next »

[Arbab]

Hi,


I have this Problem that i am new to Linux and i have sucessfully configured DHCP,Natting(Thanks to LinuxSolved) and i know how to Run Squid)
But i am unable to Configure DNS bind(named service) on RHEL5.

This is what i did.
i visited http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS
and tried to follow the instructions.

1. I didnt install DNS Bind again because i think i have named as a service already present but not working properly So i moved to the configuration.

2. [root@bigboy tmp]# chkconfig named on
3. [root@bigboy tmp]# cp -f /etc/named.conf /var/named/chroot/etc/
    [root@bigboy tmp]# cp -f /etc/rndc.* /var/named/chroot/etc/
4.[root@bigboy tmp]# locate named.conf
/etc/dbus-1/system.d/named.conf
/usr/share/doc/bind-9.3.3/sample/etc/named.conf
[root@bigboy tmp]# cp /usr/share/doc/bind-9.3.3/sample/etc/named.conf \
    /var/named/chroot/etc
[root@bigboy tmp]# ln -s /var/named/chroot/etc/named.conf /etc/named.conf
[root@bigboy tmp]# locate named.root.hints
/usr/share/doc/bind-9.3.3/sample/etc/named.root.hints
[root@bigboy tmp]# cp /usr/share/doc/bind-9.3.3/sample/etc/named.root.hints \
    /var/named/chroot/etc
[root@bigboy tmp]# ln -s /var/named/chroot/etc/named.root.hints /etc/named.root.hints
[root@bigboy tmp]# locate named.root
/usr/share/doc/bind-9.3.3/sample/etc/named.root.hints
/usr/share/doc/bind-9.3.3/sample/var/named/named.root
[root@bigboy tmp]#
[root@bigboy tmp]# cp /usr/share/doc/bind-9.3.3/sample/var/named/named.root \
    /var/named/chroot/var/named/named.root
[root@bigboy tmp]#


5. Then i Added These Zones in my /etc/Named.conf file

zone “my-web-site.org” {

   type master;
   notify no;
   allow-query { any; };
   file “my-site.zone”;

};

zone “another-site.com” {

   type master;
   notify no;
   allow-query { any; };
   file “another-site.zone”;

};

zone “1.168.192.in-addr.arpa” {
   type master;
   notify no;
   file “192-168-1.zone”;
};


i didnt added Next Local host resolver Lines as i already see then in my named.conf file.



Following is my named.conf file
//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
   /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
   query-source    port 53;   
   query-source-v6 port 53;
   
   // Put files that named is allowed to write in the data/ directory:
   directory "/var/named"; // the default
   dump-file       "data/cache_dump.db";
        statistics-file    "data/named_stats.txt";
        memstatistics-file    "data/named_mem_stats.txt";

};
logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };   
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
   match-clients       { localhost; };
   match-destinations   { localhost; };
   recursion yes;
   # all views must contain the root hints zone:
   include "/etc/named.root.hints";

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
    * ONLY be served to localhost clients:
    */
   include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
   match-clients      { localnets; };
   match-destinations   { localnets; };
   recursion yes;
   // all views must contain the root hints zone:
   include "/etc/named.root.hints";

        // include "named.rfc1912.zones";
   // you should not serve your rfc1912 names to non-localhost clients.
 
   // These are your "authoritative" internal zones, and would probably
   // also be included in the "localhost_resolver" view above :

   zone "my.internal.zone" {
      type master;
      file "my.internal.zone.db";
   };
   zone "my.slave.internal.zone" {
      type slave;
      file "slaves/my.slave.internal.zone.db";
      masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
      // put slave zones in the slaves/ directory so named can update them
   };   
   zone "my.ddns.internal.zone" {
      type master;
      allow-update { key ddns_key; };
      file "slaves/my.ddns.internal.zone.db";
      // put dynamically updateable zones in the slaves/ directory so named can update them
   };         
};
key ddns_key
{
   algorithm hmac-md5;
   secret "use /usr/sbin/dns-keygen to generate TSIG keys";
};
view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
   match-clients      { !localnets; !localhost; };
   match-destinations   { !localnets; !localhost; };

   recursion no;
   // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

   // all views must contain the root hints zone:
   include "/etc/named.root.hints";

   // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

   zone "my.external.zone" {
      type master;
      file "my.external.zone.db";
   };
};


zone .my-web-site.org. {

   type master;
   notify no;
   allow-query { any; };
   file .my-site.zone.;

};

zone .another-site.com. {

   type master;
   notify no;
   allow-query { any; };
   file .another-site.zone.;

};

allow-query { 192.168.1.0/24; };

//
// Sample named.conf BIND DNS server 'named' configuration file
// for the Red Hat BIND distribution.
//
// See the BIND Administrator's Reference Manual (ARM) for details, in:
//   file:///usr/share/doc/bind-*/arm/Bv9ARM.html
// Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
// its manual.
//
options
{
   /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
   query-source    port 53;   
   query-source-v6 port 53;
   
   // Put files that named is allowed to write in the data/ directory:
   directory "/var/named"; // the default
   dump-file       "data/cache_dump.db";
        statistics-file    "data/named_stats.txt";
        memstatistics-file    "data/named_mem_stats.txt";

};
logging
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };   
};
//
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
//
view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
   match-clients       { localhost; };
   match-destinations   { localhost; };
   recursion yes;
   # all views must contain the root hints zone:
   include "/etc/named.root.hints";

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
    * ONLY be served to localhost clients:
    */
   include "/etc/named.rfc1912.zones";
};
view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
   match-clients      { localnets; };
   match-destinations   { localnets; };
   recursion yes;
   // all views must contain the root hints zone:
   include "/etc/named.root.hints";

        // include "named.rfc1912.zones";
   // you should not serve your rfc1912 names to non-localhost clients.
 
   // These are your "authoritative" internal zones, and would probably
   // also be included in the "localhost_resolver" view above :

   zone "my.internal.zone" {
      type master;
      file "my.internal.zone.db";
   };
   zone "my.slave.internal.zone" {
      type slave;
      file "slaves/my.slave.internal.zone.db";
      masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
      // put slave zones in the slaves/ directory so named can update them
   };   
   zone "my.ddns.internal.zone" {
      type master;
      allow-update { key ddns_key; };
      file "slaves/my.ddns.internal.zone.db";
      // put dynamically updateable zones in the slaves/ directory so named can update them
   };         
};
key ddns_key
{
   algorithm hmac-md5;
   secret "use /usr/sbin/dns-keygen to generate TSIG keys";
};
view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
   match-clients      { !localnets; !localhost; };
   match-destinations   { !localnets; !localhost; };

   recursion no;
   // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

   // all views must contain the root hints zone:
   include "/etc/named.root.hints";

   // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

   zone "my.external.zone" {
      type master;
      file "my.external.zone.db";
   };
};


zone .my-web-site.org. {

   type master;
   notify no;
   allow-query { any; };
   file .my-site.zone.;

};

zone .another-site.com. {

   type master;
   notify no;
   allow-query { any; };
   file .another-site.zone.;

};

allow-query { 192.168.1.0/24; };


and i  found this error

Error in named configuration:
/etc/named.conf:64: open: /etc/named.rfc1912.zones: file not found


HELP

[Ricky]

before going into your configuration, I just want to know what exactly you want your DNS to be used for ?
Hosting inhouse websites or something else?

[Arbab]

Hello Ricky,

I need this dns server for local lan. like if my client types \\pcname, my dns should resolve its name to the pc's ip and take it their. But i will need My dns in future (3 weeks) to host my Website as well.


Please teach me .

Thanks in advance.

[Arbab]

what do one need to make linux find the file  /etc/named.rfc1912.zones: i have created the file when it was not their still linux says this file is not found.

Just what is supposed to be in this file.

[Arbab]

Is their no ONE. who can answer my HUGE Dangerous QUESTION???

[rsw686]

Hello Ricky,

I need this dns server for local lan. like if my client types \\pcname, my dns should resolve its name to the pc's ip and take it their. But i will need My dns in future (3 weeks) to host my Website as well.


Please teach me .

Thanks in advance.

Do you use DHCP to assign those clients IPs. If so you just need to setup DNS to automatically register the lease in the DHCP server. I had played around with this a year or two ago and still have the files. Heres the contents of them to work off of.

dhcp.conf

Code:

authoritative;

include "/etc/rndc.key";

ddns-domainname "testdev.local";
ddns-rev-domainname "in-addr.arpa";
ddns-updates            on;
ddns-update-style       interim;
ignore client-updates;

option domain-name "testdev.local";
option domain-name-servers 192.168.1.2;
option ntp-servers 192.168.1.2;

option netbios-name-servers 192.168.1.2;
option netbios-dd-server 192.168.1.2;
option netbios-node-type 8;

option ip-forwarding off;

subnet 192.168.1.0 netmask 255.255.255.0 {
        allow unknown-clients;

        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0; 
option broadcast-address 192.168.1.255;

        range dynamic-bootp 192.168.1.100 192.168.1.150;
        default-lease-time 21600;
        max-lease-time 43200;

zone 1.168.192.in-addr.arpa {
primary 192.168.1.2;
key rndckey;
}

zone testdev.local {
primary 192.168.1.2;
key rndckey;
}

        #handing out fixed addresses and names for following hosts
        #host name {
        #        hardware ethernet 12:34:56:78:AB:CD;
        #        fixed-address 10.10.1.50;
        #}
}

named.conf

Code:

acl lan {
127.0.0.1;
192.168.1.0/24;
};

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
allow-query { lan; };
query-source address * port 53;
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "testdev.local" {
        type master;
        file "testdev.local.zone";
        allow-update { key "rndckey"; };
        notify yes;
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "1.168.192.in-addr.arpa.zone";
        allow-update { key "rndckey"; };
        notify yes;
};

include "/etc/rndc.key";

testdev.local.zone

Code:

$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
testdev.local IN SOA fedora.testdev.local. hostmaster.testdev.local. (
2006022020 ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
38400      ; minimum (10 hours 40 minutes)
)
NS fedora.testdev.local.
MX 10 mail.testdev.local.
$ORIGIN testdev.local.
fedora A 192.168.1.2
mail CNAME fedora
monowall A 192.168.1.1
www CNAME fedora

1.168.192.in-addr.arpa.zone

Code:

$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
1.168.192.in-addr.arpa IN SOA fedora.testdev.local. hostmaster.testdev.local. (
2006022017 ; serial
10800      ; refresh (3 hours)
3600       ; retry (1 hour)
604800     ; expire (1 week)
38400      ; minimum (10 hours 40 minutes)
)
NS fedora.testdev.local.
$ORIGIN 1.168.192.in-addr.arpa.
1 PTR monowall.testdev.local.
2 PTR fedora.testdev.local.

[Arbab]

Thank You.

it solved my problem

   Recommend LS
   Linux User Around