1
I have a very basic home network: A CentOS 6.3 server (storage, DNS, httpd, etc), a desktop, several laptops. I was running an old version of CentOS on the server for a long time (5.4 or something) and just recently upgraded it to 6.3 with a clean wipe and fresh install. I'm trying to get BIND/named setup again, but I cannot seem to ping anything. The DNS is only for the local network, so I can access network computers and the server using specific names and CNAMEs for web development.
Server has a static IP: 192.168.1.202
Router (DD-WRT) is the gateway with IP of 192.168.1.1
The server host name is 'augusta' (cat /etc/hostname
). The domain I've chosen is mylocal
. So the server full hostname would be augusta.mylocal
. This is how I had it setup with my previous CentOS setup and it worked perfectly.
I've been using Webmin to setup BIND. Here are the relevant files:
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders {
192.168.1.1;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "mylocal" {
type master;
file "/var/named/mylocal.hosts";
};
# cat /var/named/mylocal.hosts
$ttl 38400
mylocal. IN SOA augusta. admin.augusta.mylocal. (
1360910107
10800
3600
604800
38400 )
mylocal. IN NS augusta.
augusta.mylocal. IN A 192.168.1.202
test.mylocal. IN CNAME augusta
You can see it's a very basic setup. I have augusta
as the nameserver and a test
CNAME that points to augusta
.
When I apply the BIND configuration in Webmin, the following happens in /var/log/messages
:
Feb 14 23:35:59 augusta named[18602]: received control channel command 'stop'
Feb 14 23:35:59 augusta named[18602]: shutting down: flushing changes
Feb 14 23:35:59 augusta named[18602]: stopping command channel on 127.0.0.1#953
Feb 14 23:35:59 augusta named[18602]: stopping command channel on ::1#953
Feb 14 23:35:59 augusta named[18602]: no longer listening on 127.0.0.1#53
Feb 14 23:35:59 augusta named[18602]: no longer listening on ::1#53
Feb 14 23:35:59 augusta named[18602]: exiting
Feb 14 23:36:02 augusta named[19172]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 -u named -t /var/named/chroot
Feb 14 23:36:02 augusta named[19172]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Feb 14 23:36:02 augusta named[19172]: ----------------------------------------------------
Feb 14 23:36:02 augusta named[19172]: BIND 9 is maintained by Internet Systems Consortium,
Feb 14 23:36:02 augusta named[19172]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Feb 14 23:36:02 augusta named[19172]: corporation. Support and training for BIND 9 are
Feb 14 23:36:02 augusta named[19172]: available at https://www.isc.org/support
Feb 14 23:36:02 augusta named[19172]: ----------------------------------------------------
Feb 14 23:36:02 augusta named[19172]: adjusted limit on open files from 4096 to 1048576
Feb 14 23:36:02 augusta named[19172]: found 4 CPUs, using 4 worker threads
Feb 14 23:36:02 augusta named[19172]: using up to 4096 sockets
Feb 14 23:36:02 augusta named[19172]: loading configuration from '/etc/named.conf'
Feb 14 23:36:02 augusta named[19172]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv4 port range: [1024, 65535]
Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv6 port range: [1024, 65535]
Feb 14 23:36:02 augusta named[19172]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 23:36:02 augusta named[19172]: listening on IPv6 interface lo, ::1#53
Feb 14 23:36:02 augusta named[19172]: generating session key for dynamic DNS
Feb 14 23:36:02 augusta named[19172]: sizing zone task pool based on 1 zones
Feb 14 23:36:02 augusta named[19172]: using built-in DLV key for view _default
Feb 14 23:36:02 augusta named[19172]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Feb 14 23:36:02 augusta named[19172]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: D.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: A.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: B.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: command channel listening on 127.0.0.1#953
Feb 14 23:36:02 augusta named[19172]: command channel listening on ::1#953
Feb 14 23:36:02 augusta named[19172]: zone mylocal/IN: loaded serial 1360910107
Feb 14 23:36:02 augusta named[19172]: managed-keys-zone ./IN: loaded serial 215
Feb 14 23:36:02 augusta named[19172]: running
Feb 14 23:36:04 augusta named[19172]: received control channel command 'freeze mylocal'
Feb 14 23:36:04 augusta named[19172]: freezing zone 'mylocal/IN': success
Feb 14 23:36:04 augusta named[19172]: received control channel command 'reload mylocal'
Feb 14 23:36:04 augusta named[19172]: received control channel command 'thaw mylocal'
Feb 14 23:36:04 augusta named[19172]: thawing zone 'mylocal/IN': success
I don't see anything out of the ordinary there...
My host DNS settings:
# cat /etc/resolve.conf
# Generated by NetworkManager
search mylocal
nameserver 192.168.1.202
nameserver 192.168.1.1
My firewall has port 53 tcp
and udp
open. selinux
is disabled.
From the server itself:
[root@augusta log]# ping augusta
ping: unknown host augusta
[root@augusta log]# ping augusta.mylocal
ping: unknown host augusta.mylocal
[root@augusta log]# ping test
ping: unknown host test
[root@augusta log]# ping test.mylocal
ping: unknown host test.mylocal
From a Windows 7 computer on the network (w/ static IP of 192.168.1.201):
C:\Windows\system32>ping augusta
Ping request could not find host augusta. Please check the name and try again.
C:\Windows\system32>ping augusta.mylocal
Pinging augusta.mylocal[192.168.1.202] with 32 bytes of data:
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.202:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Windows\system32>ping test
Ping request could not find host test. Please check the name and try again.
C:\Windows\system32>ping test.mylocal
Ping request could not find host test.mylocal. Please check the name and try again.
That computers ipconfig:
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : windoze-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-XX-XX-XX-XX-97
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::xxxx:xxxx:xxxx:bfbc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : XXXXXXXXX
DHCPv6 Client DUID. . . . . . . . : 00-XX-XX-01-18-XX-XX-EA-XX-89-XX-1B-XX-97
DNS Servers . . . . . . . . . . . : 192.168.1.202
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
I'm really not sure what I'm missing. I'm far from an expert in Linux server admin, BIND or DNS, but the BIND
setup seems to be very basic. I remember setting this up pretty easily in my previous server's CentOS installation (which was about a 18 months ago). Not sure why it's just not taking this time.
If anyone has any clues as to where I should be looking for the problem I would appreciate any pointers. I can also post other relevant info that anyone needs to help troubleshoot the problem.
Ah I did not see that
listen-on
andallow-query
parts. That was the problem after all. What is the difference between those two options? Also, why would CentOS have those options set that way by default? Kind of pointless to make a DNS server if, by default, it only allows queries from itself.... – Jake Wilson – 2013-02-18T16:02:53.987I have no idea why the CentOS defaults might be set that way unless the intention is that there be an explicit configure step that you missed. Concerning the difference between "allow-query" and "allow-recursion" - one permits authoritative queries (for locally stored authoritative zone data, such as your mylocal. zone) while the other permits recursive queries (queries for data not stored locally, that the machine will have to recurse from the DNS root to obtain.) Generally it's not recommended to mix authoritative and recursive functions on the same server but for your LAN it's OK to do both – Michael McNally – 2013-02-19T04:48:30.670