Miguel A. Velasco
2008-Aug-28 09:23 UTC
[CentOS] How to enable bind to listen querys from all my network
Hello all,
I?ve installed a proxy Squid in my gateway and a Cache DNS Server with
bind. The problem is the server is only resolving is own querys but not
the client queries from my company.
When I do:
$service named start
I see in /var/log/messages:
starting BIND 9.3.4-P1 -u named -t /var/named/chroot
found 1 CPU, using 1 worker thread
loading configuration from '/etc/named.conf'
listening on IPv6 interface lo, ::1#53
listening on IPv4 interface lo, 127.0.0.1#53
command channel listening on 127.0.0.1#953
command channel listening on ::1#953
zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver:
loaded serial 1997022700
zone localdomain/IN/localhost_resolver: loaded serial 42
zone localhost/IN/localhost_resolver: loaded serial 42
running
I don?t understand why is only "listening on IPv4 interface lo,
127.0.0.1#53"
I have bind-chroot installed with the following options in /etc/named.conf:
options {
listen-on port 53 { 127.0.0.1; 10.10.80.0; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
Where 10.10.80.0 is my network range. What may I do my server really
listen for all my network? Nowadays it?s listenning just itself ....
Thanks very much for your attention.
Miguel A. Velasco
Romeo Ninov
2008-Aug-28 09:41 UTC
[CentOS] How to enable bind to listen querys from all my network
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0 Miguel A. Velasco wrote / nap?sal(a):> Hello all, > > I?ve installed a proxy Squid in my gateway and a Cache DNS Server with > bind. The problem is the server is only resolving is own querys but not > the client queries from my company. > When I do: > $service named start > I see in /var/log/messages: > > starting BIND 9.3.4-P1 -u named -t /var/named/chroot > found 1 CPU, using 1 worker thread > loading configuration from '/etc/named.conf' > listening on IPv6 interface lo, ::1#53 > listening on IPv4 interface lo, 127.0.0.1#53 > command channel listening on 127.0.0.1#953 > command channel listening on ::1#953 > zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 > zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: > > loaded serial 1997022700 > zone localdomain/IN/localhost_resolver: loaded serial 42 > zone localhost/IN/localhost_resolver: loaded serial 42 > running > > I don?t understand why is only "listening on IPv4 interface lo, > 127.0.0.1#53" > I have bind-chroot installed with the following options in > /etc/named.conf: > > options { > listen-on port 53 { 127.0.0.1; 10.10.80.0; }; > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Those options should be used carefully because they disable > port > // randomization > // query-source port 53; > // query-source-v6 port 53; > > allow-query { localhost; }; > }; > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > view localhost_resolver { > match-clients { localhost; }; > match-destinations { localhost; }; > recursion yes; > include "/etc/named.rfc1912.zones"; > }; > > Where 10.10.80.0 is my network range. What may I do my server really > listen for all my network? Nowadays it?s listenning just itself .... > > Thanks very much for your attention. > Miguel A. Velasco > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
Romeo Ninov
2008-Aug-28 09:46 UTC
[CentOS] How to enable bind to listen querys from all my network
Set bind to listen to IP, not network, for example 10.10.80.1, no 10.10.80.0 Miguel A. Velasco wrote / nap?sal(a):> Hello all, > > I?ve installed a proxy Squid in my gateway and a Cache DNS Server with > bind. The problem is the server is only resolving is own querys but not > the client queries from my company. > When I do: > $service named start > I see in /var/log/messages: > > starting BIND 9.3.4-P1 -u named -t /var/named/chroot > found 1 CPU, using 1 worker thread > loading configuration from '/etc/named.conf' > listening on IPv6 interface lo, ::1#53 > listening on IPv4 interface lo, 127.0.0.1#53 > command channel listening on 127.0.0.1#953 > command channel listening on ::1#953 > zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 > zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: > > loaded serial 1997022700 > zone localdomain/IN/localhost_resolver: loaded serial 42 > zone localhost/IN/localhost_resolver: loaded serial 42 > running > > I don?t understand why is only "listening on IPv4 interface lo, > 127.0.0.1#53" > I have bind-chroot installed with the following options in > /etc/named.conf: > > options { > listen-on port 53 { 127.0.0.1; 10.10.80.0; }; > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Those options should be used carefully because they disable > port > // randomization > // query-source port 53; > // query-source-v6 port 53; > > allow-query { localhost; }; > }; > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > view localhost_resolver { > match-clients { localhost; }; > match-destinations { localhost; }; > recursion yes; > include "/etc/named.rfc1912.zones"; > }; > > Where 10.10.80.0 is my network range. What may I do my server really > listen for all my network? Nowadays it?s listenning just itself .... > > Thanks very much for your attention. > Miguel A. Velasco > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
Lorenzo Quatrini
2008-Aug-28 10:28 UTC
[CentOS] How to enable bind to listen querys from all my network
Miguel A. Velasco ha scritto:> I have bind-chroot installed with the following options in /etc/named.conf: > > options { > listen-on port 53 { 127.0.0.1; 10.10.80.0; }; > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Those options should be used carefully because they disable port > // randomization > // query-source port 53; > // query-source-v6 port 53; > > allow-query { localhost; };Hi Miguel, you have to edit the allow-query line to allow queries from other host (I have any there, not localhost) I'm not sure about the syntax but I guess you could try to put 10.10.80.* or 10.10.80.0/24 there to allow queries from you network Also remove "10.10.80.0;" from listen-on port as it isn't needed (here you can specify addresses if your server is multi-homed and you want it to listen only on some interfaces) -- Regards Lorenzo Quatrini
Spook ZA
2008-Aug-28 13:10 UTC
[CentOS] How to enable bind to listen querys from all my network
Hi Guys. I installed BIND 9.3.3rc2 straight off the CentOS 5.1 CDs. By default the /var/named/chroot is empty, so all I did was copy the cp -R /usr/share/doc/bind-9.3.3/sample/* /var/named/chroot/ and it inserts a working set of files. Editing /var/named/chroot/etc/named.conf shows a sample setup that listens on all interfaces (which is why I set up the firewall first to block all interfaces) and has 3 views (localhost_resolver, internal and external) Then it is a simple matter to set up forwarders in the options section for caching and off you go. Further tweaking should allow you to restrict the interfaces and adding zones (master/slave/forward) into the appropriate views will allow resolving of internal or domains hosted by the server. By default there is no "listen-on port" option in the sample file, so it listens on the default port (53) on all interfaces. HTH Regards, Andrew. On Thu, Aug 28, 2008 at 11:23 AM, Miguel A. Velasco < miguel.suscripcion at gmail.com> wrote:> Hello all, > > I?ve installed a proxy Squid in my gateway and a Cache DNS Server with > bind. The problem is the server is only resolving is own querys but not > the client queries from my company. > When I do: > $service named start > I see in /var/log/messages: > > starting BIND 9.3.4-P1 -u named -t /var/named/chroot > found 1 CPU, using 1 worker thread > loading configuration from '/etc/named.conf' > listening on IPv6 interface lo, ::1#53 > listening on IPv4 interface lo, 127.0.0.1#53 > command channel listening on 127.0.0.1#953 > command channel listening on ::1#953 > zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 > zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 > zone > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: > > loaded serial 1997022700 > zone localdomain/IN/localhost_resolver: loaded serial 42 > zone localhost/IN/localhost_resolver: loaded serial 42 > running > > I don?t understand why is only "listening on IPv4 interface lo, > 127.0.0.1#53" > I have bind-chroot installed with the following options in /etc/named.conf: > > options { > listen-on port 53 { 127.0.0.1; 10.10.80.0; }; > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // Those options should be used carefully because they disable port > // randomization > // query-source port 53; > // query-source-v6 port 53; > > allow-query { localhost; }; > }; > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > view localhost_resolver { > match-clients { localhost; }; > match-destinations { localhost; }; > recursion yes; > include "/etc/named.rfc1912.zones"; > }; > > Where 10.10.80.0 is my network range. What may I do my server really > listen for all my network? Nowadays it?s listenning just itself .... > > Thanks very much for your attention. > Miguel A. Velasco > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080828/43a232d1/attachment-0005.html>