Nameserver, dns and djbdns

digital diesel · Posted: Sat Oct 25, 2003 5:16 am Post subject: Nameserver, dns and djbdns

Ok here's what I want to do. I'm building a network out of computers I have found in trash and "frankenstiened" together, others that people gave me, etc. I'm doing this because I want to learn hands on how networks work and how linux works and some of the finer points.

Like right now, I'm learing all sorts of things about DNS. First I tried bind, then I tried djbdns. I truely like djbdns much better, if not only because it has been easier to understand what i'm doing when i begin to configure it.

However I can't get djbdns to work properly. For dnscache, i listen on the loopback addy 127.0.0.1 and on tinydns i listen to it's network ip addy 10.0.0.2

i configured and made tinydns/root/data to tinydns/root/data.cnb and i ran both dnscache-setup and tinydns-setup. Once i got it to resolve ip addresses only on my network, but it couldn't resolve ip addresses on the internet. Does my router have to forward port 53 (domain) to the dns server in order to do lookups?

And finally, i eventually want to register a domain name and register this name server and network, but I have a dynamic ip address. Since I don't have a static IP address, how can I register my network and name server.

Or am i just crazy?

PS:

NeddySeagoon · Posted: Sat Oct 25, 2003 7:11 am Post subject:

digital diesel,

You are making a lot of work for yourself. I'll assume that you have an always on broadband link of some sort.

The first thing you need (must have?) on the end of your broadand is a firewall, you want to keep crackers out, after all.
You put you outward facing hardware in the firewalls DMZ and your private stuff on its fully protected network.

Firewalls normally privide a lot of the services you are looking for. Check out smoothwall and IPCop, which is a Smoothwall fork.

You can have a domain address on a dynamic IP. Check out noip.com and services like it.

Are you crazy ???
Maybe - what you are doing is building a seti farm. Look up Seti@Home. You have probably worked out by now that peripherals like CDROM, floppy, keyboard, mouse, hard drive, video card are all optional extras in the PCs you are building.

You didn't say what your network connection was - you are only crazy if its a modem.

Regards,

NeddySeagoon
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

digital diesel · Posted: Sun Oct 26, 2003 2:28 am Post subject:

I have a cable modem and i'm like the ONLY one in my neighborhood with it. I have the best speeds I have ever seen next to being on CMU's back bones and downloading stuff at like 800k. Anyhow I'm getting like 390k when I download files from a Gentoo mirror about 2 miles away from me (gentoo.mirrors.pair.com). With my dsl from verizon, i only got (at best) 90k/s

So back to my network. I have a router/firewall I have built and thus, my own little piece of the net. After a trip to the computer expo today i bought two more computers for 30 bucks each (pII's 400mhz) so I'm up to five working gentoo boxes. And you better believe i'll have openmosix installed on each. So yes i'm crazy, but like i said it's in the pursuit of knowledge. Nevertheless.

I have DNS resolving on my DNS server only and it only resolves INTERNET names now and not anything on the local network. Local network machines cannot resolve OUTSIDE NETWORK Names with the DNS server 10.0.0.2 . They can when I"m using my ISP's DNS servers (but remember, I want to resolve both network and internet ips). I'm led to believe that dnscachex isn't allowing network computers to bind to it's dns server, why?

So 10.0.0.20 (client) can not use 10.0.0.2 (dns server) to resolve. however 10.0.0.2 can resolve using 127.0.0.1 as the nameserver. I did touch /var/dnscachex/root/ip/10.0.0 and no dice, same permissions.

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

personally, I am a lazy, lazy bastard. for local resolution, I just use /etc/hosts on all my machines. for external resolution, I have a dnscache running against my rooter's internal IP. all is good, especially when there is beer. then again, I don't think I have nearly as many machines as you ^_^ and I only use distcc while dreaming about openmosix clusters...

think about it: 10.0.0.2 can resolve against 127.0.0.1 because that's its own personal localhost. none of your other machines can get to that particular 127.0.0.1 though.

I think for the djbdns split setup of cache-external and local, you need to have one listening on the internal address and one on the external address (or you could always add an additional alias address to the internal interface...)

of course I could be wrong, beer has led me astray in the past and will no doubt do so in future...
_________________
I've got the brain, I'm insane, you can't stop the power

digital diesel · Posted: Sun Oct 26, 2003 3:12 am Post subject:

beer has undoubtablely lead you astray and soon it shall for me. because it is saturday night and i'm about to go to a see a dj spin.

But I haven't started drinking yet, hence:

the DNS server 10.0.0.2 has /etc/resolve.conf's nameserver set to 127.0.0.1 and all the other computers are given the dns server of 10.0.0.2 when assigned by the DHCP server 10.0.0.1

So this other computer (my desktop) 10.0.0.20 tries to resolve against 10.0.0.2 but 10.0.0.2 is being a bitch and won't share it's resolutions. Nor do i think it's doing reverse lookups and it certainly won't resolve any of the computers on the network.

Mind you I know it's not doing reverse looksups because it can't resolve the dhcp leased IP addresss like (10.0.0.20) and it won't resolve the statics 10.0.0.1. And I even assigned 10.0.0.1 (my router in /var/tinydns/root/data and made it for data.cdb).

Please continue to flood me with ideas

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

the DNS server 10.0.0.2 has /etc/resolve.conf's nameserver set to 127.0.0.1 and all the other computers are given the dns server of 10.0.0.2 when assigned by the DHCP server 10.0.0.1

ah, good point.

hrm, what if you run tinydns against localhost and dnscache against the ethernet interface; and then put 127.0.0.1 into the "@" file of the dnscache?
_________________
I've got the brain, I'm insane, you can't stop the power

digital diesel · Posted: Sun Oct 26, 2003 7:26 pm Post subject:

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

my bad, according to
http://cr.yp.to/djbdns/dot-local.html
you don't do it by putting 127.0.0.1 into the @ file of the dnscache, you do it by telling the dnscache to be authoritative for your given tld, i.e. put 127.0.0.1 into a file called the toplevel name in the dnscache rootdir, e.g.

digital diesel · Posted: Mon Oct 27, 2003 4:24 am Post subject:

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

stupid question 1:
did you do a 'make' after changing the data file?

stupid question 2:
does resolv.conf have

bbarrera · n00b Joined: 22 Mar 2003 Posts: 44

I'm assuming you want 1 machine to be dns caching server for LAN, plus want local name resolution (both forward and reverse lookups).

1. Setup dnscache on 10.0.0.2 -- it doesn't matter whether you call it dnscache or dnscachex (suggest calling it dnscachex to clarify it is external cache for your LAN).

Now make sure your /etc/resolv.conf points to 10.0.0.2. Check if you can still perform DNS lookups by pinging a few popular websites just to see if ping can resolve the URL into an IP address (more precisely dnscache resolves the URL into an IP address).

2. Set /etc/resolv.conf of all other computers to point to 10.0.0.2. Now your entire LAN is using the computer at 10.0.0.2 for caching DNS lookups.

3. Setup tinydns to listen on 127.0.0.1. Tinydns only answers requests for domains it is authoritative.

4a. Cd to /service/tinydns/root and use add-ns to add domain "internal" and while your at it use add-ns to add "0.0.10.in-addr.arpa" to data so that reverse lookups will work.
./add-ns internal 127.0.0.1
./add-ns 0.0.10.in-addr.arpa 127.0.0.1

4b. Now add hosts
./add-host host3 10.0.0.3
./add-host host4 10.0.0.4

You should end up with something like this (mine is hand edited):
#
# Authoritative Nameservers
#
.bcs.local:127.0.0.1:a:259200
.199.168.192.in-addr.arpa:127.0.0.1:a:259200
.200.168.192.in-addr.arpa:127.0.0.1:a:259200

#
# Routers
#
=bcs1.bcs.local:192.168.200.254:86400
=bcs2.bcs.local:192.168.199.254:86400

#
# Hosts in main network
#
=server1.bcs.local:192.168.200.1:86400
=dns1.bcs.local:192.168.200.5:86400

4c. Run make
make

5a. Tell dnscache to use your new tinydns name server:
cd /service/dnscachex/root/service
cat > 0.0.10.in-addr.arpa
127.0.0.1
EOF
cat > internal
127.0.0.1
EOF

5b. Restart dnscache
svc -t /service/dnscachex

Everything will start working once you fill in gaps in my explanation.

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

oooh good call on the rdns I totally forgot to do that on my server, cheers!
_________________
I've got the brain, I'm insane, you can't stop the power

digital diesel · Posted: Mon Oct 27, 2003 9:46 am Post subject:

digital diesel · Posted: Tue Oct 28, 2003 3:30 am Post subject:

Ok, so if i add boxes via DHCP, i can't resolve the hostnames. Is this possible and if so, how is it done?

Thanks in advance

funkmankey · Guru Joined: 06 Mar 2003 Posts: 304 Location: CH

tinydns homepage links to this:
http://www.thismetalsky.org/magic/projects/dhcp_dns.html
_________________
I've got the brain, I'm insane, you can't stop the power

bbarrera · n00b Joined: 22 Mar 2003 Posts: 44

Alternative to link provided.

Setup ip<>hostname mappings in djbdns. Then configure dhcp to statically assign IP address by using dns name.

For example, here is a snippet from my /etc/dhcp3/dhcpd.conf