a test and learning environment, and being able
> to get internet access to the internal network.
>
> Problem:
> I can't get the DNS names to resolve. The DNS server can get resolve
> external DNS names but not internal one. The pxe server and workstation
> can't resolve DNS internally or externally, but can ping external IP
> addresses. Pxe boot is working. Have tested with iptables running and
> stopped.
>
> Named.conf and zone files will be attached.
>
> On Tue, Dec 17, 2019 at 10:52 AM OR Linux Jobs <oregonlinuxjobs at gmail.com>
> wrote:
>
>> Hi PLUG
>>
>> Someone at the clinic had a question about configuring a private
>> nameserver
>> that was not responding to requests.
>> The basic troubleshooting step, if you have access to the dig utility, is
>> to use the dig utility as shown below.
>>
>> dig @8.8.8.8 google.com
>>
>> replace IP address with the IP address of your private nameserver
>> replace google.com with a host that you have configured in named.conf
>>
>> If you still don't get the answer you expected, there could be a problem
>> with the named.conf
>> One way that I did not consider at the time was to use another working
>> nameserver to get a conf file to compare to.
>> If you have access to a web hosting service that uses the Plesk control
>> panel for example,
>> configure the private namserver using their interface, then copy the
>> resulting conf file after you've made the changes.
>>
>> Make a comparison between the Plesk-generated conf file and the one that
>> you are troubleshooting using diff or manually.
>>
>> Caveats that I can think of....
>>
>> Plesk might not be using the same nameserver that you are using, i.e. BIND
>> etc.
>> Plesk only works with routeable IP's if I understand correctly
>>
>> Sincerely
>> Neil
>> _______________________________________________
>> PLUG mailing list
>> PLUG at pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>
>
> --
>
> ---
> Vince Winter
> Free Geek, Tech Support Staff
> He | His | They
> 503.232.9350 x6
> 10:00 am to 5:45 pm Tuesday to Saturday
>


-- 

---
Vince Winter
Free Geek, Tech Support Staff
He | His | They
503.232.9350 x6
10:00 am to 5:45 pm Tuesday to Saturday

More information about the PLUG mailing list