I have an openSUSE 11.1 machine setup and mostly working the way I want it.

I am trying to setup a DNS server through YaST with the intent of using it as a caching nameserver as well as to resolve all of the machine on my local network.

I have gotten to the point of too many machines on my local network so that using local hosts files is no longer manageable. A DNS server seemed to be the right solution.

So… I used YaST to install the BIND 9.5 package and the yast2-dns-server.

After a lot of tinkering I now have it where the dns server is answering/forwarding queries for other machines on my network. However, when I try and browse the Internet with Firefox from the same machine where the dns server is running I cannot resolve anything. I can open a terminal window and do “host google.com” and things resolve. nslookup using 127.0.0.1#53 or 192.168.0.30#53 timeout without returning any results.

I have tried disabling the firewall with the same results.

Any DNS gurus out there that can help me out? I’m not a noob to Linux… but this is my first attempt at a BIND dns server and thus far I am drowning.

Thanks!

williamsdanny wrote:
…]
> After a lot of tinkering I now have it where the dns server is
> answering/forwarding queries for other machines on my network. However,
> when I try and browse the Internet with Firefox from the same machine
> where the dns server is running I cannot resolve anything. I can open a
> terminal window and do “host google.com” and things resolve. nslookup
> using 127.0.0.1#53 or 192.168.0.30#53 timeout without returning any
> results.
>
> I have tried disabling the firewall with the same results.
>
> Any DNS gurus out there that can help me out? I’m not a noob to
> Linux… but this is my first attempt at a BIND dns server and thus far
> I am drowning.

Try with
dig +trace <host> @localhost

http://forums.opensuse.org/network-internet/408381-11-1-caching-only-dns.html#post1947874

Hi,

Just checking, but the machine has itself set as the DNS server to use right ?

hth
J

Here it is from the machine running the dns server:

dig +trace google.com@localhost

; <<>> DiG 9.5.0-P2 <<>> +trace google.com@localhost
;; global options: printcmd
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 2 ms

dig: couldn’t get address for ‘A.ROOT-SERVERS.NET’: not found

=========================================================================================================

Here is the same thing from another machine on the LAN which is configured to use 192.168.0.30 for it’s dns lookups.

dig +trace google.com@localhost

; <<>> DiG 9.5.0-P2 <<>> +trace google.com@localhost
;; global options: printcmd
. 518337 IN NS B.ROOT-SERVERS.NET.
. 518337 IN NS D.ROOT-SERVERS.NET.
. 518337 IN NS G.ROOT-SERVERS.NET.
. 518337 IN NS H.ROOT-SERVERS.NET.
. 518337 IN NS A.ROOT-SERVERS.NET.
. 518337 IN NS K.ROOT-SERVERS.NET.
. 518337 IN NS L.ROOT-SERVERS.NET.
. 518337 IN NS E.ROOT-SERVERS.NET.
. 518337 IN NS I.ROOT-SERVERS.NET.
. 518337 IN NS M.ROOT-SERVERS.NET.
. 518337 IN NS J.ROOT-SERVERS.NET.
. 518337 IN NS F.ROOT-SERVERS.NET.
. 518337 IN NS C.ROOT-SERVERS.NET.
;; Received 500 bytes from 192.168.0.30#53(192.168.0.30) in 2 ms

. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009022301 1800 900 604800 86400
;; Received 113 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 57 ms

Thanks!

I’ve tried it with it’s own name server set to 127.0.0.1, 192.168.0.30 and an outside dns server (4.2.2.2)… same failed results each time.

williamsdanny wrote:
> dig +trace google.com@localhost
^ that’s one space missing.

[QUOTE=LittleRedRooster;1948539]williamsdanny wrote:
> dig +trace google.com@localhost
^ that’s one space missing.[/QUOTE]

Sorry… This is a new test from the machine running the dns server.

dig +trace google.com @localhost

; <<>> DiG 9.5.0-P2 <<>> +trace google.com @localhost
;; global options: printcmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
;; Received 228 bytes from ::1#53(::1) in 24 ms

dig: couldn’t get address for ‘D.ROOT-SERVERS.NET’: not found

williamsdanny wrote:
> LittleRedRooster;1948539 Wrote:
>> williamsdanny wrote:
>>> dig +trace google.com@localhost
>> ^ that’s one space missing.
>
> Sorry… This is a new test from the machine running the dns server.
>
> dig +trace google.com @localhost
>
> ; <<>> DiG 9.5.0-P2 <<>> +trace google.com @localhost
> ;; global options: printcmd
> . 3600000 IN NS L.ROOT-SERVERS.NET.
> . 3600000 IN NS I.ROOT-SERVERS.NET.
> . 3600000 IN NS E.ROOT-SERVERS.NET.
> . 3600000 IN NS J.ROOT-SERVERS.NET.
> . 3600000 IN NS C.ROOT-SERVERS.NET.
> . 3600000 IN NS A.ROOT-SERVERS.NET.
> . 3600000 IN NS M.ROOT-SERVERS.NET.
> . 3600000 IN NS G.ROOT-SERVERS.NET.
> . 3600000 IN NS H.ROOT-SERVERS.NET.
> . 3600000 IN NS K.ROOT-SERVERS.NET.
> . 3600000 IN NS D.ROOT-SERVERS.NET.
> . 3600000 IN NS B.ROOT-SERVERS.NET.
> . 3600000 IN NS F.ROOT-SERVERS.NET.
> ;; Received 228 bytes from ::1#53(::1) in 24 ms
>
> dig: couldn’t get address for ‘D.ROOT-SERVERS.NET’: not found

It appears your host doesn’t forward the DND requests to a DNS system on the
Internet.
Have you set the forwarders in named.conf and ‘forward first;’ in options{}?

On Mon February 23 2009 05:14 pm, LittleRedRooster wrote:

> williamsdanny wrote:
>> LittleRedRooster;1948539 Wrote:
>>> williamsdanny wrote:
>>>> dig +trace google.com@localhost
>>> ^ that’s one space missing.
>>
<snip>

>
> It appears your host doesn’t forward the DND requests to a DNS system on the
> Internet.
> Have you set the forwarders in named.conf and ‘forward first;’ in options{}?

williamsdanny;
In addition to the above, you might also want to check the values
in “allow-query” to make sure 127.0.0.1 is included.

Have you run:

su
named-checkconf

This should show any syntax errors in /etc/named.conf

see:
man named-checkconf
and
man named-checkzone

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Forwarders are setup in yast. I do not have “forward first” in options. Doesn’t that somewhat defeat the point of having the dns server on the local lan if you pass all requests outside first?

named-checkconf gives no output

named-checkconf -z gives the following:
named-checkconf -z
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 42
zone 0.168.192.in-addr.arpa/IN: loaded serial 2009022400
zone private.lan/IN: loaded serial 2009022301

named-checkzone didn’t reveal anything obvious to me. If you want me to run something specific I’ll be happy to do so.

Here is a copy of my /etc/named.conf file:

Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.

All rights reserved.

Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>

/etc/named.conf

This is a sample configuration file for the name server BIND 9. It works as

a caching only name server without modification.

A sample configuration for setting up your own domain can be found in

/usr/share/doc/packages/bind/sample-config.

A description of all available options can be found in

/usr/share/doc/packages/bind/misc/options.

options {

    # The directory statement defines the name server's working directory

    directory "/var/lib/named";

    # Write dump and statistics file to the log subdirectory.  The
    # pathenames are relative to the chroot jail.

    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";

    # Enable the next entry to prefer usage of the name server declared in
    # the forwarders section.

    #forward first;

    # The listen-on record contains a list of local network interfaces to
    # listen on.  Optionally the port can be specified.  Default is to
    # listen on all interfaces found on your system.  The default port is
    # 53.

    #listen-on port 53 { 127.0.0.1; };

    # The listen-on-v6 record enables or disables listening on IPv6
    # interfaces.  Allowed values are 'any' and 'none' or a list of
    # addresses.

    listen-on-v6 { any; };

    # The next three statements may be needed if a firewall stands between
    # the local server and the internet.

    #query-source address * port 53;
    #transfer-source * port 53;
    #notify-source * port 53;

    # The allow-query record contains a list of networks or IP addresses
    # to accept and deny queries from. The default is to allow queries
    # from all hosts.

    #allow-query { 127.0.0.1; };

    # If notify is set to yes (default), notify messages are sent to other
    # name servers when the the zone data is changed.  Instead of setting
    # a global 'notify' statement in the 'options' section, a separate
    # 'notify' can be added to each zone definition.

    notify no;
    allow-query { any; };
    listen-on { any; };

};

To configure named’s logging remove the leading ‘#’ characters of the

following examples.

#logging {

# Log queries to a file limited to a size of 100 MB.

channel query_logging {

file “/var/log/named_querylog”

versions 3 size 100M;

print-time yes; // timestamp log entries

};

category queries {

query_logging;

};

# Or log this kind alternatively to syslog.

channel syslog_queries {

syslog user;

severity info;

};

category queries { syslog_queries; };

# Log general name server errors to syslog.

channel syslog_errors {

syslog user;

severity error;

};

category default { syslog_errors; };

# Don’t log lame server messages.

category lame-servers { null; };

#};

The following zone definitions don’t need any modification. The first one

is the definition of the root name servers. The second one defines

localhost while the third defines the reverse lookup for localhost.

zone “.” in {
type hint;
file “root.hint”;
};

zone “localhost” in {
type master;
file “localhost.zone”;
};

zone “0.0.127.in-addr.arpa” in {
type master;
file “127.0.0.zone”;
};

Include the meta include file generated by createNamedConfInclude. This

includes all files as configured in NAMED_CONF_INCLUDE_FILES from

/etc/sysconfig/named

include “/etc/named.conf.include”;
logging {
category queries { log_syslog; };
channel log_syslog { syslog; };
category xfer-in { log_syslog; };
category xfer-out { log_syslog; };
category default { log_syslog; };
};
zone “0.168.192.in-addr.arpa” in {
allow-transfer { any; };
file “master/0.168.192.in-addr.arpaX”;
type master;
};
zone “private.lan” in {
allow-transfer { any; };
file “master/private.lan”;
type master;
};

You can insert further zone records for your own domains below or create

single files in /etc/named.d/ and add the file names to

NAMED_CONF_INCLUDE_FILES.

See /usr/share/doc/packages/bind/README.SUSE for more details.

williamsdanny wrote:
> Forwarders are setup in yast. I do not have “forward first” in options.
> Doesn’t that somewhat defeat the point of having the dns server on the
> local lan if you pass all requests outside first?

I think (but I’m not 100% sure) the cache is still consulted first.
I don’t know what forwarders you set in YaST, but they do not appear in your
named.conf
Set them explicitly in the options{} section.

On Tue February 24 2009 02:46 pm, williamsdanny wrote:

>
> Forwarders are setup in yast. I do not have “forward first” in options.
> Doesn’t that somewhat defeat the point of having the dns server on the
> local lan if you pass all requests outside first?
>
> named-checkconf gives no output
>
> named-checkconf -z gives the following:
> named-checkconf -z
> zone localhost/IN: loaded serial 42
> zone 0.0.127.in-addr.arpa/IN: loaded serial 42
> zone 0.168.192.in-addr.arpa/IN: loaded serial 2009022400
> zone private.lan/IN: loaded serial 2009022301
>
> named-checkzone didn’t reveal anything obvious to me. If you want me
> to run something specific I’ll be happy to do so.
>
>
> Here is a copy of my /etc/named.conf file:
> =========================================================
> # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
> # All rights reserved.
<snip>
williamsdanny;

1. Can you verify that the clients are getting Internet addresses from your
   DNS and not one of your ISP’s? Try nslookup on a client.
2. Can you verify that /etc/resolve.conf contains the correct IP for your
   nameserver?
3. Have you verified that /var/lib/named/root.hint exists?
4. Can you resolve local addresses with nslookup?
5. It’s possible your ISP does not pass name query’s upstream. You may be
   forced to forward to your ISP’s nameserver for external addresses.

–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green