bind9 - unable to resolve external names












0















EDIT: Now works, but please see comment below.



I have setup bind9 following this tutorial.



I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.



The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.



named.conf.options does specify forwarders.



What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?



Thanks a lot



EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.










share|improve this question

























  • Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

    – a.cariage
    Feb 15 at 13:39






  • 1





    Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

    – vidarlo
    Feb 15 at 13:46
















0















EDIT: Now works, but please see comment below.



I have setup bind9 following this tutorial.



I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.



The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.



named.conf.options does specify forwarders.



What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?



Thanks a lot



EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.










share|improve this question

























  • Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

    – a.cariage
    Feb 15 at 13:39






  • 1





    Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

    – vidarlo
    Feb 15 at 13:46














0












0








0








EDIT: Now works, but please see comment below.



I have setup bind9 following this tutorial.



I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.



The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.



named.conf.options does specify forwarders.



What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?



Thanks a lot



EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.










share|improve this question
















EDIT: Now works, but please see comment below.



I have setup bind9 following this tutorial.



I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.



The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.



named.conf.options does specify forwarders.



What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?



Thanks a lot



EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.







networking server dns bind






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 15 at 13:39







a.cariage

















asked Feb 15 at 12:12









a.cariagea.cariage

11




11













  • Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

    – a.cariage
    Feb 15 at 13:39






  • 1





    Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

    – vidarlo
    Feb 15 at 13:46



















  • Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

    – a.cariage
    Feb 15 at 13:39






  • 1





    Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

    – vidarlo
    Feb 15 at 13:46

















Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

– a.cariage
Feb 15 at 13:39





Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?

– a.cariage
Feb 15 at 13:39




1




1





Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

– vidarlo
Feb 15 at 13:46





Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.

– vidarlo
Feb 15 at 13:46










1 Answer
1






active

oldest

votes


















0














ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.



Named.conf basic file:



options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Config for /etc/named.rcf1912.zones



zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};



EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.




To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"






share|improve this answer


























  • Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

    – a.cariage
    Feb 15 at 16:32











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118499%2fbind9-unable-to-resolve-external-names%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.



Named.conf basic file:



options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Config for /etc/named.rcf1912.zones



zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};



EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.




To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"






share|improve this answer


























  • Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

    – a.cariage
    Feb 15 at 16:32
















0














ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.



Named.conf basic file:



options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Config for /etc/named.rcf1912.zones



zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};



EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.




To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"






share|improve this answer


























  • Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

    – a.cariage
    Feb 15 at 16:32














0












0








0







ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.



Named.conf basic file:



options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Config for /etc/named.rcf1912.zones



zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};



EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.




To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"






share|improve this answer















ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.



Named.conf basic file:



options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


Config for /etc/named.rcf1912.zones



zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};



EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.




To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"







share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 15 at 14:02

























answered Feb 15 at 13:56









Jorge MansoNJorge MansoN

13




13













  • Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

    – a.cariage
    Feb 15 at 16:32



















  • Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

    – a.cariage
    Feb 15 at 16:32

















Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

– a.cariage
Feb 15 at 16:32





Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.

– a.cariage
Feb 15 at 16:32


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118499%2fbind9-unable-to-resolve-external-names%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

Mangá

Eduardo VII do Reino Unido