HPE Community
Operating System - HP-UX
1826351 Members
3745 Online
109692 Solutions
New Discussion

Re: How can I configrate dynamic DNS server?

 
Bill Yang_1
New Member

‎03-02-2006 09:06 PM

‎03-02-2006 09:06 PM

How can I configrate dynamic DNS server?

hi,I met a great trouble with configrated DNS server in HP UX. The client need a DNS server that can parse the domain of internet and be able to update the domain(include cn, com, org, gov, etc.) list of itself with nsupdate. I created the bind files with command hosts_to_named and then changed some item for user ruqestes.Now I can update domain list in my own dns server but I can't parse the internet domain.
The following is content of named.conf:
// generated by named-bootconf.pl

options {
//check-names response fail; // do not change this
//check-names slave warn;
directory "/etc/named.rc"; // running directory for named

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// type domain source file
//
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "db.127.0.0";
};

zone "njmdc.com" {
type master;
file "db.njmdc";
allow-query { any; };
allow-transfer { any; };
allow-update{ any; };
};

zone "18.10.10.IN-ADDR.ARPA" {
type master;
file "db.10.10.18";
};

zone "." {
type hint;
file "db.root";
allow-query { any; };
allow-transfer { any; };
allow-update{ any; };
};

/* This zone is for update domain of .net */
zone "net" {
type master;
file "db.net";
allow-query { any; };
allow-transfer { any; };
allow-update{ any; };
};

db.root:
@ IN SOA R3410-02.njmdc.com. root.R3410-02.njmdc.com. (
1 ; Serial
10800 ; Refresh every 3 hours
3600 ; Retry every hour
604800 ; Expire after a week
86400 ) ; Minimum ttl of 1 day
IN NS R3410-02.njmdc.com.



; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . "
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File

resolv.conf:
domain R3410-02.njmdc.com
nameserver 10.10.18.134

db.10.10.18:
@ IN SOA R3410-02.njmdc.com. root.R3410-02.njmdc.com. (
1 ; Serial
10800 ; Refresh every 3 hours
3600 ; Retry every hour
604800 ; Expire after a week
86400 ) ; Minimum ttl of 1 day
IN NS R3410-02.njmdc.com.

133 IN PTR r3410-02.njmdc.com.
134 IN PTR r3410-02.njmdc.com.

db.localhost:
@ IN SOA R3410-02.njmdc.com. root.R3410-02.njmdc.com. (
1 ; Serial
10800 ; Refresh every 3 hours
3600 ; Retry every hour
604800 ; Expire after a week
86400 ) ; Minimum ttl of 1 day
IN NS R3410-02.njmdc.com.

1 IN PTR localhost.

db.net:
;BIND DUMP V8
$ORIGIN .
net IN SOA R3410-02.net. root.R3410-02.net. (
5 10800 3600 604800 86400 ) ;Cl=1
IN NS R3410-02.net. ;Cl=1
$ORIGIN net.
r3410-02 IN A 10.10.18.134 ;Cl=1
IN MX 10 r3410-02.net. ;Cl=1
localhost IN A 127.0.0.1 ;Cl=1

db.domain:
;BIND DUMP V8
$ORIGIN com.
njmdc IN SOA R3410-02.njmdc.com. root.R3410-02.njmdc.com. (
5 10800 3600 604800 86400 ) ;Cl=2
IN NS R3410-02.njmdc.com. ;Cl=2
IN A 120.10.18.132 ;Cl=2
$ORIGIN njmdc.com.
dfgh IN A 20.10.18.132 ;Cl=2
r3410-02 IN A 10.10.18.133 ;Cl=2
IN A 10.10.18.134 ;Cl=2
IN MX 10 r3410-02.njmdc.com. ;Cl=2
IN A 120.10.18.132 ;Cl=2
localhost IN A 127.0.0.1 ;Cl=2
R3410-01 IN A 10.10.18.131 :C1=2
R3410-01 IN A 10.10.18.132 :C1=2
R3410-01 IN A 211.136.177.166 :C1=2
dfh IN A 20.10.18.132 ;Cl=2

Please help me to resolve this problem.
Thanks!
best regards.
0 Kudos
Reply
8 REPLIES 8
Ivan Ferreira
Honored Contributor

‎03-02-2006 11:53 PM

‎03-02-2006 11:53 PM

Re: How can I configrate dynamic DNS server?

There are some things that you should check:

- allow-transfer { any; }; allow-update{ any; };. These values are very dangerous. Try to secure it more after everything works.

- Your db.root file does not needs the SOA declaration, just the ROOT NS/A records. And don't need "allow-transfer { any; }; allow-update{ any; };"

- If the resolv.conf file is on the same server it should be:

resolv.conf:
domain R3410-02.njmdc.com
nameserver 127.0.0.1

Test your name resolution with dig or nslookup. Post the results of a dig query.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

‎03-02-2006 11:54 PM

‎03-02-2006 11:54 PM

Re: How can I configrate dynamic DNS server?

Also, ensure that this host has full access to the root name servers. I mean, that can connect to them and no firewall is blockin the access.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎03-03-2006 01:53 AM

‎03-03-2006 01:53 AM

Re: How can I configrate dynamic DNS server?

Add logging to the top of your named.conf:

logging {

channel all_channel {
file "/var/log/named/named.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
print-category yes;
print-severity yes;
print-time yes;
};
channel update_channel {
file "/var/log/named/update.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_channel {
file "/var/log/named/security.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info; // setting this to warning stops logging all the "unapproved update from" me
ssages
print-category yes;
print-severity yes;
print-time yes;
};
category queries { null; };
category update { update_channel; };
category security { security_channel; };
category default { all_channel; };

};


I also noticed you don't use forwarders?

Forwarders should be used (unless you are an ISP) - basically - setup forwarders to the ip's that your ISP (your internet connection provider) provides you....

The in the "options section" add:

forwarders {
X.X.X.X; X.X.X.X; // you can add a commnet here
};
forward only; // while in transition


Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Bill Yang_1
New Member

‎03-04-2006 10:45 PM

‎03-04-2006 10:45 PM

Re: How can I configrate dynamic DNS server?

hi,all,
Thanks for your help!
I followed your advice to change my file and restart named service. I found the master DNS server can access the Internet but still not update the domain(such as .org, .com, .cn, etc.) on this server using nsupdate command.The named.conf is the following sripts:
// generated by named-bootconf.pl

options {
directory "/etc/named.data";
};

zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "db.127.0.0";
allow-update{ any; };
allow-query{ any; };
allow-transfer{ any; };
};

zone "1.168.192.IN-ADDR.ARPA" {
type master;
file "db.192.168.1";
allow-update{ any; };
allow-query{ any; };
allow-transfer{ any; };
};

zone "." {
type hint;
file "db.root";
};

logging {
channel all_channel {
file "/var/log/named/named.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
print-category yes;
print-severity yes;
print-time yes;
};
channel update_channel {
file "/var/log/named/update.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_channel {
file "/var/log/named/security.log" versions 5 size 5M; // keep 5 versions max 5 MB in size
severity info; // setting this to warning stops logging all the "unapproved update from" me
print-category yes;
print-severity yes;
print-time yes;
};
category queries { null; };
category update { update_channel; };
category security { security_channel; };
category default { all_channel; };
};

I used the nslookup that can parse the other domain in internet:
> www.hp.com
Name Server: localhost
Address: 127.0.0.1

Trying DNS
Non-authoritative answer:
Name: www.hpgtm.speedera.net
Addresses: 192.6.234.17, 192.6.165.40
Aliases: www.hp.com
It is successful.

But it is failed when I update my managed domains.
> update add www.mydomain.net 86400 A 220.10.18.136
>
;; Querying server (# 1) address = 127.0.0.1
res_update: send error for www.mydomain.net
failed update packet

> update add www.friendcompany.com 86400 A 221.10.18.99
>
;; Querying server (# 1) address = 127.0.0.1
res_update: send error for www.friendcompany.com
failed update packet

I don't know whether bind server can support this method because the customer need.

Please do me a favor to help me again!
Thanks again!

0 Kudos
Reply
Geoff Wild
Honored Contributor

‎03-05-2006 03:33 AM

‎03-05-2006 03:33 AM

Re: How can I configrate dynamic DNS server?

What version of bind are you running?

dig @XXX.XXX.XXX.XXX version.bind chaos txt

OR:

nslookup -q=txt -class=CHAOS version.bind XXX.XXX.XXX.XXXX

where the XXX's are the ip of your DNS server.

BTW: I use the following perl script to update DNS:

http://www.btree.org/dnsupdate/

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Bill Yang_1
New Member

‎03-05-2006 01:16 PM

‎03-05-2006 01:16 PM

Re: How can I configrate dynamic DNS server?

The version is '8.1.2'.
0 Kudos
Reply
Bill Yang_1
New Member

‎03-05-2006 05:41 PM

‎03-05-2006 05:41 PM

Re: How can I configrate dynamic DNS server?

Hi,all,
Other question: Can I configurate a DNS server that is able to update local domains(.com, .net, etc.) and query other domain of internet? How shall I do?
I try to do many time,the dns server only update local domain but can't query the domian of internet , or can't update local domains but can query other domian of internet.
And I can't find any documentations about this. So hope you can help me.
0 Kudos
Reply
Bill Yang_1
New Member

‎03-06-2006 01:44 PM

‎03-06-2006 01:44 PM

Re: How can I configrate dynamic DNS server?

Hi, all,
This problem have been resolved.Thanks for your help!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.