Hi Folks,
Could anyone please point me to the right direction as I have spent so much time on this without luck. :wall:
I have installed Bind on my CentOS 5 server for internal network. The name resolution is working from the server itself only but not from the clients.
--------------
ping ip from server to client machine => OK
ping ip from client to server machine => OK
ping hostname from server to client machine => OK
ping hostname from client to server machine => unknown host
--------------
Server1 [cent3 - CentOS 5] = eth1 "10.0.1.101" Bind 9 installed on CentOS 5
Client1 [odd1 - Oracle Linux 6] = eth1 "10.0.1.101" Oracle Linux 6
Client2 [odd2 - Oracle Linux 6] = eth1 "10.0.1.102" Oracle Linux 6
------------
resolv.conf (Server cent3)
; generated by /sbin/dhclient-script
search simtafco.com
nameserver 10.0.1.100
------------
resolv.conf (Client1 odd1)
; generated by /sbin/dhclient-script
search simtafco.com
nameserver 10.0.1.100
------------
named.conf (Server cent3)
options {
listen-on { any; } ;
directory "/var/named"; // the default
version "Nope";
allow-recursion { any; };
};
zone "simtafco.com" in {
type master;
file "simtafco.com" ;
};
------------
zone file simtafco.com (Server cent3)
@ IN SOA cent3.simtafco.com. admin.simtafco.com. (
2010062801 ; Serial
10800 ; Refresh
3600 ; Expire
86400 ; Minimum
)
simtafco.com. IN NS cent3.simtafco.com.
simtafco.com. IN A 10.0.1.100
odd1.simtafco.com IN A 10.0.1.101
odd2.simtafco.com IN A 10.0.1.102
------------
Thank you.
Hi, what does nsswitch.conf look like on the client?
Thanks for looking into that. Here is the nsswitch.conf file from the client side:
-----------
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
There does not appear to be an A record for cent3.simtafco.com. . It could be that it works on the server itself, because it probably does have an entry in /etc/hosts
Thanks for your reply.
I think I will need to make sure that BIND configuration was fine. So going to re-install and configure to make sure I did not miss anything. Will post the results soon.
You do not have to re-install things.
You can check your config file syntax by named-checkconf , to check zone file config named-checkzone zonename
Check if the port 53 (both udp and tcp) is open in the iptables (if it's set to on) or any external firewall sitting between the client and server.
Check if both the server and the client are on the same subnet, if not, make sure that routing is taking place properly.
I had removed the bind packages by the time your message was posted. But this time I did not install the bind-chroot package and used the standard bind. However, I hit exactly the same issue. [can ping ip addresses in all directions but hostname ping only works from server]. So I checked the udp/tcp port 53 but did not find them in netstat -an. I issued the following commands as found in google and did /etc/init.d/iptables restart but no joy. So looks like this might be the issue why my clients cannot reach the dns server. Any ideas on how to open udp and tcp port 53 please (CentOS 5)?
iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Hi Everyone,
I have resolved the issue as far as DNS is concerned. I turned off the iptables by running command "service iptables stop" ... and there it was .. all clients started pinging the hostname of DNS Server. So looks like there is some issue with iptables configuration. Unfortunately I am not very good at iptables so will research more into that and will start a new thread if required. Thanks all for your ideas and contributions. 