[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: ;BIND DUMP V8 $ORIGIN 10.10.IN-ADDR.ARPA. 0 3600IN SOA baikal.iproducts.test. root.baikal.iproducts.test. ( 20050421 3600 900 360 3600 );Cl=5 3600IN NS baikal.iproducts.test. ;Cl=5 $ORIGIN 0.10.10.IN-ADDR.ARPA. 2 3600IN PTR volga.iproducts.test. ;Cl=5 1 3600IN PTR baikal.iproducts.test. ;Cl=5 3 3600IN PTR g40.iproducts.test. ;Cl=5 ;10 3600IN PTR wisla.iproducts.test. ;Cl=5 [...] Jo Are Rosland [EMAIL PROTECTED]:writes: Hmm. I guess you could try to define the zone 168.192.in-addr.arpa instead. Then you'd have this in named.conf: zone 168.192.in-addr.arpa IN \ { type master; file pri/168.192.zone; notify no; }; While both of these suggestions work and both were very helpfull in helping me gain some more detailed knowledge of the working of bind I got a suggestion on the bind newsgroup where I also had a thread on this subject that is much simpler than either way discussed in this thread. Both of you spotted this error in db.192.168.1 IN NS reader needed to say IN NS reader.local.lan. Then with this further change: From: 192.168.1.2 IN PTRrdmz.local.lan. 192.168.1.1 IN PTRfwdmz.local.lan. to 2 IN PTRrdmz.local.lan. 1 IN PTRfwdmz.local.lan. The whole file: From this db.192.168.1 8 === $TTL 1D @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader ; ; Addresses point to canonical names ; 192.168.1.2 IN PTRrdmz.local.lan. 192.168.1.1 IN PTRfwdmz.local.lan. To this db.192.168.1 8 === $TTL 1D @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader.local.lan. ; ; Addresses point to canonical names ; 2 IN PTRrdmz.local.lan. 1 IN PTRfwdmz.local.lan. Just those small changes is all that was needed for the setup to work with no errors and nslookup knows about all hostnames both alpha and numeric. The more far reaching changes discussed in this thread were not necessary. dig -x 192.168.1 any (Without implimenting Jo Are suggestions about hostnaming in db.local.lan (which are now implemented ... thanks Jo) Now shows the expected results. ; DiG 9.3.2 -x 192.168.1 any ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 59543 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.168.192.in-addr.arpa.IN ANY ;; ANSWER SECTION: 1.168.192.in-addr.arpa. 86400 IN SOA reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400 1.168.192.in-addr.arpa. 86400 IN NS reader.local.lan. ;; ADDITIONAL SECTION: reader.local.lan. 86400 IN A 192.168.1.2 reader.local.lan. 86400 IN A 192.168.0.4 ;; Query time: 11 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Mar 6 08:45:20 2006 ;; MSG SIZE rcvd: 145 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
;BIND DUMP V8 $ORIGIN 10.10.IN-ADDR.ARPA. 0 3600IN SOA baikal.iproducts.test. root.baikal.iproducts.test. ( Alexander, I meant to ask in my reply what the 3600 is all about? My study of DNS and Bind hasn't discussed that field yet. Each RR can have a TTL as the second field in the RR, which will control how long other servers can cache the it. The file looks this way after being updated by dhcpd:) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
Here's a reverse zone file for my home network. It's 10.10.0/24 but you'll figure out how to tailor this to your needs. Yikes I promised to post my reverse file based on your example and then mailed my response without including it. You saw the failure: nslookup 192.168.1.2 Server: 127.0.0.1 Address:127.0.0.1#53 ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN Here is the zone file: db.192.168.1 $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. 4 IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader $ORIGIN 1.168.192.IN-ADDR.ARPA. ; ; Addresses point to canonical names ; 2 IN PTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. What's in your named.conf? Should be something like this: zone local.lan IN { ... }; zone 0.168.192.in-addr.arpa IN { ... }; zone 1.168.192.in-addr.arpa IN { ... }; -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: What's in your named.conf? Should be something like this: zone local.lan IN { ... }; zone 0.168.192.in-addr.arpa IN { ... }; zone 1.168.192.in-addr.arpa IN { ... }; options { directory /var/bind; listen-on-v6 { none; }; listen-on { LOCALHOST; }; listen-on { LOCALNETS; }; pid-file /var/run/named/named.pid; }; zone . IN { type hint; file named.ca; }; zone 0.0.127.in-addr.arpa IN { type master; file pri/db.127.0.0; allow-update { none; }; notify no; }; zone local.lan IN { type master; file pri/db.local.lan; }; zone 0.168.192.in-addr.arpa IN { type master; file pri/db.192.168.0; }; zone 1.168.192.in-addr.arpa IN { type master; file pri/db.192.168.1; }; This looks right to me... is it? -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Jo Are Rosland [EMAIL PROTECTED] writes: - Where names are used -- eg. the 'key' field of an 'IN A' entry, or the 'value' field of an 'IN PTR' entry -- you may specify the full name by ending it with a '.'. Names with no '.' at the end have the origin appended. Now, if you look at your 'IN NS' line (which specifies the authorative name server for your reverse domain), it translates into: key ttl class type value 1.168.192.in-addr.arpa. 1DIN NS reader.1.168.192.in-addr.arpa. Which is not what you want. Instead, try the following line: IN NS reader.local.lan. I see what you mean. However, I think your response was to the first example reverse zone posted and not the one that tries to follow AlexanderK's example. I made the same mistake in the next posted example and have now corrected that. In addition, 'reader' should have an 'IN A' entry in the 'local.lan' zone file. Yes, I've now posted that file too. But apparently my db.192.168.1 as it now stands still has serious errors. Following Alexanders example I tried to redefine $ORIGIN near the top since as you point out `@' contains whatever is in named.conf to start. $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT ;;THE SOA line won't be rejected for being `out of zone' @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ;;; $ORIGIN shoud still hold here RIGHT? INNSreader.local.lan. ;; CORRECTED no uses Canonical form $ORIGIN 1.168.192.IN-ADDR.ARPA. ;; RESET to handle 192.168.1 ; ; Addresses point to canonical names ; 2 INPTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. = The above db.192.168.1 is largely rejected (ignored) Mar 5 07:12:12 reader named[9429]: pri/db.192.168.1:3: ignoring out-of-zone data (0.168.192.IN-ADDR.ARPA) Mar 5 07:12:12 reader named[9429]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records Mar 5 07:12:12 reader named[9429]: zone 1.168.192.in-addr.arpa/IN: has no NS records Changing it to: $ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT ;;THE SOA line won't be rejected for being `out of zone' IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial Removing the preceeding `@' completely ... it seem then the defined $ORIGIN would be used. Gets rejected too: = Mar 5 07:26:41 reader named[10186]: pri/db.192.168.1:3: no current owner name Mar 5 07:26:41 reader named[10186]: zone 1.168.192.in-addr.arpa/IN: loading master file pri/db.192.168.1: no owner Trying the full notation then: $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. lan.local.IN-ADDR.ARPA.IN SOA reader.local.lan. reader.reader.local.lan. ( Mar 5 07:28:41 reader named[10308]: pri/db.192.168.1:3: ignoring out-of-zone data (lan.local.IN-ADDR.ARPA) Mar 5 07:28:41 reader named[10308]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records Mar 5 07:28:41 reader named[10308]: zone 1.168.192.in-addr.arpa/IN: has no NS records === clearly I'm missing something important here.. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: What's in your named.conf? Should be something like this: Just posted a few minutes ago... but I noticed I wasn't really following your example thoroughly. Now trying this db.192.168.1 Still fails miserably: $TTL 1D $ORIGIN 168.192.IN-ADDR.ARPA. 0 IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) $ORIGIN 0.168.192.IN-ADDR.ARPA. ; 4 IN NS reader.local.lan. $ORIGIN 1.168.192.IN-ADDR.ARPA. ; ; Addresses point to canonical names ; 2 IN PTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. === 8 snip === Produces theses log lines: Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring out-of-zone data (0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring out-of-zone data (4.0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has no NS records -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
What's in your named.conf? Should be something like this: Just posted a few minutes ago... but I noticed I wasn't really following your example thoroughly. Now trying this db.192.168.1 Still fails miserably: $TTL 1D $ORIGIN 168.192.IN-ADDR.ARPA. 0 IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) $ORIGIN 0.168.192.IN-ADDR.ARPA. ; 4 IN NS reader.local.lan. You don't need 4 at the start of the line $ORIGIN 1.168.192.IN-ADDR.ARPA. ; ; Addresses point to canonical names ; 2 IN PTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. === 8 snip === Produces theses log lines: Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring out-of-zone data (0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring out-of-zone data (4.0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has no NS records Make it 2 separate files for each of the reverse zones. Each with its own SOA record. Emerge bind with doc flag and read into Adminstrators Reference Manual -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: What's in your named.conf? Should be something like this: Just posted a few minutes ago... but I noticed I wasn't really following your example thoroughly. Now trying this db.192.168.1 Still fails miserably: $TTL 1D $ORIGIN 168.192.IN-ADDR.ARPA. 0IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) $ORIGIN 0.168.192.IN-ADDR.ARPA. ; 4IN NS reader.local.lan. You don't need 4 at the start of the line $ORIGIN 1.168.192.IN-ADDR.ARPA. ; ; Addresses point to canonical names ; 2IN PTR rdmz.local.lan. 1INPTR fwdmz.local.lan. === 8 snip === Produces theses log lines: Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:3: ignoring out-of-zone data (0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: pri/db.192.168.1:14: ignoring out-of-zone data (4.0.168.192.IN-ADDR.ARPA) Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has 0 SOA records Mar 5 07:35:06 reader named[10615]: zone 1.168.192.in-addr.arpa/IN: has no NS records Make it 2 separate files for each of the reverse zones. Each with its own SOA record. Emerge bind with doc flag and read into Adminstrators Reference Manual What is the significance of the zero here: $ORIGIN 168.192.IN-ADDR.ARPA. 0IN SOA reader.local.lan. reader.reader.local.lan. ( ^^^ -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
On 05.03, Harry Putnam wrote: Following Alexanders example I tried to redefine $ORIGIN near the top since as you point out `@' contains whatever is in named.conf to start. $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. ;; RESET ORIGIN HERE SO THAT ;;THE SOA line won't be rejected for being `out of zone' @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ;;; $ORIGIN shoud still hold here RIGHT? INNSreader.local.lan. ;; CORRECTED no uses Canonical form $ORIGIN 1.168.192.IN-ADDR.ARPA. ;; RESET to handle 192.168.1 ; ; Addresses point to canonical names ; 2 INPTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. Hmm. I guess you could try to define the zone 168.192.in-addr.arpa instead. Then you'd have this in named.conf: zone 168.192.in-addr.arpa IN { type master; file pri/168.192.zone; notify no; }; And in pri/168.192.zone: @ IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) IN NS reader.local.lan. 1.0 IN PTR fwdmz.local.lan. 2.0 IN PTR rdmz.local.lan. 1.1 IN PTR a.local.lan. ; whatever: some host name in 192.168.1.0/24 2.1 IN PTR b.local.lan. ; whatever: some host name in 192.168.1.0/24 $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. lan.local.IN-ADDR.ARPA.IN SOA reader.local.lan. reader.reader.local.lan. ( This is definitely wrong: - the 'IN SOA' entry should have the origin as key - it doesn't make any sense to use anything but reverse IP network addresses off the in-addr.arpa domain It should not be necessary to set the $ORIGIN to the same value you defined in the named.conf file. If you try to put two zones inside one file, as you do in your reverse zone, in addition to redefining $ORIGIN, you need to put in an additional 'IN SOA' entry. I believe the missing 'IN SOA' for your second reverse zone is the reason bind complains about 'no owner'. And again: it's really no reason why you can't put all of this into one zone instead. -- Jo. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: Make it 2 separate files for each of the reverse zones. Each with its own SOA record. Emerge bind with doc flag and read into Adminstrators Reference Manual Do you have any idea where it can be found following: USE=doc emerge -v bind? equery files bind Doesn't show anything like that. Further downloading and building the tar.gz doesn't turn up such a reference manual either. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Jo Are Rosland [EMAIL PROTECTED] writes: And again: it's really no reason why you can't put all of this into one zone instead. H... that was what I needed. Many thanks for hanging in there. I managed to confuse myself quite a lot on this. I thought to do that (go up one level and use 1 reverse file. db.192.168) it meant I needed to set up the domain that way to. That is, use 192.168/16 addressing for my domain local.lan. So all lan netmasks become 255.255.0.0. And I had found that is a very complicated way to set things up. Also leads to prolems with each machine (the ones with 2 nics) not knowing who is supposed to do what. Then requiring speciallized routes to be set so 192.168.1.1 knows to call 192.168.1.2 without going thru default gw of 192.168.0.20. Down that path, just about all of it is a few jumps above my head. So I had scrapped that notion thinking both bind setup and network setup would need all that complication to go that way. After setting up bind as you suggested with one main Pointer file. (not counting db.127.0.0) Scrapping db.192.168.0 and db.192.168.1 in favor of: db.192.168 Right away nslookup knows who 192.169.1.2 is and dig shows the glorious output... ; DiG 9.3.2 -x 192.168 axfr ;; global options: printcmd 168.192.in-addr.arpa. 86400 IN SOA reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400 168.192.in-addr.arpa. 86400 IN NS reader.local.lan. 16.0.168.192.in-addr.arpa. 86400 IN PTR bjp.local.lan. 19.0.168.192.in-addr.arpa. 86400 IN PTR fwobsd.local.lan. 20.0.168.192.in-addr.arpa. 86400 IN PTR fw.local.lan. 21.0.168.192.in-addr.arpa. 86400 IN PTR ansil.local.lan. 22.0.168.192.in-addr.arpa. 86400 IN PTR harvey.local.lan. 3.0.168.192.in-addr.arpa. 86400 IN PTR mob2.local.lan. 4.0.168.192.in-addr.arpa. 86400 IN PTR reader.local.lan. 50.0.168.192.in-addr.arpa. 86400 IN PTR wap.local.lan. 1.1.168.192.in-addr.arpa. 86400 IN PTR fwodmz.local.lan. 2.1.168.192.in-addr.arpa. 86400 IN PTR rdmz.local.lan. 168.192.in-addr.arpa. 86400 IN SOA reader.local.lan. reader.reader.local.lan. 200405190 28800 14400 2419200 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 5 09:50:15 2006 ;; XFR size: 13 records (messages 1) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
What is the significance of the zero here: $ORIGIN 168.192.IN-ADDR.ARPA. 0 IN SOA reader.local.lan. reader.reader.local.lan. ( You need to define 2 zones of authority: 0.168.192.IN-ADDR.ARPA. IN SOA ... 1.168.192.IN-ADDR.ARPA. IN SOA ... You may use either of 2 shortcuts: either use @ IN SOA ... at the beginning of each zone file where @ stands for the current origin in this case defined in the zone statement in your named.conf or use the example I've sent you in my first reply: $ORIGIN 168.192.IN-ADDR.ARPA. 0 IN SOA ...; for 0.168.192.IN-ADDR.ARPA. zone 1 IN SOA ...; for 1.168.192.IN-ADDR.ARPA. zone And please be more careful reading the examples and take time to learn the exact meaning of the statements. You need just a few to make it all work and some reading will save you time in the long run. And the manual is: # equery files net-dns/bind|grep html /usr/share/doc/bind-9.3.2/html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch01.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch02.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch03.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch04.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch05.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch06.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch07.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch08.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.ch09.html /usr/share/doc/bind-9.3.2/html/Bv9ARM.html HTH -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: And please be more careful reading the examples and take time to learn the exact meaning of the statements. You need just a few to make it all work and some reading will save you time in the long run. Point taken and thanks for the manual headsup. It could be named a little more effectively... use the example I've sent you in my first reply: $ORIGIN 168.192.IN-ADDR.ARPA. 0 IN SOA ... ; for 0.168.192.IN-ADDR.ARPA. zone 1 IN SOA ... ; for 1.168.192.IN-ADDR.ARPA. zone I guess I'm pretty blind but this (not the actual addresses) doesn't look at all like the example to me. Thanks for hanging in there. Oh and do you see problems with the other solution proposed by Jo Are in this thread? -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Jo Are Rosland [EMAIL PROTECTED] writes: Your entries for 'reader' and 'fwobsd' are probably not what you really want. By defining several 'IN A' entries for the same host name, you effectively get bind to serve these addresses in 'round robin' fashion whenever a client looks up that name. Ahaa, I wondered why I keep seeing 192.168.1.2 cropping up in squid output when it didn't belong there. It's turn had come up in the round robin I guess. I guess I tried to follow the examples in DNS and Bind (4th ed), the section on creating zone files. (4.2 Setting up Zone Data) without really understanding them very well.. Still true but I've gotten a lot out of this thread. Without a close examination it appears the online DNS an Bind (Which is the 3rd edition and I used the 4th edition) the example network is very similar if not identicle to each other. Here if you wanted to look at it: http://www.unix.org.ua/orelly/networking/dnsbind/ch04_02.htm That is what I was working from but with a very spotty knowledge of general networking and tiny knowledge of DNS. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: bind zone.file won't load
Oh and do you see problems with the other solution proposed by Jo Are in this thread? 192.168/16? Not at all. But this is a training exercise, right? I don't need dhcp for 3 hosts on my network either:) -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: Here's a reverse zone file for my home network. It's 10.10.0/24 but you'll figure out how to tailor this to your needs. I think this is not where I'm having the trouble. Just one network for home lan I'm ok with. # cat pri/0.10.10.zone ;BIND DUMP V8 $ORIGIN 10.10.IN-ADDR.ARPA. 0 3600IN SOA baikal.iproducts.test. root.baikal.iproducts.test. ( 20050421 3600 900 360 3600 );Cl=5 3600IN NS baikal.iproducts.test. ;Cl=5 $ORIGIN 0.10.10.IN-ADDR.ARPA. 2 3600IN PTR volga.iproducts.test. ;Cl=5 1 3600IN PTR baikal.iproducts.test. ;Cl=5 3 3600IN PTR g40.iproducts.test. ;Cl=5 ;10 3600IN PTR wisla.iproducts.test. ;Cl=5 #cat named.conf ... zone 0.10.10.in-addr.arpa IN { type master; file pri/0.10.10.zone; allow-update{ 10.10.0.1; }; }; Thanks... That apears to be about what I've got for 192.168.0/24 Can you show how a zone file for adding 3 new addresses to your scheme One new machine new.iproducts.test whos sole job is to be passed copies of all connection attempts at the firewall to internet interface. This is an imaginary exercise and is not suggesting that you would want to do something like it. However it is what I'm trying to do and is the source of my bind problem. `new' has two nics the one facing the firewall/router to internet is only allowed to talk to that router on that nic (by pf blocking) at 10.10.0.5. The second nic is `newdmz' at 10.10.1.1 and it is hardwired to a simple hub and from there to a second nic on g40.iproducts.test. Which is `g40dmz' at 10.10.1.2 The second nic is so 1 other lan machine can ssh to newdmz for what ever reason. So we've added: new.iproducts.test. at 10.10.0.5 call them: newdmz.iproducts.test. at 10.10.1.1 g40dmz.iproducts.test. at 10.10.1.2 The two nics are hard wired thru a hub to each other but not to anything else. Neither machine with 2 nics is setup as a router. That is, forwarding internally is not enabled. Now integrating those two on 10.10.1/24 in zone file: db.iproducts.test is pretty straight forward But the reverse zone file db.10.10.1 is where my meager skills end. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: [...] ;BIND DUMP V8 $ORIGIN 10.10.IN-ADDR.ARPA. 0 3600IN SOA baikal.iproducts.test. root.baikal.iproducts.test. ( Alexander, I meant to ask in my reply what the 3600 is all about? My study of DNS and Bind hasn't discussed that field yet. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: Here's a reverse zone file for my home network. It's 10.10.0/24 but you'll figure out how to tailor this to your needs. Taking your example I come up with the zone file posted at the end. It loads with no comment from named. But I still see the same problem. nslookup knows all the alphabetical host names and all there IP numbers except the two on 192.168.1/24 Using nslookup to test first one of the machines with two nics testing the nic in 192.168.0/24 nslookup reader === Server: 127.0.0.1 Address:127.0.0.1#53 Name: reader.local.lan Address: 192.168.1.2 Name: reader.local.lan Address: 192.168.0.4 It knows reader has two nics and where they are network wise. Now testing the numeric IP nslookup 192.168.0.4 === Server: 127.0.0.1 Address:127.0.0.1#53 4.0.168.192.in-addr.arpaname = reader.local.lan. As expected it works Now try it on 192.168.1/24 ... the 2nd nic on reader. nslookup rdmz === Server: 127.0.0.1 Address:127.0.0.1#53 Name: rdmz.local.lan Address: 192.168.1.2 Good, just what we expected, but now try the numeric IP. nslookup 192.168.1.2 = Server: 127.0.0.1 Address:127.0.0.1#53 ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN Gack... what happened? -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: bind zone.file won't load
Alexander Kirillov [EMAIL PROTECTED] writes: Here's a reverse zone file for my home network. It's 10.10.0/24 but you'll figure out how to tailor this to your needs. Yikes I promised to post my reverse file based on your example and then mailed my response without including it. You saw the failure: nslookup 192.168.1.2 Server: 127.0.0.1 Address:127.0.0.1#53 ** server can't find 2.1.168.192.in-addr.arpa: NXDOMAIN Here is the zone file: db.192.168.1 $TTL 1D $ORIGIN 0.168.192.IN-ADDR.ARPA. 4 IN SOA reader.local.lan. reader.reader.local.lan. ( 200405190 ; serial 28800 ; refresh (8 hours) 14400 ; retry (4 hours) 2419200; expire (4 weeks) 86400 ; minimum (1 day) ) ; ; Name servers (The name '@' is implied) ; IN NS reader $ORIGIN 1.168.192.IN-ADDR.ARPA. ; ; Addresses point to canonical names ; 2 IN PTR rdmz.local.lan. 1 INPTR fwdmz.local.lan. -- gentoo-user@gentoo.org mailing list