I am having a bit of trouble getting my CENTOS 6.5 DNS server to work correctly in our testlab environment. Lab network is 10.8.0.0/24 in which we all access from 10.7.0.0.0/24 && 10.0.0.0/24. Here are my configs:
options {
listen-on port 53 { 127.0.0.1; 10.8.0.19;};
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
// forwarders { 10.8.0.150; };
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.0.0/24; 10.8.0.0/24; 10.7.0.0/24; };
allow-transfer { localhost; 10.0.0.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "labtest.local" IN {
type master;
file "labtest.local.zone";
allow-update { none; };
};
zone "0.8.10.in-addr.arpa" IN {
type master;
file "0.8.10.in-addr.arpa";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
forward look stuff:
$ORIGIN labtest.local.
$TTL 1d
@ IN SOA test-nameserver.labtest.local. root.labtest.local. (
12 ; se = serial number
3h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
@ IN NS test-nameserver.labtest.local.
@ IN A 10.8.0.19
test-nameserver IN A 10.8.0.19
dojo1 IN A 10.8.0.186
redhat.5.5.32Bit IN A 10.8.0.149
redhat.6.2.64Bit IN A 10.8.0.147
mandriva.9.2.32Bit IN A 10.8.0.153
RELEASE-WIN2003 IN A 10.8.0.17
reverse stuff
$TTL 1d
@ IN SOA test-nameserver.labtest.local. root.labtest.local. (
2013112100 ; se = serial number
3h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
@ IN NS test-nameserver.labtest.local.
@ IN A 10.8.0.19
@ IN PTR labtest.local
test-nameserver IN A 10.8.0.19
19 IN PTR test-nameserver.labtest.local.
186 IN PTR dojo1.labtest.local.
149 IN PTR redhat.5.5.32Bit.labtest.local.
147 IN PTR redhat.6.2.64Bit.labtest.local.
153 IN PTR mandriva.9.2.32Bit.labtest.local.
17 IN PTR RELEASE-WIN2003.labtest.local.
When running my tests against it, I can ping a target but oddly digs response shows that the DNS server is not anwsering:
[root@test-nameserver]# dig @test-nameserver.labtest.local dojo1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @test-nameserver.labtest.local dojo1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38262
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;dojo1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014052900 1800 900 604800 86400
;; Query time: 3040 msec
;; SERVER: 10.8.0.19#53(10.8.0.19)
;; WHEN: Thu May 29 11:56:11 2014
;; MSG SIZE rcvd: 98
[root@test-nameserver]# ping dojo1
PING dojo1.labtest.local (10.8.0.186) 56(84) bytes of data.
64 bytes from dojo1.labtest.local (10.8.0.186): icmp_seq=1 ttl=64 time=1.91 ms
64 bytes from dojo1.labtest.local (10.8.0.186): icmp_seq=2 ttl=64 time=0.573 ms
^C
--- dojo1.labtest.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1214ms
rtt min/avg/max/mdev = 0.573/1.244/1.915/0.671 ms
[root@test-nameserver]# nslookup dojo1
Server: 10.8.0.19
Address: 10.8.0.19#53
Name: dojo1.labtest.local
Address: 10.8.0.186
[root@test-nameserver]# host dojo1
dojo1.labtest.local has address 10.8.0.186
[root@test-nameserver]#
[root@test-nameserver]# nslookup labtest.local
Server: 10.8.0.19
Address: 10.8.0.19#53
Name: labtest.local
Address: 10.8.0.19