Local DNS Caching not caching on external interface
Tek Bahadur Limbu
teklimbu at wlink.com.np
Tue Dec 19 23:24:43 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Chad,
Well I am please to inform you that the local DNS caching server is
working fine now.
I had made a mistake in my IPFW rules in the workstations that were
querying the local DNS caching server.
The DNS caching server was indeed sending DNS name look up results but
my workstations were not accepting it.
Anyway, I would like to thank you and all FreeBSD users once again for
your support and help. I will update you all if I face any problems
again.
On Tue, 19 Dec 2006 08:47:48 -0500
"Chad Gross" <avatar4d at gmail.com> wrote:
> On 12/17/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Fri, 15 Dec 2006 08:25:41 -0500
> > "Chad Gross" <avatar4d at gmail.com> wrote:
> >
> > > On 12/15/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
> > > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > On Thu, 14 Dec 2006 08:34:11 -0500
> > > > "Chad Gross" <avatar4d at gmail.com> wrote:
> > > >
> > > > > On 12/14/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
> > > > > >
> > > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > > Hash: SHA1
> > > > > >
> > > > > > On Thu, 14 Dec 2006 01:08:11 -0800
> > > > > > Christopher Cowart <ccowart at rescomp.berkeley.edu> wrote:
> > > > > >
> > > > > > > On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote:
> > > > > > > > Dear All,
> > > > > > > >
> > > > > > > > I am very new to Bind and FreeBSD.
> > > > > > > >
> > > > > > > > I have just configured a Local DNS server using the
> > > > > > > > built-in Bind 9.3.1 on a FreeBSD 5.4 machine.
> > > > > > > >
> > > > > > > > My problem is that the machine can cache queries on the
> > > > > > > > localhost and loop back (127.0.0.1) interface only.
> > > > > > > >
> > > > > > > > I have a public static IP on this machine too and I
> > > > > > > > can't seem to query the caching name server from my
> > > > > > > > local network.
> > > > > > > >
> > > > > > > > In Linux, this is no problem. I just can't seem to get
> > > > > > > > Bind to work as in my local network. It works only on
> > > > > > > > the loopback interface.
> > > > > > >
> > > > > > > The default /etc/namedb/named.conf configuration file for
> > > > > > > BIND says:
> > > > > > >
> > > > > > > | // If named is being used only as a local resolver,
> > > > > > > | this is a safe default. // For named to be accessible
> > > > > > > | to the network, comment this option, specify // the
> > > > > > > | proper IP address, or delete this option. listen-on
> > > > > > > | { 127.0.0.1; };
> > > > > > >
> > > > > > > It looks like if you comment out that option, it will
> > > > > > > listen on * by default. You could also add the other IP
> > > > > > > address on which you want named to listen.
> > > > > > >
> > > > > > > --
> > > > > > > Chris Cowart
> > > > > > > Network and Infrastructure Systems Administrator
> > > > > > > RSSP-IT, UC Berkeley
> > > > > > > "May all your pushes be popped"
> > > > > > >
> > > > > >
> > > > > > Dear Chris,
> > > > > >
> > > > > > Thank you for your help. I did comment and added my public
> > > > > > static IP like the following:
> > > > > >
> > > > > >
> > > > > > listen-on { 202.x.x.x; }; # My Static IP
> > > > > >
> > > > > > Now when I do from my local PC:
> > > > > >
> > > > > > dig yahoo.com @202.x.x.x , I can do DNS lookups.
> > > > > >
> > > > > > But when I try doing that from another computer on my
> > > > > > network, I can't do any DNS lookups.
> > > > > >
> > > > > >
> > > > > > Is that anything that I miss?
> > > > > >
> > > > > >
> > > > > > - --
> > > > > >
> > > > > >
> > > > > > With best regards and good wishes,
> > > > > >
> > > > > > Yours sincerely,
> > > > > >
> > > > > > Tek Bahadur Limbu
> > > > > >
> > > > > > (TAG/TDG Group)
> > > > > > Jwl Systems Department
> > > > > >
> > > > > > Worldlink Communications Pvt. Ltd.
> > > > > >
> > > > > > Jawalakhel, Nepal
> > > > > > -----BEGIN PGP SIGNATURE-----
> > > > > > Version: GnuPG v1.4.2.2 (FreeBSD)
> > > > > >
> > > > > > iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP
> > > > > > +1GxG2uDTfWpgCfTFr1 168ArGMkI0+9Qj/MpzFbmUo=
> > > > > > =p9RV
> > > > > > -----END PGP SIGNATURE-----
> > > > > > _______________________________________________
> > > > >
> > > > >
> > > > >
> > > > > You have to tell the other machines on your network to use
> > > > > the IP of the local DNS server for domain name resolution. If
> > > > > you are using DHCP you can configure your DHCP server to give
> > > > > this information with the IP. Otherwise you must manually do
> > > > > it, which will be different between operating systems.
> > > > >
> > > > > HINT: In FreeBSD add the IP of the DNS server
> > > > > to /etc/resolve.conf
> > > > >
> > > > > Chad
> > > > >
> > > >
> > > >
> > > > Dear Chad,
> > > >
> > > > I just get the following logs while troubleshooting with
> > > > tcpdump.
> > > >
> > > > local nameserver IP: 202.102.5.100
> > > > network PC IP: 202.102.5.50
> > > >
> > > > When I do a nslookup of yahoo and google from network PC using
> > > > the local caching nameserver, I only get this on the caching
> > > > nameserver.
> > > >
> > > > 13:23:58.707604 IP 202.102.5.50.44778 > 202.102.5.100.53: 56955
> > > > + A? google.com. (28)
> > > > 13:23:32.899379 IP 202.102.5.50.40229 > 202.102.5.100.53: 47636
> > > > + A? yahoo.com. (27)
> > > >
> > > >
> > > > Note: Please note that the above Static IPs are just arbitrary
> > > > values.
> > > >
> > > > Can you please shed some light on this issue?
> > > >
> > > > - --
> > > >
> > > >
> > > > With best regards and good wishes,
> > > >
> > > > Yours sincerely,
> > > >
> > > > Tek Bahadur Limbu
> > > >
> > > > (TAG/TDG Group)
> > > > Jwl Systems Department
> > > >
> > > > Worldlink Communications Pvt. Ltd.
> > > >
> > > > Jawalakhel, Nepal
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.2.2 (FreeBSD)
> > > >
> > > > iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e
> > > > fW0ofW8HJYq4RZXuROX7zPw=
> > > > =5Ieg
> > > > -----END PGP SIGNATURE-----
> > > >
> > >
> > > Tek,
> > >
> > > Can you please post your Bind configuration files?
> > >
> > > Have you done a tcpdump or wireshark capture on both machines
> > > while issuing the resolution request? Could you please do that as
> > > well and post the results?
> > >
> > > Chad
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe at freebsd.org"
> > >
> >
> > Hi Chad,
> >
> > I have pasted my named.conf file below:
> >
> >
> > options {
> > directory "/etc/namedb";
> > pid-file "/var/run/named/pid";
> > dump-file "/var/dump/named_dump.db";
> > statistics-file "/var/stats/named.stats";
> >
> > // If named is being used only as a local resolver, this is a safe
> > default. // For named to be accessible to the network, comment this
> > option, specify // the proper IP address, or delete this option.
> > # listen-on { localhost; };
> > listen-on {My.Public.IP;};
> >
> > // If you have IPv6 enabled on this system, uncomment this option
> > for // use as a local resolver. To give access to the network,
> > specify // an IPv6 address, or the keyword "any".
> > // listen-on-v6 { ::1; };
> >
> > // In addition to the "forwarders" clause, you can force your name
> > // server to never initiate queries of its own, but always ask its
> > // forwarders only, by enabling the following line:
> > //
> > // forward only;
> >
> > // If you've got a DNS server around at your upstream provider,
> > enter // its IP address here, and enable the line below. This will
> > make you // benefit from its cache, thus reduce overall DNS traffic
> > in the Internet.
> >
> > forwarders {
> > 202.x.x.x;
> > 202.x.x.x;
> > };
> >
> > /*
> > * If there is a firewall between you and nameservers you
> > want
> > * to talk to, you might need to uncomment the query-source
> > * directive below. Previous versions of BIND always asked
> > * questions using port 53, but BIND versions 8 and later
> > * use a pseudo-random unprivileged UDP port by default.
> > */
> > # query-source address * port 53;
> > };
> >
> >
> > key "dnsbind" {
> > algorithm hmac-md5;
> > secret "da3ss+cKp1po9Uadka0Onadf04Jils+kc=";
> > };
> >
> >
> > controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } keys { "dnsbind"; };
> > };
> >
> >
> > // If you enable a local name server, don't forget to enter
> > 127.0.0.1 // first in your /etc/resolv.conf so this server will be
> > queried. // Also, make sure to enable it in /etc/rc.conf.
> >
> > zone "." {
> > type hint;
> > file "named.root";
> > };
> >
> > zone "0.0.127.IN-ADDR.ARPA" {
> > type master;
> > file "master/localhost.rev";
> > };
> >
> > // RFC 3152
> > zone
> > "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
> > { type
> > master; file "master/localhost-v6.rev";
> > };
> >
> >
> > Do I need to edit and create other config files besides rndc.conf?
> > Please shed some light on this
> >
> > Thanks.
> >
> > - --
> >
> >
> > With best regards and good wishes,
> >
> > Yours sincerely,
> >
> > Tek Bahadur Limbu
>
>
>
> Tek,
>
> I apologize for taking so long to get back to you. I haven't really
> had a chance to look over this in detail yet, but at first glance I
> cannot see anything wrong. Have you managed to get this working yet?
> If so, what was the issue.
>
> Best Wishes,
>
> Chad
>
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)
iD8DBQFFiOGCVrOl+eVhOvYRAsQOAJ0UzXXK028i6ruO9IgPYqf8KkSf9QCfXEe7
Qf6gcmPWtrGJTXtlDLznVZ0=
=eBtJ
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list