Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: how to resolve dns

  1. #11
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hi jason.rgd,

    You wouldn't need to run bind9 in chroot. Try Section 13 "DNS Server" according to "http://www.howtoforge.org/perfect-server-ubuntu8.04-lts-p4" to get bind9 installed and configured. Then follow the wiki entry.

  2. #12
    Join Date
    Jul 2010
    Posts
    19
    Rep Power
    5

    Default

    both the tutorials tell the similar thing that for security purpose bind9 needs to be configured with chroot.... I hope the instructions remain the same across debian 5 and ubuntu.....

  3. #13
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    That is correct. It is better to run chrooted, but can get complicated if you not sure of what you doing. The setup is pretty much the same for both Debian 5 and Ubuntu, but I just found it easier to follow the Ubuntu tutorial. Otherwise, you could look into using myDNS as well... It really makes no difference which DNS system you use, as long as you can split inernal from external.

  4. #14
    Join Date
    Jul 2010
    Posts
    19
    Rep Power
    5

    Default

    I've configured bind to be chrooted and its loggin to syslogd... that is done....

    /var/logs/syslog
    Code:
    Server startup complete. Host name is delsoft.local. Local service cookie is 4256352164.
    Jul 26 13:03:51 delsoft named[2059]: starting BIND 9.6-ESV-R1 -u bind -t /var/lib/named
    Jul 26 13:03:51 delsoft named[2059]: built with '--prefix=/usr' '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var/run/bind' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--enable-ipv6' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -DNS_RUN_PID_DIR=0 -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2' 'FFLAGS=-g -O2'
    Jul 26 13:03:51 delsoft named[2059]: adjusted limit on open files from 1024 to 1048576
    Jul 26 13:03:51 delsoft named[2059]: found 1 CPU, using 1 worker thread
    Jul 26 13:03:51 delsoft named[2059]: using up to 4096 sockets
    Jul 26 13:03:51 delsoft named[2059]: loading configuration from '/etc/bind/named.conf'
    Jul 26 13:03:51 delsoft named[2059]: using default UDP/IPv4 port range: [1024, 65535]
    Jul 26 13:03:51 delsoft named[2059]: using default UDP/IPv6 port range: [1024, 65535]
    Jul 26 13:03:51 delsoft named[2059]: listening on IPv6 interfaces, port 53
    Jul 26 13:03:51 delsoft named[2059]: listening on IPv4 interface lo, 127.0.0.1#53
    Jul 26 13:03:51 delsoft named[2059]: listening on IPv4 interface eth0, 10.0.0.100#53
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 254.169.IN-ADDR.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: D.F.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 8.E.F.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: 9.E.F.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: A.E.F.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: automatic empty zone: B.E.F.IP6.ARPA
    Jul 26 13:03:51 delsoft named[2059]: command channel listening on 127.0.0.1#953
    Jul 26 13:03:51 delsoft named[2059]: command channel listening on ::1#953
    Jul 26 13:03:51 delsoft named[2059]: zone 0.in-addr.arpa/IN: loaded serial 1
    Jul 26 13:03:51 delsoft named[2059]: zone 127.in-addr.arpa/IN: loaded serial 1
    Jul 26 13:03:51 delsoft named[2059]: zone 255.in-addr.arpa/IN: loaded serial 1
    Jul 26 13:03:51 delsoft named[2059]: zone localhost/IN: loaded serial 2

  5. #15
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    So, are you still experiencing the same issues? I've gone back to your original request and I've just realised that perhaps it's your /etc/hosts file? Could you give a printout of that? It should be in the following format:

    127.0.0.1 localhost.localdomain localhost
    192.168.0.1 server.domain.tld server

  6. #16
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by jason.rgd View Post
    both the tutorials tell the similar thing that for security purpose bind9 needs to be configured with chroot.... I hope the instructions remain the same across debian 5 and ubuntu.....
    The words 'security' and 'chroot' don't sit well together in the same sentence, it's not impossible to break out of a chroot jail.

    If you want to run a secure DNS sever then choose a product that's's not BIND and is built ot be secure, BIND isn't. Have a search of the internet or look at PowerDNS - it's free, it's Open Source, it's fast and it is secure.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #17
    Join Date
    Jul 2010
    Posts
    19
    Rep Power
    5

    Default

    @G Williams... I'm behind a NAT router.... so my server ip address is 10.0.0.2 ... I've figured out the thing that you told me a few days ago... But I still get a problem with the MX record after that... @phoenix provided a solution to use the split dns and I was trying to use split dns wiki article... However I've kept this on hold for a few days to cater to other projects...

    @phoenix is power dns easier to configure than bind... will split dns instructions be different for bind than powerdns... wikipedia says power dns doesn't support split horizon which is necessary for my use case...

  8. #18
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by jason.rgd View Post
    @phoenix is power dns easier to configure than bind...
    It is as far as I'm concerned. I use MySQL for the backend and PDNSadmin php application (obviously that requires a web server) to manage the database records, you can even use BIND zonefiles if you're more comfortable with that.

    Quote Originally Posted by jason.rgd View Post
    will split dns instructions be different for bind than powerdns...
    No, the Split DNS instructions are basically the same for any DNS server you install.

    Quote Originally Posted by jason.rgd View Post
    wikipedia says power dns doesn't support split horizon which is necessary for my use case...
    Really? Perhaps they ought to have a word with my PowerDNS server.

    There are two parts to PowerDNS, there's the DNS server itself and a recursor and I have both of them installed on the same server without problems resolving LAN and external addresses.

    The concept of Split DNS (or Split Horizon or whatever you want to call it) is actually very simple, the DNS server resolves LAN IP addresses for your DNS requests and forward any requests that it can't resolve to an external DNS server. If you're behind a NAT router (or a firewall) then your LAN IP addresses must be resolved by a local (i.e. LAN) DNS server (the external servers know nothing about your LAN) so Postfix can resolve it's own IP address. If the instructions for verifying your LAN IP in the Split DNS article return any results other than a LAN IP then there's a configuration error in your DNS - the added proviso that your /etc/hosts file must be correctly formatted and point to your LAN IP. That really is all there is to it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #19
    Join Date
    Jul 2010
    Posts
    19
    Rep Power
    5

    Default

    I"m gonna utilize as much help from this forum in the coming few weeks... thanks phoenix and Gwilliams for the help renedered till now... Will be posting some more doubts in the coming weeks since I've another project at hand right now..

Similar Threads

  1. Replies: 5
    Last Post: 08-28-2009, 10:35 AM
  2. [SOLVED] not able to resolve DNS
    By Arunannamalai in forum Installation
    Replies: 9
    Last Post: 11-20-2008, 04:57 PM
  3. [SOLVED] DNS won't resolve localhost
    By ecobrazim in forum Installation
    Replies: 9
    Last Post: 09-28-2008, 10:31 AM
  4. DNS in a nutshell part two (For dummies)
    By daimer77 in forum Installation
    Replies: 4
    Last Post: 12-18-2006, 06:28 PM
  5. DNS Strategies and Best Practices, and a SLES10 Request
    By LMStone in forum Administrators
    Replies: 4
    Last Post: 10-14-2006, 08:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •