newbie struggles....

Mark Page mark at weballistics.com
Wed Apr 7 07:58:06 UTC 2004


Hi all,

I've been trying to set up an authoratitive zone for my domain name 
using the O'Reilly DNS and BIND book, but with no joy.


My network set up is like this :-

Internet <--> firewall <--> DMZ (172.16/16)
                  "     <--> LAN (192.168.4/24)

On the firewall I do NAT for a static block of real ip addresses 
(xx.yy.182.112/29) to the DMZ addresses, which works fine.

I have a domain name which I've delegated the authority for, e.g.

MYDOMAIN.co.uk   xx.yy.182.113   ns0.MYDOMAIN.co.uk
                  xx.yy.182.114   ns1.MYDOMAIN.co.uk

and I can see udp requests arriving for port 53 on the firewall when I 
use an external resolver.


my resolv.conf:-
----------------
[root at prod1 named]# more /etc/resolv.conf
domain MYDOMAIN.co.uk
#nameserver 127.0.0.1
nameserver 172.16.0.20



my named.conf:-
---------------
options {
         directory "/var/named";

         // Uncommenting this might help if you have to go through a
         // firewall and things are not working out.  But you probably
         // need to talk to your firewall admin.

         query-source address * port 53;
};

controls {
         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." {
         type hint;
         file "db.cache";
};

zone "MYDOMAIN.co.uk" {
	type master;
	file "db.MYDOMAIN.co.uk";
	};


zone "16.172.in-addr.arpa" {
         type master;
         file "db.172.16";
};

zone "4.168.192.in-addr.arpa" {
         type master;
         file "db.192.168.4";
};

zone "0.0.127.in-addr.arpa" {
         type master;
         file "db.127.0.0";
};

include "/etc/rndc.key";


the reverse DNS for my static block is looked after by my ISPs 
nameservers but the forward addresses match.

my db.MYDOMAIN.co.uk:-
-----------------------
$TTL 3h
MYDOMAIN.co.uk.		IN	SOA	prod1.MYDOMAIN.co.uk. mark.MYDOMAIN.co.uk. (
						1	; Serial
						3h	; Refresh every 3 hours
						1h	; Retry
						1w	; Expires 1 week
						1h )	; negative chaing ttl
;nameservers
MYDOMAIN.co.uk.		IN	NS	ns0.MYDOMAIN.co.uk.
MYDOMAIN.co.uk.		IN	NS	ns1.MYDOMAIN.co.uk.

;hosts
localhost.MYDOMAIN.co.uk.	IN	A	127.0.0.1

;
; Internet hosts
;
;MYDOMAIN.co.uk		IN	A	xx.yy.182.115
ns0.MYDOMAIN.co.uk.		IN	A	xx.yy.182.113
ns1.MYDOMAIN.co.uk.		IN	A	xx.yy.182.114
www.MYDOMAIN.co.uk.		IN	A	xx.yy.182.115
beta.MYDOMAIN.co.uk.	IN	A	xx.yy.182.116
router.MYDOMAIN.co.uk.	IN	A	xx.yy.182.118
gateway.MYDOMAIN.co.uk.	IN	A	xx.yy.182.117mydomain

;
; LAN hosts
;
;dev.MYDOMAIN.co.uk.		IN	A	192.168.4.37
;windy.MYDOMAIN.co.uk.	IN	A	192.168.4.10
;lan-fw.MYDOMAIN.co.uk.	IN	A	192.16.4.77

;
; DMZ hosts
;
prod1.MYDOMAIN.co.uk.	IN	A	172.16.0.20
;dmz-fw.MYDOMAIN.co.uk.	IN	A	172.16.0.10


with this configuration I can only do lookups (forward and reverse) for 
ns0.MYDOMAIN.co.uk and ns1.MYDOMAIN.co.uk (i.e. only FQDN). All lookups 
for somehost.MYDOMAIN.co.uk is NXDOMAIN. I can't even resolve localhost, 
or the nameservers DMZ hostname PROD1. but I can resolve internet 
addresses fine.

I've commented out my LAN and DMZ to keep everything as minimal as 
possible. I would appreciate any help given.

Regards, -Mark.






More information about the bind-users mailing list