Welcome to the Linux Foundation Forum!

Lab 6.2 always get DNS reply from internet

wAn
wAn Posts: 2
edited December 2016 in LFS211 Class Forum

I tried to do Lab 6.2 with centos 7 virtual machine. But dig @localhost always get replies from internet:


[wan@centos ~]$ dig @localhost www.exapmle.com A ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> @localhost www.exapmle.com A ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23488 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.exapmle.com. IN A ;; ANSWER SECTION: www.exapmle.com. 3497 IN A 103.224.182.207 ;; AUTHORITY SECTION: exapmle.com. 172696 IN NS ns2.above.com. exapmle.com. 172696 IN NS ns1.above.com. ;; ADDITIONAL SECTION: ns1.above.com. 172696 IN A 103.224.212.5 ns1.above.com. 172696 IN A 103.224.182.5 ns2.above.com. 172696 IN A 103.224.182.6 ns2.above.com. 172696 IN A 103.224.212.6 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: 二 12月 06 21:51:12 CST 2016 ;; MSG SIZE rcvd: 166

But dig from another host get the desired result. DNS is working.


wan@sucrose:~$ dig @centos foo.example.com A ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @centos foo.example.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7800 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foo.example.com. IN A ;; ANSWER SECTION: foo.example.com. 30 IN A 192.168.121.11 ;; AUTHORITY SECTION: example.com. 30 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 86400 IN A 127.0.0.1 localhost. 86400 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 172.18.207.35#53(172.18.207.35) ;; WHEN: Tue Dec 06 21:39:28 CST 2016 ;; MSG SIZE rcvd: 127

I need help.

config file:


[root@centos ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "example.com" IN { type master; file "example.com"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

zone file:


[root@centos ~]# cat /var/named/example.com $TTL 30 @ IN SOA localhost. admin.example.com. ( 2016120907 ; serial YYYYMMDDRR format 3H ; refresh 1H ; retry 2H ; expire 1M) ; neg ttl IN NS localhost.; www.example.com. IN A 192.168.111.45 www.example.com. IN AAAA fe80::22c9:d0ff:1ecd:c0ef foo.example.com. IN A 192.168.121.11 bar.example.com. IN CNAME www.example.com. ;generate one hundred entries host1 thru host100 $GENERATE 1-100 host$.example.com. IN A 10.20.45.$

errors:


[root@centos ~]# systemctl status named.service -l ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since 二 2016-12-06 21:55:44 CST; 3min 54s ago Process: 2469 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS) Process: 2460 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 2473 (named) CGroup: /system.slice/named.service └─2473 /usr/sbin/named -u named 12月 06 21:55:44 centos.home named[2473]: zone localhost.localdomain/IN: loaded serial 0 12月 06 21:55:44 centos.home named[2473]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 12月 06 21:55:44 centos.home named[2473]: zone localhost/IN: loaded serial 0 12月 06 21:55:44 centos.home named[2473]: all zones loaded 12月 06 21:55:44 centos.home named[2473]: running 12月 06 21:55:44 centos.home systemd[1]: Started Berkeley Internet Name Domain (DNS). 12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'www.exapmle.com/A/IN': 2001:7fe::53#53 12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53 12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'com/DS/IN': 2001:503:ba3e::2:30#53 12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'com/DS/IN': 2001:500:3::42#53

 

Comments

  • wAn
    wAn Posts: 2
    edited December 2016

    I think I didn't set /etc/resolv.conf correctly. Problem solved after I changed my ip settings from static to dhcp.

Categories

Upcoming Training