I can configure a caching-only name server fine, but how do I make it forward DNS queries too?
I'm thinking I could add the below to the options stanza in the /etc/named.conf file:
what is bind vs bind-chroot vs caching-nameserver ?what is the different between eatch others ?
View 7 Replies View RelatedI would like configure a DNS server on Debian, only to forward through my ISP DNS servers.
View 4 Replies View RelatedI am currently running the latest version of Bind, and for some completely unknown reason I can NOT get queries to work for PTR records. All queries to the servers for reverse name lookup get query denied:
Using domain server:
Name: 66.150.173.1
Address: 66.150.173.1#53
Aliases:
Host 27.173.150.66.in-addr.arpa not found: 5(REFUSED)
And it shows in my logs:
I am at my wits ends with the piece of crap. Can anyone shine some light on why this damn Bind install won't respond to these queries?
For reference here is my named.conf:
Code:
I have this ISP grade Nameserver running on BIND 9.5 on Fedora Core 9 64 Bit.
Its been pretty working well for sometime until a last week when we noticed it stopped resolving for our clients using on our service.
It gives correct authouritative answers for our own ISP domain with the A, PTR and MX intact but does not return resolving queries back to clients.
Below are my files
This is the message from /var/log/messages
The 41.223.x.x and 41.215.x.x ip address are from our ISP subnet and so are our own clients being denied.
The box is also hosting our traffic graph server which is on a LAMP but listens on another IP/ethernet card.
So far the load on the server is minimal as is a Dell R200 rack server.
I am bit new to Linux and have setup caching-only name server with Centos 5.5. when i do dig server, it provide resolutions. but when i use the server IP as DNS on my windows client, it says, "connection refused" on the NSlookup output. (IP table didn't enable) My server Ip is 192.168.1.253 and bellow is the configuration of "/var/named/chroot/etc/named.conf"
options {
listen-on port 53 { 127.0.0.1; 192.168.1.253; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt"; .....
I have installed BIND 9.6.1-P3-RedHat-9.6.1-16.P3.fc12 on Fedora Core 12.
I found out that when i perform i DNS lookup to a some record that is not in the DNS cache or zones(means...recursive) it takes about 4 sec to give the IP results.
I dig a little bit on the internet and found out that it is a known issue but all places says that it is fixed on newer version of BIND (after version 9.3)
I tried:
1. start BIND with -4 argument ( named -4) - the server started but no changes on the delay.
2. disable IPV6 on the server - i tried the articles on the web but still i get IPV6 address.
However I just built a 10.10 server, installed webmin, vmware, and the server is working perfectly. I configured my bind 9 server using the latest webmin and on the server everything resolves perfectly to both the internet and lan. I have it set to 127.0.0.1, the server ip address is 10.1.50.25. However, it will not accept dns client queries in which they cannot resolve to the lan or internet. I have the dhcp giving out the dns server 10.1.50.25. NSLOOKUPS from the client show query refused. I know there has to be some setting or config that will allow clients to query but I am not able to locate it, and I am not totally knowledgeable of named.conf and been all through the webmin module and configuration settings.
View 6 Replies View RelatedI will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
My DNS server used to work flawlessly but for some reason it no longer responds to queries. It seems that named always queries internet root serves!!
View 3 Replies View RelatedI have internal-only email server that has internal BIND9 running. Thought it only has its IP address defined in /etc/resolv.conf, it is still resolving outside addresses.
View 2 Replies View RelatedI am trying to setup a Caching-Name Server for my lab but I am unable to locate the named.caching-nameserver.conf under /etc directory. I am trying to use this file as a template.I already checked the /usr/share/doc/bind-* for samples but unable to find it.I am using RHEL5 with bind and bind-chroot packages installed.
Can someone tell me where I can find named.caching-nameserver.conf file? Also, I notice that there isn't /etc/named symbolic link... do I have to create the sym link to /var/named/chroot/etc/bind.conf
How often are dns queries sent? Assume I want to connect to a ssh server, will I send one dns-query in order to do that or do I send multiple during my connection? What if I request web-pages, do I send a query only when I enter a site or will I send queries every time I visit a new page on that site?
I'm asking since I'm considering getting an account at dyn.com (the standard account for $30/yr) and it comes with 600 000 queries per month (which is way more than I expect to get but knowing exactly what it means is always good).
Is there a way to run queries against a Microsoft sql server from linux? Here is what I would like to do. When I create apps that us db back end I would like to quickly check results of my queries. so if I could do something like "select * form Orders" from the terminal or another app that would be great.
View 6 Replies View RelatedI have my bind9 DNS server running on Ubuntu with logging on. What's bothering me is that I have log full of localhost queries instead of from IP of the computer which actually asked.DNS queries log:/var/log/named.queries.log
Code:
24-Feb-2011 16:01:19.413 client 127.0.0.1#38022: query: clients4.google.com IN A + (127.0.0.1)
[code]....
I chose -Server-, if this is more appropriate in -Networking-, just let me know. Basically, I need to be able to merge responses stored in a zone file with responses from an "upstream" authoritative server. I'm in the sad position of needing to "intercept" requests to *part* of a domain (but not restricted to a sub-domain!) and return results for *some* hosts that use an internally routed address, and results for the rest using the public internet addresses. Unfortunately, it's not my domain, so I can't just use views (although I suspect they could end up having some part to play in this, at least potentially)... but instead I have to actually send requests recursing to the other site's external DNS for any hosts my server doesn't have records for in the zone file.
Some background on the situation:
I work at a local government, which has a private link / VPN connection to a state government entity, and needs to use internal addresses for some of the state servers, which then get routed over an "internal" network link. But the state uses the same domain name internally and externally, just presenting views to internal clients vs. external clients. -- However, we are only being allowed access to certain of their servers through the internal link, which means that for any other servers that we don't have internal/private access for, we have to visit the public addresses just like anyone else on the internet... So, I can't just send all requests to their internal DNS and get responses, because we'd get IPs for some servers (e.g. their main web site) that we wouldn't then be able to reach using the internal network link.
For Example: Say I have a client machine, "client1", on my network ("my.net"), which uses "mydns1.my.net" for name resolution ... and which needs to access 2 servers on the state network, "private.st.us" and "public.st.us" -- so named based on how "my.net" needs to access them.
The external state DNS server/view ("ext-dns.st.us") responds to requests with something like:
private.st.us -- 1.2.3.456
public.st.us -- 1.2.3.457
(Those are just crap addresses, obviously.
The internal state DNS server/view ("int-dns.st.us") responds to requests with something like:
private.st.us -- 10.0.0.8
public.st.us -- 10.0.0.10
This works on their network because their own clients have access to all such IPs.
But for us, they only allow traffic flowing between "my.net" and their internal network to reach the 10.0.0.8 address, blocking all other address destinations. So, when "client1.my.net" asks "mydns1.my.net" for the address of "public.st.us", I need "mydns1" to recurse out to "ext-dns.st.us" to get an answer (1.2.3.457) and then return that IP to "client1" -- because "my.net" is blocked from accessing the server's 10.0.0.10 address. But, when client1 asks mydns1 for "private.st.us" I need to pull the IP (10.0.0.8) from a local zone file instead of asking either of the state DNS servers -- or optionally forward the request to "int-dns.st.us" I suppose -- because the state blocks access to certain services (which we need and are the whole cause of this problem!) via the public (1.2.3.456) address.
I have configured Master and Slave DNS server in Red Hat Linux 4 Enterprise. I want to know about what is a Caching Nameserver and in which situation we use it? If there is a master and slave DNS server we can use cache name server as well ?
View 7 Replies View RelatedI found in the following mail thread: [URL] That we can add, netgroup: caching compat and also the netgroup caching rules stanza in nscd.conf But the mail thread is for FreeBSD Unfortunately, I can't get any reference for RHEL 5.x I need to do exactly same stuff. The following line in my nscd.conf was enuf to leave me disheartened, :'(# Currently supported cache names (services): passwd, group,hosts The nsswitch.conf on my system works only with following: netgroup: nis Does neone knows if netgroup caching is supported by nscd.conf.
View 1 Replies View RelatedI have a Bind DNS caching-only server setup that is working. I am bringing up a new AD domain controller that will also be a DNS server for that AD but I don't want it responding to any DNS queries except those that are AD related.So, my goal is to leave this caching server as the primary DNS server for stations on the network and have it forward requests for the AD domain to the domain controller.My understanding is that I just need a forward zone for that domain pointing to the domain controller. However it does not seem to be working.So that leaves me to think that my caching server is not forwarding properly.
For example, this AD is going to have a naming convention of hostname.mydomain.local.If I do an nslookup and specify the domain controller's IP address as the server, I can query addresses that exist in DNS on that server, such as dc1.mydomain.local.However, queries to my caching server times out (I get a response from the caching server if I query mydomain.local but none of the objects in that domain) Here is my named.conf file:
options {
directory "/var/named";
listen-on { 192.168.0.14; 127.0.0.1; };
[code]....
trying to configure a Centos 5.5 server (simple file server with DHCP and DNS relay). I configured and tested the config (by 'service dnsmasq configtest') of dnsmasq and I got the message 'dnsdomain:host unknown (translation of the real message : hte inconnu) and I didn't find where I could define this host ! The hostname of the server is well defined and I can see it from all Windows PC's on the LAN. dnsmasq starts (with hte same message as in configtest) but when querying DNS from PC's te.g. trying to surf the Internet), I don't get replies (3 DNS servers are also well defined and operational).
View 2 Replies View RelatedI am looking into creating a web caching server for myself using fedora 10. I believe I need to use squid for this but it seems to have a lot of features. Basically, all I want for now is to be able to cache web pages that I and my network users use the most, increasing access time and lowering the load on my internet connection. Can squid do this and can someone point in the right direction on an article on how to configure such a thing?
View 5 Replies View RelatedBasically, i have a clustered filesystem using GlusterFS. This is ultimately going to host a very large number of files.
It is mainly used as a storage destination for backups, and historical copies of files.
Remote servers sync using unison every few minutes. A local script will run over the whole filesystem once per hour looking for new files/folders, and files that have been updated based on their timestamp.
99% of filesystem access is browsing the directory structure, listing directory contents and checking the modification times of files. Access to the actual content of a file is minimal. Only a tiny fraction of the filesystem is actually modified from hour to hour.
GlusterFS alone is quite slow when browsing the directory structure. (ie. "ls -Rl /data") The speed of things for actually transferring file content is sufficient for my requirements.
What I need is to vastly improve performance when running operations such as "ls -Rl /data". (/data is the mount point)
I believe the best way to do this is to implement caching. The cache options within GlusterFS are simply not sufficient here.
My first thought was to re-export the GlusterFS mount with NFS, and then mount the NFS share and set the cache on the client to a very long expiry. (like 86400 = 24 hours) It is my understanding that any change made to a file using the mount point will invalidate the cache entry for that file. (it is only mounted in one place, so no changes possible at the back end.)
I did this using the kernel based NFS server, but ran into major problems with the "Stale NFS" errors which from reading is due to a problem related to FUSE that doesnt sound like its going to be fixed soon. Aside from the Stale errors, this did provide a suitable boost in performance.
I tried the beta of GlusterFS that has the integrated NFS server (so presumably, no FUSE) but I could not get this to compile properly on our servers.
Finally, I tried using the Gluster patched version of unfs3 that uses boost to talk to Gluster instead of FUSE. Now this works, but for some reason the NFS client cache doesnt seem to cache anymore.
One last thing that I was looking at is the possibility of running a simple cache layer in front of either GlusterFS or NFS. I believe Cache-FS is the tool for the job but I have been unable to get that to work - I believe it is disabled in my kernel or something. (mount command says cachefs is unknown)
I am running Ubuntu 8.04 on most servers, but have upgraded one to 10.04 to try and get around Kernel limitations. My servers are all 32 bit (I know, not recommended for GlusterFS) and its very difficult for me to change this. (its a live system)
I quite simply need to add a cache for the directory structure information, and then maybe export this with NFS so that it can be mounted on a *single* server. (the cache can be on the server where it is mounted if required, but due to the large size of the cache - it may be better to have a server dedicated for the cache)
I am running GlusterFS 3.0.5 in a replicate/distribute manner.
There is this server that is running a lot of websites and runs varnish for caching for performance boosting. But I want to somehow remove certain URLs from caching which change frequently. But I do not want to remove complete domains from caching but certain URLs from the websites. Is there any way to remove those pages from caching?
View 2 Replies View RelatedIs there anything like a persistent caching proxy available in linux for me to configure, ie not public? (persistent meaning the cache remains in hard disk between reboots) Is it possible that it NEVER looks for any update to a page that is available in the cache?
View 1 Replies View RelatedI'm running into a little trouble trying to configure bind as a caching dns server on centos 5.6. for debugging purposes I've got iptables and selinux turned off, but I can't get see the dns service on my local network. on my server itself I can run nmap against it and see that port 53 is open, but if I try it from another computer on my network the port is closed.
View 7 Replies View RelatedI have registered 2 nameservers running bind for a certain domain. The log file of my domain name provider (SWITCH) shows the following warning:
Warning Der Name-Server ns.xxxxx.ch (nn.nn.nn.nn) beantwortet rekursive Anfragen.
In English that would be:
Warning: Name-Server ns.xxxxx.ch (nn.nn.nn.nn) answers recursive queries.
The NS triggering the warning is running openSUSE 10.2 and the other one 11.1. Both configuration files /etc/named.conf are equivalent (well, forwarders are different). There is no such warning for the NS with 11.1. When I add "recursion no;" to the options in /etc/named.conf the warning goes away, but FF or SeaMonkey running on the server no longer get their DNS requests resolved.
I recently turned on query logging on our name server and immediately saw repeated queries for . (dot). I've not seen this before. It looks like a really sloppy DOS. What would this return if my NS was misconfigured?
May 13 18:11:41.710 queries: info: client 91.202.63.129#56089: query: . IN NS
May 13 18:11:42.083 queries: info: client 91.202.63.129#62826: query: . IN NS
May 13 18:11:42.788 queries: info: client 91.202.63.129#13620: query: . IN NS
[code]....
I want to configure proxy caching on my openSUSE boxYast >>> Proxy >>>
View 5 Replies View Relatedwhat i need, I got two servers for about 4000 users and 300 servers and well the guy never setup dns caching right, so im redoing it. Now my goals
1) DNS cache
2) Transparent Squid Cache only
3) Load Balance - at switchlevel
Upgraded Hardrives to SSD 2x32gb each server 4gb of ram 2x Dell poweredge 850's - p4 2.8 (single cores) So any advise , pointers , expeirnces and best ways to do this being both server will do both dns caching and squid! Also is bind9 the best for this?? i seen stuff about DNSmasq what performs better( i dont need DHCP)
I've set up a caching nameserver on my laptop running Fedora 11. The problem with this is that NetworkManager always overwrites the entry that points to the local nameserver. NetworkManager no longer respects /etc/dhclient.conf or at least its scripts run after dhclient.conf. Also it doesn't respect /etc/sysconfig/ network-scripts/ifcfg-* setting of DNS{1.2}.The man page of NetworkManager describes scripts that run in /etc/NetworkManager/dispatcher.d which can be run when interfaces are brought up and down. I've written a script that will put the entry needed for the local nameserver.
View 1 Replies View Related