Answer the question
In order to leave comments, you need to log in
A
A
Artyom N2014-10-31 14:10:48
Artyom N, 2014-10-31 14:10:48
How to properly configure a domain zone within a local network?
What is: a router (192.168.1.1) to which several machines are connected (192.168.1.0/24). It is not possible to change the network configuration.
What you need: raise a domain zone within the network.
I installed BIND on one of the machines (192.168.1.4) and added these tables for the "dev" zone:
Direct:
$TTL 3600
dev. IN SOA ns.dev. company.domain (
2010021701; Serial
3600; Refresh
900; Retry
360000; Expire
3600; Minimum
)
IN NS ns.dev.
ns IN A 192.168.1.4
test IN A 192.168.1.7
test2 IN A 192.168.1.7Reverse:
$TTL 3600
@ IN SOA ns.dev. (
2009121102
3600
900
3600000
3600 )
IN NS ns.dev.
7 IN PTR test.dev.
7 IN PTR test2.dev.I registered primary DNS in the router: 192.168.1.4 and secondary from the provider.
BIND is configured correctly and works, nslookup finds IP by domain from machine 192.168.1.4 (on which it is actually installed). Through a browser using a domain, the web interface of the service running on 192.168.1.7 is opened. On other computers, the domain cannot be found.
Result of nslookup from 192.168.1.3 (Ubuntu 14.04):
> test.dev
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find test.dev: NXDOMAINResult of nslookup from 192.168.1.5 (Win7):
> test.dev
Сервер: UnKnown
Address: 192.168.1.4
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** превышено время ожидания запроса UnKnownI seem to be doing something wrong, but I don't know what. Tell me, please, is it possible to make all computers access BIND at 192.168.1.4 without manually setting DNS on each?
UPD: Result of "nslookup test.dev 192.168.1.4":
;; connection timed out; no servers could be reachednamed config:
options {
directory "D:\Program Files\ISC BIND 9\etc";
forwarders {
85.21.192.5; #dns провайдера
8.8.8.8;
8.8.4.4;
};
listen-on { any; };
listen-on-v6 { any; };
allow-recursion {
127.0.0.1;
192.168.1.0/24;
};
};
# Прямая локальная зона
zone "dev" {
type master;
file "..\zones\dev.db";
};
# Обратная локальная зона
zone "1.168.192.in-addr.arpa" {
type master;
file "..\zones\dev-reverse.db";
};UPD2: The problem is solved - the firewall blocked access to the server.
3 answer(s)
@nobr
@bk0011m
Are you describing hosts?
@microphone
B
brutal_lobster, 2014-10-31 @nobr
1. It is incorrect to specify local and external at the same time - there will be problems with the resolution of the internal zone. The provider does not know anything about it.
2. Since the bind works locally, the problem is most likely in the firewall (or it does not listen at all on the external interface)
3. When checking with 1.3, it is clear that the machine is accessing its local recursor. This recursor doesn't know anything about your inner zone either.
S
Sergey, 2014-10-31 @bk0011m
in the direct zone, second line. remove the dot after dev
Next IN then why?
This is how it should be:
ns A 192.168.1.4
test A 192.168.1.7
test2 A 192.168.1.7Are you describing hosts?
M
microphone, 2014-10-31 @microphone
1) why on ubunt the request goes to 127.0.1.1???
2) there is a parameter that will specify the server for the
nslookup. For example, "nslookup ya.ru 8.8.8.8" will make a request to Google's dns and ask who ya.ru is
3) bind can be configured as a caching DNS, it will accept requests from all local users , and if there is no address in the server's cache, it requests further from your provider's DNS.
4) and then specify the zone specifically test.dev
zone "test.dev" {...
Why? Yes, so that the hosts that your server in the dev zone could give to the server that knows about them. Otherwise, you will receive an answer that there are no names in this zone, except for test.dev
Similar questions
P
B
W
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question