resolv.conf with local DNS problem - Networking

This is a discussion on resolv.conf with local DNS problem - Networking ; Hi All, I think this is a resolv.conf issue, but I could be wrong now. I have a CentOS 5.2 server with two network cards: eth0: 192.168.255.10 connects to internal private network eth1: firewalled to the internet (iptables) The server ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: resolv.conf with local DNS problem

  1. resolv.conf with local DNS problem

    Hi All,

    I think this is a resolv.conf issue, but
    I could be wrong now.

    I have a CentOS 5.2 server with two network cards:
    eth0: 192.168.255.10 connects to internal private network
    eth1: firewalled to the internet (iptables)

    The server acts as the gateway and firewall to
    the Internet. The server has its own DNS (bind/named).

    All of the client computers (12 Windows XP) use
    the server's DNS without issue. (Running "ipconfig"
    and "nslookup" on the XP machines confirms this.)

    Problem: the server can not see its own DNS. I
    had to put my ISP's DNS1 IP into resolv.conf
    to use Firefox or the "host" command from the
    server.

    My /etc/resolv.conf:

    ; generated by /sbin/dhclient-script
    ; search 192.168.255.10
    search foo.local
    ; nameserver 192.168.255.10
    nameserver 207.xxx.yyy.zzz

    If I switch the comments on the "nameserver",
    to the 192... the server can not see its own
    DNS.

    My /etc/sysconfig/network:
    NETWORKING=yes
    NETWORKING_IPV6=no
    FORWARD_IPV4=true
    HOSTNAME=server.foo.local
    GATEWAY=216.xxx.yyy.zzz

    What am I doing wrong?

    Many thanks,
    -T

  2. Re: resolv.conf with local DNS problem

    On Sat, 01 Nov 2008 22:25:35 GMT, ToddAndMargo wrote:
    > Hi All,
    >
    > I think this is a resolv.conf issue, but
    > I could be wrong now.
    >
    > I have a CentOS 5.2 server with two network cards:
    > eth0: 192.168.255.10 connects to internal private network
    > eth1: firewalled to the internet (iptables)
    >
    > The server acts as the gateway and firewall to
    > the Internet. The server has its own DNS (bind/named).



    No forwarders in /named.conf or named not running or zone setting invalid.

    You might run named-checkconf.

    On my Mandriva linux the commands would be
    $ hostname
    wm81.home.test

    $ hostname --ip-address
    192.168.1.131

    named-checkconf -t /var/lib/named /etc/named.conf
    named-checkzone -t /var/lib/named/var/named/master home.test home.zone
    named-checkzone -t /var/lib/named/var/named/reverse 1.168.192.in-addr.arpa home.reversed

    My named.conf changes
    dif /var/lib/named/etc/named.conf_orig /var/lib/named/etc/named.conf
    44c44
    < // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
    ---
    > forwarders { 208.67.222.222; 208.67.220.220; };

    139a140,152
    >
    > zone "home.test" IN {
    > type master;
    > file "master/home.zone";
    > allow-update { none; };
    > };
    >
    > zone "1.168.192.in-addr.arpa" IN {
    > type master;
    > file "reverse/home.reversed";
    > allow-update { none; };
    > };


  3. Re: resolv.conf with local DNS problem

    Hello,

    ToddAndMargo a écrit :
    >
    > I have a CentOS 5.2 server with two network cards:
    > eth0: 192.168.255.10 connects to internal private network
    > eth1: firewalled to the internet (iptables)
    >
    > The server acts as the gateway and firewall to
    > the Internet. The server has its own DNS (bind/named).
    >
    > All of the client computers (12 Windows XP) use
    > the server's DNS without issue. (Running "ipconfig"
    > and "nslookup" on the XP machines confirms this.)
    >
    > Problem: the server can not see its own DNS. I
    > had to put my ISP's DNS1 IP into resolv.conf
    > to use Firefox or the "host" command from the
    > server.
    >
    > My /etc/resolv.conf:
    >
    > ; generated by /sbin/dhclient-script
    > ; search 192.168.255.10


    This is wrong : the "search" option expects a domain, not an IP address.

    > search foo.local
    > ; nameserver 192.168.255.10
    > nameserver 207.xxx.yyy.zzz
    >
    > If I switch the comments on the "nameserver",
    > to the 192... the server can not see its own
    > DNS.


    Can you describe what happens exactly when using the "host" command,
    including delays and messages ?
    Does the firewall allow DNS traffic over the loopback interface ?

  4. Re: resolv.conf with local DNS problem

    On Sat, 01 Nov 2008 22:25:35 +0000, ToddAndMargo wrote:

    > Problem: the server can not see its own DNS. I had to put my ISP's DNS1
    > IP into resolv.conf to use Firefox or the "host" command from the
    > server.


    Are you using "bind" as a nameserver? And if so, do you have something
    like the lines below in your /etc/named.conf?

    options {
    directory "/var/named";

    // Only allow recursive queries from the internal network
    allow-recursion { 192.168.255/24; };
    };

    This will deny all processes running on your server to look up external
    addesses. Lookups originating on your server will use 127.0.0.1 as the
    source address of the queries.

    Change the "allow-recursion" line to read:
    allow-recursion { 192.168.255/24; 127.0.0.1; };


    Regards,

    Kees.

    --
    Kees Theunissen.

  5. Re: resolv.conf with local DNS problem

    Kees Theunissen a écrit :
    >
    > Are you using "bind" as a nameserver? And if so, do you have something
    > like the lines below in your /etc/named.conf?
    >
    > options {
    > directory "/var/named";
    >
    > // Only allow recursive queries from the internal network
    > allow-recursion { 192.168.255/24; };
    > };
    >
    > This will deny all processes running on your server to look up external
    > addesses. Lookups originating on your server will use 127.0.0.1 as the
    > source address of the queries.


    Not necessarily. When the destination address is local (belongs to the
    host itself), the Linux kernel IPv4 routing code chooses the same
    address as the default source address. So if the nameserver address in
    /etc/resolv.conf is 192.168.255.10, then the default source address for
    DNS queries will be 192.168.255.10. However this may not be true for
    local IPv6 communications, the Linux kernel IPv6 routing code may choose
    the loopback address ::1 as the default source address regardless of the
    destination address.

  6. Re: resolv.conf with local DNS problem

    Hi Bit, Pacsal, and Kees,

    Figured it out. After pouring over my named.conf for a mistake, I
    fired up
    Bit's check utilities. Found nothing. Very frustrating. Then I
    realized
    that my "serial numbers" were out of sync on my hosts and hosts.rev
    files. So, I updated them to the same higher number. Reset named and
    happy camping has returned.

    Thank you all for the tips and suggestions. (Love those configuration
    checking utilities!)

    -T

+ Reply to Thread