From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 14:14:36 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 095C116A407 for ; Tue, 19 Dec 2006 14:14:36 +0000 (UTC) (envelope-from avatar4d@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1645843CBD for ; Tue, 19 Dec 2006 14:14:24 +0000 (GMT) (envelope-from avatar4d@gmail.com) Received: by nz-out-0506.google.com with SMTP id i11so716298nzh for ; Tue, 19 Dec 2006 06:14:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=WzwazAHNjYq6iaCH+2tu5qQNKJaMT8T4YpvBqK/CCx58QteUToSaFrk2Ma7Th0fu32z0hKSNcLj2cjEI/gDS7gW1neTVy5hMSH2BI4SghAakCZjrRhKansdBa1k8UWU7JBrKeG4qaeieNge8qO3Z1HNDCWjz1QSDrA+Rr605f+Q= Received: by 10.65.23.7 with SMTP id a7mr7159542qbj.1166536068937; Tue, 19 Dec 2006 05:47:48 -0800 (PST) Received: by 10.65.75.14 with HTTP; Tue, 19 Dec 2006 05:47:48 -0800 (PST) Message-ID: <17489c7a0612190547y6822f2a1x180bad0c8240cc4d@mail.gmail.com> Date: Tue, 19 Dec 2006 08:47:48 -0500 From: "Chad Gross" To: "Tek Bahadur Limbu" In-Reply-To: <20061217175630.1049dc31.teklimbu@wlink.com.np> MIME-Version: 1.0 References: <20061214145735.658f44b4.teklimbu@wlink.com.np> <20061214090811.GE18145@rescomp.berkeley.edu> <20061214175501.04c4bcb2.teklimbu@wlink.com.np> <17489c7a0612140534l475bc427l28292e5de8adb098@mail.gmail.com> <20061215134128.d3b94153.teklimbu@wlink.com.np> <17489c7a0612150525v28657c0aib64d14a9b9daf30d@mail.gmail.com> <20061217175630.1049dc31.teklimbu@wlink.com.np> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org, ccowart@rescomp.berkeley.edu Subject: Re: Local DNS Caching not caching on external interface X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 14:14:36 -0000 On 12/17/06, Tek Bahadur Limbu wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 15 Dec 2006 08:25:41 -0500 > "Chad Gross" wrote: > > > On 12/15/06, Tek Bahadur Limbu wrote: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > On Thu, 14 Dec 2006 08:34:11 -0500 > > > "Chad Gross" wrote: > > > > > > > On 12/14/06, Tek Bahadur Limbu wrote: > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > Hash: SHA1 > > > > > > > > > > On Thu, 14 Dec 2006 01:08:11 -0800 > > > > > Christopher Cowart wrote: > > > > > > > > > > > On 14:57 Thu 14 Dec , Tek Bahadur Limbu wrote: > > > > > > > Dear All, > > > > > > > > > > > > > > I am very new to Bind and FreeBSD. > > > > > > > > > > > > > > I have just configured a Local DNS server using the built-in > > > > > > > Bind 9.3.1 on a FreeBSD 5.4 machine. > > > > > > > > > > > > > > My problem is that the machine can cache queries on the > > > > > > > localhost and loop back (127.0.0.1) interface only. > > > > > > > > > > > > > > I have a public static IP on this machine too and I can't > > > > > > > seem to query the caching name server from my local network. > > > > > > > > > > > > > > In Linux, this is no problem. I just can't seem to get Bind > > > > > > > to work as in my local network. It works only on the > > > > > > > loopback interface. > > > > > > > > > > > > The default /etc/namedb/named.conf configuration file for BIND > > > > > > says: > > > > > > > > > > > > | // If named is being used only as a local resolver, this is > > > > > > | a safe default. // For named to be accessible to the > > > > > > | network, comment this option, specify // the proper IP > > > > > > | address, or delete this option. listen-on { 127.0.0.1; }; > > > > > > > > > > > > It looks like if you comment out that option, it will listen > > > > > > on * by default. You could also add the other IP address on > > > > > > which you want named to listen. > > > > > > > > > > > > -- > > > > > > Chris Cowart > > > > > > Network and Infrastructure Systems Administrator > > > > > > RSSP-IT, UC Berkeley > > > > > > "May all your pushes be popped" > > > > > > > > > > > > > > > > Dear Chris, > > > > > > > > > > Thank you for your help. I did comment and added my public > > > > > static IP like the following: > > > > > > > > > > > > > > > listen-on { 202.x.x.x; }; # My Static IP > > > > > > > > > > Now when I do from my local PC: > > > > > > > > > > dig yahoo.com @202.x.x.x , I can do DNS lookups. > > > > > > > > > > But when I try doing that from another computer on my network, I > > > > > can't do any DNS lookups. > > > > > > > > > > > > > > > Is that anything that I miss? > > > > > > > > > > > > > > > - -- > > > > > > > > > > > > > > > With best regards and good wishes, > > > > > > > > > > Yours sincerely, > > > > > > > > > > Tek Bahadur Limbu > > > > > > > > > > (TAG/TDG Group) > > > > > Jwl Systems Department > > > > > > > > > > Worldlink Communications Pvt. Ltd. > > > > > > > > > > Jawalakhel, Nepal > > > > > -----BEGIN PGP SIGNATURE----- > > > > > Version: GnuPG v1.4.2.2 (FreeBSD) > > > > > > > > > > iD8DBQFFgT8ZVrOl+eVhOvYRAn8OAJwOOC6+C8mnY+YBP+1GxG2uDTfWpgCfTFr1 > > > > > 168ArGMkI0+9Qj/MpzFbmUo= > > > > > =p9RV > > > > > -----END PGP SIGNATURE----- > > > > > _______________________________________________ > > > > > > > > > > > > > > > > You have to tell the other machines on your network to use the IP > > > > of the local DNS server for domain name resolution. If you are > > > > using DHCP you can configure your DHCP server to give this > > > > information with the IP. Otherwise you must manually do it, which > > > > will be different between operating systems. > > > > > > > > HINT: In FreeBSD add the IP of the DNS server to /etc/resolve.conf > > > > > > > > Chad > > > > > > > > > > > > > Dear Chad, > > > > > > I just get the following logs while troubleshooting with tcpdump. > > > > > > local nameserver IP: 202.102.5.100 > > > network PC IP: 202.102.5.50 > > > > > > When I do a nslookup of yahoo and google from network PC using the > > > local caching nameserver, I only get this on the caching nameserver. > > > > > > 13:23:58.707604 IP 202.102.5.50.44778 > 202.102.5.100.53: 56955+ A? > > > google.com. (28) > > > 13:23:32.899379 IP 202.102.5.50.40229 > 202.102.5.100.53: 47636+ A? > > > yahoo.com. (27) > > > > > > > > > Note: Please note that the above Static IPs are just arbitrary > > > values. > > > > > > Can you please shed some light on this issue? > > > > > > - -- > > > > > > > > > With best regards and good wishes, > > > > > > Yours sincerely, > > > > > > Tek Bahadur Limbu > > > > > > (TAG/TDG Group) > > > Jwl Systems Department > > > > > > Worldlink Communications Pvt. Ltd. > > > > > > Jawalakhel, Nepal > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.2.2 (FreeBSD) > > > > > > iD8DBQFFglUsVrOl+eVhOvYRAsmMAJ9sb0fGdKiPp89CszMg5dXkvteojQCfdk0e > > > fW0ofW8HJYq4RZXuROX7zPw= > > > =5Ieg > > > -----END PGP SIGNATURE----- > > > > > > > Tek, > > > > Can you please post your Bind configuration files? > > > > Have you done a tcpdump or wireshark capture on both machines while > > issuing the resolution request? Could you please do that as well and > > post the results? > > > > Chad > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > > Hi Chad, > > I have pasted my named.conf file below: > > > options { > directory "/etc/namedb"; > pid-file "/var/run/named/pid"; > dump-file "/var/dump/named_dump.db"; > statistics-file "/var/stats/named.stats"; > > // If named is being used only as a local resolver, this is a safe > default. // For named to be accessible to the network, comment this > option, specify // the proper IP address, or delete this option. > # listen-on { localhost; }; > listen-on {My.Public.IP;}; > > // If you have IPv6 enabled on this system, uncomment this option for > // use as a local resolver. To give access to the network, specify > // an IPv6 address, or the keyword "any". > // listen-on-v6 { ::1; }; > > // In addition to the "forwarders" clause, you can force your name > // server to never initiate queries of its own, but always ask its > // forwarders only, by enabling the following line: > // > // forward only; > > // If you've got a DNS server around at your upstream provider, enter > // its IP address here, and enable the line below. This will make you > // benefit from its cache, thus reduce overall DNS traffic in the > Internet. > > forwarders { > 202.x.x.x; > 202.x.x.x; > }; > > /* > * If there is a firewall between you and nameservers you want > * to talk to, you might need to uncomment the query-source > * directive below. Previous versions of BIND always asked > * questions using port 53, but BIND versions 8 and later > * use a pseudo-random unprivileged UDP port by default. > */ > # query-source address * port 53; > }; > > > key "dnsbind" { > algorithm hmac-md5; > secret "da3ss+cKp1po9Uadka0Onadf04Jils+kc="; > }; > > > controls { > inet 127.0.0.1 port 953 > allow { 127.0.0.1; } keys { "dnsbind"; }; > }; > > > // If you enable a local name server, don't forget to enter 127.0.0.1 > // first in your /etc/resolv.conf so this server will be queried. > // Also, make sure to enable it in /etc/rc.conf. > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > file "master/localhost.rev"; > }; > > // RFC 3152 > zone > "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" > { type > master; file "master/localhost-v6.rev"; > }; > > > Do I need to edit and create other config files besides rndc.conf? > Please shed some light on this > > Thanks. > > - -- > > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu Tek, I apologize for taking so long to get back to you. I haven't really had a chance to look over this in detail yet, but at first glance I cannot see anything wrong. Have you managed to get this working yet? If so, what was the issue. Best Wishes, Chad