red Posted April 16, 2003 Report Share Posted April 16, 2003 I am running into what I think is a pretty simple problem but do not have any idea how to fix it. I am using MNF to handle the firewall, DHCP, DNS Caching on my lan. I have a W2k Domain controller also set up that obviously needs DNS to handle domain communication and resolution. Here is my problem. The W2k DC is 192.168.0.2 the MNF system is 192.168.0.1. I have DHCP set to list 192.168.0.2 first in the list of DNS servers. If it do not do this, I cannot acess the domain, it says it cannot be found. Also, if the DC is off line, there is a significant amount of lag time when surfing the web. How and or where do I add the local.domain to the MNF so it can resolve internal address as well as external addresses without using the W2k DC. Ultimately want to list the DNS servers 192.168.0.1 then 192.168.0.2 and still be able to acces the domain properly. I have added the domain and the DC computername to the etchosts file, should I be adding it anywhere else? I hope this explains things well enough. Thanks RED Quote Link to comment Share on other sites More sharing options...
paul Posted April 16, 2003 Report Share Posted April 16, 2003 as root cd /var/lib/named-chroot/var/named there are your dns files then named.conf can be found in /var/lib/named-chroot/etc/named.conf if you use the *web admin* to turn on caching name server, then use vi to make/edit the dns files it works perfectly :-) Quote Link to comment Share on other sites More sharing options...
red Posted April 17, 2003 Author Report Share Posted April 17, 2003 Thanks for the reply. I have found the files in the folders you mentioned. Now for the big one. EXACTLY what do I put where in these files? The computer name is "server1" the domain is "local.domain" and the ip address is 192.168.0.2 Thank You, RED Quote Link to comment Share on other sites More sharing options...
paul Posted April 17, 2003 Report Share Posted April 17, 2003 something like this ; Location: External (Internet) ; Comments: $ttl 43200 @ IN SOA ns1.loudas.com. netadmin.loudas.com. ( 2003041601 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire 43200 ); minimum TTL @ IN NS ns1.loudas.com. @ IN NS ns2.loudas.com. cipher 86400 IN A 202.27.218.96 mail 172800 IN A 202.27.218.97 @ IN A 202.27.218.97 www IN A 202.27.218.97 irc IN A 202.27.218.97 webmail IN A 202.27.218.97 dragon IN A 202.27.218.97 ifgfhayward IN A 202.27.218.97 wapdomainz IN A 202.27.218.97 mdkdev IN A 202.27.218.97 w3 IN A 202.27.218.97 pop3 IN A 202.27.218.97 smtp IN A 202.27.218.97 ns1 IN A 202.27.218.96 ns2 IN A 202.27.218.97 loudas.com. 86400 IN A 202.27.218.97 86400 IN MX 0 mail.loudas.com. Quote Link to comment Share on other sites More sharing options...
red Posted April 18, 2003 Author Report Share Posted April 18, 2003 Ok, since your quote seems to be from the named.local file, I added this line to the bottom of it. local.domain 86400 IN A 192.168.0.2 and restarted the named service. There was no change. Do I need to restart other services or reboot the system. Sorry if this seems elementary to you, but its confusing the hell out of me. RED Quote Link to comment Share on other sites More sharing options...
paul Posted April 18, 2003 Report Share Posted April 18, 2003 actually my quote was from a file calle db.loudas.com check out my /etc/named.conf file zone "loudas.com" in { type master; notify no; allow-update { none; }; file "db.loudas.com"; }; remeber evertime you edit the db.domain file ... you will need to update the serial number otherwise the changes won't take affect Quote Link to comment Share on other sites More sharing options...
red Posted April 19, 2003 Author Report Share Posted April 19, 2003 Thanks again. Here is what I did I created a file named local.domain in the /var/lib/named-chroot/var/named directory. This the name of the "internal" domain I am running here. it is not a public domain. Its contents are as follows $TTL 1d @ IN SOA server1.local.domain. ( 1 ;Serial 8H ;Refresh 2H ;Retry 4W ;Expire 1D );Minimum NS server1.local.domain. 1 IN PTR server1. server1 A 192.168.0.2 Then I added the following lines after the last line under the ------rootname servers------ section of the named.conf file in /var/lib/named-chroot/etc zone "0.168.192.in-addr.arpa" { type master; file "local.domain"; }; When i rebooted the system, it hung at bringing up the loopback interface. Once i booted to failsafe and removed the code added to the named.conf file it booted and all was good except I still did not have my desired behavior. I think I am on the right track but need to tweak this some more. You also mention a serial number. Is that generated somewhere or is it just determined by me? Thanks again. RED Quote Link to comment Share on other sites More sharing options...
paul Posted April 19, 2003 Report Share Posted April 19, 2003 everthing looks good to me. the serial is manual ... on purpose. So you can change files then update them when you want to. I use [year][month][day][number] for a serial, but I don't think it matters what you use example: 2003041901 Quote Link to comment Share on other sites More sharing options...
red Posted April 19, 2003 Author Report Share Posted April 19, 2003 After looking at your example files, I did the following, still with no joy. local.domain file $TTL 1d @ IN SOA server1.local.domain. ( 2003040801 ;Serial 10800 ;Refresh 3600 ;Retry 604800 ;Expire 43200 ) ;Minimum @ IN NS server1.local.domain. server1 IN A 192.168.0.2 local.domain. 86400 IN A 192.168.0.2 and the named.conf after the last line of the "root name servers"section zone "local.domain" in { type master; notify no; allow-update { none; }; file "local.domain"; }; Rebooted. The system did not hang but still no go. I can ping the DC and get a response by computer name but not domain name, I can also access it via server1 but not via local.domain Anyh other ideas? Is there not an easier way to tell the firewall to forward requests for that domain to the IP address? Thanks again!! RED Quote Link to comment Share on other sites More sharing options...
paul Posted April 19, 2003 Report Share Posted April 19, 2003 exactly what are you trying to achieve ??? are you trying to run a public IP based webser? or a local based webserver? do you want a public IP address to be forwarded to your webserver? or do you want easy access on your network to your server? you should be able to access your server locally by server1 or by server1.local.domain have a read through this. it helped me heaps when I was building my DNS server http://www.shorewall.net/shorewall_setup_guide.htm#DNS Quote Link to comment Share on other sites More sharing options...
red Posted April 19, 2003 Author Report Share Posted April 19, 2003 The MNF box handles the firewall, DHCP server, Internet gateway, DNS cache, and proxy. Everything is working fine in that regards. (Internal IP address 192.168.0.1) (External IP Assigned by DHCP from ISP) I have an internal domain ran by a W2k box running active directory (IP address 192.168.0.2). The W2k DC (192.168.0.2)must be listed as the primary DNS server on all clients or they cannot find the domain when authenticating, producing errors like the domain controller canot be found. It also seems that this causing an extra hop in internet access for the clients. Client>192.168.0.2>192.168.0.1>ISP DNS server. I just want the MNF box to forward requests for the local domain to the W2k Box so the w2k box handles only internal traffic instead of ALL traffic as it appears to be doing right now. Everything works fine so long as the W2K box is listed as the primary DNS (192.168.0.2). Also, as you state at the end of your message. I can access the server in both manners when the W2k box9192.168.0.2) is listed asnteh primanr DNS, if I list the MNF box(192.168.0.1) as the primary DNS, I can only access the server by computer server1 I cannot get to it by server1.local.domain. If I list the W2K box first, I can access it with both commands. Thank You very much again for your help. RED Quote Link to comment Share on other sites More sharing options...
red Posted April 24, 2003 Author Report Share Posted April 24, 2003 Is that it?? No further responses from the Linux Gurus? You can't tell me someone doesn't have a shred more information to give that may allow the desired function of this software. Thanks, RED Quote Link to comment Share on other sites More sharing options...
red Posted November 30, 2003 Author Report Share Posted November 30, 2003 Well i think i resolved the problem, or at least I have ended up with the desired operation of my internal local domain. Just yesterday I took the firewall down after running for 100+ days (August 14, the date of the infamous midwest blackout was the last day it was down) to test a different firewall solution. Well when it did not work, I attempted to rebuild the machine with a ghost image I had saved just after shutting it down, well all i ended up with was a screen full of "01 01 01 01 01 01" and had to reinstall and configure the MNF firewall. Seeing as it was down and being reworked anyway, i tried a few things. In the DNS forwarders, the blanks are usually set to forward DNS calls to your ISP DNS servers, well I put my internal network DC/DNS server IP address as the primary and the ISP DNS server as the secondary, and guess what, It worked just fine. THe MNF firewall is listed as the primary and the DC/DNS server is listed as secondary. Now all DNS calls look for the address at the local network DNS first, then they drop back and sent them to the ISP DNS when the public names cannot be resolved. I know this is not the best answer, as this should be configured via the MNF DNS server, but as you can tell, I have not been able to get that functioning correctly. At any rate, I guess there is more than one way to skin a cat. If anyone can help me configure the actual DNS server to do this correctly, I would appreciate it, but until then, I am satisfied with my setup as is. Thanks!! RED Quote Link to comment Share on other sites More sharing options...
paul Posted November 30, 2003 Report Share Posted November 30, 2003 wow 100+ days with no fix ... sorry I couldn't help you anymore, but I'm glad you figured it out ;) Quote Link to comment Share on other sites More sharing options...
red Posted December 6, 2003 Author Report Share Posted December 6, 2003 I have to ask...was that a sarcastic "wow 100+days..." or was it like Wow, that really is a good run with no restart? :D Thanks! Red Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.