NetReg DNS Blackhole help

I have been working on this NetReg project and I have hit a snag when putting our NetReg server into production.

The goal is to have all clients who receive this DNS server as via DHCP have all of their DNS requests resolve to the Netreg box for registration.

While on the test server, everything worked fine with a single interface. Now in going into production I am having trouble getting DNS to respond on multiple interfaces.

For example: x.x.180.254
x.x.181.254

These are two of my 19 interfaces and I need DNS to resolve to multiple addresses. How should I modify my named.conf and my db.root to allow this? When I do an nslookup from my test client, I get - "Cant find server name for address x.x.x.x"
"Default server unavailable."

I'm sure that named is running as I can see it with ps aux | grep named and I can see it starting in the syslog.

I know I have connectivity between the Netreg server and the client. I can run nslookups on the Netreg server and they resolve correctly to the netreg server. When the client does a nslookup agains the netreg server, they get a DNS lookup timed out message. I am sniffing the wire, and i can see the UDP packets going back and forth. But I'm not seeing the query show up in the DNS query log.

Here are my conf files:

Resolv.conf:
Nameserver x.x.12.210 (real)
Nameserver x.x.180.254 (netreg)
------------------------
Named.conf:
Options {
Directory "/etc/";
Recursion no;
};

Zone "." in {
Type master;
File "db.root";
};
------------------------
Db.root:
$TTL 3600

@ IN SOA netreg.cnu.edu. root.netreg.cnu.edu. (
2
10800
3600
604800
86400
IN NS netreg.cnu.edu.
*. 86400 IN A x.x.180.254
*.edu 86400 IN A x.x.180.254
*.cnu.edu. 86400 IN A x.x.180.254

254.180.x.x.in-addr.arpa. IN PTR netreg.cnu.edu.
-------------------------

If you could help me out on this, I would be very grateful. Thanks in advance for any help you might be able to provide.

show me the response to this command on the dns server:

netstat -an | grep ':53'

Also make sure that there isn't a firewall preventing queries from making it to the dns server.

Silent Rage,

Thanks for the suggestion - when I did the first netstat i didnt get any results. So, I disabled the firewall on that server. Then when I ran the netstat command, I got that it was listening on all of the interfaces on port 53.

Now, my issue is that nslookup always resolves to the
x.x.180.254 address no matter what. So, hotmail will resolve to x.x.180.254 when I am on the x.x.181.0 network. I need the server to resolve to multiple IPs, correct? Where do I allow that to happen?

Thanks so much for the help!
-AC

Show me the results for this command executed on the dns server:

dig www.hotmail.com

Also show me the results of the following command:

named -u named -g

-----------------------------------------
Here are the results:

Dig hotmail.com -

;; QUESTION SECTION:
;hotmail.com. IN A

;; ANSWER SECTION:
Hotmail.com. 86400 IN A x.x.180.254

;; AUTHORITY SECTION:
. 3600 IN NS netreg.cnu.edu.

;; ADDITIONAL SECTION:
netreg.cnu.edu. 86400 IN A x.x.180.254

;; Query time: 1 msec
;; SERVER x.x.180.254#53 (x.x.180.254)
;; WHEN: Mon Aug 9 21:37:08 2004
;; MSG SIZE rcvd: 88

-----------------------------------------
named -u named –g

loading configuration from ‘/etc/named.conf’
no IPv6 interfaces found
listening on IPv4 interface lo, 127.0.0.1#53
binding TCP socket: address in use
listening on IPv4 interface eth1, x.x.180.254#53
binding TCP socket: address in use

- this continues for all 19 interfaces

listening on IPv4 interface santoro215, x.x.215.254#53
binding TCP socket: address in use

Couldn’t add command channel 127.0.0.1#953: address in use
Ignoring config file logging statement due to –g option
Zone ./IN: loaded serial 2
Running
Client x.x.215.6#1217: query: download.avast.com IN A
-- then there are several more query listings...

--- Again Silent - Thanks for all of the help!!

attach a copy of your named.conf. Don't paste it, attach it.

Silent Rage,

I have attached my named.conf. Let me know if you need any more config files.

-Andy

I see what the problem is, but I need more information. It appears to be a conflict of purposes and we need to find a nice happy harmony in your DNS server to accomplish these conflicting purposes.

1) Why is "recursive" set to "no" if you want your server to resolve hotmail.com?
2) Tell me why you have a strange db.root file.

Good Morning,

Just to make sure that we're still on the same page:
This is a dummy DNS server. All queries should resolve to x.x.180.254 if you're on the 180 VLAN, x.x.181.254 if you're on the 181 VLAN, etc. The purpose of this is to have hotmail.com or any other query resolve to my NetReg box, thus trapping the user and making them register their machine with the NetReg server, before receiving a valid DNS server entry via DHCP.

1) The named.conf file was provided in the NetReg install. The recursive option was set to "no" for me. [see attached file]

2) The db.root file was also provided with NetReg, and I have tweaked it somewhat trying to get things to work. The original file looked like this: [see attached file]

The server currently works the way I want it to, on the x.x.180.0 network. Clients are getting the correct DNS (bogus) DNS server and resolving to the NetReg box whenever they type cnn.com into their browsers. They will then register their computers, and complete the process.
The remaining issue is that clients on the x.x.181.0 network are getting the correct bogus DNS server (x.x.181.254) but that server is resolving all querries to the x.x.181.254 address.

Sorry if I am reapeating myself, but I just wanted to make things clear. Thanks.

-AC

"The remaining issue is that clients on the x.x.181.0 network are getting the correct bogus DNS server (x.x.181.254) but that server is resolving all querries to the x.x.181.254 address."

Did you typo? Did you mean the server is resolving all queries for the x.x.180.254 address? If so, then you need to setup "views" so that each interface is on a different name space. My server's config uses views:

http://www.dollardns.net/bind/advanced/named.conf

Thanks for the advice. I added views for 4 of my VLANS -
x.x.180.0
x.x.181.0
x.x.182.0
x.x.183.0

Then I went to try nslookup and see what happened. It looks to me like I need to add a seperate db.root for each VLAN that I have created a view for. Is that correct?

** NOTE - I have added seperate db.root files for each interface - db.root.181 for example. This seems to be working. I am testing it with all the VLANS. I will post my config if it works.

** UPDATE: As of 6pm my config works. Thanks to silent rage for all the help. I have included my config in this post. As you can see, i ended up creating individual db.root files for each interface. I dont know if this was the cleanest way to get it to work, but it served my purpose.

-AC

yes, the idea was to setup a separate file for each view. Congrats for figuring out how to implement views. I figured all you needed was a nudge in the right direction.