Local DNS... "unknown host"

Hi guys,

If could get your help on this one, I'd surely owe you one. I have the
following setup:

A router with two NICs, using NAT (configured by Firestarter):
- eth0 (Alisa.weichert.local - 192.168.1.1)
- eth1 (WAN/Internet)

Connected to eth0 is a 8-port switch. Connected to the switch is:
- eth0 (Blake.weichert.local - IP assigned by DHCP)

I'm trying to get DNS working using BIND9. So far if I try to ping a
computer by hostname I get an error "Unknown Host".

--named.conf:--
include "/etc/bind/named.conf.options";

zone "." {
type hint;
file "/etc/bind/db.root";
};

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";


-- named.conf.local --
view weichert.local {
match-clients {
192.168.1.*;
};
zone "weichert.local" {
type forward;
forwarders {
192.168.1.1;
};
};
zone "0.1.168.192.in-addr.arpa" {
type forward;
forwarders {
192.168.1.1;
};
};
};

On 24 Dec 2005 12:18:57 -0800, Cyphos <(E-Mail Removed)> wrote:
> If could get your help on this one, I'd surely owe you one. I have the
> following setup:
>
> A router with two NICs, using NAT (configured by Firestarter):
> - eth0 (Alisa.weichert.local - 192.168.1.1)
> - eth1 (WAN/Internet)
>
> Connected to eth0 is a 8-port switch. Connected to the switch is:
> - eth0 (Blake.weichert.local - IP assigned by DHCP)
>
> I'm trying to get DNS working using BIND9. So far if I try to ping a
> computer by hostname I get an error "Unknown Host".
>
> --named.conf:--
> include "/etc/bind/named.conf.options";
>
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };

Why do you have zones (below) for 0.x.x.x and 255.x.x.x IPs? You should
probably remove those.

> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> include "/etc/bind/named.conf.local";
>

You have no reverse zone for 1.168.192.in-addr.arpa (192.168.1.x IPs),
except:

It appears (below) that you have DNS for weichert.local and I think only
192.168.1.0 IP (not network) pointed at your own LAN IP, which has no
zones for those names or that IP. Note that "local" as a top level domain
is reserved (for multicast I think). SuSE Linux used to use .local for
local domain, but not anymore.

> -- named.conf.local --
> view weichert.local {
> match-clients {
> 192.168.1.*;
> };
> zone "weichert.local" {
> type forward;
> forwarders {
> 192.168.1.1;
> };
> };
> zone "0.1.168.192.in-addr.arpa" {
> type forward;
> forwarders {
> 192.168.1.1;
> };
> };
> };

I am not sure what "view" and "match-clients" do, but within my main
options{}; to limit access to local clients I would use:

listen-on port 53 { 127/8; 192.168/16; };
allow-query { 127/8; 192.168/16; };

As far as the rest, if your local domain was mw-local instead of
weichert.local you could have something like:

zone "mw-local" in {
type master;
file "/etc/bind/mw-local.zone";
notify no;
};

zone "1.168.192.in-addr.arpa" in {
type master;
file "/etc/bind/1.168.192.zone";
notify no;
};

Hi David!

Thanks, and I really appreciated your reply. I did as you say, and I
must admit the config looks more like I'd expect it to. However, I
noticed that I'm still not able to ping each computer by hostname, Do I
have to manually enter the addresses into each zone?

Thanks,
Mike

>As far as the rest, if your local domain was mw-local instead of
>weichert.local you could have something like:

>zone "mw-local" in {
> type master;
> file "/etc/bind/mw-local.zone";
> notify no;

>};

>zone "1.168.192.in-addr.arpa" in {
> type master;
> file "/etc/bind/1.168.192.zone";
> notify no;
>};

Oh, and I forgot to mention. When viewing my zones in webmin I noticed
that each zone has 0 name servers? Is that right?

Thanks a bunch for your help!
Mike

On 25 Dec 2005 06:59:19 -0800, Cyphos <(E-Mail Removed)> wrote:
> Hi David!
>
> Thanks, and I really appreciated your reply. I did as you say, and I
> must admit the config looks more like I'd expect it to. However, I
> noticed that I'm still not able to ping each computer by hostname, Do I
> have to manually enter the addresses into each zone?

Yes, you should have entries in the zone file for the domain listing
hostnames to IP's and in the 1.168.192.in-addr.arpa zone file listing
192.168.1.x IP's to hostnames. This works best if LAN IP's are static.
It gets more complicated if trying to do it automatically with dhcp.

See the DNS-HOWTO for more info. Although, that may be written for bind8
and I am using bind9. You can look at the zone files for localhost and
127.in-addr.arpa as examples if those were automatically installed when
you installed the bind package. I just edited the zone files manually and
have not used webadmin.

My bind9 also runs in a chroot jail (under /lib). In that case named
copies /etc/named.conf into its space before the chroot and zone files are
relative to that. Apparently your named is not chroot if your zone files
are full paths in /etc/bind.

>Yes, you should have entries in the zone file for the domain listing
>hostnames to IP's and in the 1.168.192.in-addr.arpa zone file listing
>192.168.1.x IP's to hostnames. This works best if LAN IP's are static.
>It gets more complicated if trying to do it automatically with dhcp.

Okay, well unfortunately I am using DHCP. I've been doing a bit of
reading on DDNS. However, now after configuring DDNS my clients cannot
receive an ip address:

DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 127.0.0.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPREQUEST on eth0 to 255.255.255.255 port 67
[5 more DHCPDISCOVER attempts]
NO DHCPOFFERS received.
No working leases in persistent database. Sleeping.

Here is what my dhcp configuration looks like (dhcp.conf):

server-identifier alisa.weichert-local;
authoritative;
ddns-update-style interim;
ddns-updates on;

subnet 192.168.1.0 netmask 255.255.255.0 {
authoritative;
allow client-updates;
ddns-updates on;
ddns-rev-domainname "weichert-local";
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1;
option ip-forwarding on;
option domain-name weichert-local;
range dynamic-bootp 192.168.1.2 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
one-lease-per-client on;
}
host DI-614 {
hardware ethernet 00:40:05:b8:00:36;
fixed-address 192.168.1.254;
}

Any ideas? Thanks again.
Mike

>DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
>DHCPOFFER from 127.0.0.1
>DHCPREQUEST on eth0 to 255.255.255.255 port 67
>DHCPREQUEST on eth0 to 255.255.255.255 port 67
>[5 more DHCPDISCOVER attempts]
>NO DHCPOFFERS received.
>No working leases in persistent database. Sleeping.

I couldn't figure this one out, so I just reinstalled DHCP and BIND.