Problems getting bind working on F11
Braden McDaniel
braden at endoframe.com
Sun Aug 9 19:48:39 UTC 2009
On Sun, 2009-08-09 at 21:26 +0930, Tim wrote:
> On Sat, 2009-08-08 at 20:33 -0400, Braden McDaniel wrote:
> > listen-on port 53 { 127.0.0.1; };
> > listen-on-v6 port 53 { ::1; };
>
> It's only listening on the local loopback address, so you won't get
> anything when trying to access it through another interface.
Okay... so (with respect to this) it *does* matter
whether /etc/resolv.conf points to 127.0.0.1 or the locally-known IP
address.
And, in fact, changing /etc/resolv.conf to point to 127.0.0.1 for the
nameserver gets things working--on the nameserver box itself.
> The "dig" tool is used for testing domain name stuff. Run it on the
> same box as the server, and try it on other boxes, too.
>
> dig name-to-look-up @server-to-query
>
> e.g. dig example.com @127.0.0.1
>
> It'll use the servers listed in your resolv.conf file, instead, if you
> don't specify which server to query.
Thanks for that. This is what I get when I try to look up something
from a different machine on the local network:
# dig front @192.168.1.20
; <<>> DiG 9.6.1-P1-RedHat-9.6.1-4.P1.fc11 <<>> front @192.168.1.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 5627
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;front. IN A
;; Query time: 8 msec
;; SERVER: 192.168.1.20#53(192.168.1.20)
;; WHEN: Sun Aug 9 13:57:03 2009
;; MSG SIZE rcvd: 23
So... "REFUSED"? What might be the cause of that?
> Using localhost in the domain configurations (such as your NS records)
> is only going to give you problems if you want to use it with other
> machines on your LAN, or with other addresses. So many things expect it
> to only ever point to 127.0.0.1, and it's not going to work across
> different machines.
Okay... I think I've corrected that. Here's the current state of
things:
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {
127.0.0.1;
192.168.1.20;
};
dnssec-enable yes
;
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-validation yes;
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "1.168.192.IN-ADDR.ARPA." IN {
type master;
file "192.168.1.db";
};
zone "endoframe.net." IN {
type master;
file "endoframe.net.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
# cat /var/named/endoframe.net.db
$TTL 1H
@ SOA front root.front.endoframe.net. ( 5
3H
1H
1W
1H )
NS front
front IN 1H A 192.168.1.20
hinge IN 1H A 192.168.1.21
door IN 1H A 192.168.1.1
glyph IN 1H A 192.168.1.10
chime IN 1H A 192.168.1.22
stile IN 1H A 192.168.1.24
bolt IN 1H A 192.168.1.25
# cat /var/named/192.168.1.db
$TTL 1H
@ SOA front.endoframe.net. root.front.endoframe.net. ( 4
3H
1H
1W
1H )
NS front.endoframe.net.
20 PTR front.endoframe.net.
21 PTR hinge.endoframe.net.
1 PTR door.endoframe.net.
10 PTR glyph.endoframe.net.
22 PTR chime.endoframe.net.
24 PTR stile.endoframe.net.
25 PTR bolt.endoframe.net.
--
Braden McDaniel <braden at endoframe.com>
More information about the fedora-list
mailing list