DNS não fuinciona p/ maquinas internas
Sera que alguem poderia me ajudar???
Estou tentando montar um DNS usando Fedora Core 2. Acho que já fiz tudo que podia, mas ainda está
dando problema.
Configurei o arquivos, em /etc e /var/named/chroot/etc:
named.conf
// generated by named-bootconf.pl
options {
directory "/var/named";
listen-on { 127.0.0.1; 192.168.0.0/24; 192.168.0.0; };
allow-query { 192.168.0.0/24; };
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "teste.lab.br" IN {
type master;
file "teste.lab.br";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "teste.lab.br.rev";
};
Configurei os arquivos, em /var/named e /var/named/chroot/var/named
teste.lab.br
$TTL 86400
$ORIGIN teste.lab.br.
@ IN SOA fiona.teste.lab.br. root.fiona.teste.lab.br. (
2005033101;
3H;
15M;
1W;
1D);
IN NS fiona.teste.lab.br.
IN MX mail.teste.lab.br.
fiona IN A 192.168.0.1
gerencia IN A 192.168.0.10
web IN A 192.168.0.53
mail IN A 192.168.0.88
aker IN A 192.168.0.254
E também o arquivo,
teste.lab.br
$TTL 86400
$ORIGIN 0.168.192.in-addr.arpa.
@ IN SOA fiona.teste.lab.br. root.fiona.teste.lab.br. (
2005033101;
28800;
14400;
3600000;
86400);
IN NS fiona.teste.lab.br.
IN MX mail.teste.lab.br.
1 IN PTR fiona.teste.lab.br.
10 IN PTR gerencia.teste.lab.br.
53 IN PTR web.teste.lab.br.
88 IN PTR mail.teste.lab.br.
254 IN PTR aker.teste.lab.br.
Ao dar o comando nslookup, a seguinte resposta é obtida:
[root@fiona root]# nslookup mail.teste.lab.br
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find mail.teste.lab.br: SERVFAIL
[root@fiona root]# nslookup mail
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find mail: NXDOMAIN
Quando dou o comando dig:
[root@fiona root]# dig 192.168.0.1
; <<>> DiG 9.2.3 <<>> 192.168.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3648
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.0.1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM.
2005033100 1800 900 604800 86400
;; Query time: 365 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Mar 31 16:50:00 2005
;; MSG SIZE rcvd: 104
[root@fiona root]# dig teste.lab.br
; <<>> DiG 9.2.3 <<>> teste.lab.br
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23222
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;teste.lab.br. IN A
;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu Mar 31 16:50:30 2005
;; MSG SIZE rcvd: 29
Mais ainda, quando dou o comando netstat:
[root@fiona root]# netstat -an | grep 53
tcp 0 0 192.168.0.1:53 0.0.0.0:* OUÃA
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÃA
tcp 0 0 127.0.0.1:953 0.0.0.0:* OUÃA
tcp 0 0 ::1:953 :::* OUÃA
udp 0 0 192.168.0.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
O que eu faço???? Será que alguém poderia me ajudar?
Ps. NÃO TENHO FIREWALL INSTALADO NA MAQUINA, REMOVI O IPTABLES.
RISOS... E PRA FINALIZAR, A BENDITA CONEXÃO COM SSH QUE FICA CAINDO DIREEEEETO!!! RISOS....
SERÁ QUE TEM SOLUÇÃO, OU DEVO MANDAR O CARA QUE TA MEXENDO (EU) PRA....... RISOS... .
MAAAAAIS UMA COISA.... PRA FORA O DNS FUNCIONA:
[root@fiona root]# nslookup www.usp.br
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: www.usp.br
Address: 143.107.254.11
AGRADEÇO DESDE JÁ!!!!!!
DNS não fuinciona p/ maquinas internas
Primeiro:
listen-on { 127.0.0.1; 192.168.0.0/24; 192.168.0.0; };
isso aqui da para ser:
listen-on { 127.0.0.1; 192.168.0.0/24; };
Tente o seguinte:
"Quoted from: http://www.die.net/doc/linux/man/man5/named.conf.5.html"
Citação:
Access Control
Access to the server can be restricted based on the IP address of the requesting system or via shared secret keys. See Sx ADDRESS MATCH LISTS for details on how to specify access criteria.
allow-query
Specifies which hosts are allowed to ask ordinary questions. allow-query may also be specified in the zone statement, in which case it overrides the options allow-query statement. If not specified, the default is
allow-recursion
Specifies which hosts are allowed to ask recursive questions. allow-recursion may also be specified in the zone statement, in which case it overrides the options allow-recursion statement. If not specified, the default is to allow recursive queries from all hosts.
allow-transfer
Specifies which hosts are allowed to receive zone transfers from the server. allow-transfer may also be specified in the zone statement, in which case it overrides the options allow-transfer statement. If not specified, the default is to allow transfers from all hosts.
blackhole
Specifies a list of addresses that the server will not accept queries from or use to resolve a query. Queries from these addresses will not be responded to.
coloque la:
allow-recursion { 192.168.0.0/24; };
e teste.
DNS não fuinciona p/ maquinas internas
seguinte
vi /etc/resolv.conf
Coloca ali na primeira linha
nameserver IPDOSERVIDOR
e boa!