Using bind on linux as dns cache for windows

I've recently installed bind on a debian server to act as a dns cache.
I installed bind, added "nameserver 127.0.0.1" to /etc/resolv.conf
before the original dns server entries (from my ISP), and added the
original dns server addresses to the options/forwarders in
/etc/bind/named.conf.options .

As far as I can see, it's working perfectly on the debian machine. It
is also working fine from an old redhat linux machine using:
nslookup www.linux.org 192.168.0.12
(where the debian machine is on 192.168.0.12).

However, from windows (w2k) I get:

>nslookup www.linux.org 192.168.0.12
*** Can't find server name for address 192.168.0.12: Non-existent domain
Server: UnKnown
Address: 192.168.0.12

Non-authoritative answer:
Name: www.linux.org
Address: 198.182.196.56


Does anyone know what I'm missing (either on the windows machine, or the
bind setup)? Our network is behind a firewall/router, with a static IP
but no specific domain name. The debian server is not accessible from
outside the local network, and has thus only a simple local name "jupiter".

If there is a better solution for dns caching than bind, then I'm quite
happy to change.

Many thanks for any ideas.

David Brown
Norway.


David Brown

David Brown wrote:

> However, from windows (w2k) I get:
>
> >nslookup www.linux.org 192.168.0.12
> *** Can't find server name for address 192.168.0.12: Non-existent domain
> Server: UnKnown
> Address: 192.168.0.12
>
> Non-authoritative answer:
> Name: www.linux.org
> Address: 198.182.196.56
>

Windows does a reverse lookup on your DNS server.

Why not set up a 0.168.192.in-addr.arpa zone for your local network and
put in the reverse lookup addresses of your servers.

Giles Coochey <(E-Mail Removed)> wrote:
> David Brown wrote:
>> However, from windows (w2k) I get:
>>
>> >nslookup www.linux.org 192.168.0.12
>> *** Can't find server name for address 192.168.0.12: Non-existent domain
>> Server: UnKnown
>> Address: 192.168.0.12
>>
>> Non-authoritative answer:
>> Name: www.linux.org
>> Address: 198.182.196.56
>>

> Windows does a reverse lookup on your DNS server.

Is it "Windows" per se or is it really nslookup trying to do the
reverse lookup on the DNS server IP. IIRC I've seen similar behaviour
with nslookup in my DNS perf work and little of that involved windows
When I was encountering that, gethostbyname() calls on the systems
were still fat dumb and happy, resolving like a charm.

rick jones
--
No need to believe in either side, or any side. There is no cause.
There's only yourself. The belief is in your own precision. - Jobert
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

On Fri, 02 Dec 2005 22:20:57 GMT, Rick Jones <(E-Mail Removed)> wrote:
> Giles Coochey <(E-Mail Removed)> wrote:
>> David Brown wrote:
>>> However, from windows (w2k) I get:
>>>
>>> >nslookup www.linux.org 192.168.0.12
>>> *** Can't find server name for address 192.168.0.12: Non-existent domain
>>> Server: UnKnown
>>> Address: 192.168.0.12
>>>
>>> Non-authoritative answer:
>>> Name: www.linux.org
>>> Address: 198.182.196.56
>>>
>
>> Windows does a reverse lookup on your DNS server.
>
> Is it "Windows" per se or is it really nslookup trying to do the
> reverse lookup on the DNS server IP. IIRC I've seen similar behaviour
> with nslookup in my DNS perf work and little of that involved windows
> When I was encountering that, gethostbyname() calls on the systems
> were still fat dumb and happy, resolving like a charm.

"nslookup" in Linux also used to resolve the nameserver, but not sure if
it still does because I have forward & reverse zones for my LAN.
In Linux nslookup has been depreciated in favor of the "host" command.

It is not a fatal error anyway if the nameserver cannot resolve itself,
just uncivilized (and easy enough to fix).

Giles Coochey wrote:
> David Brown wrote:
>
>> However, from windows (w2k) I get:
>>
>> >nslookup www.linux.org 192.168.0.12
>> *** Can't find server name for address 192.168.0.12: Non-existent domain
>> Server: UnKnown
>> Address: 192.168.0.12
>>
>> Non-authoritative answer:
>> Name: www.linux.org
>> Address: 198.182.196.56
>>
>
> Windows does a reverse lookup on your DNS server.
>
> Why not set up a 0.168.192.in-addr.arpa zone for your local network and
> put in the reverse lookup addresses of your servers.

Just to make sure my understanding is correct (I've a fair understanding
of tcp/ip and routing, but I've not previously had to touch dns), this
means that windows nslookup (and apparently, given the timeouts I'm
getting, all of w2k's use of dns) is doing a reverse lookup asking my
bind server for the dns name for 192.168.0.12. Bind doesn't have a name
for it, and this leads windows to reject the dns server. So the trick
is to tell bind that it is the primary dns server for the whole
0.168.192.in-addr.arpa zone.

I'm trying to figure out how to do this - my attempts so far have
failed. The server's hostname is "jupiter". If I can figure this out
for the one server, I'd also like to add names for other fixed address
nodes on the network (and maybe even for the DHCP allocated addresses).

To do this, I first add a sections to my named.conf.local (included by
named.conf) :

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.0";
};

zone "jupiter" {
type master;
file "/etc/bind/db.jupiter";
};


I made the two files db.192.168.0 and db.jupiter based on db.127 and
db.local which were already in the debian setup:

jupiter:/etc/bind# cat db.192.168.0
;
; BIND reverse data file for 192.168.0.*
;
$TTL 604800
@ IN SOA jupiter. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS jupiter.
12 IN PTR jupiter.

jupiter:/etc/bind# cat db.jupiter
;
; BIND data file for jupiter
;
$TTL 604800
@ IN SOA jupiter. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS jupiter.
@ IN A 192.168.0.12



This has not helped in any way (and I did remember to restart bind after
the changes). I expect that when I've got it working, nslookup on
"192.168.0.12" and "jupiter" should work correctly on the server - at
the moment I get:

jupiter:/etc/bind# nslookup 192.168.0.12
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find 12.0.168.192.in-addr.arpa: NXDOMAIN

jupiter:/etc/bind# nslookup jupiter
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find jupiter: NXDOMAIN



Any help or hints would be much appreciated.

mvh.,

David

David Brown wrote:
> Giles Coochey wrote:
>
>> David Brown wrote:
>>
>>> However, from windows (w2k) I get:
>>>
>>> >nslookup www.linux.org 192.168.0.12
>>> *** Can't find server name for address 192.168.0.12: Non-existent domain
>>> Server: UnKnown
>>> Address: 192.168.0.12
>>>
>>> Non-authoritative answer:
>>> Name: www.linux.org
>>> Address: 198.182.196.56
>>>
>>
>> Windows does a reverse lookup on your DNS server.
>>
>> Why not set up a 0.168.192.in-addr.arpa zone for your local network
>> and put in the reverse lookup addresses of your servers.
>
>
> Just to make sure my understanding is correct (I've a fair understanding
> of tcp/ip and routing, but I've not previously had to touch dns), this
> means that windows nslookup (and apparently, given the timeouts I'm
> getting, all of w2k's use of dns) is doing a reverse lookup asking my
> bind server for the dns name for 192.168.0.12. Bind doesn't have a name
> for it, and this leads windows to reject the dns server. So the trick
> is to tell bind that it is the primary dns server for the whole
> 0.168.192.in-addr.arpa zone.
>
<snip>

Windows doesn't reject the DNS server, it just says "hmm, funny this DNS
server doesn't have a reverse lookup for itself". It still gives you the
address for your server www.linux.org = 198.182.196.56, which it got
from your Bind DNS system (non-authoritative).

I had a brief look at your zone files (not quite a Bind expert myself)
and didn't see anything too out of the ordinary. I think PTR records
should normally be FQDNs though, rather than just hostnames.

Giles Coochey wrote:
> David Brown wrote:
>> Giles Coochey wrote:
>>
>>> David Brown wrote:
>>>
>>>> However, from windows (w2k) I get:
>>>>
>>>> >nslookup www.linux.org 192.168.0.12
>>>> *** Can't find server name for address 192.168.0.12: Non-existent
>>>> domain
>>>> Server: UnKnown
>>>> Address: 192.168.0.12
>>>>
>>>> Non-authoritative answer:
>>>> Name: www.linux.org
>>>> Address: 198.182.196.56
>>>>
>>>
>>> Windows does a reverse lookup on your DNS server.
>>>
>>> Why not set up a 0.168.192.in-addr.arpa zone for your local network
>>> and put in the reverse lookup addresses of your servers.
>>
>>
>> Just to make sure my understanding is correct (I've a fair
>> understanding of tcp/ip and routing, but I've not previously had to
>> touch dns), this means that windows nslookup (and apparently, given
>> the timeouts I'm getting, all of w2k's use of dns) is doing a reverse
>> lookup asking my bind server for the dns name for 192.168.0.12. Bind
>> doesn't have a name for it, and this leads windows to reject the dns
>> server. So the trick is to tell bind that it is the primary dns
>> server for the whole 0.168.192.in-addr.arpa zone.
>>
> <snip>
>
> Windows doesn't reject the DNS server, it just says "hmm, funny this DNS
> server doesn't have a reverse lookup for itself". It still gives you the
> address for your server www.linux.org = 198.182.196.56, which it got
> from your Bind DNS system (non-authoritative).
>
> I had a brief look at your zone files (not quite a Bind expert myself)
> and didn't see anything too out of the ordinary. I think PTR records
> should normally be FQDNs though, rather than just hostnames.
>
>

For FQDNs, what domain should I use? And does it matter, given that
this is only for a local network? I can think of several options -
"localdomain", "westcontrol.com" (we own that domain name, which
currently points to an external web/email server but which one day
should point to our network for email, so that we get email directly),
"adsl.hesbynett.no" (where hesbynett.no is our ISP),
"westcontrol.dnsalias.com" (a dynamic dns alias I set up for
convenience), or a purely internal domain name (such as just
"westcontrol") ?

Just for fun, I tried changing the SOA lines in the files I posted to being:
@ IN SOA jupiter. jupiter.westcontrol. (
and the PTR line in db.192.168.0 to
12 IN PTR jupiter.westcontrol.
while leaving the NS lines as just "jupiter."

The result is that windows is quite happy with nslookups. A nslookup
for "jupiter" on windows and linux runs fine, as does a "host jupiter."
(without the trailing dot, the domain "adsl.hesbynett.no" is
automatically added, giving a "does not exist" error). "nslookup" and
"host" fail on "jupiter.westcontrol", so I obviously haven't got
everything perfect as yet.


Thanks for the help so far,

David

> For FQDNs, what domain should I use? And does it matter, given that
> this is only for a local network? I can think of several options -
> "localdomain", "westcontrol.com" (we own that domain name, which
> currently points to an external web/email server but which one day
> should point to our network for email, so that we get email directly),
> "adsl.hesbynett.no" (where hesbynett.no is our ISP),
> "westcontrol.dnsalias.com" (a dynamic dns alias I set up for
> convenience), or a purely internal domain name (such as just
> "westcontrol") ?
>

If you are planning to register a domain in the future, then it would be
a good idea to start using that now. Even better if you registered a
domain, it really doesn't take long to do, and it doesn't cost you much
either, especially if you're happy with a .info or other cheap TLD.

> Just for fun, I tried changing the SOA lines in the files I posted to
> being:
> @ IN SOA jupiter. jupiter.westcontrol. (
> and the PTR line in db.192.168.0 to
> 12 IN PTR jupiter.westcontrol.
> while leaving the NS lines as just "jupiter."
>
> The result is that windows is quite happy with nslookups. A nslookup
> for "jupiter" on windows and linux runs fine, as does a "host jupiter."
> (without the trailing dot, the domain "adsl.hesbynett.no" is
> automatically added, giving a "does not exist" error). "nslookup" and
> "host" fail on "jupiter.westcontrol", so I obviously haven't got
> everything perfect as yet.
>

I think the only problem you're experiencing now is that you have some
hosts that have inconsistant hostname & domainname information hard
coded in them.

Make sure all your unix hosts correctly give the correct domainname when
you run the "domainname -d" command. And make sure that Windows hosts
have %COMPUTERNAME%.domainname as defined in the networking DNS tab for
each network connection.

How this information is set is distribution specific for Linux systems,
you might get more mileage in a distribution specific ng, if you find
this information is inconsistent across your hosts.