DNS CNAME record will not resolve

Issues related to configuring your network
Post Reply
supertight
Posts: 171
Joined: 2017/02/07 21:47:51

DNS CNAME record will not resolve

Post by supertight » 2017/10/30 00:00:23

Machine FQDN is

Code: Select all

lemp.p.local

Code: Select all

ping lemp or ping lemp.p.local
both resolve.

the DNS zone file is

Code: Select all

$TTL 86400
@ IN SOA primary.p.local. root.p.local. (
2016042112 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
43200 ;Minimum TTL
)
;Name Server Information
@ IN NS primary.p.local.
;IP address of Name Server
primary IN A 172.16.0.4
;Mail exchanger
p.local. IN MX 10 mail.p.local.
;A - Record HostName To Ip Address
pxe IN A 172.16.0.5
basic IN A 172.16.0.4
proxy IN A 172.16.1.1
smb IN A 172.16.1.9
lemp.p.local. IN A 172.16.1.11
mail IN A 172.16.1.15
;CNAME record
www.p.local. IN CNAME lemp.p.local.
ftp.p.local. IN CNAME lemp.p.local.

Code: Select all

ping www or www.p.local
will not resolve.

Code: Select all

ping ftp or ftp.p.local
will not resolve.

I'm not sure what I'm doing wrong. Can someone please point me in the correct direction.
- Thank you for reading.

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: DNS CNAME record will not resolve

Post by supertight » 2017/10/31 03:12:59

I'm baffled here. I'm not even sure I'm using CNAME correctly.

Anyone care to point a struggling student in the correct direction?

Thank you for reading.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: DNS CNAME record will not resolve

Post by TrevorH » 2017/10/31 07:36:48

Lookup lemp.p.local.p.local and see if that works.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: DNS CNAME record will not resolve

Post by pjsr2 » 2017/10/31 09:09:06

Verify that the name of the zone is "p.local".
You have in the DNS zone file:

Code: Select all

@ IN SOA
'@' is substituted by the value of $ORIGIN
You don't have $ORIGIN in your zone file, in which case it is taken from the zone name in the named.conf

See for example http://www.zytrax.com/books/dns/apa/origin.html

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: DNS CNAME record will not resolve

Post by supertight » 2017/11/01 10:37:04

TrevorH wrote:Lookup lemp.p.local.p.local and see if that works.
Negative. no lookup for

Code: Select all

ping lemp.p.local.p.local

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: DNS CNAME record will not resolve

Post by supertight » 2017/11/01 10:48:19

pjsr2 wrote:Verify that the name of the zone is "p.local".
You have in the DNS zone file:

Code: Select all

@ IN SOA
'@' is substituted by the value of $ORIGIN
You don't have $ORIGIN in your zone file, in which case it is taken from the zone name in the named.conf

See for example http://www.zytrax.com/books/dns/apa/origin.html
I have p.local set in the named.conf file.

Code: Select all

options {
        listen-on port 53 { 172.16.0.4; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 172.16.0.0/22; };
        recursion yes;
        forwarders { 8.8.8.8; };

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "p.local" IN {
        type master;
        file "fwd.p.local.db";
        allow-update { none; };
};

zone "0.16.172.in-addr.arpa" IN {
        type master;
        file "0.16.172.db";
        allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Should I add in the $ORIGIN information into the zone file?

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: DNS CNAME record will not resolve

Post by pjsr2 » 2017/11/01 13:59:44

Since you use zone "p.local" in your named.conf file, '@' will be expanded to "p.local" when $ORIGIN is absent. So that is OK.

Your zone file and configuration look correct. I assume you have in stalled it as /var/named/fwd.p.local.db
You could add 127.0.0.1 in the listen-on-port, so your DNS server is also listening on that address, but that is not nescessary.
When you start named through systemctl, a check of the zone files is done by default. If the zone file contains syntax errors, you will see a message in the output of journalctl -xe

Are you using your own name server for name resolution?
You can see what DNS servers you are using with

Code: Select all

cat /etc/resolv.conf
or

Code: Select all

nmcli dev show | grep DNS
Try to do a DNS lookup with dig and use the server address explicitly (172.16.0.4 is the address you are using, right?):

Code: Select all

dig @172.16.0.4 lemp.p.local

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: DNS CNAME record will not resolve

Post by supertight » 2017/11/01 17:53:43

pjsr2 wrote:Since you use zone "p.local" in your named.conf file, '@' will be expanded to "p.local" when $ORIGIN is absent. So that is OK.

Your zone file and configuration look correct. I assume you have in stalled it as /var/named/fwd.p.local.db
You could add 127.0.0.1 in the listen-on-port, so your DNS server is also listening on that address, but that is not nescessary.
When you start named through systemctl, a check of the zone files is done by default. If the zone file contains syntax errors, you will see a message in the output of journalctl -xe

Are you using your own name server for name resolution?
You can see what DNS servers you are using with

Code: Select all

cat /etc/resolv.conf
or

Code: Select all

nmcli dev show | grep DNS
Try to do a DNS lookup with dig and use the server address explicitly (172.16.0.4 is the address you are using, right?):

Code: Select all

dig @172.16.0.4 lemp.p.local
cat /etc/resolv.conf

Code: Select all

search p.local
nameserver 127.0.0.1
nameserver 8.8.8.8

Dig @172.16.0.4 lemp.p.local

Code: Select all


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> @172.16.0.4 lemp.p.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;lemp.p.local.                  IN      A

;; ANSWER SECTION:
lemp.p.local.           86400   IN      A       172.16.1.11

;; AUTHORITY SECTION:
p.local.                86400   IN      NS      primary.p.local.

;; ADDITIONAL SECTION:
primary.p.local.        86400   IN      A       172.16.0.4

;; Query time: 1 msec
;; SERVER: 172.16.0.4#53(172.16.0.4)
;; WHEN: Wed Nov  1 17:47:22 2017
;; MSG SIZE  rcvd: 84


pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: DNS CNAME record will not resolve

Post by pjsr2 » 2017/11/01 22:29:27

dig @172.16.0.4 is returning the correct ip address, so your named configuration is working.
cat /etc/resolv.conf

search p.local
nameserver 127.0.0.1
nameserver 8.8.8.8
options {
listen-on port 53 { 172.16.0.4; };
listen-on-v6 port 53 { ::1; };
According to your /etc/resolv.conf file you are using 127.0.0.1 as IP address for DNS name lookups, but your name server is listening on 172.16.0.4 only.

Either modify the file /etc/named.conf and add 127.0.0.1 to the addresses your DNS server is listening on and add it to the allow-query range, or, add 172.16.0.4 as the DNS address to use in your network configuration.
options {
listen-on port 53 { 172.16.0.4; 127.0.0.1};
listen-on-v6 port 53 { ::1; };
....
allow-query { 172.16.0.0/22; 127.0.0.1};
....
forwarders { 8.8.8.8; };
....
Finally, you can remove 8.8.8.8 from the list of name servers as your own DNS server on 172.16.0.4 is already forwarding requests to 8.8.8.8.

supertight
Posts: 171
Joined: 2017/02/07 21:47:51

Re: DNS CNAME record will not resolve

Post by supertight » 2017/11/02 20:09:34

pjsr2 wrote:dig @172.16.0.4 is returning the correct ip address, so your named configuration is working.
cat /etc/resolv.conf

search p.local
nameserver 127.0.0.1
nameserver 8.8.8.8
options {
listen-on port 53 { 172.16.0.4; };
listen-on-v6 port 53 { ::1; };
According to your /etc/resolv.conf file you are using 127.0.0.1 as IP address for DNS name lookups, but your name server is listening on 172.16.0.4 only.

Either modify the file /etc/named.conf and add 127.0.0.1 to the addresses your DNS server is listening on and add it to the allow-query range, or, add 172.16.0.4 as the DNS address to use in your network configuration.
options {
listen-on port 53 { 172.16.0.4; 127.0.0.1};
listen-on-v6 port 53 { ::1; };
....
allow-query { 172.16.0.0/22; 127.0.0.1};
....
forwarders { 8.8.8.8; };
....
Finally, you can remove 8.8.8.8 from the list of name servers as your own DNS server on 172.16.0.4 is already forwarding requests to 8.8.8.8.

I used a second machine on the network to run the Dig request.
I made the adjustments to the resolve.conf and added 127.0.0.1 to the listen port.

Still not working.

Post Reply