bind9 - unable to resolve external names
EDIT: Now works, but please see comment below.
I have setup bind9 following this tutorial.
I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.
The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.
named.conf.options does specify forwarders.
What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?
Thanks a lot
EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
networking server dns bind
add a comment |
EDIT: Now works, but please see comment below.
I have setup bind9 following this tutorial.
I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.
The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.
named.conf.options does specify forwarders.
What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?
Thanks a lot
EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
networking server dns bind
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
1
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46
add a comment |
EDIT: Now works, but please see comment below.
I have setup bind9 following this tutorial.
I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.
The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.
named.conf.options does specify forwarders.
What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?
Thanks a lot
EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
networking server dns bind
EDIT: Now works, but please see comment below.
I have setup bind9 following this tutorial.
I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server.
named-checkconf and named-checkzone don't give any errors for forward and reverse zones.
The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.
named.conf.options does specify forwarders.
What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?
Thanks a lot
EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
networking server dns bind
networking server dns bind
edited Feb 15 at 13:39
a.cariage
asked Feb 15 at 12:12
a.cariagea.cariage
11
11
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
1
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46
add a comment |
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
1
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
1
1
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46
add a comment |
1 Answer
1
active
oldest
votes
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Config for /etc/named.rcf1912.zones
zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};
EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118499%2fbind9-unable-to-resolve-external-names%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Config for /etc/named.rcf1912.zones
zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};
EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
add a comment |
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Config for /etc/named.rcf1912.zones
zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};
EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
add a comment |
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Config for /etc/named.rcf1912.zones
zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};
EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options {
listen-on port 53 { 127.0.0.1; 192.168.xxx.x; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/16; };
recursion yes;
Forwarders {
208.67.222.123;
8.8.8.8;
200.35.65.4;
};
forward first;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Config for /etc/named.rcf1912.zones
zone "domain.com" IN {
type master;
file "forward.domain.com";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN {
type master;
file "reverse.domain.com";
allow-update { none; };
};
EDIT: To be clear, the aimed purpose of my NS should be to resolve
local requests (aka, make me able to contact LAN machines by names),
but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
edited Feb 15 at 14:02
answered Feb 15 at 13:56
Jorge MansoNJorge MansoN
13
13
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
add a comment |
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
Thanks, well it actually looks like the issue is specific to the OpenDNS servers as adding 8.8.8.8 in the forwarders makes everything work perfectly... But when leaving only OpenDNS servers, DNS resolutions completely fail. I'll ask this question on OpenDNS support forums.
– a.cariage
Feb 15 at 16:32
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118499%2fbind9-unable-to-resolve-external-names%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Ok activating recursion makes the DNS server work but I think it means it's querrying the root servers, is that true ? If yes, how would I tell it to querry a defined DNS server ?
– a.cariage
Feb 15 at 13:39
1
Forwarding is how you configure your server to ask a upstream NS for information. Note that you're running bind9, and should use bind9 syntax.
– vidarlo
Feb 15 at 13:46