DNS Server Setup Centos 6.5 Issues

metallica1973 · May 29, 2014, 12:08pm

I am having a bit of trouble getting my CENTOS 6.5 DNS server to work correctly in our testlab environment. Lab network is 10.8.0.0/24 in which we all access from 10.7.0.0.0/24 && 10.0.0.0/24. Here are my configs:

options {
	listen-on port 53 { 127.0.0.1; 10.8.0.19;};
	#listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        // forwarders { 10.8.0.150; };
	memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { localhost; 10.0.0.0/24; 10.8.0.0/24; 10.7.0.0/24; };
	allow-transfer  { localhost; 10.0.0.0/24; };
        recursion yes;

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "labtest.local" IN {
type master;
file "labtest.local.zone";
allow-update { none; };
};

zone "0.8.10.in-addr.arpa" IN {
type master;
file "0.8.10.in-addr.arpa";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

forward look stuff:

$ORIGIN labtest.local.

$TTL   1d
@               IN SOA  test-nameserver.labtest.local. root.labtest.local.     (

                12 ; se = serial number
                3h         ; ref = refresh
                15m        ; ret = update retry
                3w         ; ex = expiry
                3h         ; min = minimum
                                        )

@                IN   NS   test-nameserver.labtest.local.
@		 IN   A    10.8.0.19


test-nameserver         IN    A   10.8.0.19

dojo1                   IN    A   10.8.0.186
redhat.5.5.32Bit        IN    A   10.8.0.149
redhat.6.2.64Bit        IN    A   10.8.0.147
mandriva.9.2.32Bit      IN    A   10.8.0.153
RELEASE-WIN2003         IN    A   10.8.0.17

reverse stuff

$TTL    1d
@   IN    SOA   test-nameserver.labtest.local. root.labtest.local. (
    2013112100 ; se = serial number
    3h         ; ref = refresh
    15m        ; ret = update retry
    3w         ; ex = expiry
    3h         ; min = minimum
    )

@                       IN   NS   test-nameserver.labtest.local.
@                       IN   A    10.8.0.19
@			IN PTR    labtest.local

test-nameserver         IN    A   10.8.0.19

19     IN   PTR  test-nameserver.labtest.local.
186    IN   PTR  dojo1.labtest.local.
149    IN   PTR  redhat.5.5.32Bit.labtest.local.
147    IN   PTR  redhat.6.2.64Bit.labtest.local.
153    IN   PTR  mandriva.9.2.32Bit.labtest.local.
17     IN   PTR  RELEASE-WIN2003.labtest.local.

When running my tests against it, I can ping a target but oddly digs response shows that the DNS server is not anwsering:

[root@test-nameserver]# dig @test-nameserver.labtest.local dojo1

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @test-nameserver.labtest.local dojo1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38262
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;dojo1.				IN	A

;; AUTHORITY SECTION:
.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2014052900 1800 900 604800 86400

;; Query time: 3040 msec
;; SERVER: 10.8.0.19#53(10.8.0.19)
;; WHEN: Thu May 29 11:56:11 2014
;; MSG SIZE  rcvd: 98

[root@test-nameserver]# ping dojo1
PING dojo1.labtest.local (10.8.0.186) 56(84) bytes of data.
64 bytes from dojo1.labtest.local (10.8.0.186): icmp_seq=1 ttl=64 time=1.91 ms
64 bytes from dojo1.labtest.local (10.8.0.186): icmp_seq=2 ttl=64 time=0.573 ms
^C
--- dojo1.labtest.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1214ms
rtt min/avg/max/mdev = 0.573/1.244/1.915/0.671 ms
[root@test-nameserver]# nslookup dojo1
Server:		10.8.0.19
Address:	10.8.0.19#53

Name:	dojo1.labtest.local
Address: 10.8.0.186

[root@test-nameserver]# host dojo1
dojo1.labtest.local has address 10.8.0.186
[root@test-nameserver]# 
[root@test-nameserver]# nslookup labtest.local
Server:		10.8.0.19
Address:	10.8.0.19#53

Name:	labtest.local
Address: 10.8.0.19

Aia · May 29, 2014, 1:12pm

test-nameserver.labtest.local is responding

;; Query time: 3040 msec
;; SERVER: 10.8.0.19#53(10.8.0.19)
;; WHEN: Thu May 29 11:56:11 2014
;; MSG SIZE  rcvd: 98

dig will not add the domain by default. Try:

dig @test-nameserver.labtest.local dojo1.labtest.local

Add this line to your /etc/resolv.conf

domain labtest.local

Now you can use

dig @test-nameserver.labtest.local dojo1 +search

metallica1973 · May 29, 2014, 5:12pm

i was schooled and found out:

If you have a line

search labtest.local

in /etc/resolv.conf, you can omit the domain part and use:

dig @test-nameserver.labtest.local dojo1 +search

Also,it turned out that it is was the way I was using nslookup. nslookup responds correctly with the IP of the domain. Hosts listing (ls option) is not implemented anymore for security reasons.
If you want to list all hosts, you can do domain transfer on screen:

nslookup -q=axfr abtest.local

---------- Post updated at 04:49 PM ---------- Previous update was at 04:48 PM ----------

you beat me to the punch.

---------- Post updated at 05:01 PM ---------- Previous update was at 04:49 PM ----------

Actually I ran the test on my laptop and it doesnt work

dig @test-nameserver.labtest.local dojo1.labtest.local +search
dig: couldn't get address for 'test-nameserver.labtest.local': not found

but if I do it via the ip address:

dig @10.8.0.19 dojo1.labtest.local 

; <<>> DiG 9.9.5-3-Ubuntu <<>> @10.8.0.19 dojo1.labtest.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54507
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dojo1.labtest.local.		IN	A

;; ANSWER SECTION:
dojo1.labtest.local.	86400	IN	A	10.8.0.186

;; AUTHORITY SECTION:
testlabtest.local.	86400	IN	NS	test-nameserver.labtest.local.

;; ADDITIONAL SECTION:
test-nameserver.labtest.local. 86400 IN A	10.8.0.19

;; Query time: 3 msec
;; SERVER: 10.8.0.19#53(10.8.0.19)
;; WHEN: Thu May 29 16:59:30 EDT 2014
;; MSG SIZE  rcvd: 112

---------- Post updated at 05:12 PM ---------- Previous update was at 05:01 PM ----------

nevermind user error