BIND named... unknown host
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
These are going to cause you problems because you are only listening on your loopback interfaces; your server will be unavailable to machines other than itself because it is not listening to any external interfaces. Unless you want to block responses on a certain interface, just leave these lines out and BIND will listen on all interfaces by default.
allow-query { localhost; };
recursion yes;
Why are you limiting queries to only localhost if you want this server to serve your local area network? BIND has a built-in ACL "localnets" which matches the immediate local network of each ethernet interface on the server (e.g. if you are have an address of 192.168.1.202 and a netmask of 0xffffff00, "localnets" will include 192.168.1.0/24)
I suggest you instead use:
allow-query { localnets; };
allow-recursion { localnets; };
Start with those changes and if they don't do the trick, do a little debugging using dig. Ping is a fine tool for checking simple connectivity issues, but it's distinctly sub-par for untangling anything complex and DNS-related, which is exactly what dig is meant for. Among other things, if your queries continue to be unsuccessful, dig will tell you (via the return code) in what way they were unsuccessful -- i.e. the server accepted your query but says no such domain name exists (NXDOMAIN), or maybe the server didn't answer you at all (SERVFAIL) Those are two different categories of problem.
Last, but not least, it might help, while debugging, to set up query logging and turn it on and watch what gets logged when you attempt to query the server. BIND's default logging is not meant to drown you in information but if you kick up the logging a bit it will really tell you just about everything that's running through its head (so to speak.) In a large production environment this can have unfortunate performance consequences because of the huge volume of log traffic but in your own home network serving just a few hosts? Go for it!
Related videos on Youtube
Jake Wilson
Updated on September 18, 2022Comments
-
Jake Wilson over 1 year
I have a very basic home network: A CentOS 6.3 server (storage, DNS, httpd, etc), a desktop, several laptops. I was running an old version of CentOS on the server for a long time (5.4 or something) and just recently upgraded it to 6.3 with a clean wipe and fresh install. I'm trying to get BIND/named setup again, but I cannot seem to ping anything. The DNS is only for the local network, so I can access network computers and the server using specific names and CNAMEs for web development.
Server has a static IP:
192.168.1.202
Router (DD-WRT) is the gateway with IP of
192.168.1.1
The server host name is 'augusta' (
cat /etc/hostname
). The domain I've chosen ismylocal
. So the server full hostname would beaugusta.mylocal
. This is how I had it setup with my previous CentOS setup and it worked perfectly.I've been using Webmin to setup BIND. Here are the relevant files:
# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; forwarders { 192.168.1.1; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "mylocal" { type master; file "/var/named/mylocal.hosts"; }; # cat /var/named/mylocal.hosts $ttl 38400 mylocal. IN SOA augusta. admin.augusta.mylocal. ( 1360910107 10800 3600 604800 38400 ) mylocal. IN NS augusta. augusta.mylocal. IN A 192.168.1.202 test.mylocal. IN CNAME augusta
You can see it's a very basic setup. I have
augusta
as the nameserver and atest
CNAME that points toaugusta
.When I apply the BIND configuration in Webmin, the following happens in
/var/log/messages
:Feb 14 23:35:59 augusta named[18602]: received control channel command 'stop' Feb 14 23:35:59 augusta named[18602]: shutting down: flushing changes Feb 14 23:35:59 augusta named[18602]: stopping command channel on 127.0.0.1#953 Feb 14 23:35:59 augusta named[18602]: stopping command channel on ::1#953 Feb 14 23:35:59 augusta named[18602]: no longer listening on 127.0.0.1#53 Feb 14 23:35:59 augusta named[18602]: no longer listening on ::1#53 Feb 14 23:35:59 augusta named[18602]: exiting Feb 14 23:36:02 augusta named[19172]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 -u named -t /var/named/chroot Feb 14 23:36:02 augusta named[19172]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' Feb 14 23:36:02 augusta named[19172]: ---------------------------------------------------- Feb 14 23:36:02 augusta named[19172]: BIND 9 is maintained by Internet Systems Consortium, Feb 14 23:36:02 augusta named[19172]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Feb 14 23:36:02 augusta named[19172]: corporation. Support and training for BIND 9 are Feb 14 23:36:02 augusta named[19172]: available at https://www.isc.org/support Feb 14 23:36:02 augusta named[19172]: ---------------------------------------------------- Feb 14 23:36:02 augusta named[19172]: adjusted limit on open files from 4096 to 1048576 Feb 14 23:36:02 augusta named[19172]: found 4 CPUs, using 4 worker threads Feb 14 23:36:02 augusta named[19172]: using up to 4096 sockets Feb 14 23:36:02 augusta named[19172]: loading configuration from '/etc/named.conf' Feb 14 23:36:02 augusta named[19172]: reading built-in trusted keys from file '/etc/named.iscdlv.key' Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv4 port range: [1024, 65535] Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv6 port range: [1024, 65535] Feb 14 23:36:02 augusta named[19172]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 14 23:36:02 augusta named[19172]: listening on IPv6 interface lo, ::1#53 Feb 14 23:36:02 augusta named[19172]: generating session key for dynamic DNS Feb 14 23:36:02 augusta named[19172]: sizing zone task pool based on 1 zones Feb 14 23:36:02 augusta named[19172]: using built-in DLV key for view _default Feb 14 23:36:02 augusta named[19172]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Feb 14 23:36:02 augusta named[19172]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 127.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: D.F.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.E.F.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 9.E.F.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: A.E.F.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: B.E.F.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Feb 14 23:36:02 augusta named[19172]: command channel listening on 127.0.0.1#953 Feb 14 23:36:02 augusta named[19172]: command channel listening on ::1#953 Feb 14 23:36:02 augusta named[19172]: zone mylocal/IN: loaded serial 1360910107 Feb 14 23:36:02 augusta named[19172]: managed-keys-zone ./IN: loaded serial 215 Feb 14 23:36:02 augusta named[19172]: running Feb 14 23:36:04 augusta named[19172]: received control channel command 'freeze mylocal' Feb 14 23:36:04 augusta named[19172]: freezing zone 'mylocal/IN': success Feb 14 23:36:04 augusta named[19172]: received control channel command 'reload mylocal' Feb 14 23:36:04 augusta named[19172]: received control channel command 'thaw mylocal' Feb 14 23:36:04 augusta named[19172]: thawing zone 'mylocal/IN': success
I don't see anything out of the ordinary there...
My host DNS settings:
# cat /etc/resolve.conf # Generated by NetworkManager search mylocal nameserver 192.168.1.202 nameserver 192.168.1.1
My firewall has port 53
tcp
andudp
open.selinux
is disabled.From the server itself:
[root@augusta log]# ping augusta ping: unknown host augusta [root@augusta log]# ping augusta.mylocal ping: unknown host augusta.mylocal [root@augusta log]# ping test ping: unknown host test [root@augusta log]# ping test.mylocal ping: unknown host test.mylocal
From a Windows 7 computer on the network (w/ static IP of 192.168.1.201):
C:\Windows\system32>ping augusta Ping request could not find host augusta. Please check the name and try again. C:\Windows\system32>ping augusta.mylocal Pinging augusta.mylocal[192.168.1.202] with 32 bytes of data: Reply from 192.168.1.202: bytes=32 time<1ms TTL=64 Reply from 192.168.1.202: bytes=32 time<1ms TTL=64 Reply from 192.168.1.202: bytes=32 time<1ms TTL=64 Reply from 192.168.1.202: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.1.202: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Windows\system32>ping test Ping request could not find host test. Please check the name and try again. C:\Windows\system32>ping test.mylocal Ping request could not find host test.mylocal. Please check the name and try again.
That computers ipconfig:
C:\Windows\system32>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : windoze-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 8C-XX-XX-XX-XX-97 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::xxxx:xxxx:xxxx:bfbc%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : XXXXXXXXX DHCPv6 Client DUID. . . . . . . . : 00-XX-XX-01-18-XX-XX-EA-XX-89-XX-1B-XX-97 DNS Servers . . . . . . . . . . . : 192.168.1.202 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled
I'm really not sure what I'm missing. I'm far from an expert in Linux server admin, BIND or DNS, but the
BIND
setup seems to be very basic. I remember setting this up pretty easily in my previous server's CentOS installation (which was about a 18 months ago). Not sure why it's just not taking this time.If anyone has any clues as to where I should be looking for the problem I would appreciate any pointers. I can also post other relevant info that anyone needs to help troubleshoot the problem.
-
Jake Wilson about 11 yearsAh I did not see that
listen-on
andallow-query
parts. That was the problem after all. What is the difference between those two options? Also, why would CentOS have those options set that way by default? Kind of pointless to make a DNS server if, by default, it only allows queries from itself.... -
Michael McNally about 11 yearsI have no idea why the CentOS defaults might be set that way unless the intention is that there be an explicit configure step that you missed. Concerning the difference between "allow-query" and "allow-recursion" - one permits authoritative queries (for locally stored authoritative zone data, such as your mylocal. zone) while the other permits recursive queries (queries for data not stored locally, that the machine will have to recurse from the DNS root to obtain.) Generally it's not recommended to mix authoritative and recursive functions on the same server but for your LAN it's OK to do both