topic Re: dns configuration in Operating System - Linux

dns configuration

Fadia Almarei — Mon, 20 Nov 2006 15:59:37 GMT

Dear All
i have a redhat linux server which had a private IP and a public IP (NAT) , i try to configure this aerver as a secondary dns server , i installed the bind add and do all the configuration needed from the primary dns server side , when i start the bind service the to get the zones trasfair my primary dns IP try to deal with the secondary server private IP and the zones trasfair did not complete , what is the cause for this problem and how to solve it.

BR;
fadia

Re: dns configuration

Patrick Terlisten — Mon, 20 Nov 2006 16:28:18 GMT

Hello Fadia,

which version von RedHat Linux did you use for your server. Please post the content of the "options" section of your named.conf. Is there an entry like this?

listen-on port 53 { 127.0.0.1; 192.168.20.2; };

With this entry you can tell you named on which interfaces it should listen.

Regards,
Patrick

Re: dns configuration

Fadia Almarei — Tue, 21 Nov 2006 07:02:16 GMT

the OS is Redhat Enterprise Linux AS v.4 , and the options for it in the named.conf file .
options {
directory "/var/named";
allow-transfer { 212.14.224.1 ; };
# query-source address * port 53;

Re: dns configuration

Alexander Chuzhoy — Tue, 21 Nov 2006 07:19:27 GMT

What do you see in /var/log/messages ?
generally the information wirtten there is very usefull (especially when dealing with DNS).

Re: dns configuration

Fadia Almarei — Tue, 21 Nov 2006 07:24:36 GMT

this what i have
Nov 21 14:22:26 localhost named[10696]: starting BIND 9.3.2-P2
Nov 21 14:22:26 localhost named[10696]: loading configuration from '/etc/named.conf'
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth0, 10.100.20.230#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth0:0, 195.68.208.230#53
Nov 21 14:22:26 localhost named[10696]: listening on IPv4 interface eth1, 10.100.20.231#53
Nov 21 14:22:26 localhost named[10696]: none:0: open: /etc/rndc.key: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't install keys for command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't add command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: zone 0.0.127.in-addr.arpa/IN: has no NS records
Nov 21 14:22:26 localhost named[10696]: running
Nov 21 14:22:27 localhost named[10696]: zone paltel.net/IN: Transfer started.
Nov 21 14:22:27 localhost named[10696]: transfer of 'paltel.net/IN' from 212.14.224.1#53: connected using 10.100.20.230#33347

Re: dns configuration

Ivan Ferreira — Tue, 21 Nov 2006 07:57:44 GMT

I see some rndc minimal errors, for that see:

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-bind-rndc.html

Can you do a traceroute to the primary DNS server? I don't understand why is trying to connect using private ip as source address.

Re: dns configuration

Alexander Chuzhoy — Tue, 21 Nov 2006 08:13:17 GMT

There's an error in you /etc/named.conf file on line 19.
Can you post your named.conf file?

Re: dns configuration

Fadia Almarei — Tue, 21 Nov 2006 08:32:26 GMT

options {
directory "/var/named";
allow-transfer { 212.14.224.1 ; };
query-source address 195.68.208.230 port 53;
#listen-on port 53 { 127.0.0.1; 195.68.208.230; };

};

key "rndc-key" {
algorithm hmac-md5;
secret "MjPngJNvWhd3u9hW0/eWWw==";
};

controls {
inet 195.68.208.230 port 953
allow { 195.68.208.230; } keys { "rndc-key"; };
};

zone "." in {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "zone/db.127.0.0";
};

zone "paltel.net" in {

type slave;
file "zone/db.paltel.net";
masters { 212.14.224.1; };
#allow-notify { 212.14.224.1; };
};

Re: dns configuration

Alexander Chuzhoy — Tue, 21 Nov 2006 08:41:51 GMT

Do you use chrooted bind?
Do you have the directories/files in write places?
It's hard to see what line is 19, so can you please post just that line?

Re: dns configuration

Fadia Almarei — Tue, 21 Nov 2006 08:59:48 GMT

ther is no chrooted

Re: dns configuration

George Liu_4 — Tue, 21 Nov 2006 14:18:59 GMT

Said enough.

Nov 21 14:22:26 localhost named[10696]: none:0: open: /etc/rndc.key: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't install keys for command channel 195.68.208.230#953: file not found
Nov 21 14:22:26 localhost named[10696]: /etc/named.conf:19: couldn't add command channel 195.68.208.230#953: file not found

Re: dns configuration

Fadia Almarei — Wed, 22 Nov 2006 08:46:25 GMT

the thing that i want to change the IP that the transfare work at

Nov 22 15:43:28 localhost named[13720]: transfer of 'paltel.net/IN' from 212.14.224.1#53: connected using 10.100.20.230#48521

from the IP 10.100.20.230 to another IP which is the NAT IP , how can I do this

Re: dns configuration

George Liu_4 — Wed, 22 Nov 2006 11:18:29 GMT

If your routing can see the private IP, you don't need to worry about the NAT, assuming DNS ports are open.

The problem seems some rndc configuration files are missing

Re: dns configuration

Fadia Almarei — Wed, 22 Nov 2006 11:29:23 GMT

port 53 is opened from the NAT IP to the primary server , but what you meen by the route is opened from my IP to thr private IP , that my primary dns server and the private server on a different network.\

Re: dns configuration

George Liu_4 — Wed, 22 Nov 2006 11:46:22 GMT

Assuming the following scenario is correct,

You have a work DNS server which is in public site with a public IP;
You want to create a seconary DNS server that is dual-homed with one public IP and one private IP;
You have problem on the second DNS sever.

Then your DNS zone transferring traffic should flow through the public IP only. port 53 (udp and tcp) or whatever port you configured should be open on both PUBLIC IPs.

Re: dns configuration

Fadia Almarei — Wed, 22 Nov 2006 11:49:48 GMT

ok this is exactly my case and the port is opened between the two public IPs but i face the same problem of zones transfair