Newbie: DNS/Bind problem with adding zone

Curently learning Linux networking, but have a big headache with dns/bind.
I have an outside router (192.168.2.1) providing internet access and ip
addresses to local home network.
One of the PCs in the local network (Knoppix) have two nics: 192.168.2.150
(to the router) and 192.168.10.1 , serving as dhcp and dns server (basically
another router) for third pc, vector.dom (192.168.10.20) connected via cross
cable.

I think I have no problems with setting up caching only dns server as I can
ping local and outside world, but after allowing everything via iptables
first.
However when I try to add a new zone into configuration, no pc can see it.
Obviously I did something wrong but couldn't figure that out.

Any help will be greatly appreciated.

The file listings are separated with *'s.


This is my dhcpd.conf file:
***************************

ddns-update-style none;

# option definitions common to all supported networks...
option domain-name-servers 192.168.10.1, 192.168.2.1;
option routers 192.168.10.1, 192.168.2.1;

default-lease-time 600;
max-lease-time 7200;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.10 192.168.10.20;
}
************************************************** ******


This is my named.conf file:
************************************************** *****
include "/mnt/hdd3/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/mnt/hdd3/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/mnt/hdd3/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/mnt/hdd3/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/mnt/hdd3/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/mnt/hdd3/bind/db.255";
};

include "/mnt/hdd3/bind/named.conf.local";

************************************************** *****

db.255 , db.0, db.127, db.local and db.root are standard caching only files
and I will not list them here.
It is supposed they are working properly.


The problems are probably here:
named.conf.local file
************************************************** ******
//
// Do any local configuration here
//

zone "dom" {
type master;
file "dom.zone";
notify yes;
allow-updates { any };
};

zone "168.192.in-addr.arpa" {
type master;
file "168.192.reverse";
notify yes;
allow-updates { any };
};
************************************************** **

dom.zone file:
************************************************** **
$TTL 1w
@ IN SOA Knoppix. localhost.Knoppix. (
#should this be: @ IN SOA dom. ??

2004
21600
1800
604800
900 )

IN NS Knoppix.
#Knoppix returns local host
#or do I have to define another Knoppix. zone ??

localhost IN A 127.0.0.1

vector IN A 192.168.10.20
www IN CNAME vector.dom.
************************************************** *


168.192.reverse file
************************************************** *

$TTL 1w
@ IN SOA Knoppix. localhost.Knoppix. (
2005
21600
1800
604800
900 )

IN NS Knoppix.


20.10 IN PTR vector.dom.
1.10 IN PTR Knoppix.
***********************************************

"john" <(E-Mail Removed)> writes:

>Curently learning Linux networking, but have a big headache with dns/bind.
>I have an outside router (192.168.2.1) providing internet access and ip
>addresses to local home network.
>One of the PCs in the local network (Knoppix) have two nics: 192.168.2.150
>(to the router) and 192.168.10.1 , serving as dhcp and dns server (basically
>another router) for third pc, vector.dom (192.168.10.20) connected via cross
>cable.

>I think I have no problems with setting up caching only dns server as I can
>ping local and outside world, but after allowing everything via iptables
>first.

>This is my dhcpd.conf file:
>***************************

>ddns-update-style none;

># option definitions common to all supported networks...
>option domain-name-servers 192.168.10.1, 192.168.2.1;
>option routers 192.168.10.1, 192.168.2.1;

Your clients are using two DNS servers.

If they get NXDOMAIN on the lookup from 192.168.2.1, they won't try
the other. You will need to have them use only your DNS server.

"Neil W Rickert" <rickert+(E-Mail Removed)> schreef in bericht
news:bsfnqi$evv$(E-Mail Removed)...
> "john" <(E-Mail Removed)> writes:
>
> >This is my dhcpd.conf file:
> >***************************
>
> >ddns-update-style none;
>
> ># option definitions common to all supported networks...
> >option domain-name-servers 192.168.10.1, 192.168.2.1;
> >option routers 192.168.10.1, 192.168.2.1;
>
> Your clients are using two DNS servers.
>
> If they get NXDOMAIN on the lookup from 192.168.2.1, they won't try
> the other. You will need to have them use only your DNS server.
>

Thanks, I have removed 192.168.2.1 from servers option, but still have the
same problem.

On Thu, 25 Dec 2003 22:02:19 +0100, "john" <(E-Mail Removed)> wrote:

[cut]

>
>This is my dhcpd.conf file:
>***************************
>
>ddns-update-style none;
>
># option definitions common to all supported networks...
>option domain-name-servers 192.168.10.1, 192.168.2.1;

As Neil already mentioned: just your own DNS should be listed here

>
>zone "dom" {
>type master;
>file "dom.zone";
>notify yes;
>allow-updates { any };
>};

1. It's "allow-update" not "allow-updates"
2. Didn't you get any messages in your logfile (e.g.
/var/log/messages9 This syntax couldn't work.
3. Think about "allow-update { any };" in terms of security.

>************************************************* ***
>
>dom.zone file:
>************************************************* ***
>$TTL 1w
>@ IN SOA Knoppix. localhost.Knoppix. (
>#should this be: @ IN SOA dom. ??
>
>2004
>21600
>1800
>604800
>900 )
>
>IN NS Knoppix.
>#Knoppix returns local host
>#or do I have to define another Knoppix. zone ??
>

I expect the SOA-record to be another the source of problems.
You can get good recommandations about the meaning of the fields in
SOA at http://www.ripe.net/ripe/docs/ripe-203.html

If you modify it, it could work:
**********************************
dom.zone file
**********************************
$TTL 1w
$ORIGIN dom.
@ IN SOA ns hostmaster.ns (
200404
21600
1800
604800
900 )
NS ns

ns IN A 192.168.10.1

vector IN A 192.168.10.20
www IN CNAME vector
**********************************

Similar changes to the reverse lookup file should be done.

regards,
wolfgang "waggy"

-----------------------------------------------------------------------
The "FIVE" should read "5" & remove the "WWW".

Waggy, thanks for your reply.
I am not able to try it right now, but I will post the result after a few
days.



"Wolfgang Wagner" <(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed)...
> On Thu, 25 Dec 2003 22:02:19 +0100, "john" <(E-Mail Removed)> wrote:
>

> I expect the SOA-record to be another the source of problems.
> You can get good recommandations about the meaning of the fields in
> SOA at http://www.ripe.net/ripe/docs/ripe-203.html
>
> If you modify it, it could work:
> **********************************
> dom.zone file
> **********************************
> $TTL 1w
> $ORIGIN dom.
> @ IN SOA ns hostmaster.ns (
> 200404
> 21600
> 1800
> 604800
> 900 )
> NS ns
>
> ns IN A 192.168.10.1
>
> vector IN A 192.168.10.20
> www IN CNAME vector
> **********************************
>
> Similar changes to the reverse lookup file should be done.
>
> regards,
> wolfgang "waggy"
>
> -----------------------------------------------------------------------
> The "FIVE" should read "5" & remove the "WWW".
>