| View previous topic :: View next topic |
| Author |
Message |
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
 Posted: Mon Sep 27, 2010 12:31 am Post subject: Updated to Bind 9.7.1-p2 but internet not working (SOLVED) |
 |
|
Hello everyone,
I completely removed Bind 9.4 and then emerged Bind 9.7.1-p2 on my "LinuxServer" but the internet is not working on "BrothersComputer", "MomsComputer" or "MyComputer". If I login on my "LinuxServer" and browse the web everything works fine.
Here is my setup...
| Code: | |-- BrothersComputer
Internet -- DSLModem -- (eth0-69.196.152.151)LinuxServer(eth1-192.168.0.1) -- Switch -- MyComputer.
|-- MomsComputer |
If I run a proxy server (Squid) on "LinuxServer" and connect to it from my browser on "MyComputer" (or brothers or moms) the internet works fine.
Anyone know how I get my internet working again without using the proxy server?
Bind is listening on port 192.168.0.1:53 as far as I can tell. Here is my /etc/bind/named.conf which is the default given by Bind 9.7.1-p2 except for the bolded part added by me...
| Quote: | /*
* Refer to the named.conf(5) and named(8) man pages, and the documentation
* in /usr/share/doc/bind-9 for more details.
* Online versions of the documentation can be found here:
* http://www.isc.org/software/bind/documentation
*
* If you are going to set up an authoritative server, make sure you
* understand the hairy details of how DNS works. Even with simple mistakes,
* you can break connectivity for affected parties, or cause huge amounts of
* useless Internet traffic.
*/
acl "xfer" {
/* Allow no transfers. If we have other name servers, place them here. */
//127.0.0.1/32;
//::1/128;
"none";
};
/*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
// bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
listen-on { 69.196.152.151; };
listen-on { 192.168.0.1; };
allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};
allow-query-cache {
/* Use the cache for the "trusted" ACL. */
trusted;
};
allow-transfer {
/*
* Zone tranfers limited to members of the
* "xfer" ACL (e.g. secondary nameserver).
*/
xfer;
};
/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
/*
forward first;
forwarders {
// 123.123.123.123; // Your ISP NS
// 124.124.124.124; // Your ISP NS
4.2.2.1; // Level3 Public DNS
4.2.2.2; // Level3 Public DNS
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};
*/
// dnssec-enable yes;
// dnssec-validation yes;
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
};
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
view "internal" in {
/*
* Our internal (trusted) view. We permit the internal networks
* to freely access this view. We perform recursion for our
* internal hosts, and retrieve data from the cache for them.
*/
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/var/bind/root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
allow-query { any; };
allow-transfer { none; };
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
allow-query { any; };
allow-transfer { none; };
};
/*
* NOTE: All zone blocks for "public" view should be listed here in "internal"
* too! Otherwise you'll have trouble to resolv the public zones properly.
* That affects all hosts from the "trusted" ACL.
* A separate config, which contains all zone blocks, might be better in
* this case. Then you can simply add:
* include "/etc/bind/zones.cfg";
* for "internal" and "public" view.
*/
/*
* Briefly, a zone which has been declared delegation-only will be effectively
* limited to containing NS RRs for subdomains, but no actual data beyond its
* own apex (for example, its SOA RR and apex NS RRset). This can be used to
* filter out "wildcard" or "synthesized" data from NAT boxes or from
* authoritative name servers whose undelegated (in-zone) data is of no
* interest.
* See http://www.isc.org/software/bind/delegation-only for more info
*/
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
};
view "public" in {
/*
* Our external (untrusted) view. We permit any client to access
* portions of this view. We do not perform recursion or cache
* access for hosts using this view.
*/
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "." in {
type hint;
file "/var/bind/root.cache";
};
//zone "YOUR-DOMAIN.TLD" {
// type master;
// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone";
// allow-query { any; };
// allow-transfer { xfer; };
//};
//zone "YOUR-SLAVE.TLD" {
// type slave;
// file "/var/bind/sec/YOUR-SLAVE.TLD.zone";
// masters { <MASTER>; };
// /* Anybody is allowed to query but transfer should be controlled by the master. */
// allow-query { any; };
// allow-transfer { none; };
// /* The master should be the only one who notifies the slaves, shouldn't it? */
// allow-notify { <MASTER>; };
// notify no;
//};
};
/* Hide the bind version */
/*
view "chaos" chaos {
match-clients { any; };
allow-query { none; };
zone "." {
type hint;
file "/dev/null"; // or any empty file
};
};
*/
|
Last edited by Evileye on Fri Nov 26, 2010 12:20 am; edited 1 time in total |
|
| Back to top |
|
 |
DONAHUE
Watchman
Joined: 09 Dec 2006
Posts: 7651
Location: Goose Creek SC
|
| Posted: Mon Sep 27, 2010 2:56 am Post subject: |
|
|
I am on the new bind and have not needed to do what I suggest below but perhaps adding your lan computers to: | Quote: | /*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
MOM's IP
Brother's IP
Your IP
}; |
will get the relatives off your back.
Adding isp or public dns servers as backups to "linux server" on their computer's is a good idea.
Are you sure that dns is the cause of the problem? If dns is the sole problem you should be able to
I'm using named.conf exactly as received; my only original thought is in the zone files.
| Quote: | listen-on { 69.196.152.151; }; <-- Seems wrong
listen-on { 192.168.0.1; }; <-- Seems unnecessary |
|
|
| Back to top |
|
|
Evileye
l33t
Joined: 06 Aug 2003
Posts: 782
Location: Toronto
|
| Posted: Mon Sep 27, 2010 3:41 am Post subject: |
|
|
| DONAHUE wrote: | | will get the relatives off your back. |
LOL  My mother and brother were bugging me to get the internet working. The quickest way was to downgrade back to Bind 9.4 so that is what I did.
I will try your solution tomorrow as I can't bring the internet down right now.
| Code: | /*
* You might put in here some ips which are allowed to use the cache or
* recursive queries
*/
acl "trusted" {
127.0.0.0/8;
::1/128;
MOM's IP
Brother's IP
Your IP
}; |
Is there a shorthand way of listing a range of IP addresses, say from 192.168.0.75 - 192.168.0.100
Last edited by Evileye on Fri Nov 26, 2010 5:09 am; edited 1 time in total |
|
| Back to top |
|
|
DONAHUE
Watchman
Joined: 09 Dec 2006
Posts: 7651
Location: Goose Creek SC
|
| Posted: Mon Sep 27, 2010 5:59 am Post subject: |
|
|
192.168.0.0/24 for the whole subnet?
I think named should recognise 192.168.0.75-192.168.0.100 but haven't found a reference |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
