DNS for LAN

I am not sure whether it is DNS problem.
Please guide me to appropriate forum if this is not DNS problem. Thanks

I am having REdhat Linux 9.0 server acting as firewall and Router having three ethernet cards.
eth0 connected to Internet.
eth1 for LAN-1
eth2 for DMZ
eth3 for LAN-2

I have setup LAN-1 and DMZ network. DNS, Apache and sendmail server are on DMZ. I am distributing Internet bandwidth to LAN-1 as well as DMZ.
I have setup a Domain with DNS server and it works fine for apache as well as sendmail.

I want to setup on more LAN-2 which will be connected to eth3 of server, not have Internet access but it should be able to connect to sendmail server on DMZ and fetch mails from respective users of LAN2 mail boxes on mail server.

Please guide for DNS settings to achieve this.
thanks for support.

I would setup "views" and the BIND dns server will have a private name space on the LAN-1 interface. Then I would configure all machines on LAN-1 to use the dns server on the gateway for resolution including the resolution of whatever domain you setup with LAN-1 addresses.

Here is my /etc/named.conf file.

#########
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
recursion yes;
forward first;
forwarders {
202.63.164.17;
202.63.164.18;
};

query-source address * port 53;
notify no;

};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};


view "trusted" {
match-clients { 192.168.100.0/24; }; // our network
recursion yes;

zone "jalgaontousa.com" {
type master;
// private zone file including local hosts
file "jalgaontousa.internal.com.zone";
};
// add required zones


zone "networkshastrihall.com" {
type master;
// private zone file including local hosts
file "networkshastrihall.internal.com.zone";
};
// add required zones


zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
};

view "badguys" {
match-clients {"any"; }; // all others hosts
// recursion not supported
recursion no;

zone "networkshastrihall.com" IN {
type master;
file "networkshastrihall.com.zone";
};

zone "jalgaontousa.com" IN {
type master;
file "jalgaontousa.com.zone";
};


zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

};

// add required zones

include "/etc/rndc.key";

########

file "networkshastrihall.internal.com.zone" is exactly similar to "networkshastrihall.com.zone" except DNS IP (xxx.xxx.xxx.xxx) is changed to IP of DNS server LAN IP (192.168.100.1) at all places.

I restarted DNS with /etc/init.d/named restart.

Now I disconnected internet connection of DNS server (eth0) and gave command "dig networkshastriuhall.com". It does not work.
I think it should display IP's 192.168.100.1.

Hope i have made problem clear.

I want to set up DNS server for domain "networkshastrihall.com" which shoud resolve domain even when server is not connected to Internet.

Please guide if I am wrong.

Thanks for support.

First stop the server.

rndc stop

Then start the server in the shell and paste for me the messages:

named -u named -g

Then stop the server with Control+C and start it back up:

named -u named

Then show me the results of dig:

dig networkshastriuhall.com

Then I'll have a better idea of what "it does not work" means and what the problem is.

I have performed commnads as you said.
Please find output of commnads in attached file. "DNS-Result"

Thanks for support.
Thanks

Aug 08 14:15:50.950 zone networkshastrihall.com/IN: loaded serial 2004041700
[root@shastrinet1 root]# dig networkshastriuhall.com

someplace you did a typo. Either correct the domain on the server or correct the domain in the dig request. Show me the corrected results.

ya,
It's typo from myside. I am sorry.
Attaching correct results of
"dig networkshastrihall.com"

It gives ANSWER

############
networkshastrihall.com. 900 IN A 202.63.167.192
#######

I think for LAN user it should give LAN gateway IP 192.168.100.1.

Please correct if I am wrong.
Thanks for support.
Thanks

Show me the results for this command:

dig @192.168.100.1 networkshastrihall.com

Also attach a copy of your two networkshastrihall zone files.

Follwoing is the result of "dig @192.168.100.1 networkshastrihall.com" and two zone files.

###########################

[root@shastrinet1 root]# dig @192.168.100.1 networkshastrihall.com

; <<>> DiG 9.2.1 <<>> @192.168.100.1 networkshastrihall.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62735
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;networkshastrihall.com. IN A

;; ANSWER SECTION:
networkshastrihall.com. 900 IN A 10.0.0.2

;; AUTHORITY SECTION:
networkshastrihall.com. 900 IN NS ns2.networkshastrihall.com.
networkshastrihall.com. 900 IN NS ns1.networkshastrihall.com.

;; ADDITIONAL SECTION:
ns1.networkshastrihall.com. 900 IN A 10.0.0.2
ns2.networkshastrihall.com. 900 IN A 10.0.0.2

;; Query time: 1 msec
;; SERVER: 192.168.100.1#53(192.168.100.1)
;; WHEN: Mon Aug 9 16:42:54 2004
;; MSG SIZE rcvd: 124

############################




Follwoing is file "/var/named/networkshastrihall.com.zone"

#############################

$ORIGIN networkshastrihall.com.
$TTL 900 ; 900 seconds default record (T)ime (T)o (L)ive in cache

; Authored by SilentRage
;
; Download Location:
; http://www.dollardns.net/bind/

@ SOA ns1 ( ; ns1.basiczone.com is the primary server for basiczone.com
admin ; contact email for basiczone.com is admin@basiczone.com
2004041700 ; Serial ID in reverse date format
21600 ; Refresh interval for slave servers
1800 ; Retry interval for slave servers
604800 ; Expire limit for cached info on slave servers
900 ) ; Minimum Cache TTL in zone records

NS ns1 ; ns1.basiczone.com is a host for basiczone.com
NS ns2 ; ns2.basiczone.com is a host for basiczone.com

A 202.63.167.192 ; basiczone.com's IP address is 127.0.0.4

networkshastrihall.com. IN MX 10 mail.networkshastrihall.com.


MX 10 mail ; Mail for *@basiczone.com is sent to mail.basiczone.com

ns1 A 202.63.167.192 ; ns1.basiczone.com's IP address is 127.0.0.1
ns2 A 202.63.167.192 ; ns2.basiczone.com's IP address is 127.0.0.2

mail A 202.63.167.192 ; mail.basiczone.com's IP address is 127.0.0.3
www A 202.63.167.192 ; mail.basiczone.com's IP address is 127.0.0.3

#################################

Follwoing is file "/var/named/networkshastrihall.internal.com.zone"

#################################

$ORIGIN networkshastrihall.com.
$TTL 900 ; 900 seconds default record (T)ime (T)o (L)ive in cache

; Authored by SilentRage
;
; Download Location:
; http://www.dollardns.net/bind/

@ SOA ns1 ( ; ns1.basiczone.com is the primary server for basiczone.com
admin ; contact email for basiczone.com is admin@basiczone.com
2004041700 ; Serial ID in reverse date format
21600 ; Refresh interval for slave servers
1800 ; Retry interval for slave servers
604800 ; Expire limit for cached info on slave servers
900 ) ; Minimum Cache TTL in zone records

NS ns1 ; ns1.basiczone.com is a host for basiczone.com
NS ns2 ; ns2.basiczone.com is a host for basiczone.com

A 10.0.0.2 ; basiczone.com's IP address is 127.0.0.4

networkshastrihall.com. IN MX 10 mail.networkshastrihall.com.


MX 10 mail ; Mail for *@basiczone.com is sent to mail.basiczone.com

ns1 A 10.0.0.2 ; ns1.basiczone.com's IP address is 127.0.0.1
ns2 A 10.0.0.2 ; ns2.basiczone.com's IP address is 127.0.0.2

mail A 10.0.0.2 ; mail.basiczone.com's IP address is 127.0.0.3
www A 10.0.0.2 ; mail.basiczone.com's IP address is 127.0.0.3

######################

My network is as follows:

Redhat Linux 9.0 server with three ethernet cards
"eth0" connected to broadband internet connection.
"eth1" to LAN 192.168.0.0
"eth2" to DMZ 10.0.0.1

On DMZ Redhat Linux 9.0 server acts as DNS server having two ethernet cards.
"eth0: having IP 10.0.0.2
"eth1" having Ip 192.168.100.1 which acts as Gateway for other network.

I want Both private networks 192.168.100.0 and 192.168.0.0 to resolve DNS server on LAN so that when Internet access to stopped LAN users will resolve "networkshastrihall.com" to 10.0.0.2 so that web and mail server installed at 10.0.0.2 will work for both LAN's

Thanks for support.

That appeared to work as intended. Now let me see your resolv.conf. And please attach the file, don't paste it cause it ruins formatting and is ugly.

I am attaching resolv.conf.
nameservers in the resolve.conf are nameservers of my ISP.

Well that's the problem right there. When you dig with no explicit server it uses the first name server in your resolv.conf. Therefor, it queried your ISP's server and your ISP's server then queried your server for the IP - which came from the internet interface.

Not only is this looparound slower than it could be, but this results in getting the public IP instead of the private IP when resolving from computer's configured this way.

Change the resolv.conf to this:

nameserver 192.168.100.1

And just rely on the dns server to forward requests to the ISP's server if necessary.

yes, this is dig outout.
#################

[root@shastrinet1 root]# dig networkshastrihall.com

; <<>> DiG 9.2.1 <<>> networkshastrihall.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60667
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;networkshastrihall.com. IN A

;; ANSWER SECTION:
networkshastrihall.com. 900 IN A 10.0.0.2

;; AUTHORITY SECTION:
networkshastrihall.com. 900 IN NS ns1.networkshastrihall.com.
networkshastrihall.com. 900 IN NS ns2.networkshastrihall.com.

;; ADDITIONAL SECTION:
ns1.networkshastrihall.com. 900 IN A 10.0.0.2
ns2.networkshastrihall.com. 900 IN A 10.0.0.2

;; Query time: 1 msec
;; SERVER: 192.168.100.1#53(192.168.100.1)
;; WHEN: Mon Aug 9 22:09:16 2004
;; MSG SIZE rcvd: 124
##############

My DNS server is on IP 10.0.0.2.
Great help
Thanks

are you sure you don't want to change your trusted match-clients to this?

match-clients { 192.168.100.0/24; 10.0.0.0/8; };

Otherwise, any other problems?