Help with DNS on FC1

Discuss Networking
Post Reply
Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Help with DNS on FC1

Post by Griffin518 »

Hi All... I could really use some help on this one. I'm not a linux newbie, but I just can't get DNS to work on my FC1 box. If anyone out there has set up a DNS server with Fedora, I'd really appreciate the help. Here's some cut/pastes of my conf files, for reference:

[root@localhost named]# rpm -qa | grep bind
bind-9.2.2.P3-9
ypbind-1.12-3
bind-chroot-9.2.2.P3-9
bind-utils-9.2.2.P3-9

#####/etc/named.conf#####
options {
directory "/var/named";
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};


zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "thesweethog.home" IN {
type master;
file "thesweethog.home.zone";
allow-update { localhost; };
};

zone "0.168.192.in-addr.arpa" IN {
type master;
file "192.168.0.rev";
allow-update { localhost; };
};

include "/etc/rndc.key";
#########################

#####/var/named/localhost.zone#####
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
1 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1
############################

###########/var/named/named.local##############
$TTL 86400
@ IN SOA localhost. root.localhost. (
1 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.
#########################################

#####/var/named/thesweethog.home.zone#####
$ORIGIN .
$TTL 3600 ; 1 hour
thesweethog.home IN SOA lassie.thesweethog.home. kalle.lassie.thesweethog.home (
1 ; serial
21600 ; refresh (6 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS lassie.thesweethog.home
A 192.168.0.101
$ORIGIN thesweethog.home.
; Static Addresses
$TTL 259200 ; 3 Days
desktop A 192.168.0.100
lassie A 192.168.0.101
########################

######/var/named/192.168.0.rev##############
$ORIGIN .
$TTL 3600 ; 1 hour
0.168.192.in-addr.arpa IN SOA kalle.lassie.thesweethog.home. lassie.thesweethog.home. (
1 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
3600000 ; expire (5 weeks 6 days 16 hours)
3600 ; minimum (1 hour)
)
NS lassie.thesweethog.home.
$ORIGIN 0.168.192.in-addr.arpa.
1 PTR desktop.thesweethog.com.
2 PTR lassie.thesweethog.home.
######################################

#####/etc/resolv.conf#####
domain thesweethog.home
search thesweethog.home
#nameserver 127.0.0.1
nameserver 192.168.0.101
#######################

So, what I'd really like to be able to do is have the server (lassie) resolve itself, but that's not happening. Can anyone clue me in? I think I'm missing something really simple.

[root@localhost named]# dig -x 192.168.0.101

; <<>> DiG 9.2.2-P3 <<>> -x 192.168.0.101
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22733
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;101.0.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
168.192.in-addr.arpa. 10800 IN SOA xbru.br.ns.els-gms.att.net. rm-hostmaster.ems.att.com. 1 1800 900 604800 604800

;; Query time: 672 msec
;; SERVER: 192.168.0.101#53(192.168.0.101)
;; WHEN: Tue Apr 6 22:10:01 2004
;; MSG SIZE rcvd: 131

[root@localhost named]# host lassie
Host lassie not found: 3(NXDOMAIN)
[root@localhost named]# host lassie.thesweethog.home
Host lassie.thesweethog.home not found: 3(NXDOMAIN)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I haven't had a chance to look through all of your information yet but I am just curious if you looked over my dynamic DNS page (which also includes static examples)?

http://voidmain.is-a-geek.net/redhat/re ... c_dns.html

The above says Red Hat 9 but the same instructions go for Fedora. I run bind on lots of Fedora machines. I may have missed it in your post but did you look at the end of your system log (/var/log/messages) after restarting the named service? This usually has all the key information and should lead you to the problem/resolution. Sorry if I overlooked it (I plan on looking it over much more deeply if you can't get it, but I just about pulled an all nighter last night and I'm about to crash).

EDIT: I just noticed you are using the "chroot" version. This will certainly introduce some differences between my example (file locations and possibly permissions). It does provide better security though so if this is a public DNS server then stay with the chroot version. If it's only for your internal net you could ditch the chroot and then all the paths would follow my examples. Again. the system log "should" provide the answers.

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Post by Griffin518 »

Thanks for the response! Yes, I have looked over your how-to... in fact that's how I found this forum. :) I followed your examples, but no go. The only thing that I haven't done is explicitly download your configuration files... maybe I'll try that tonight.

I've read some about how you need to actually edit named.conf in /var/named/chroot/etc, since the other file wouldn't be read... but that didn't help. I'll give your configuration files a shot tonight, and see what happens.

There hasn't been anything suspicious in /var/log/messages... is there somewhere else I should be looking for DNS messages?

Thanks again!

-Griffin-
Void Main wrote:I haven't had a chance to look through all of your information yet but I am just curious if you looked over my dynamic DNS page (which also includes static examples)?

http://voidmain.is-a-geek.net/redhat/re ... c_dns.html

The above says Red Hat 9 but the same instructions go for Fedora. I run bind on lots of Fedora machines. I may have missed it in your post but did you look at the end of your system log (/var/log/messages) after restarting the named service? This usually has all the key information and should lead you to the problem/resolution. Sorry if I overlooked it (I plan on looking it over much more deeply if you can't get it, but I just about pulled an all nighter last night and I'm about to crash).

EDIT: I just noticed you are using the "chroot" version. This will certainly introduce some differences between my example (file locations and possibly permissions). It does provide better security though so if this is a public DNS server then stay with the chroot version. If it's only for your internal net you could ditch the chroot and then all the paths would follow my examples. Again. the system log "should" provide the answers.

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Post by Griffin518 »

I just installed the configuration files from your how-to... it's still a no-go. I even place copies in the chroot tree. Any other ideas? I'm beginning to wonder if I'm missing a fileset, or something like that.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Just for grins, try removing the bind-chroot RPM and see how far you get. If you can get. I would suggest getting it working that way first and then move it to a chroot environment. Please show me any DNS related messages from your /var/log/messages after a restart of named:

# service named restart
# grep named /var/log/messages | tail -25

I'll try and get some time to work on the chroot version tonight.

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Post by Griffin518 »

Yeah... I was thinking about this at work today, and also came to the conclusion that I should back off and come at it from a different angle. I'll let you know what happens. Don't bother wasting time putting together a new how-to until you know that I'm not just goofing something really simple, up. I'll figure it out eventually. :)

-Griffin-

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Success

Post by Griffin518 »

Success! It was chroot-bind.... and it not copying the key file. I tested it out a couple of different ways. Here's how I reset everything, and got it working from scratch:

1) Download the bind-9*, bind-util*, caching-nameserver, and chroot-bind RPMS, and put them in /tmp.

2) Use yum (or RPM if you feel like it) to remove bind, and it's dependancies... "yum remove bind"

3) Reinstall bind, bind-utils, and caching-nameserver. "rpm -ivh bind-9*.rpm bind-util*.rpm cachin*.rpm"

4) Configure the DNS server how you'd like it (named.conf, etc).

5) Start the named service... make sure it's working, then stop the named service.

6) Go back to /tmp and install chroot-bind

7) Start the named service again, and verify that everything's still working.

What appears to be happening is that when chroot-bind is installed, it propogates the configuration files into the proper chroot'd directories (under /var/named/chroot)... interesting, no?

I wonder if it updates them every time you make an update to the original files, or if we're responsible for editing the chroot'd ones, from now on. Hmmmmm...

Thanks for all the help...

-Griffin-

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I am sure you would have to update the chrooted ones. The ones in /etc would be useless.

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Post by Griffin518 »

Void Main wrote:I am sure you would have to update the chrooted ones. The ones in /etc would be useless.
Yup... I actually just verified it...

So the focus should be to make sure that the /var/named/*.zone/rev files contain your essential DNS records at least... in case for some reason chroot-bind gets removed.

-Griffin-

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

If the bind-chroot RPM is like most then it should leave any modified files where they are when the RPM is removed.

Griffin518
user
user
Posts: 38
Joined: Tue Apr 06, 2004 8:43 pm
Contact:

Post by Griffin518 »

Void Main wrote:If the bind-chroot RPM is like most then it should leave any modified files where they are when the RPM is removed.
Try removing the bind rpm. :wink:

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I just intalled bind, then I installed my dynamic dns example files, started named and everything worked, then I installed bind-chroot which copied my custom files into /var/named/chroot/*/*. I then removed the bind-chroot RPM and it left all of the zone files in place, and saved the chrooted named.conf and rndc.key as named.conf.rpmsave and rndc.key.rpmsave. Then I removed the bind RPM and it left all the zone files in tact and saved the /etc named.conf, rndc.conf, and rndc.key as named.conf.rpmsave, rndc.conf.rpmsave and rndc.key.rpmsave.

So basically it didn't delete any file that it didn't install or any file that was modified so I am not sure what you are referring to. Where did you get your bind RPMS? If yours did anything differently I would notify the packager that they are broken.

Post Reply