Server Fault Asked by iamdonewiththis on December 2, 2020
There are a bunch of commented sections to give an idea of what I’ve tried. Note, this is getting copied in as a jinja2 template via an ansible playbook (that’s why there is an ansible variable in there). This is on a CentOS 8 server running BIND 9.11.13 in a master/slave configuration. The DNS servers themselves are supposed to be internal only caching DNS servers and have no problem resolving anything public or private. However clients end up only resolving the local zone. Here is the named.conf from the master:
//
// named.conf
//
/*
acl "trusted" {
10.0.0.10; #ns1
10.0.0.11; #ns2
10.0.0.0/24;
};
*/
options {
listen-on port 53 { 127.0.0.1; {{ ansible_default_ipv4.address }}; }
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
/*
zone "." {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
*/
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
// forward lookup zone
zone "domain.local" {
type master;
file "domain.local.db";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.0.0.11; };
also-notify { 10.0.0.11; };
notify yes;
};
// reverse lookup zone
zone "0.0.10.in-addr.arpa" {
type master;
file "domain.local.rev";
allow-update { none; };
allow-query { any; };
allow-transfer { 10.0.0.11; };
also-notify { 10.0.0.11; };
notify yes;
};
As you can see I am back to pretty much vanilla settings. I tried a bunch of fiddling with forwarding only and acls.
Here is the db file:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.domain.local. admin.domain.local. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.domain.local.
@ IN NS ns2.domain.local.
ns1.domain.local. IN A 10.0.0.10
ns2.domain.local. IN A 10.0.0.11
web.domain.local. IN A 10.0.0.13
I’ve probably been staring at this too long and it’s something obvious but at this point I would really appreciate a second set of eyes.
Thanks in advance!!
Well, case of a missing ; strikes again. I missed the ending semi colon on my listen-on port line and that was causing everything. What's odd is that named.service wasn't complaining when I restarted it. However, upon reboot it did yell at me and told me where I was an idiot. ::facepalm::
Correct answer by iamdonewiththis on December 2, 2020
If I understand what you are trying to do - if you want to be able to resolve external domains then you need to enable some forwarders so your DNS server can query the outside world and pass the result back.
Answered by Blane Bramble on December 2, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP