MNF and multiple DNS

[red]

I am running into what I think is a pretty simple problem but do not have any idea how to fix it.

 

I am using MNF to handle the firewall, DHCP, DNS Caching on my lan. I have a W2k Domain controller also set up that obviously needs DNS to handle domain communication and resolution.

 

Here is my problem. The W2k DC is 192.168.0.2 the MNF system is 192.168.0.1. I have DHCP set to list 192.168.0.2 first in the list of DNS servers. If it do not do this, I cannot acess the domain, it says it cannot be found. Also, if the DC is off line, there is a significant amount of lag time when surfing the web.

 

How and or where do I add the local.domain to the MNF so it can resolve internal address as well as external addresses without using the W2k DC.

 

Ultimately want to list the DNS servers 192.168.0.1 then 192.168.0.2 and still be able to acces the domain properly.

 

I have added the domain and the DC computername to the etchosts file, should I be adding it anywhere else?

 

I hope this explains things well enough.

 

Thanks

 

RED

[paul]

as root

cd /var/lib/named-chroot/var/named

there are your dns files

then named.conf can be found in /var/lib/named-chroot/etc/named.conf

 

if you use the *web admin* to turn on caching name server, then use vi to make/edit the dns files it works perfectly :-)

[red]

Thanks for the reply.

 

I have found the files in the folders you mentioned.

 

Now for the big one. EXACTLY what do I put where in these files?

 

The computer name is "server1" the domain is "local.domain" and the ip address is 192.168.0.2

 

Thank You,

 

RED

[paul]

something like this

; Location:       External (Internet) 
; Comments:        



$ttl 43200



@               IN      SOA     ns1.loudas.com. netadmin.loudas.com. (

                               2003041601     ; serial

                               10800  ; refresh

                               3600   ; retry

                               604800 ; expire

                               43200 ); minimum TTL



@               IN      NS      ns1.loudas.com.

@               IN      NS      ns2.loudas.com.



cipher          86400   IN      A       202.27.218.96



mail            172800  IN      A       202.27.218.97

@                       IN      A       202.27.218.97

www                     IN      A       202.27.218.97

irc                     IN      A       202.27.218.97

webmail                 IN      A       202.27.218.97

dragon                  IN      A       202.27.218.97

ifgfhayward             IN      A       202.27.218.97

wapdomainz              IN      A       202.27.218.97

mdkdev                  IN      A       202.27.218.97

w3                      IN      A       202.27.218.97

pop3                    IN      A       202.27.218.97

smtp                    IN      A       202.27.218.97

ns1                     IN      A       202.27.218.96

ns2                     IN      A       202.27.218.97



loudas.com.     86400   IN      A       202.27.218.97

               86400   IN      MX 0    mail.loudas.com.

[red]

Ok, since your quote seems to be from the named.local file, I added this line to the bottom of it.

 

local.domain 86400 IN A 192.168.0.2

 

and restarted the named service. There was no change. Do I need to restart other services or reboot the system.

 

Sorry if this seems elementary to you, but its confusing the hell out of me.

 

RED

[paul]

actually my quote was from a file calle db.loudas.com

 

check out my /etc/named.conf file

        zone "loudas.com" in {

               type master;

               notify no;

               allow-update { none; };

               file "db.loudas.com";

       };

remeber evertime you edit the db.domain file ... you will need to update the serial number otherwise the changes won't take affect

[red]

Thanks again.

 

Here is what I did

 

I created a file named local.domain in the /var/lib/named-chroot/var/named directory. This the name of the "internal" domain I am running here. it is not a public domain.

 

Its contents are as follows

 

$TTL 1d

@     IN     SOA    server1.local.domain.   (

                         1    ;Serial

                         8H  ;Refresh

                         2H  ;Retry

                         4W ;Expire

                         1D );Minimum

                NS     server1.local.domain.

1      IN      PTR   server1.

server1      A       192.168.0.2

 

Then I added the following lines after the last line under the ------rootname servers------ section of the named.conf file in /var/lib/named-chroot/etc

 

zone "0.168.192.in-addr.arpa" {

         type master;

         file "local.domain";

};

 

When i rebooted the system, it hung at bringing up the loopback interface. Once i booted to failsafe and removed the code added to the named.conf file it booted and all was good except I still did not have my desired behavior.

 

I think I am on the right track but need to tweak this some more. You also mention a serial number. Is that generated somewhere or is it just determined by me?

 

Thanks again.

 

RED

[paul]

everthing looks good to me.

 

the serial is manual ... on purpose.

So you can change files then update them when you want to.

I use [year][month][day][number] for a serial, but I don't think it matters what you use

example: 2003041901

[red]

After looking at your example files, I did the following, still with no joy.

 

local.domain file

$TTL 1d

@              IN             SOA     server1.local.domain.  (

                                           2003040801  ;Serial

                                           10800    ;Refresh

                                            3600      ;Retry

                                            604800   ;Expire

                                            43200 )  ;Minimum

@              IN              NS       server1.local.domain.

server1                       IN       A     192.168.0.2

local.domain.    86400  IN   A     192.168.0.2

 

and the named.conf after the last line of the "root name servers"section

zone "local.domain" in {

                      type master;

                      notify no;

                      allow-update { none; };

                      file "local.domain";

};

 

Rebooted. The system did not hang but still no go. I can ping the DC and get a response by computer name but not domain name, I can also access it via server1 but not via local.domain

 

Anyh other ideas? Is there not an easier way to tell the firewall to forward requests for that domain to the IP address?

 

Thanks again!!

 

RED

[paul]

exactly what are you trying to achieve ???

are you trying to run a public IP based webser? or a local based webserver?

 

do you want a public IP address to be forwarded to your webserver? or do you want easy access on your network to your server?

 

you should be able to access your server locally by server1 or by server1.local.domain

 

have a read through this. it helped me heaps when I was building my DNS server

http://www.shorewall.net/shorewall_setup_guide.htm#DNS

[red]

The MNF box handles the firewall, DHCP server, Internet gateway, DNS cache, and proxy. Everything is working fine in that regards. (Internal IP address 192.168.0.1) (External IP Assigned by DHCP from ISP)

 

I have an internal domain ran by a W2k box running active directory (IP address 192.168.0.2).

 

The W2k DC (192.168.0.2)must be listed as the primary DNS server on all clients or they cannot find the domain when authenticating, producing errors like the domain controller canot be found. It also seems that this causing an extra hop in internet access for the clients. Client>192.168.0.2>192.168.0.1>ISP DNS server. I just want the MNF box to forward requests for the local domain to the W2k Box so the w2k box handles only internal traffic instead of ALL traffic as it appears to be doing right now. Everything works fine so long as the W2K box is listed as the primary DNS (192.168.0.2).

 

Also, as you state at the end of your message. I can access the server in both manners when the W2k box9192.168.0.2) is listed asnteh primanr DNS, if I list the MNF box(192.168.0.1) as the primary DNS, I can only access the server by computer server1 I cannot get to it by server1.local.domain. If I list the W2K box first, I can access it with both commands.

 

Thank You very much again for your help.

 

RED

[red]

Is that it?? No further responses from the Linux Gurus?

 

You can't tell me someone doesn't have a shred more information to give that may allow the desired function of this software.

 

Thanks,

 

RED

[red]

Well i think i resolved the problem, or at least I have ended up with the desired operation of my internal local domain.

 

Just yesterday I took the firewall down after running for 100+ days (August 14, the date of the infamous midwest blackout was the last day it was down) to test a different firewall solution. Well when it did not work, I attempted to rebuild the machine with a ghost image I had saved just after shutting it down, well all i ended up with was a screen full of "01 01 01 01 01 01" and had to reinstall and configure the MNF firewall.

 

Seeing as it was down and being reworked anyway, i tried a few things. In the DNS forwarders, the blanks are usually set to forward DNS calls to your ISP DNS servers, well I put my internal network DC/DNS server IP address as the primary and the ISP DNS server as the secondary, and guess what, It worked just fine. THe MNF firewall is listed as the primary and the DC/DNS server is listed as secondary. Now all DNS calls look for the address at the local network DNS first, then they drop back and sent them to the ISP DNS when the public names cannot be resolved.

 

I know this is not the best answer, as this should be configured via the MNF DNS server, but as you can tell, I have not been able to get that functioning correctly.

 

At any rate, I guess there is more than one way to skin a cat. If anyone can help me configure the actual DNS server to do this correctly, I would appreciate it, but until then, I am satisfied with my setup as is.

 

Thanks!!

 

RED

[paul]

wow 100+ days with no fix ... sorry I couldn't help you anymore, but I'm glad you figured it out ;)

[red]

I have to ask...was that a sarcastic "wow 100+days..." or was it like Wow, that really is a good run with no restart? :D

 

Thanks!

 

Red