Newbie to Local DNS how to?

Hi,

The basic question is how to get our local DNS working?

I'm running OSX server Tiger 10.4.6 on a G4 with two Ethernetcards.
One for Wan (EN0) with these setting;
10.0.0.151
255.255.255.0
10.0.0.138
DNS-Servers
192.168.0.1 (our lan)
194.109.104.104 (our ISP DNS)
194.109.9.99 (our ISP DNS)
One for Internal LAN (EN1)with these settings
192.168.0.1
255.255.255.0
192.168.0.1
DNS-Servers
None, will be suplied via DHCP server in ServerAdmin

Our server is setup for Mail, FTP, DHCP, DNS, Firewall, Nat, AFP Windows.
Everything works fine, we get our mail, our files via FTP and we can connect to the internet. Except I can't get local DNS working !
I've read and tried already any suggestion posted here but I'm stucked.
The Server is setup as a standolane server.

DHCP setup; en1, startingadress 192.168.0.2 ending 192.168.0.255
Router 192.168.0.1 DNS Default domain; eps-amsterdam.nl Nameservers; 192.168.0.1 and 194.109.9.99 LDAP Server Name; 192.168.0.1 WINS Primary Server 192.168.0.1 NBT Node; broadcast (b-node)

DNS setup; General; marked Zonetransfer and Recusion,
Zones; Name: eps-amsterdam.nl, Primary Name Server: osxservereps, Primary Name Server Adress: 192.168.0.1
Machines;
Name: osxservereps Primary Adress: 192.168.0.1
Name: osxservereps Primary Adress: 10.0.0.151 and some printers with static IP-Adresses

Firewall setup; 10-net allow: 21, 113, 625, 3283, 5900,
192.168.0-net alow all trafic
Advanced; default settings after installation

Nat; IP Forwarding and NAT

I've edit the hostconfig file with
HOSTNAME=osxservereps.eps-amsterdam.nl
I've done the sudo hostname osxservereps.eps-amsterdam.nl
I've used the changeip /LDAPv3/127.0.0.1 etc.

My named.conf;
osxservereps:/etc edvandermeer$ cat named.conf
//
// Include keys file
//
include "/etc/rndc.key";
// Declares control channels to be used by the rndc utility.
//
// It is recommended that 127.0.0.1 be the only address used.
// This also allows non-privileged users on the local host to manage
// your name server.

//
// Default controls
//
controls {
inet 127.0.0.1 port 54 allow {any;} keys {
"rndc-key";
};

};
options {
directory "/var/named";
recursion true;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;

};

//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "eps-amsterdam.nl" in {
file "eps-amsterdam.nl.zone";
type master;
};

zone "0.168.192.in-addr.arpa" IN {
file "db.192.168.0";
type master;
};

zone "0.0.10.in-addr.arpa" IN {
file "db.10.0.0";
type master;
};

logging {
category default {
defaultlog;
};

channel defaultlog {
file "/Library/Logs/named.log";
severity info;
print-time yes;
};
};

What am I doing wrong ???
Any suggestion is very welkom

Ed

G4, Mac OS X (10.4.6)

Posted on May 4, 2006 3:16 AM

22 replies

May 10, 2006 5:06 AM in response to Leif Carlsson

Also the NAT interface needs to be on top of the list in Network config for routing to work.

EdvanderMeer Author

Level 1

10 points

May 10, 2006 10:28 PM in response to Leif Carlsson

Good morning !

O.K. I've changed to one nameserver 192.168.0.1 in DHCP-tab and have the ISP DNS IP's placed in named.conf as forwarders. In my Network config en0(WAN) is the first interface with Staic IP from our ISP 80.126.96.57 with 10.0.0.138 as router and 194.109.104.104 and 194.109.6.66 as DNS Servers.
Network config en1(LAN) is the second interface with IP 192.168.0.1 with 192.168.0.1 as router and 192.168.0.1 as DNS Server.
So for wich one is this ment ? ....And use only 192.168.0.1 or 127.0.0.1 in Network config (one interface is sufficient) on server also (it should talk to it's own DNS).....

Our IP 80.126.96.57 is static and registered with eps-amsterdam.xs4all.nl and eps-amsterdam.nl
; <<>> DiG 9.2.2 <<>> eps-amsterdam.nl
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12787
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;eps-amsterdam.nl. IN A

;; ANSWER SECTION:
eps-amsterdam.nl. 86400 IN A 80.126.96.57

;; Query time: 21 msec
;; SERVER: 194.109.104.104#53(194.109.104.104)
;; WHEN: Thu May 11 07:19:21 2006
;; MSG SIZE rcvd: 50

eps-amsterdam:~ edvandermeer$ dig eps-amsterdam.xs4all.nl

; <<>> DiG 9.2.2 <<>> eps-amsterdam.xs4all.nl
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41250
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;eps-amsterdam.xs4all.nl. IN A

;; ANSWER SECTION:
eps-amsterdam.xs4all.nl. 26783 IN A 80.126.96.57

;; Query time: 60 msec
;; SERVER: 194.109.104.104#53(194.109.104.104)
;; WHEN: Thu May 11 07:19:40 2006
;; MSG SIZE rcvd: 57

"Getting DNS answers from 194.109.104.104 and 194.109.6.66 back to LAN users requires extra firewall rules. " How to do that ? New adressgroup with these IP's and allow Inbound queries or Responses to outbound ?

EdvanderMeer Author

Level 1

10 points

May 10, 2006 11:13 PM in response to Leif Carlsson

In ServerAdmin>>System>> I see only a DNS name for en0 and not for en1
Is that normal?

May 11, 2006 3:06 AM in response to EdvanderMeer

"en0(WAN) is the first interface with Staic IP from our ISP 80.126.96.57 with 10.0.0.138 as router and 194.109.104.104 and 194.109.6.66 as DNS Servers."

The router should be something like 80.126.96.1
The modem/router in modem/bridge mode isn't involved (10.0.0.138).

And I said the server should be looking at itself only for DNS (80.126.96.57), 127.0.0.1 or 192.168.0.1 (don't allow external access to internal DNS).

EdvanderMeer Author

Level 1

10 points

May 12, 2006 5:43 AM in response to Leif Carlsson

Sorry I forget to say the modem is setup as "SIP Spoof" wicth means "Routed PPPoA without NAT" I can't get to work in Bridge mode. So there's the 10.0.0.138 router from. Also have placed only 192.168.0.1 in DNS Servers for the WAN but still no lookup succes!

EdvanderMeer Author

Level 1

10 points

May 12, 2006 5:55 AM in response to EdvanderMeer

Forget about "In ServerAdmin>>System>> I see only a DNS name for en0 and not for en1
Is that normal? " Was I think because of the wrong DNS Names.

But in system log I see this: BIND ??
May 12 14:49:12 eps-amsterdam configd[44]: target=enable-network: disabled
May 12 14:49:13 eps-amsterdam ntpd[256]: bind() fd 5, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=1 fails: Address already in use
May 12 14:49:13 eps-amsterdam ntpd[256]: bind() fd 5, family 2, port 123, addr 127.0.0.1, in_classd=0 flags=0 fails: Address already in use
May 12 14:49:13 eps-amsterdam ntpd[256]: bind() fd 5, family 2, port 123, addr 80.126.96.57, in_classd=0 flags=1 fails: Address already in use
May 12 14:49:13 eps-amsterdam ntpd[256]: bind() fd 5, family 2, port 123, addr 192.168.0.1, in_classd=0 flags=1 fails: Address already in use
May 12 14:49:14 eps-amsterdam /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
May 12 14:49:14 eps-amsterdam /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Flushed rules
May 12 14:49:15 eps-amsterdam pop3[114]: login: [192.168.0.12] rob plaintext User logged in
May 12 14:49:16 eps-amsterdam kernel[0]: nmbd[266] uses send/recv on a pipe
May 12 14:49:20 eps-amsterdam ARDAgent [274]: ******ARDAgent Launched ******
May 12 14:49:20 eps-amsterdam /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:nat divert rule for interface 'en0' added to firewall
May 12 14:49:20 eps-amsterdam /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Enabled firewall
May 12 14:49:20 eps-amsterdam ARDAgent [274]: ServerNotificationReplyHandler: serverEntryRef is NULL
May 12 14:49:20 eps-amsterdam ARDAgent [274]: ******ARDAgent Ready ******
May 12 14:49:21 eps-amsterdam /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:natd launch requested
May 12 14:49:21 eps-amsterdam /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:Deleted old NAT rule
May 12 14:49:21 eps-amsterdam /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:nat divert rule for interface 'en0' added to firewall
May 12 14:49:29 eps-amsterdam ntpd[256]: sendto(17.72.133.42): Bad file descriptor

BIND ??

May 12, 2006 12:20 PM in response to EdvanderMeer

"Sorry I forget to say the modem is setup as "SIP Spoof" wicth means "Routed PPPoA without NAT" I can't get to work in Bridge mode. So there's the 10.0.0.138 router from"

That doesn't make sense.

In bridged mode the server should do the PPPoE login, the modem should be transparent. If that works or not I can't say.

In modem bridged mode can the server connect to your ISP using PPPoE or not (can you for example surf the net using your ISP DNSes while connected)?

With modem in bridge mode you could setup an alias interface on the server WAN (using an IP in the 10.0.0.0/24 network different from the one the modem use) so you still can have a look into the modem to see connection parameters.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Newbie to Local DNS how to?