HPE Community
Operating System - Linux
1829904 Members
2370 Online
109993 Solutions
New Discussion

Re: ddns

 
SOLVED
Go to solution
Piotr Kirklewski
Super Advisor

‎08-04-2009 10:45 AM

‎08-04-2009 10:45 AM

ddns

Hi there

I have to configure a dynamic DNS and I'm followinf this tutorial:

http://www.howtoforge.com/fedora_dynamic_dns


The problem is that my network is partialy fixed and partialy dynamic.

cat dhcpd.conf

...
range 10.22.13.150 10.22.13.199;
...
Everything below 150 is set as static:
...
host 4com-1 { hardware ethernet 00:xx:C1:A8:xx:xx; fixed-address 10.22.13.149; }
host 4com-2 { hardware ethernet 00:1x:C1:xx:xx:xx; fixed-address 10.22.13.148; }
host 4com-3 { hardware ethernet 00:1x:C1:xx:xx:xx; fixed-address 10.22.13.147; }
...

So I'm not sure how to set up the zones:

zone 0.10.22.in-addr.arpa. {
primary 10.22.13.1;
key rndckey;
}

zone localdomain. {
primary 10.22.13.1;
key rndckey;
}




Please help




Jesus is the King
0 Kudos
Reply
8 REPLIES 8
Ivan Ferreira
Honored Contributor

‎08-04-2009 12:13 PM

‎08-04-2009 12:13 PM

Solution

Re: ddns

That is no problem, you can add A Resource Records for your fixed address, and let DHCPD to update the DNS server for dynamic addresses.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Piotr Kirklewski
Super Advisor

‎08-04-2009 12:16 PM

‎08-04-2009 12:16 PM

Re: ddns

The problem is that I need to update everytning. Let's say that at some point we want to change the addressing. I need DNS to pick it up.

What would be the zone declaration in such a case ?

zone localdomain. {
primary 10.22.13.1;
key rndckey;
}
Jesus is the King
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎08-05-2009 01:54 AM

‎08-05-2009 01:54 AM

Re: ddns

If you change the IP addressing to a new segment, you must create new zones for reverse mappings... so you will have to make major changes to BIND configuration anyway. Changing the name records for the static IPs is just one part of that work.

If you wish, create a script that will create the DNS records for the static addresses by reading the dhcpd.conf file. (I guess such a script may well already exist... google before reinventing the wheel.)

In general, you can write the static IP addresses directly into zone DB files for BIND. If you later change the allocation from static to dynamic in DHCP configuration, the new dynamic DNS entries will overwrite the old static ones. If your update key is not specifically restricted to update only addresses .151 and above, you don't have to do anything special.

MK
MK
Reply
Piotr Kirklewski
Super Advisor

‎08-05-2009 07:04 AM

‎08-05-2009 07:04 AM

Re: ddns

I sorted that out. But now I have a diferent problem: Bind starts fine - no comlaints in logs but when I point my windows machine to it;s IP address - I don;t get web pages :(


[root@jcc etc]# netstat -anp |grep named
tcp 0 0 127.0.0.1:5380 0.0.0.0:* LISTEN 9469/named
tcp 0 0 10.75.3.1:53 0.0.0.0:* LISTEN 9469/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 9469/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 9469/named
udp 0 0 10.75.3.1:53 0.0.0.0:* 9469/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 9469/named
udp 0 0 10.75.3.1:64326 128.8.10.90:53 ESTABLISHED 9469/named
unix 2 [ ] DGRAM

What's wrong and how do i test if everything is ok ?


Jesus is the King
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎08-05-2009 07:36 AM

‎08-05-2009 07:36 AM

Re: ddns

DNS primarily uses UDP messages to DNS server's port 53, and switches to TCP if it needs to transmit more data than is possible to fit into a single UDP packet.

Can you access your DNS server from the Windows machine at all?
Open a command prompt in your Windows machine and run: "nslookup localhost 10.75.3.1" (assuming that 10.75.3.1 is the IP address of your Linux box that runs BIND).
It should be able to tell you that the IP address of "localhost" is 127.0.0.1.

You can test other names like this too.
What happens if you run "nslookup www.google.com 10.75.3.1"?

If BIND is configured as a master DNS server for a zone, it will always answer to all queries about that particular zone using its configured data. But what happens if a standard Windows machine asks BIND about a name that belongs in a zone it knows nothing about?

- If recursion is disabled in BIND configuration, it answers with an error response: "I don't know about it, go away."

- If recursion is enabled and no forwarders are defined (the default state), BIND attempts to connect the root name servers to find the name servers of the appropriate top level domain (for example .com), then it asks for them about the second domain level (somecompany.com) and so on, until it gets the requested information. It also caches all the intermediate steps so that it won't have to do them again.

But to do that, BIND needs to be able to access practically every public DNS server in the whole world. If there is a firewall that restricts its access to the world, it cannot do that.

- If recursion is enabled but a "forwarders" option is set in BIND configuration, BIND can forward the query to another DNS server. If your system is a small part of a larger organization with firewalls all over the place, this is what you most likely want to do.

MK
MK
Reply
Piotr Kirklewski
Super Advisor

‎08-05-2009 09:23 AM

‎08-05-2009 09:23 AM

Re: ddns

I can't connect form my windows machine.
I can connect from 10.75.3.1 but on the same machine I'm still not getting webpages.

telnet 10.75.3.1 53
Connecting To 10.75.3.1...Could not open connection to the host, on port 53: Con
nect failed

nslookup www.google.com 10.75.3.1
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 10.75.3.1: Timed out
Server: UnKnown
Address: 10.75.3.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out



acl "trusted_networks" {
127.0.0.1;
10.75.0.0/16;
10.75.3.0/16
10.75.4.0/16
};


Also I killed shorewall and iptables :)

I'm compleatly confused.
Jesus is the King
0 Kudos
Reply
Piotr Kirklewski
Super Advisor

‎08-05-2009 10:00 AM

‎08-05-2009 10:00 AM

Re: ddns

Ok
The connection problem was a security level set to "paranoid" on the DNS machine.

Now I can connect from my windows machine via telnet.

nslookup www.google.com 10.75.3.1
*** Can't find server name for address 10.75.3.1: Query refused
Server: UnKnown
Address: 10.75.3.1

So I'm still not getting my websites :(

Jesus is the King
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎08-06-2009 02:18 AM

‎08-06-2009 02:18 AM

Re: ddns

Now the DNS error message is "Query refused". In other words, either your DNS server is configured to not answer to your Windows client, or other DNS server(s) are not answering to your DNS server.

Could your attach your whole BIND configuration file to this thread?

Your "trusted_networks" ACL has some redundant components. If you specify 10.75.0.0/16, it means 10.75.*.*, so there is no need to list 10.75.3.0/16 and 10.75.4.0/16 explicitly.
If you want to allow 10.75.0.*, 10.75.3.* and 10.75.4.* and leave out the rest, you should use /24 instead of /16.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.