Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53;
allow-query { localhost; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0
Miguel A. Velasco wrote / napísal(a):
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable
port // randomization // query-source port 53; // query-source-v6 port 53;
allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0
Miguel A. Velasco wrote / napísal(a):
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable
port // randomization // query-source port 53; // query-source-v6 port 53;
allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Romeo Ninov escribió:
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0
Thanks Romeo, I´ve also tried it but doen´t work. Miguel A. Velasco
Miguel A. Velasco wrote / napísal(a):
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable
port // randomization // query-source port 53; // query-source-v6 port 53;
allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
But do you have this IP on your machine? You should set IP from your machine, not IP in general!!!
Miguel A. Velasco wrote / napísal(a):
Romeo Ninov escribió:
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0
Thanks Romeo, I´ve also tried it but doen´t work. Miguel A. Velasco
Miguel A. Velasco wrote / napísal(a):
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they
disable port // randomization // query-source port 53; // query-source-v6 port 53;
allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Miguel A. Velasco ha scritto:
I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; };
Hi Miguel, you have to edit the allow-query line to allow queries from other host (I have any there, not localhost) I'm not sure about the syntax but I guess you could try to put 10.10.80.* or 10.10.80.0/24 there to allow queries from you network
Also remove "10.10.80.0;" from listen-on port as it isn't needed (here you can specify addresses if your server is multi-homed and you want it to listen only on some interfaces)
-- Regards
Lorenzo Quatrini
Lorenzo Quatrini escribió:
Hi Miguel, you have to edit the allow-query line to allow queries from other host (I have any there, not localhost) I'm not sure about the syntax but I guess you could try to put 10.10.80.* or 10.10.80.0/24 there to allow queries from you network
Also remove "10.10.80.0;" from listen-on port as it isn't needed (here you can specify addresses if your server is multi-homed and you want it to listen only on some interfaces)
Hi all, thanks for your help. Your answer Lorenzo sent me to investigate (through Google) in an different way. The result has been as follow: cat /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any ; }; forwarders { 195.235.113.3; 195.235.96.90; }; forward only; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; any; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
I´ve jus changed: listen-on port 53 { 127.0.0.1; any; }; match-clients { localhost; any; }; And It works porperly in all the clients!
I´ve also tried to define an acl and define these paramas as follor:
acl "my_company" { 127.0.0.1; 10.10.80.0/24; }; ............................ listen-on port 53 { 127.0.0.1; my_companya; }; ............................ match-clients { localhost; my_company; };
An it also works with more security.
Thanks very much for your help! Miguel A. Velasco
try this
listen-on port 53 { 0.0.0.0; };
On Thu, 2008-08-28 at 12:28 +0200, Lorenzo Quatrini wrote:
Miguel A. Velasco ha scritto:
I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; };
Hi Miguel, you have to edit the allow-query line to allow queries from other host (I have any there, not localhost) I'm not sure about the syntax but I guess you could try to put 10.10.80.* or 10.10.80.0/24 there to allow queries from you network
Also remove "10.10.80.0;" from listen-on port as it isn't needed (here you can specify addresses if your server is multi-homed and you want it to listen only on some interfaces)
-- Regards
Lorenzo Quatrini _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Guys. I installed BIND 9.3.3rc2 straight off the CentOS 5.1 CDs. By default the /var/named/chroot is empty, so all I did was copy the cp -R /usr/share/doc/bind-9.3.3/sample/* /var/named/chroot/ and it inserts a working set of files. Editing /var/named/chroot/etc/named.conf shows a sample setup that listens on all interfaces (which is why I set up the firewall first to block all interfaces) and has 3 views (localhost_resolver, internal and external) Then it is a simple matter to set up forwarders in the options section for caching and off you go. Further tweaking should allow you to restrict the interfaces and adding zones (master/slave/forward) into the appropriate views will allow resolving of internal or domains hosted by the server.
By default there is no "listen-on port" option in the sample file, so it listens on the default port (53) on all interfaces.
HTH Regards, Andrew.
On Thu, Aug 28, 2008 at 11:23 AM, Miguel A. Velasco < miguel.suscripcion@gmail.com> wrote:
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, Aug 28, 2008 at 8:10 AM, Spook ZA spookza@gmail.com wrote:
Hi Guys. I installed BIND 9.3.3rc2 straight off the CentOS 5.1 CDs. By default the /var/named/chroot is empty, so all I did was copy the cp -R /usr/share/doc/bind-9.3.3/sample/* /var/named/chroot/ and it inserts a working set of files. Editing /var/named/chroot/etc/named.conf shows a sample setup that listens on all interfaces (which is why I set up the firewall first to block all interfaces) and has 3 views (localhost_resolver, internal and external) Then it is a simple matter to set up forwarders in the options section for caching and off you go. Further tweaking should allow you to restrict the interfaces and adding zones (master/slave/forward) into the appropriate views will allow resolving of internal or domains hosted by the server.
By default there is no "listen-on port" option in the sample file, so it listens on the default port (53) on all interfaces.
HTH Regards, Andrew.
Thanks for the tip ... i knew there had to be an easier way!
On Thu, Aug 28, 2008 at 11:23 AM, Miguel A. Velasco < miguel.suscripcion@gmail.com> wrote:
Hello all,
I´ve installed a proxy Squid in my gateway and a Cache DNS Server with bind. The problem is the server is only resolving is own querys but not the client queries from my company. When I do: $service named start I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot found 1 CPU, using 1 worker thread loading configuration from '/etc/named.conf' listening on IPv6 interface lo, ::1#53 listening on IPv4 interface lo, 127.0.0.1#53 command channel listening on 127.0.0.1#953 command channel listening on ::1#953 zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700 zone localdomain/IN/localhost_resolver: loaded serial 42 zone localhost/IN/localhost_resolver: loaded serial 42 running
I don´t understand why is only "listening on IPv4 interface lo, 127.0.0.1#53" I have bind-chroot installed with the following options in /etc/named.conf:
options { listen-on port 53 { 127.0.0.1; 10.10.80.0; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port // randomization // query-source port 53; // query-source-v6 port 53; allow-query { localhost; };
}; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view localhost_resolver { match-clients { localhost; }; match-destinations { localhost; }; recursion yes; include "/etc/named.rfc1912.zones"; };
Where 10.10.80.0 is my network range. What may I do my server really listen for all my network? Nowadays it´s listenning just itself ....
Thanks very much for your attention. Miguel A. Velasco
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos