1. Forum
  2. Usenet
  3. LINUX.GENTOO.USER

  • [gentoo-user] BIND Configuration for DNS

    From Raphael Mejias Dias@21:1/5 to All on Fri Jan 14 16:50:02 2022
    Hello,

    I'm trying to configure BIND for a local DNS server, but I'm not sure that
    it's ok.

    Basically, I'm wanting to create an internal address like intranet.local,
    this way, I can change the internal IP address, without the obligation to reconfigure the client machines to lookup the new IP, only changing the DNS lookup table.

    First, I had followed the Gentoo Wiki and after I tried BIND official documentation.
    I've realized the network PC's did not find the DNS address, only the
    localhost can find it, when I force the DNS, the client PC cannot access
    the internet anymore.

    If someone knows a guide to help, I'll be glad to know.

    Thanks.

    Best Regards,

    M.S. Raphael Mejias Dias
    Nuclear Engineer | Reactors

    Secure e-mail: raphael.mejias.dias@protonmail.com
    PGP Key for raphaxx@gmail.com: https://pgp.mit.edu/pks/lookup?op=get&search=0x87BC5A746072F951

    <div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace">Hello,</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">I&#39;m trying
    to configure BIND for a local DNS server, but I&#39;m not sure that it&#39;s ok.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">Basically, I&#39;m
    wanting to create an internal address like intranet.local, this way, I can change the internal IP address, without the obligation to reconfigure the client machines to lookup the new IP, only changing the DNS lookup table.</div><div class="gmail_
    default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">First, I had followed the Gentoo Wiki and after I tried BIND official documentation.</div><div class="gmail_default" style="
    font-family:monospace,monospace">I&#39;ve realized the network PC&#39;s did not find the DNS address, only the localhost can find it, when I force the DNS, the client PC cannot access the internet anymore.</div><div class="gmail_default" style="font-
    family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">If someone knows a guide to help, I&#39;ll be glad to know.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div
    class="gmail_default" style="font-family:monospace,monospace">Thanks.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">Best Regards,</div><div class="
    gmail_default" style="font-family:monospace,monospace"><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr" style="font-size:small"><span style="color:
    rgb(102,102,102)"><span style="font-family:monospace,monospace"><div style="display:inline">M.<span style="color:rgb(102,102,102)"><span style="font-family:monospace,monospace">S. Raphael Mejias Dias</span></span></div></span></span></div><div dir="ltr"
    style="font-size:small"><span style="color:rgb(102,102,102)"><span style="font-family:monospace,monospace">Nuclear Engineer | Reactors</span></span></div><div dir="ltr" style="font-size:small"><span style="color:rgb(102,102,102)"><span style="font-family:
    monospace,monospace"><br></span></span></div><span style="color:rgb(102,102,102)"><span style="font-family:monospace,monospace">Secure e-mail: <a href="mailto:raphael.mejias.dias@protonmail.com" target="_blank">raphael.mejias.dias@protonmail.com</a><br>
    PGP Key for <a href="mailto:raphaxx@gmail.com" target="_blank">raphaxx@gmail.com</a>: <a href="https://pgp.mit.edu/pks/lookup?op=get&amp;search=0x87BC5A746072F951" target="_blank">https://pgp.mit.edu/pks/lookup?op=get&amp;search=0x87BC5A746072F951</a></
    span></span><br></div></div></div></div></div></div></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich Freeman@21:1/5 to raphaxx@gmail.com on Fri Jan 14 18:10:02 2022
    On Fri, Jan 14, 2022 at 10:45 AM Raphael Mejias Dias <raphaxx@gmail.com> wrote:

    Basically, I'm wanting to create an internal address like intranet.local, this way, I can change the internal IP address, without the obligation to reconfigure the client machines to lookup the new IP, only changing the DNS lookup table.

    I'd avoid using the .local TLD due to RFC 6762. You might also
    consider whether mDNS is actually the easiest solution to your
    problem.

    I've realized the network PC's did not find the DNS address, only the localhost can find it, when I force the DNS, the client PC cannot access the internet anymore.

    I don't know what you mean by "force the DNS" but in general most OSes
    will just have a list of DNS servers that they will pick from either
    in order or randomly, and without regard to what the TLD is. So,
    you'll probably want to tell them to use your internal DNS server as
    the only DNS server. This means it needs to be authoritative for your
    internal domain and resolving for the others.

    If you used the .local TLD then you might also be running into issues
    with conflicts with RFC 6762.

    BIND is capable of doing the job - I have it set up to resolve an
    internal domain and outside DNS.

    I have BIND set up to forward first to Google DNS, and then added my
    zones to it.

    --
    Rich

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Raphael Mejias Dias on Sat Jan 15 20:30:01 2022
    On 1/14/22 8:45 AM, Raphael Mejias Dias wrote:
    Hello,

    Hi,

    I'm trying to configure BIND for a local DNS server, but I'm not sure
    that it's ok.

    Based on your other comments, it seems as if there is more of a question
    about overall DNS configuration and operation than about the BIND DNS
    server (named) itself.

    Basically, I'm wanting to create an internal address like
    intranet.local,

    Okay.

    this way, I can change the internal IP address, without the obligation
    to reconfigure the client machines to lookup the new IP, only changing
    the DNS lookup table.

    It sounds like you might be referring to updating DNS vs updating the
    hosts file.

    First, I had followed the Gentoo Wiki and after I tried BIND official documentation.

    ACK

    I've realized the network PC's did not find the DNS address, only the localhost can find it,

    I'm assuming that means the server running BIND (named).

    when I force the DNS, the client PC cannot access the internet anymore.

    I'm assuming that means that BIND (named) is working and doing what you
    want with regard to the local / internal domain name.

    With these assumptions, it seems to me like BIND (named) is working and
    that it is likely not configured to allow clients to perform recursive
    queries.

    Assuming this is the case, you need to change the allow-recursion
    parameter to allow the LAN clients to perform recursive queries.

    This is predicated on the system BIND (named) is running on being able
    to access the internet to query external resources on behalf of the LAN clients.

    If someone knows a guide to help, I'll be glad to know.

    Please reply if any of my assumptions are wrong or if you have other
    questions.

    Thanks.

    You're welcome.



    --
    Grant. . . .
    unix || die

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)