Re: Local DNS Caching not caching on external interface

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 15 Dec 2006 08:25:41 -0500
"Chad Gross" <avatar4d@xxxxxxxxx> wrote:

On 12/15/06, Tek Bahadur Limbu <teklimbu@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 14 Dec 2006 08:34:11 -0500
"Chad Gross" <avatar4d@xxxxxxxxx> wrote:

On 12/14/06, Tek Bahadur Limbu <teklimbu@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 14 Dec 2006 01:08:11 -0800
Christopher Cowart <ccowart@xxxxxxxxxxxxxxxxxxxx> wrote:

On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote:
Dear All,

I am very new to Bind and FreeBSD.

I have just configured a Local DNS server using the built-in
Bind 9.3.1 on a FreeBSD 5.4 machine.

My problem is that the machine can cache queries on the
localhost and loop back (127.0.0.1) interface only.

I have a public static IP on this machine too and I can't
seem to query the caching name server from my local network.

In Linux, this is no problem. I just can't seem to get Bind
to work as in my local network. It works only on the
loopback interface.

The default /etc/namedb/named.conf configuration file for BIND
says:

| // If named is being used only as a local resolver, this is
| a safe default. // For named to be accessible to the
| network, comment this option, specify // the proper IP
| address, or delete this option. listen-on { 127.0.0.1; };

It looks like if you comment out that option, it will listen
on * by default. You could also add the other IP address on
which you want named to listen.

--
Chris Cowart
Network and Infrastructure Systems Administrator
RSSP-IT, UC Berkeley
"May all your pushes be popped"


Dear Chris,

Thank you for your help. I did comment and added my public
static IP like the following:


listen-on { 202.x.x.x; }; # My Static IP

Now when I do from my local PC:

dig yahoo.com @202.x.x.x , I can do DNS lookups.

But when I try doing that from another computer on my network, I
can't do any DNS lookups.


Is that anything that I miss?


- --


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1
168ArGMkI0+9Qj/MpzFbmUo=
=p9RV
-----END PGP SIGNATURE-----
_______________________________________________



You have to tell the other machines on your network to use the IP
of the local DNS server for domain name resolution. If you are
using DHCP you can configure your DHCP server to give this
information with the IP. Otherwise you must manually do it, which
will be different between operating systems.

HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf

Chad



Dear Chad,

I just get the following logs while troubleshooting with tcpdump.

local nameserver IP: 202.102.5.100
network PC IP: 202.102.5.50

When I do a nslookup of yahoo and google from network PC using the
local caching nameserver, I only get this on the caching nameserver.

13:23:58.707604 IP 202.102.5.50.44778 > 202.102.5.100.53: 56955+ A?
google.com. (28)
13:23:32.899379 IP 202.102.5.50.40229 > 202.102.5.100.53: 47636+ A?
yahoo.com. (27)


Note: Please note that the above Static IPs are just arbitrary
values.

Can you please shed some light on this issue?

- --


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e
fW0ofW8HJYq4RZXuROX7zPw=
=5Ieg
-----END PGP SIGNATURE-----


Tek,

Can you please post your Bind configuration files?

Have you done a tcpdump or wireshark capture on both machines while
issuing the resolution request? Could you please do that as well and
post the results?

Chad
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"


Hi Chad,

I have pasted my named.conf file below:


options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe
default. // For named to be accessible to the network, comment this
option, specify // the proper IP address, or delete this option.
# listen-on { localhost; };
listen-on {My.Public.IP;};

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver. To give access to the network, specify
// an IPv6 address, or the keyword "any".
// listen-on-v6 { ::1; };

// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.

forwarders {
202.x.x.x;
202.x.x.x;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND versions 8 and later
* use a pseudo-random unprivileged UDP port by default.
*/
# query-source address * port 53;
};


key "dnsbind" {
algorithm hmac-md5;
secret "da3ss+cKp1po9Uadka0Onadf04Jils+kc=";
};


controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "dnsbind"; };
};


// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

zone "." {
type hint;
file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};

// RFC 3152
zone
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type
master; file "master/localhost-v6.rev";
};


Do I need to edit and create other config files besides rndc.conf?
Please shed some light on this

Thanks.

- --


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFhTPyVrOl+eVhOvYRAiAIAJ95eG/ZicY+aQZV3jyEe00QJnCrdgCgjDxj
C52ED6UPHygqJi7EvHu75ic=
=d4G9
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages
Loading