[TriLUG] Help with caching dns server
Aaron Joyner
aaron at joyner.ws
Thu Sep 18 09:36:27 EDT 2008
On any given linux box, the /etc/resolv.conf only governs what
commands run from that host will see. BIND does not look at
/etc/resolv.conf for any data used in how to serve DNS responses[1].
Thus, modifying the /etc/resolv.conf on the BIND server will have no
effect on the problem at hand.
In your email, you say "when I dig lmr.gotdns.com @192.168.0.1, it
returns the ip from external not internal." Assuming you used the
config as shown in your earlier email, that's to be expected.
gotdns.com is the external domain, home.linux is the internal domain.
Try running 'dig www.home.linux @192.168.0.1' and you should get the
internal IP address. Another informative command to run would be 'dig
-t axfr home.linux @192.168.0.1', which will perform a zone transfer
of home.linux, and highlight another problem. You put in what BIND
would typically call "out of zone data", by adding entries like
'lmr.gotdns.com' to your zone file, but because you didn't fully
qualify those names (ie. you didn't put a trailing dot on them), BIND
interprets them as relative to the current zone, thus in the zone
transfer you will see an A record for 'lmr.gotdns.com.home.linux' with
the expected IP. You can not use that zone file to re-define the
meaning of the DNS record 'lmr.gotdns.com.'. To quote my original
email:
"""
... you'll need to pick a local domain to use. It *could* be
something externally resolvable, but not messing up the external
resolution of that domain name is beyond the scope of this email.
"""
That is to say, your internal names are only resolvable in the
'home.linux' subdomain. It does not affect other zones recursively
served by your DNS server.
If you want your nameserver to return a "local" IP address for
lmr.gotdns.com, you'll need to define the 'gotdns.com' zone in the
same way you defined the 'home.linux' zone, already. Only entries you
put into the local zone file will be resolvable internally. In other
words, you'd have to define 'www.gotdns.com' to go where ever it does
in the external zone, you wouldn't have the appropriate DNS resolution
for other "clients" of 'gotdns.com', etc. This is very likely *not*
the behavior you want. The behavior I suspect you really want is to
just overload the name 'lmr.gotdns.com' internally, and resolve other
names in the 'gotdns.com' domain from the 'gotdns.com' authoritative
nameservers. To the best of my knowledge, this is not possible with
the standard compile of BIND. You can do it on the client, via
/etc/hosts, but doing it on the server requires breaking the model of
who's authoritative for a given zone, and would very likely result in
unexpected behavior in edge cases, even if you were able to configure
your name server to do it in a limited sense[2].
I'd suggest that you add 'home.linux' to the beginning of the 'search'
string in your client's '/etc/resolv.conf' file, and then typing
'http://www' into your web browser will work as expected. You may
also wish to add entries under 'home.linux' for 'lmr', at which point
you could type in 'http://lmr' and get the desired effect. Of course,
any non-relative link which you click off of 'http://www', ie. a link
that goes to 'http://lmr.gotdns.com', will redirect your traffic again
to the external IP address. Relative links, those such as
'/foo.html', will of course preserve the connected hostname, as the
browser will expand them to 'http://www/foo.html'.
Best of luck, feel free to ask more questions if you have them.
Aaron S. Joyner
1 - I'm over-simplifying... but for purposes of this discussion it's true.
2 - The NS and glue records would likely eventually cause issues for
other nameservers that interact with your nameserver. You could make
it work for the limited case of clients who trust you to do all their
recursive resolution, but my gut instinct is that it'd break some of
the fundamental workings of how BIND looks up and deals with data
internally. The simplest way to implement this would probably be a
very limited DNS proxy in front of BIND, which would just hack up the
RRs you wanted to change.
On Wed, Sep 17, 2008 at 1:44 PM, Roy Vestal <rvestal at trilug.org> wrote:
> Ok...think we're getting somewhere. On the dns server when I dig
> lmr.gotdns.com @192.168.0.1, it returns the ip from external not internal.
>
> do i need adjustments to the dns server /etc/resolv.conf? I thought I
> had to have those pointing to opendns.org?
>
> Aaron Joyner wrote:
>> As Peter Long aludes to, your client may be at fault. You should
>> focus on one piece at a time. Try looking up the name via a command
>> line tool such as host or dig, explicitly specifying the server you
>> wish to task:
>>
>> $ dig www.home.linux @192.168.0.1
>> $ host www.homellinux 192.168.0.1
>>
>> See if these command give you back responses like 192.168.0.1. If
>> they don't, you have a server-based problem. If they do, you have a
>> client based problem.
>>
>> Aaron S. Joyner
>>
>>
>> On Tue, Sep 16, 2008 at 9:48 PM, Roy Vestal <rvestal at trilug.org> wrote:
>>
>>> OK...tried that...something broke. When i ping www or any of the
>>> "websites", the ip assigned me from dyndns.com is returned, not 192.168.0.1.
>>>
>>> In my /etc/named.conf:
>>> <snip>
>>> zone "home.linux" {
>>> type master;
>>> file "home.linux.zone";
>>> };
>>> </snip>
>>>
>>> In my home.linux.zone file:
>>>
>>> $TTL 900
>>> @ IN SOA ns.mydomain.local. my.email.address. (
>>> 200809160 ; serial, todays date + todays serial #
>>> 8H ; refresh, seconds
>>> 2H ; retry, seconds
>>> 4W ; expire, seconds
>>> 900 ) ; minimum, seconds
>>> ;
>>> NS ns ; Inet Address of name server
>>>
>>>
>>> @ IN A 127.0.0.1
>>> ns IN A 192.168.0.1
>>> www IN A 192.168.0.1
>>> royvestal.homelinux.org IN A 192.168.0.1
>>> lmr.gotdns.com IN A 192.168.0.1
>>> rpp.linuxmaniac.net IN A 192.168.0.1
>>>
>>>
>>> Aaron Joyner wrote:
>>>
>>>> The easiest way to do this (with a traditional DNS server, not
>>>> counting dnsmasq, which I know basically nothing about) is to install
>>>> your distributions 'bind9' or 'caching-dns' server package, and point
>>>> your local workstations at it's IP address. That'll get you 90% of
>>>> the way there. For the remainder, you'll need to pick a local domain
>>>> to use. It *could* be something externally resolvable, but not
>>>> messing up the external resolution of that domain name is beyond the
>>>> scope of this email. You then simply need to edit /etc/named.conf (or
>>>> where ever your distribution has the named.conf file, consult your
>>>> package manager), and add a zone entry:
>>>>
>>>> zone "mydomain.local" {
>>>> type master;
>>>> file "db.mydomain.local";
>>>> }
>>>>
>>>> Then you'll need to create a local zone file for mydomain.local. It
>>>> should be created in what ever directory the "options" section of the
>>>> named.conf defines with the "directory" keyword. The zone file should
>>>> have contents similar to this:
>>>> $TTL 900
>>>> @ IN SOA ns.mydomain.local. my.email.address. (
>>>> 200809160 ; serial, todays date + todays serial #
>>>> 8H ; refresh, seconds
>>>> 2H ; retry, seconds
>>>> 4W ; expire, seconds
>>>> 900 ) ; minimum, seconds
>>>> ;
>>>> NS ns ; Inet Address of name server
>>>>
>>>> ns A 1.1.1.1
>>>> www A 1.1.1.1
>>>> laptop1 A 1.1.1.2
>>>> laptop2 A 1.1.1.3
>>>>
>>>> Then at your local shell prompt as root, 'rndc reload'.
>>>> Congratulations, you're now a DNS administrator!
>>>>
>>>> Aaron S. Joyner
>>>>
>>>>
>>>> On Tue, Sep 16, 2008 at 1:54 PM, Roy Vestal <rvestal at trilug.org> wrote:
>>>>
>>>>
>>>>> We have a few machines at the house (a desktop, 2 laptops, etc) that I
>>>>> want to use a local dns server vs the time-warner dns server. I was
>>>>> hoping to add to it, the local IP's of the web server and then add cname
>>>>> (or something similar) to the dns server so that when the machines
>>>>> grabbed dhcp, the dns would supply those so I *wouldn't* have to update
>>>>> /etc/hosts everytime.
>>>>>
>>>>> :)
>>>>>
>>>>> Aaron Joyner wrote:
>>>>>
>>>>>
>>>>>> If you want to use the local IP for local resolution... /etc/hosts is your
>>>>>> friend. If you've got something more complicated in mind, please provide
>>>>>> more details.
>>>>>>
>>>>>> Aaron S. Joyner
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 15, 2008 at 4:37 PM, Roy Vestal <rvestal at trilug.org> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hey guys. I'm trying to figure out how to add the local IP address of my
>>>>>>> webserver to the dns server i just built. I'm using centos 5. The DNS
>>>>>>> server works fine for external entries.
>>>>>>>
>>>>>>> My webserver hosts mutliple virtual dirs with apache.
>>>>>>>
>>>>>>> TIA
>>>>>>> --
>>>>>>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>>>>>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> --
>>>>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questio
>>>>>
>>>>>
>>> --
>>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>
>>>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list