Local DNS Caching not caching on external interface

Chad Gross avatar4d at gmail.com
Tue Dec 19 06:14:36 PST 2006


On 12/17/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 15 Dec 2006 08:25:41 -0500
> "Chad Gross" <avatar4d at gmail.com> wrote:
>
> > On 12/15/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Thu, 14 Dec 2006 08:34:11 -0500
> > > "Chad Gross" <avatar4d at gmail.com> wrote:
> > >
> > > > On 12/14/06, Tek Bahadur Limbu <teklimbu at wlink.com.np> wrote:
> > > > >
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > On Thu, 14 Dec 2006 01:08:11 -0800
> > > > > Christopher Cowart <ccowart at rescomp.berkeley.edu> wrote:
> > > > >
> > > > > > On 14:57 Thu 14 Dec     , Tek Bahadur Limbu wrote:
> > > > > > > Dear All,
> > > > > > >
> > > > > > > I am very new to Bind and FreeBSD.
> > > > > > >
> > > > > > > I have just configured a Local DNS server using the built-in
> > > > > > > Bind 9.3.1 on a FreeBSD 5.4 machine.
> > > > > > >
> > > > > > > My problem is that the machine can cache queries on the
> > > > > > > localhost and loop back (127.0.0.1) interface only.
> > > > > > >
> > > > > > > I have a public static IP on this machine too and I can't
> > > > > > > seem to query the caching name server from my local network.
> > > > > > >
> > > > > > > In Linux, this is no problem. I just can't seem to get Bind
> > > > > > > to work as in my local network. It works only on the
> > > > > > > loopback interface.
> > > > > >
> > > > > > The default /etc/namedb/named.conf configuration file for BIND
> > > > > > says:
> > > > > >
> > > > > > | // If named is being used only as a local resolver, this is
> > > > > > | a safe default. // For named to be accessible to the
> > > > > > | network, comment this option, specify // the proper IP
> > > > > > | address, or delete this option. listen-on   { 127.0.0.1; };
> > > > > >
> > > > > > It looks like if you comment out that option, it will listen
> > > > > > on * by default. You could also add the other IP address on
> > > > > > which you want named to listen.
> > > > > >
> > > > > > --
> > > > > > Chris Cowart
> > > > > > Network and Infrastructure Systems Administrator
> > > > > > RSSP-IT, UC Berkeley
> > > > > > "May all your pushes be popped"
> > > > > >
> > > > >
> > > > > Dear Chris,
> > > > >
> > > > > Thank you for your help. I did comment and added my public
> > > > > static IP like the following:
> > > > >
> > > > >
> > > > > listen-on       { 202.x.x.x; }; # My Static IP
> > > > >
> > > > > Now when I do from my local PC:
> > > > >
> > > > > dig yahoo.com @202.x.x.x , I can do DNS lookups.
> > > > >
> > > > > But when I try doing that from another computer on my network, I
> > > > > can't do any DNS lookups.
> > > > >
> > > > >
> > > > > Is that anything that I miss?
> > > > >
> > > > >
> > > > > - --
> > > > >
> > > > >
> > > > > With best regards and good wishes,
> > > > >
> > > > > Yours sincerely,
> > > > >
> > > > > Tek Bahadur Limbu
> > > > >
> > > > > (TAG/TDG Group)
> > > > > Jwl Systems Department
> > > > >
> > > > > Worldlink Communications Pvt. Ltd.
> > > > >
> > > > > Jawalakhel, Nepal
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v1.4.2.2 (FreeBSD)
> > > > >
> > > > > iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1
> > > > > 168ArGMkI0+9Qj/MpzFbmUo=
> > > > > =p9RV
> > > > > -----END PGP SIGNATURE-----
> > > > > _______________________________________________
> > > >
> > > >
> > > >
> > > > You have to tell the other machines on your network to use the IP
> > > > of the local DNS server for domain name resolution. If you are
> > > > using DHCP you can configure your DHCP server to give this
> > > > information with the IP. Otherwise you must manually do it, which
> > > > will be different between operating systems.
> > > >
> > > > HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf
> > > >
> > > > Chad
> > > >
> > >
> > >
> > > Dear Chad,
> > >
> > > I just get the following logs while troubleshooting with tcpdump.
> > >
> > > local nameserver IP: 202.102.5.100
> > > network PC IP: 202.102.5.50
> > >
> > > When I do a nslookup of yahoo and google from network PC using the
> > > local caching nameserver, I only get this on the caching nameserver.
> > >
> > > 13:23:58.707604 IP 202.102.5.50.44778 > 202.102.5.100.53:  56955+ A?
> > > google.com. (28)
> > > 13:23:32.899379 IP 202.102.5.50.40229 > 202.102.5.100.53:  47636+ A?
> > > yahoo.com. (27)
> > >
> > >
> > > Note: Please note that the above Static IPs are just arbitrary
> > > values.
> > >
> > > Can you please shed some light on this issue?
> > >
> > > - --
> > >
> > >
> > > With best regards and good wishes,
> > >
> > > Yours sincerely,
> > >
> > > Tek Bahadur Limbu
> > >
> > > (TAG/TDG Group)
> > > Jwl Systems Department
> > >
> > > Worldlink Communications Pvt. Ltd.
> > >
> > > Jawalakhel, Nepal
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.2.2 (FreeBSD)
> > >
> > > iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e
> > > fW0ofW8HJYq4RZXuROX7zPw=
> > > =5Ieg
> > > -----END PGP SIGNATURE-----
> > >
> >
> > Tek,
> >
> > Can you please post your Bind configuration files?
> >
> > Have you done a tcpdump or wireshark capture on both machines while
> > issuing the resolution request? Could you please do that as well and
> > post the results?
> >
> > Chad
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> >
>
> Hi Chad,
>
> I have pasted my named.conf file below:
>
>
> options {
>         directory       "/etc/namedb";
>         pid-file        "/var/run/named/pid";
>         dump-file       "/var/dump/named_dump.db";
>         statistics-file "/var/stats/named.stats";
>
> // If named is being used only as a local resolver, this is a safe
> default. // For named to be accessible to the network, comment this
> option, specify // the proper IP address, or delete this option.
> #       listen-on       { localhost; };
>         listen-on       {My.Public.IP;};
>
> // If you have IPv6 enabled on this system, uncomment this option for
> // use as a local resolver.  To give access to the network, specify
> // an IPv6 address, or the keyword "any".
> //      listen-on-v6    { ::1; };
>
> // In addition to the "forwarders" clause, you can force your name
> // server to never initiate queries of its own, but always ask its
> // forwarders only, by enabling the following line:
> //
> //      forward only;
>
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below.  This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the
> Internet.
>
>         forwarders {
>                 202.x.x.x;
>                 202.x.x.x;
>         };
>
>         /*
>          * If there is a firewall between you and nameservers you want
>          * to talk to, you might need to uncomment the query-source
>          * directive below.  Previous versions of BIND always asked
>          * questions using port 53, but BIND versions 8 and later
>          * use a pseudo-random unprivileged UDP port by default.
>          */
> # query-source address * port 53;
> };
>
>
> key "dnsbind" {
>         algorithm hmac-md5;
>         secret "da3ss+cKp1po9Uadka0Onadf04Jils+kc=";
> };
>
>
> controls {
>       inet 127.0.0.1 port 953
>               allow { 127.0.0.1; } keys { "dnsbind"; };
> };
>
>
> // If you enable a local name server, don't forget to enter 127.0.0.1
> // first in your /etc/resolv.conf so this server will be queried.
> // Also, make sure to enable it in /etc/rc.conf.
>
> zone "." {
>         type hint;
>         file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
>         type master;
>         file "master/localhost.rev";
> };
>
> // RFC 3152
> zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
> { type
> master; file "master/localhost-v6.rev";
> };
>
>
> Do I need to edit and create other config files besides rndc.conf?
> Please shed some light on this
>
> Thanks.
>
> - --
>
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu



Tek,

I apologize for taking so long to get back to you. I haven't really had a
chance to look over this in detail yet, but at first glance I cannot see
anything wrong. Have you managed to get this working yet? If so, what was
the issue.

Best Wishes,

Chad


More information about the freebsd-questions mailing list