overturfa
28th May 2008, 09:33 PM
I'm ready to beat my head against the wall with this one. My goal was to set up a simple caching-dns/dhcp and proxy server using an old box for my home network. I'm using an older Fedora distro (FC-5) and I'm almost where I want to be but I just can't get my windows clients to successfully communicate with my name server.
Conceptually my network goes like this:
[ISP] >--public IP-->[cable modem]>--192.168.0.x-->{DNS/Proxy/DHCP]>--10.0.0.x-->{Switch]-->[Clients]
1) Public IP assigned to cable modem by ISP
2) Cable modem assigns Linux box a 192.168.0.x on eth0
3) Linux box eth1 has a static IP of 10.0.0.1 and runs DHCP server to assign 10.0.0.x addresses to clients.
4) My server's FQDN is mybox.no-ip.org
So far I have tested DNS caching and verified it works server-side only. DHCP works client side and IPV4 forwarding is enabled as well (I tested this by doing a 'dig' on google server side and entering the real IP address into a browser on a client PC).
My nitty-gritty configuration thus far:
iptables are configured to forward IPV4 traffic between eth1 and eth0 using /iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE command
Port 53 is opened to 10.0.0.0 network for DNS requests as follows: iptables -A INPUT -s 10.0.0.0/24 -p udp --dport 53 -j ACCEPT
UPDATE: Since originally posting, I've re-built the system and cleaned up some of my original code. Files reflected below are the latest iteration as of 30-May-08. All replies posted prior to May 30th are referencing the old code.
DNS is installed and configured per the following files: Updated 30-May-08 (no changes)
/etc/resolv.conf
search no-ip.org
nameserver 127.0.0.1
/etc/named.conf - Updated 30-May-08
//
// named.conf for Red Hat caching-nameserver
//
acl no-ip.org { 10.0.0.0/24; 127.0/8; };
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
allow-query { no-ip.org; };
forward first;
forwarders { 68.105.28.12; 68.105.29.12; 68.105.28.11; };
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// Add local zone definitions here.
zone "no-ip.org" IN {
type master;
file "no-ip.org.zone";
allow-update { 127.0.0.1; 10.0.0.1; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.in-addr.arpa.zone";
allow-update {127.0.0.1; 10.0.0.1; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
These are my local zone configurations - Updated 30-May-08
/var/named/chroot/var/named/no-ip.org
$ORIGIN .
$TTL 86400 ; 1 day
no-ip.org IN SOA mybox.no-ip.org. foo.bar.tld. (
2008052903 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS mybox.no-ip.org.
MX 10 mail.no-ip.org.
$ORIGIN no-ip.org.
mybox A 10.0.0.1
$TTL 10800 ; 3 hours
vsagateway A 10.0.0.253
TXT "3105ceba36a35756c5a108790f90eed83b"
$TTL 86400 ; 1 day
www CNAME mybox
/var/named/chroot/var/named/0.0.10.in-addr.arpa.zone - Updated 30-May-08
$ORIGIN .
$TTL 86400 ; 1 day
0.0.10.in-addr.arpa IN SOA mybox.no-ip.org. foo.bar.tld. (
2008052903 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS mybox.no-ip.org.
$ORIGIN 0.0.10.in-addr.arpa.
1 PTR mybox.no-ip.org.
$TTL 10800 ; 3 hours
253 PTR vsagateway.no-ip.org.
DHCP is configured as follows - Updated 30-May-08
/etc/dhcpd.conf
authoritative;
include "/etc/rndc.key";
#Server configuration;
server-identifier mybox;
ddns-domainname "no-ip.org.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
# This is the communication zone
zone no-ip.com. {
primary 10.0.0.1;
key rndckey;
}
# Client configuration:
subnet 10.0.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option nis-domain "no-ip.org";
option domain-name "no-ip.org";
option domain-name-servers mybox.no-ip.org;
# option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
zone 0.0.0.10.in-addr.arpa. {
primary 10.0.0.1;
key rndckey;
}
zone localdomain. {
primary 10.0.0.1;
key rndckey;
}
range dynamic-bootp 10.0.0.128 10.0.0.254;
default-lease-time 21600;
max-lease-time 43200;
}
My Networking is configured as follows:
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mybox.no-ip.org
FORWARD_IPV4=true
GATEWAYDEV=eth0
NOZEROCONF=yes
My Ethernet cards are configured as follows: (No Changes)
/etc/sysconfig/network-scripts/ifcfg-eth0
# Linksys Gigabit Network Adapter
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=dhcp
HWADDR=00:18:F8:08:F5:36
ONBOOT=yes
USERCTL=no
PEERDNS=no
DHCP_HOSTNAME=mybox.no-ip.org
IPV6INIT=no
/etc/sysconfig/network-scripts/ifcfg-eth1(No Changes)
# Intel Corporation 82801BA/BAM/CA/CAM Ethernet Controller
DEVICE=eth1
TYPE=Ethernet
USERCTL=no
BOOTPROTO=static
BROADCAST=10.0.0.255
HWADDR=00:07:E9:BC:45:78
IPADDR=10.0.0.1
NETMASK=255.255.255.0
NETWORK=10.0.0.0
ONBOOT=yes
IPV6INIT=no
This is what a dig to google.com returns when I run the command server-side:
; <<>> DiG 9.3.2 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32634
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 7, ADDITIONAL: 6
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 25 IN CNAME www.l.google.com.
www.l.google.com. 19 IN A 209.85.171.147
www.l.google.com. 19 IN A 209.85.171.99
-----content truncated-----
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 28 13:13:17 2008
;; MSG SIZE rcvd: 324
Meaning that local DNS caching is working but again, it only works server side. When I run an nslookup to www.google.com from a windows client pulling everything by DHCP it returns the following error.
DNS request timed out.
timeout was 2 seconds.
***Can't find server name for address 10.0.0.1: Timed out
***Default servers are not available
Server: Unknown
Address: 10.0.0.1
DNS request timed out.
timeout was 2 seconds.
***Request to Unknown timed-out
So that's where I'm at right now. Stumped!!! I just can't seem to get my client side boxes to communicate with my DNS server... Any ideas on what I'm missing here?? :confused:
Thanks!
Conceptually my network goes like this:
[ISP] >--public IP-->[cable modem]>--192.168.0.x-->{DNS/Proxy/DHCP]>--10.0.0.x-->{Switch]-->[Clients]
1) Public IP assigned to cable modem by ISP
2) Cable modem assigns Linux box a 192.168.0.x on eth0
3) Linux box eth1 has a static IP of 10.0.0.1 and runs DHCP server to assign 10.0.0.x addresses to clients.
4) My server's FQDN is mybox.no-ip.org
So far I have tested DNS caching and verified it works server-side only. DHCP works client side and IPV4 forwarding is enabled as well (I tested this by doing a 'dig' on google server side and entering the real IP address into a browser on a client PC).
My nitty-gritty configuration thus far:
iptables are configured to forward IPV4 traffic between eth1 and eth0 using /iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE command
Port 53 is opened to 10.0.0.0 network for DNS requests as follows: iptables -A INPUT -s 10.0.0.0/24 -p udp --dport 53 -j ACCEPT
UPDATE: Since originally posting, I've re-built the system and cleaned up some of my original code. Files reflected below are the latest iteration as of 30-May-08. All replies posted prior to May 30th are referencing the old code.
DNS is installed and configured per the following files: Updated 30-May-08 (no changes)
/etc/resolv.conf
search no-ip.org
nameserver 127.0.0.1
/etc/named.conf - Updated 30-May-08
//
// named.conf for Red Hat caching-nameserver
//
acl no-ip.org { 10.0.0.0/24; 127.0/8; };
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
allow-query { no-ip.org; };
forward first;
forwarders { 68.105.28.12; 68.105.29.12; 68.105.28.11; };
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
// Add local zone definitions here.
zone "no-ip.org" IN {
type master;
file "no-ip.org.zone";
allow-update { 127.0.0.1; 10.0.0.1; };
};
zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.0.10.in-addr.arpa.zone";
allow-update {127.0.0.1; 10.0.0.1; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
These are my local zone configurations - Updated 30-May-08
/var/named/chroot/var/named/no-ip.org
$ORIGIN .
$TTL 86400 ; 1 day
no-ip.org IN SOA mybox.no-ip.org. foo.bar.tld. (
2008052903 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS mybox.no-ip.org.
MX 10 mail.no-ip.org.
$ORIGIN no-ip.org.
mybox A 10.0.0.1
$TTL 10800 ; 3 hours
vsagateway A 10.0.0.253
TXT "3105ceba36a35756c5a108790f90eed83b"
$TTL 86400 ; 1 day
www CNAME mybox
/var/named/chroot/var/named/0.0.10.in-addr.arpa.zone - Updated 30-May-08
$ORIGIN .
$TTL 86400 ; 1 day
0.0.10.in-addr.arpa IN SOA mybox.no-ip.org. foo.bar.tld. (
2008052903 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS mybox.no-ip.org.
$ORIGIN 0.0.10.in-addr.arpa.
1 PTR mybox.no-ip.org.
$TTL 10800 ; 3 hours
253 PTR vsagateway.no-ip.org.
DHCP is configured as follows - Updated 30-May-08
/etc/dhcpd.conf
authoritative;
include "/etc/rndc.key";
#Server configuration;
server-identifier mybox;
ddns-domainname "no-ip.org.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
# This is the communication zone
zone no-ip.com. {
primary 10.0.0.1;
key rndckey;
}
# Client configuration:
subnet 10.0.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 10.0.0.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option nis-domain "no-ip.org";
option domain-name "no-ip.org";
option domain-name-servers mybox.no-ip.org;
# option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
zone 0.0.0.10.in-addr.arpa. {
primary 10.0.0.1;
key rndckey;
}
zone localdomain. {
primary 10.0.0.1;
key rndckey;
}
range dynamic-bootp 10.0.0.128 10.0.0.254;
default-lease-time 21600;
max-lease-time 43200;
}
My Networking is configured as follows:
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mybox.no-ip.org
FORWARD_IPV4=true
GATEWAYDEV=eth0
NOZEROCONF=yes
My Ethernet cards are configured as follows: (No Changes)
/etc/sysconfig/network-scripts/ifcfg-eth0
# Linksys Gigabit Network Adapter
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=dhcp
HWADDR=00:18:F8:08:F5:36
ONBOOT=yes
USERCTL=no
PEERDNS=no
DHCP_HOSTNAME=mybox.no-ip.org
IPV6INIT=no
/etc/sysconfig/network-scripts/ifcfg-eth1(No Changes)
# Intel Corporation 82801BA/BAM/CA/CAM Ethernet Controller
DEVICE=eth1
TYPE=Ethernet
USERCTL=no
BOOTPROTO=static
BROADCAST=10.0.0.255
HWADDR=00:07:E9:BC:45:78
IPADDR=10.0.0.1
NETMASK=255.255.255.0
NETWORK=10.0.0.0
ONBOOT=yes
IPV6INIT=no
This is what a dig to google.com returns when I run the command server-side:
; <<>> DiG 9.3.2 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32634
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 7, ADDITIONAL: 6
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 25 IN CNAME www.l.google.com.
www.l.google.com. 19 IN A 209.85.171.147
www.l.google.com. 19 IN A 209.85.171.99
-----content truncated-----
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 28 13:13:17 2008
;; MSG SIZE rcvd: 324
Meaning that local DNS caching is working but again, it only works server side. When I run an nslookup to www.google.com from a windows client pulling everything by DHCP it returns the following error.
DNS request timed out.
timeout was 2 seconds.
***Can't find server name for address 10.0.0.1: Timed out
***Default servers are not available
Server: Unknown
Address: 10.0.0.1
DNS request timed out.
timeout was 2 seconds.
***Request to Unknown timed-out
So that's where I'm at right now. Stumped!!! I just can't seem to get my client side boxes to communicate with my DNS server... Any ideas on what I'm missing here?? :confused:
Thanks!
