Linux DNS Server

[DaneshD]

Hi everybody,

I have a small LAN (4 workstations with 1 Linux server). All systems are connected via a router. All IP are private and are like this: 192.168.0.xxx. I just want to get rid of these IP numbers and use domain instead and assign a name with a domain such as: MyPC.HomeDomain.com, is it basically possible ? To do this, should I set up a DNS server on my linux sever ? I just need to know that and then I will review my reosurces to set it up, just anyone can help to show me the way ?

Thank you so much,

Danesh Daroui

 

[zeland]

If you want to refer to your computers by name and not their numerical addresses, then yes, you'll need to have DNS running. The package you will be looking for is called bind.

You cannot "get rid" of IP addresses. They are part and parcel of IP networking. Eventhough you access MyPC.HomeDomain.com, the DNS server will still tell your machine that MyPC.HomeDomain.com is actually 192.168.0.x, although transparent to the user.

All your desktops will need to point to this new server for DNS queries instead of your ISP's DNS. It is recommended that you setup DNS forwarding on your internal DNS server to your ISP's DNS server for foreign names. If you don't, your internet connection will suffer some slowdown as all foreign queries will be directed to the root DNS server and work its way down the chain. Querying a root server all the time is usually never a good thing.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[DaneshD]

I see. Thanks for your help. Now, I want to know:

1. It may be a silly question, but is it possible to have some registred names for a local domain such as yahoo.com, etc. ?

2. Since all my systems (include my server) are connected to internet via a router, so when I set up DNS server to forward all foreign names to my ISP's DNS server, does that mean that all my system will connect to internet via DNS server ? Also, does that mean that the server should run so all other hosts will have access to internet ?

3. Is is possible to share any resources (files, folders, printer...) from a DNS server to all other hosts in a local domain ?

4. What do you mean of "foreignnames" and how can I forward them to my ISP's DNS and how can I get what is my ISP's DNS ?

Thanks agian,

Danesh Daroui

 

[zeland]

1. Yes

3. The job of file and print sharing belongs to the samba service. If you have samba installed, then why not.

2 & 4. If your domain is HomeDomain.com, then MyPC.HomeDomain.com is a local name. However, mail.yahoo.com and

http://www.tek-tips.com

are foreign.

When you try to connect to a PC, eg. zeland.yahoo.com, your PC will ask your internal DNS server for the numerical address zeland.yahoo.com. Since yahoo.com is not local, your DNS server will forward this query to you ISP's DNS server if you have configured your DNS server with the forwarders {your ISP's DNS server address}; directive. If not, your DNS server will query a root DNS server for yahoo.com. This query will be passed on from on DNS server to another until an answer is found or times-out. Once an answer if found, the DNS server will report to your PC with its findings and your PC will then connect using thet numerical address via your gateway.

As all you office machines will rely on your DNS server for name to address translations, it needs to be ON all the time. If not, not only will you PC not be able to surf the web, the won't be able to connect between on another as well.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[DaneshD]

Thank you. Now I know much more. Actually I tam trying to set up a private DNS server and as you say forward foreign names to ISP DNS server. Now, I have set up my Fedora Core 3 system to act as a SND server. I did exactly all by instructions, but my windows machines can not see the defined domain. Also, I can ping linux box from my windows machines successfully by both IP address and computer name:

C:> ping 192.168.1.2
C:> ping myfcserver

That works, but I can not ping from my linux box, my windows machines by its names. I mean this works from my linux box:

> ping 192.168.1.29

but this doesn't work:

> ping mywindowsmachine

Well, maybe it is a problem that does not let the whole system work. don't you think ? Also, if you think it may help, I can send you all linux DNS server configurations files, such as named.cong, resolve.conf..., etc.

Thanks,

Danesh Daroui

P.S> One more thing. As, I said, my router only assigns IP to each system which is connected to it automatically. My routers managing program only shows DHCP Servers configurations. So, I think my router is only a DHCP server and not DNS server and only it is a DNS proxy for my ISP's DNS server. Am I right ? Also, basically, it there any kind of router which has a buit-in DNS server too ?

 

[zeland]

DSL routers can usually act as DNS forwarders for your clients, but are not actual DNS servers.

I think the problem that you are facing stems from the fact that you are using dynamic addresses assigned from your DSL router. Due to this, I would also assume you don't have a properply configured zone file for your private domain.

Just so that we don't leave anything out, a zone file is like the hosts file on your PC. It contains mappings for Fully Qualified Domain Names (FQDN) to IP addresses. If you are using DHCP, then it's close to impossible to write such mappings as you would not know what IP you machine will have at the next boot. There are 3 workarounds to this problem though.

1. Use static IP for all machines. As you only have a small number of machines, it shouldn't be much of a problem.

2. If your DHCP server allows, pre-allocate IP addresses to host names. i.e. Tell your DHCP server to always assign 192.168.0.20 to computer with the name of ROBERT.

3. Use ISC's (

http://www.isc.org)

DHCP Server Ver 3 and above. Version 3 and above supports dynamic DNS updates from a DHCP server. So, whenever your DHCP server assigns an IP to your clients, it will also update the DNS server about what machine has what IP address. This method however, I'm still unable to do successfully.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[DaneshD]

Well it is getting too long if you don't mind and I appereciate your help.

I don't think that the problem is related to dynamic addresses assigned from router because:

1. The addresses has been fixed for a long time.
2. The router allows me to make assigned addresses fixed and I did.

So, the addresses are fixed, however, it was before almost. I really think that the problem is about wrong configuration of my DNS server, which can be solved by an expert like you at a first look, if you were behind my serevr and the problem is not about DHCP. As I said the router has solved DHCP server problem very well and all addresses are fixed. Do you think that I still need to install ISC DHCP server ? Don't you think the problem is simpler and only my DNS configurations are not correct ?

Regards,

Danesh Daroui

 

[zeland]

Sorry if I've talked too much and still not been able to solve your problem. I'm trying to be as detailed and cover as many aspects as possible. I rather not give vague answers like "RTFM", read this link, etc. Problems like this are a mutual learning process for you and me.

So, we now know that:
1. Your client machines have fixed IP addresses.
2. Your client machine's DNS now point to your DNS server.
3. Your client machines can ping the server by both IP & netbios names. (did your try pinging by FQDN?)
4. Your server can ping client machines by IP and not netbios names. If I remember correctly, you cannot ping a machine by its netbios name as it is not supported on linux.

The next logical thing to do is to view your DNS zone file.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[marsd]

Whatever...a lot of hard to see info here.
Look-You haven't told us what kind of clients you have,
what you are using for a DNS server, how it handles
dynamic updates as you have configured it,etc..

I have winxp, win2k, linux and freebsd hosts on my home
network and all except the *bsd hosts register dynamic
addresses with my bind 9.1 server using ad-hoc as the
dynamic update scheme.
It's obvious that you are looking for a dynamic update
scheme using dhcp. Yes, it is easily done internally or externally, and yes, it can be problematic to set up.
Hire a consultant if you have doubts and have them record
what they do so you can learn from it.

 

[DaneshD]

Thanks Zeland. For your help. I think this is my fault taht I have not explained everything in detail. Sorry. The answers are:

1. Yes. All clients have fixed IP.

2. No they are not pointing yet. Actually, I configured one of my clients (WinXP) to point to my linux server (which hopefully will be DNS server ), but my internet was stopped working, so I changed the configuration to retrieve DNS server automatically as it was and now they point to my router which is DNS proxy for my ISP DNS server. Also, I used the domain wizard at WinXP to add this system to a domain and when I entered the IP address of my linux system it says that there is no account for this system.

3. Yes. All clients can ping each other and even server by both names and IP. Yes I tried to ping my server from clients by using the domain name, but it wasn't successfull. I have defined a domain name in my settings at my linux box, but I could not ping the server from any client by using that domain name. I fixed it today by adding all clients in host list at system-config-network->hosts at my linux server.

4. Yes. My server also can ping all clients by both names and IP. I fixed it today by adding all clients in host list at system-config-network->hosts at my linux server.

What do you think the next step will be ?

BTW, as marsd asked, I have a small LAN with one Fedora Core 3 Linux server with 4 WinXP clients. I think I have explained enough, tell me if there is something missing.

Thank you all,

Danesh

 

[zeland]

In order to avoid further confusion, we'll stick to having all machines with fixed IPs and leave DHCP out of the picture for the moment.

Obviously DNS lookup won't work if you don't point your clients to your DNS server. Internet stoped working because your client was unable to obtain a result from your DNS server. Does your server have access to the internet? If you do:

dig @[your ISP's DNS server address] www.yahoo.com

on your DNS server, do you get any results?

Also, by puting entries into your hosts file, you will bypass DNS lookups as most systems will resolve via the hosts file first. This way, you will not know if your DNS is actually working or not.

p/s: You need not join a domain for DNS to work. Making an XP/2k box join a linux (samba) domain is a whole new story on its own.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[DaneshD]

Yes, my linux server is connected to the internet via router. I did run the command you said and the result is:



[teldanesh@myfcserver ~]$ dig @195.54.122.204

http://www.yahoo.com

; <<>> DiG 9.2.4 <<>> @195.54.122.204

http://www.yahoo.com

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11573
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 9, ADDITIONAL: 8

;; QUESTION SECTION:
;

http://www.yahoo.com.

IN A

;; ANSWER SECTION:

http://www.yahoo.com.

6 IN CNAME

http://www.yahoo.akadns.net.

http://www.yahoo.akadns.net.

57 IN A 68.142.226.53

http://www.yahoo.akadns.net.

57 IN A 68.142.226.54

http://www.yahoo.akadns.net.

57 IN A 68.142.226.35

http://www.yahoo.akadns.net.

57 IN A 68.142.226.49

http://www.yahoo.akadns.net.

57 IN A 68.142.226.40

http://www.yahoo.akadns.net.

57 IN A 68.142.226.51

http://www.yahoo.akadns.net.

57 IN A 68.142.226.48

http://www.yahoo.akadns.net.

57 IN A 68.142.226.39

;; AUTHORITY SECTION:
akadns.net. 67707 IN NS asia5.akadns.net.
akadns.net. 67707 IN NS asia9.akadns.net.
akadns.net. 67707 IN NS eur3.akadns.net.
akadns.net. 67707 IN NS use4.akadns.net.
akadns.net. 67707 IN NS use9.akadns.net.
akadns.net. 67707 IN NS usw6.akadns.net.
akadns.net. 67707 IN NS usw7.akadns.net.
akadns.net. 67707 IN NS za.akadns.org.
akadns.net. 67707 IN NS zh.akadns.org.

;; ADDITIONAL SECTION:
asia5.akadns.net. 14143 IN A 193.108.154.9
asia9.akadns.net. 14135 IN A 220.73.220.4
eur3.akadns.net. 16659 IN A 193.45.1.103
use4.akadns.net. 17054 IN A 80.67.67.182
use9.akadns.net. 16663 IN A 81.52.250.134
usw6.akadns.net. 3455 IN A 206.132.100.108
usw7.akadns.net. 3752 IN A 206.132.100.108
za.akadns.org. 14049 IN A 208.185.132.176

;; Query time: 29 msec
;; SERVER: 195.54.122.204#53(195.54.122.204)
;; WHEN: Mon Jan 3 16:02:11 2005
;; MSG SIZE rcvd: 500


My ISP's DNS is: 195.54.122.204. Yes, as you said the system will check the host file before anything, so do you suggest to remove the hosts from the hosts file ? If I remove them then I will not able to ping other clients from my server by their names, but with their IPs is OK.

No pleaseeeeeeeeeee, do not confuse me with samba !!! I have already installed samba and it works fine. Samba has some configurations for domain issues but as I have seen they are mostly about adding a samba server as a domain member, however maybe it is possible to set it up as a samba name server, but I don't think my case is related to samba at this time. I think it is possible to add all my clients to a linux name server without samba, right ?

 

[zeland]

My bad. I actually wanted you to query your own DNS server and not that of your ISP. If you perform the dig command @127.0.0.1, you should get the same result as you just did from querying your ISP. If not, then there is something wrong with your DNS setup.


--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

 

[DaneshD]

Hi, no problem, this is the result:


[teldanesh@myfcserver ~]$ dig @127.0.0.1

; <<>> DiG 9.2.4 <<>> @127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12283
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 604800 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 604800 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 604800 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 604800 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 604800 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 604800 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 604800 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 604800 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 604800 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 604800 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 604800 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 604800 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 604800 IN A 202.12.27.33

;; Query time: 138 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 4 16:25:30 2005
;; MSG SIZE rcvd: 436


Regards,

Danesh