Re: DNS Trouble

[Kevin Darcy]

On 6/12/2011 4:00 PM, Rodrigo Faria Tavares wrote:
Hello,
I installed bind in CentOS release 5.6 (Final).
My DNS Server not ping alias (with cname), so the steps:

I installed this packages:

[root@centos ~]# rpm -qa | grep bind
ypbind-1.19-12.el5
bind-libs-9.3.6-16.P1.el5
bind-chroot-9.3.6-16.P1.el5
bind-9.3.6-16.P1.el5
bind-utils-9.3.6-16.P1.el5

[root@centos ~]# rpm -qa | grep nameserver
caching-nameserver-9.3.6-16.P1.el5
[root@centos ~]#

Then i'm using chroot.

[root@centos ~]# cd /var/named/
[root@centos named]# ls -las
total 32
8 drwxr-x---  5 root  named 4096 Jun 12 14:58 .
8 drwxr-xr-x 24 root  root  4096 Jun 12 10:04 ..
8 drwxr-x---  7 root  named 4096 Fev 22 19:35 chroot
4 drwxrwx---  2 named named 4096 Jun 12 14:58 data
0 lrwxrwxrwx  1 root  named   45 Jun 12 14:58 localdomain.zone
->  /var/named/chroot//var/named/localdomain.zone
0 lrwxrwxrwx  1 root  named   43 Jun 12 14:58 localhost.zone
->  /var/named/chroot//var/named/localhost.zone
0 lrwxrwxrwx  1 root  named   44 Jun 12 14:58 named.broadcast
->  /var/named/chroot//var/named/named.broadcast
0 lrwxrwxrwx  1 root  named   37 Jun 12 14:58 named.ca
->  /var/named/chroot//var/named/named.ca
0 lrwxrwxrwx  1 root  named   44 Jun 12 14:58 named.ip6.local
->  /var/named/chroot//var/named/named.ip6.local
0 lrwxrwxrwx  1 root  named   40 Jun 12 14:58 named.local
->  /var/named/chroot//var/named/named.local
0 lrwxrwxrwx  1 root  named   39 Jun 12 14:58 named.zero
->  /var/named/chroot//var/named/named.zero
0 lrwxrwxrwx  1 root  named   43 Jun 12 14:58 redefariat.com
->  /var/named/chroot//var/named/redefariat.com

Now I configured the domain.

[root@centos named]# cat /var/named/chroot//var/named/redefariat.com
$TTL            43200
@               IN      SOA     redefariat.com. root.redefariat.com. (
                         2011061214             ; Serial
                         28800                   ; Refresh
                         14400                   ; Retry
                         3600000                 ; Expire
                         86400                   ; Minimum
                                                 )
@               IN      NS      redefariat.com.
@               IN      MX      0       mail.redefariat.com
@               IN      A       192.168.1.100

wwww            IN      CNAME   redefariat.com.
ftp             IN      CNAME   redefariat.com.
mail            IN      CNAME   redefariat.com.
pop             IN      CNAME   redefariat.com.
pop3            IN      CNAME   redefariat.com.
smtp            IN      CNAME   redefariat.com.
rodrigo         IN      A       192.168.1.100

rodrigo.redefariat.com.            IN      A   192.168.1.100

So I put in /etc/named.caching-nameserver.conf.

options {
         listen-on port 53 { 127.0.0.1; };
         listen-on-v6 port 53 { ::1; };
         directory       "/var/named";
         dump-file       "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";

         // Those options should be used carefully because they disable
port
         // randomization
         // query-source    port 53;
         // query-source-v6 port 53;

         allow-query     { localhost; };
         allow-query-cache { localhost; };
};
logging {
         channel default_debug {
                 file "data/named.run";
                 severity dynamic;
         };
};
view localhost_resolver {
         match-clients      { localhost; };
         match-destinations { localhost; };
         recursion yes;
         include "/etc/named.rfc1912.zones";
};


view "redefariat" {
         match-clients           {192.168.1.0/24;};
         recursion yes;
         zone "redefariat.com" {
         type master;
         file "/var/named/redefariat.com";
         allow-transfer { none; };
         };
};

The logs :

root@centos named]# tail -f /var/log/messages
Jun 12 16:54:35 centos named[3343]: listening on IPv4 interface lo,
127.0.0.1#53
Jun 12 16:54:35 centos named[3343]: command channel listening on
127.0.0.1#953
Jun 12 16:54:35 centos named[3343]: zone
0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jun 12 16:54:35 centos named[3343]: zone
0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jun 12 16:54:35 centos named[3343]: zone
255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jun 12 16:54:35 centos named[3343]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
 loaded serial 1997022700
Jun 12 16:54:35 centos named[3343]: zone
localdomain/IN/localhost_resolver: loaded serial 42
Jun 12 16:54:35 centos named[3343]: zone
localhost/IN/localhost_resolver: loaded serial 42
Jun 12 16:54:35 centos named[3343]: zone redefariat.com/IN/redefariat:
loaded serial 2011061214
Jun 12 16:54:35 centos named[3343]: running


I try use ping www.redefariat.com

root@centos named]# ping www.redefariat.com
ping: unknown host www.redefariat.com

What is wrong ?
The "localhost" ACL in BIND refers not only to the loopback address, but 
also to all addresses local to the machine/instance on which named is 
running.

I'm guessing your query is matching the "localhost_resolver" view before 
it even gets to the "redefariat" view. Have you tried this query from 
some _other_ device in the 192.168.1.0/24 range?

For that matter, do you really need views at all? If you're just trying 
to restrict who can query what, and you don't need to serve different 
versions of zones to different clients, then that's doable with 
allow-query ACLs and no views at all (or, more technically, with just 
the implicit "default" view).

                                                                        
                                                    - Kevin



_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users