I have many problems. The first was that forwarding do not work. Local resolveing works but nslookup on windows tells me that dns is not avadable. and my last problem is that i cant start named when i schwicht the DHCP_UPDATER on.

can somebody help me?

My named.conf

Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.

All rights reserved.

Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>

/etc/named.conf

This is a sample configuration file for the name server BIND 9. It works as

a caching only name server without modification.

A sample configuration for setting up your own domain can be found in

/usr/share/doc/packages/bind/sample-config.

A description of all available options can be found in

/usr/share/doc/packages/bind/misc/options.

options {

# The directory statement defines the name server's working directory

directory "/var/lib/named";

# Write dump and statistics file to the log subdirectory.  The
# pathenames are relative to the chroot jail.

dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";

# The forwarders record contains a list of servers to which queries
# should be forwarded.  Enable this line and modify the IP address to
# your provider's name server.  Up to three servers may be listed.

forwarders {
#	195.50.140.178;
	192.168.13.1;
	};

# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.

forward first;

# The listen-on record contains a list of local network interfaces to
# listen on.  Optionally the port can be specified.  Default is to
# listen on all interfaces found on your system.  The default port is
# 53.

listen-on port 53 { 127.0.0.1; 127.0.0.2; 192.168.13.11; };

# The listen-on-v6 record enables or disables listening on IPv6
# interfaces.  Allowed values are 'any' and 'none' or a list of
# addresses.

listen-on-v6 { none; };

# The next three statements may be needed if a firewall stands between
# the local server and the internet.

query-source address * port 53;

transfer-source * port 53;

notify-source * port 53;

# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.

allow-query { any;};

# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed.  Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.

notify no;

};

To configure named’s logging remove the leading ‘#’ characters of the

following examples.

#logging {

# Log queries to a file limited to a size of 100 MB.

channel query_logging {

file “/var/log/named_querylog”

versions 3 size 100M;

print-time yes; // timestamp log entries

};

category queries {

query_logging;

};

# Or log this kind alternatively to syslog.

channel syslog_queries {

syslog user;

severity info;

};

category queries { syslog_queries; };

# Log general name server errors to syslog.

channel syslog_errors {

syslog user;

severity error;

};

category default { syslog_errors; };

# Don’t log lame server messages.

category lame-servers { null; };

#};

The following zone definitions don’t need any modification. The first one

is the definition of the root name servers. The second one defines

localhost while the third defines the reverse lookup for localhost.

zone “.” in {
type hint;
file “root.hint”;
};

zone “localhost” in {
type master;
file “localhost.zone”;
};

zone “0.0.127.in-addr.arpa” in {
type master;
file “127.0.0.zone”;
};

Include the meta include file generated by createNamedConfInclude. This

includes all files as configured in NAMED_CONF_INCLUDE_FILES from

/etc/sysconfig/named

include “/etc/named.conf.include”;

You can insert further zone records for your own domains below or create

single files in /etc/named.d/ and add the file names to

NAMED_CONF_INCLUDE_FILES.

See /usr/share/doc/packages/bind/README.SUSE for more details.

#key DHCP_UPDATER {
#algorithm HMAC-MD5.SIG-ALG.REG.INT;
#secret “XXX”;
#};

zone “lipton” {
type master;
file “/var/lib/named/master/lipton.hosts”;
};
zone “0.13.168.192.in-addr.arpa” {
type master;
file “/var/lib/named/master/192.168.13.0.rev”;
};

Well the first question is - do you have UDP/TCP port 53 open on the Linux server?

yes the firewall is switcht off so the port has to be free.

tail -f /var/lib/named/log/named_querylog

While doing that, do a few queries from localhost and Windows - see if they reach the server.

Also check:
netstat -anp|grep 53

Make sure it’s listening to the IP (or 0.0.0.0:53 if you want to listen to all interfaces)

Also make sure that named does actually run at the time with: rcnamed status

/var/log/messages should also contain information about the named service startup.

Hi,

I think you have to edit your named.conf a little more.

In the section forwarders should be the ip-address of the dns-server of your ISP, so that your dns-server can forward the queries to the internet

forwarders {

195.50.140.178;

192.168.13.1; => should be ISP dns-address
};

If you want to work with dynamic updates, you will have to edit your zone’s as well like this:

zone “lipton” {
type master;
allow-update { key your_key; };
allow-transfer { any; };
file “dyn/lipton”;
};

zone “13.168.192.in-addr.arpa” {
type master;
allow-update { key your_key; };
allow-transfer { any; };
file “dyn/13.168.192.in-addr.arpa”;
};

You can find the name of the key in the file /etc/named.d/*.key

Next you will have to edit your zone-files:
They should be like this:

=> /var/lib/named/dyn/lipton (replace nameserver with the name of your server):

$TTL 172800
@ IN SOA nameserver.lipton. root.nameserver.lipton. (
2008072300
10800
3600
604800
86400)
IN NS nameserver.lipton.
nameserver IN A 192.168.13.11 (this should be your server ip)
ns1 IN CNAME nameserver

and /var/lib/named/dyn/13.168.192.in-addr.arpa (replace nameserver with the name of your server):

$TTL 172800
@ IN SOA nameserver.lipton. root.nameserver.lipton. (
2008072300
10800
3600
604800
86400)
IN NS 11.13.168.192.in-addr.arpa. (replace ip with the server IP)
1 IN PTR nameserver.lipton.

Then restart your dns server with rcnamed restart (as su)

This how I’ve set it up and it seems to be working

For more info: Configuring DNS and DHCP on Suse Linux Enterprise Server

thanks for all the informations i will test it next days.

i have done all the thinks but the named do not run.

fist the netstat -anp|grep 53 command:
tcp 0 0 192.168.13.11:53 0.0.0.0:* LISTEN 18038/named
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 18038/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 18038/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2535/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 18038/named
udp 0 0 0.0.0.0:53 0.0.0.0:* 18038/named
udp 0 0 192.168.13.11:53 0.0.0.0:* 18038/named
udp 0 0 127.0.0.2:53 0.0.0.0:* 18038/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 18038/named
udp 0 0 0.0.0.0:36831 0.0.0.0:* 2537/avahi-daemon:
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2537/avahi-daemon:
udp 0 0 0.0.0.0:631 0.0.0.0:* 2535/cupsd
unix 2 ACC ] STREAM LISTENING 6295 2537/avahi-daemon: /var/run/avahi-daemon/socket
unix 2 ACC ] STREAM LISTENING 6302 2534/audispd /var/run/audispd_events
unix 2 ACC ] STREAM LISTENING 6322 2535/cupsd /var/run/cups/cups.sock
unix 3 ] STREAM CONNECTED 6753 2677/master
unix 3 ] STREAM CONNECTED 6394 2537/avahi-daemon: /var/run/avahi-daemon/socket
unix 2 ] DGRAM 6304 2534/audispd
unix 3 ] STREAM CONNECTED 6297 2537/avahi-daemon:
unix 2 ] DGRAM 6288 2537/avahi-daemon:
unix 2 ] DGRAM 6268 2532/auditd
unix 3 ] STREAM CONNECTED 6267 2532/auditd
unix 3 ] STREAM CONNECTED 6266 2534/audispd
unix 3 ] STREAM CONNECTED 4853 1965/kdm_greet
unix 3 ] STREAM CONNECTED 4113 1530/acpid.socket
unix 3 ] STREAM CONNECTED 4109 1530/acpid.socket

after that my new named.conf :

options {

    # The directory statement defines the name server's working directory

    directory "/var/lib/named";

    # Write dump and statistics file to the log subdirectory.  The
    # pathenames are relative to the chroot jail.

    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";

    # The forwarders record contains a list of servers to which queries
    # should be forwarded.  Enable this line and modify the IP address to
    # your provider's name server.  Up to three servers may be listed.

    forwarders {
            192.168.13.1;
            };

    # Enable the next entry to prefer usage of the name server declared in
    # the forwarders section.

forward first;

    # The listen-on record contains a list of local network interfaces to
    # listen on.  Optionally the port can be specified.  Default is to
    # listen on all interfaces found on your system.  The default port is
    # 53.

    listen-on port 53 { 127.0.0.1; 127.0.0.2; 192.168.13.11; };

    # The listen-on-v6 record enables or disables listening on IPv6
    # interfaces.  Allowed values are 'any' and 'none' or a list of
    # addresses.

    listen-on-v6 { none; };

    # The next three statements may be needed if a firewall stands between
    # the local server and the internet.

    query-source address * port 53;
    transfer-source * port 53;
    notify-source * port 53;
    allow-query { any;};

    # If notify is set to yes (default), notify messages are sent to other
    # name servers when the the zone data is changed.  Instead of setting
    # a global 'notify' statement in the 'options' section, a separate
    # 'notify' can be added to each zone definition.

    notify no;

};
zone “.” in {
type hint;
file “root.hint”;
};

zone “localhost” in {
type master;
file “localhost.zone”;
};

zone “0.0.127.in-addr.arpa” in {
type master;
file “127.0.0.zone”;
};
zone “lipton” {
type master;

file “/var/lib/named/master/lipton.hosts”;

    allow-update { key H94JQHKbevJZwzd4OOTu5G==; };
    allow-transfer { any; };
    file "dyn/lipton";
    };

zone “0.13.168.192.in-addr.arpa” {
type master;
#file “/var/lib/named/master/192.168.13.0.rev”;
allow-update { key H94JQHKbevJZwzd4OOTu5G==; };
allow-transfer { any; };
file “dyn/13.168.192.in-addr.arpa”;
};
logging {
channel named_test {
file “/var/lib/named/log/named_querylog”;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
};

I have Created the new zone files at /var/lib/named/dyn/lipton and /var/lib/named/dyn/13.168.192.in-addr.arpa

and now i have the problem that the server cant resaolve any name.

change the name of the keys in your zone sections:

allow-update { key H94JQHKbevJZwzd4OOTu5G==; };

to something like

allow update { key dyn_dns }; (this the name of the key)

And there seems to be a bug in opensuse 11 with dhcp and dns:

https://bugzilla.novell.com/show_bug.cgi?id=404663

where you can’t resolve hostnames in the network

thats not the problem i have commented the lines with the keys first the dns have to resolve forwarded adresses. thats the main problem.

What do you mean by forwarded addresses? Do you mean like Google or opensuse.org? then try to change the ip-address of the forwarder to the ip-address of your internet-provider or use the ip-address of openDNS (OpenDNS | Providing A Safer And Faster Internet.

ip for opendns:

208.67.222.222
208.67.220.220

That way if you ask your dns-server for an address, and he doesn’t know it, it will ask on the internet for the address.

So change this:
forwarders {
192.168.13.1;
};

to

forwarders {
208.67.222.222;
208.67.220.220;
};

in your case, if you send an address to your dns server and he doesn’t know about it, he’s going to forward it to 192.168.13.1, but because this on your local network, it will forward it again to your dns-server for the address, wich will forward it again to 192.168.13.1

you should also change your reverse zone from 0.13.168.192.in-addr-arpa to 13.168.192.in-addr.arpa

A reverse zone have to translate 192.168.13.xxx to a hostname,

so if you have an ip-address (for example 192.168.13.150 and you want to have a hostname, your dns-server will do

150.13.168.192.in-addr.arpa and translate this to a host name.

Because you have 0.13.168.192.in-addr.arpa, your dns server can’t add the 150 to it.

I hope this is helping, I know a lot about this (I had to find all this by myself at home), and I know this is difficult stuff, but I will do my best to help you.

i have change the resolver to 13.168…

i had config the named the last days with yast and now when i activate the forwarder option in the named.conf the server do not start but i can edit forwarders.conf and i put the opensuese dns servers inside. but by running nslookup the results are:

pumukel:/etc # nslookup
> google.de
Server: 192.168.13.11
Address: 192.168.13.11#53

** server can’t find google.de.lipton: SERVFAIL

why the server take .lipon on the end of the adress and local adesses can not be resolved…

Here’s my config existing with named.conf, named.conf.include, forwarders.conf, galactica.local, 57.10.10.in-addr.arpa, I forward to the ip’s of openDNS (OpenDNS | Providing A Safer And Faster Internet) maybe that will help:

/etc/named.conf:

Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.

All rights reserved.

Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>

/etc/named.conf

This is a sample configuration file for the name server BIND 9. It works as

a caching only name server without modification.

A sample configuration for setting up your own domain can be found in

/usr/share/doc/packages/bind/sample-config.

A description of all available options can be found in

/usr/share/doc/packages/bind/misc/options.

options {

The directory statement defines the name server’s working directory

    directory "/var/lib/named";

    # Write dump and statistics file to the log subdirectory.  The 
    # pathenames are relative to the chroot jail.

    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";

    # The forwarders record contains a list of servers to which queries
    # should be forwarded.  Enable this line and modify the IP address to
    # your provider's name server.  Up to three servers may be listed.

    #forwarders { 192.0.2.1; 192.0.2.2; };

    # Enable the next entry to prefer usage of the name server declared in
    # the forwarders section.

    #forward first;

    # The listen-on record contains a list of local network interfaces to
    # listen on.  Optionally the port can be specified.  Default is to
    # listen on all interfaces found on your system.  The default port is
    # 53.

    #listen-on port 53 { 127.0.0.1; };

    # The listen-on-v6 record enables or disables listening on IPv6
    # interfaces.  Allowed values are 'any' and 'none' or a list of
    # addresses.

    listen-on-v6 { any; };

    # The next three statements may be needed if a firewall stands between
    # the local server and the internet.

    #query-source address * port 53;
    #transfer-source * port 53;
    #notify-source * port 53;

    # The allow-query record contains a list of networks or IP addresses
    # to accept and deny queries from. The default is to allow queries
    # from all hosts.

    allow-query { 10.10.57.0/24; 127.0.0.1; };

# [security]  allow-recursion now default
#             to the builtin acls "localnets" and "localhost".
#
#             This is being done to make caching servers less
#             attractive as reflective amplifying targets for
#             spoofed traffic.  This still leave authoritative
#             servers exposed.
#
#             The best fix is for full BCP 38 deployment to
#             remove spoofed traffic.

    allow-recursion { 10.10.57.0/24; localhost; };

    # If notify is set to yes (default), notify messages are sent to other
    # name servers when the the zone data is changed.  Instead of setting
    # a global 'notify' statement in the 'options' section, a separate
    # 'notify' can be added to each zone definition.

    notify no;
    include "/etc/named.d/forwarders.conf";

};

To configure named’s logging remove the leading ‘#’ characters of the

following examples.

#logging {

# Log queries to a file limited to a size of 100 MB.

channel query_logging {

file “/var/log/named_querylog”

versions 3 size 100M;

print-time yes; // timestamp log entries

};

category queries {

query_logging;

};

# Or log this kind alternatively to syslog.

channel syslog_queries {

syslog user;

severity info;

};

# Or log this kind alternatively to syslog.

channel syslog_queries {

syslog user;

severity info;

};

category queries { syslog_queries; };

# Log general name server errors to syslog.

channel syslog_errors {

syslog user;

severity error;

};

category default { syslog_errors; };

# Don’t log lame server messages.

category lame-servers { null; };

#};

The following zone definitions don’t need any modification. The first one

is the definition of the root name servers. The second one defines

localhost while the third defines the reverse lookup for localhost.

zone “.” in {
type hint;
file “root.hint”;
};

zone “localhost” in {
type master;
file “localhost.zone”;
};

zone “0.0.127.in-addr.arpa” in {
type master;
file “127.0.0.zone”;
};

Include the meta include file generated by createNamedConfInclude. This

includes all files as configured in NAMED_CONF_INCLUDE_FILES from

/etc/sysconfig/named

include “/etc/named.conf.include”;
acl galactica { 10.10.57.0; };
logging {
category queries { log_syslog; };
category xfer-in { log_syslog; };
category xfer-out { log_syslog; };
category default { log_syslog; };
channel log_syslog { syslog; };
};
zone “galactica.local” in {
allow-update { key dyn_dns; };
allow-transfer { any; galactica; };
file “dyn/galactica.local”;
type master;
};
zone “57.10.10.in-addr.arpa” in {
allow-update { key dyn_dns; };
allow-transfer { any; galactica; };
file “dyn/57.10.10.in-addr.arpa”;
type master;
};

You can insert further zone records for your own domains below or create

single files in /etc/named.d/ and add the file names to

NAMED_CONF_INCLUDE_FILES.

See /usr/share/doc/packages/bind/README.SUSE for more details.

/etc/named.conf.include:

This file is autogenerated by /usr/share/bind/createNamedConfInclude

on Fri Jul 25 23:27:59 CEST 2008. Don’t edit it manually.

Add additional configuration files which should be added to /etc/named.conf

by this mechanism to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named. This

is possible with the YaST sysconfig or any other editor.

See /usr/share/doc/packages/bind/README.SUSE section

createNamedConfInclude for more details.

include “/etc/named.d/dyn_dns.key”;

/etc/named.d/forwarders.conf:

Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.

All rights reserved.

Forwarders file for PPPD updates (only)

/etc/named.d/forwarders.conf

forwarders { 208.67.222.222; 208.67.220.220; };

/var/lib/named/dyn/galactica.local:

$ORIGIN .
$TTL 86400 ; 1 day
galactica.local IN SOA adama.galactica.local. root.adama.galactica.loc
al. (
2008072847 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS adama.galactica.local.
MX 0 mail.galactica.local.
$ORIGIN galactica.local.
adama A 10.10.57.1
mail CNAME adama
ns1 CNAME adama

/var/lib/named/dyn/57.10.10.in-addr.arpa:

$ORIGIN .
$TTL 86400 ; 1 day
57.10.10.in-addr.arpa IN SOA adama.galactica.local. root.adama.galactica.loc
al. (
2008072732 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS 1.57.10.10.in-addr.arpa.
$ORIGIN 57.10.10.in-addr.arpa.
1 PTR adama.galactica.local.

some notes:

copy these configs (they are tested and work) to your corresponding files,

replace galactica with lipton
replace 10.10.57.0 with 192.168.13.0
replace 57.10.10.in-addr.arpa with 13.168.192.in-addr.arpa
replace adama with the name of your server

and do:

rcnamed start

Now it should work, if you get error-messages, post them and I will help you debug it.

and one more note:

put this line into /etc/host.conf

mdns off

otherwise you can’t ping with hostnames