ISPConfig3 OK - Using DNS server to server local LAN
 

Follwed the How-To "The Perfect Server - Fedora 13 x86_64 [ISPConfig 3]
"

Within ISPConfig3 webadmin:
Changed admin password
Set IP address of server
Set GW IP address
Set DNS of server as the server itself - if the server cannot resolve to an IP it will use the public DNS servers listed in the /etc/resolv.conf file.

To use this DNS server with a local LAN address of 192.168.1.10 to server DNS requests from LAN clients edit the /etc/named.conf file.

Change:
listen-on port 53 { 127.0.0.1; }
To:
listen-on port 53 { 127.0.0.1; 192.168.1.10; }

Also change:
allow-query { localhost; }
To:
allow-query { localhost; 192.168.1.0/24; }

The "/24" matches the subnet for my network settings of 255.255.255.0 which can be found by running system-config-network it is the 'subnetmask'.

If I may ask, how can this be done following the Perfect Debian Lenny x64 setup? I don't think it uses BIND.

But what if I'm using MyDNS instead of BIND?
 

Hi Turbanator,

You didn't provide a link to the specific 'How-To' that you used.

Is this the one you followed ?:On page 4 of the this How-To you should have installed MyDNS. So your correct your not using BIND.

You should have installed software that is required by MyDNSThen downloaded the source code and build MyDNS for your specific systemThe next part of the installation of MyDNS is to create the startup script. The script, if created by the 'make install' above should be located atYou can use this command to see if it already existsIf you start the vi editor with the commandand have typed the path and file name correctly you should be viewing the file. If the file is empty, that means that the file does not exist and you need to type in the commands one line at a time. Any time I use braces, {}, I am referring to a key on the keyboard. To get 'vi' into 'insert' mode press {i}. When done editing press, one key at a time, {ESC}{:}{w}{q}. The Escape key will take you out of edit/insert mode, {:} indicates that you are going to input a "vi" command, the {w} writes the file and {q} quits "vi".

Alternatively you could use a different computer and copy and paste the code from the How-To into a plain text file then transfer it to the target server using a USB flash drive. A few moments after the USB drive has been plugged into the server at the command prompt enter "fdisk -l" the last line of the output will show were to mount the USB drive at:

EXAMPLE:
To mount the drive:Then you can run "cd /mnt" to see the file. Use the "cp" command to copy the file. To get help on these command you can at the command prompt type "man {name of command}". When NOT in the /mnt directory unmount the USB drive using "umount /mnt".

Next is to change the permissions on the file so that the operating system will allow it to be executed:If you done all the above steps and rebooted your system then your DNS server should be running, but that doesn't mean that it is working the way you need it to.

Let's find out if it's running, if MyDNS is installed you should see it in the process list by running the command:This will probably scroll by too fast so you should pipe this throught the more command:You can press "q" to quit the "more" command without having to view all pages. Use the spacebar to advance on screen/page at a time. Pressing {enter} will advance the screen one row/line at a time.

If you have "Grep" installed, find out by typing "grep" and pressing return and view results, you should be able to see it in the process list using this:This just tells us if MyDNS is running, it doesn't tell us if everything is properly configured for MyDNS. The way I usually check something like this is to restart the service using the command prompt and see if any errors are displayed.

For me, since I am using BIND I do this with:Looking at the How-To that I think you followed, you should run the command:If the service restarts without error then 'things' are basically OK.

Some info I found by Googling says that MyDNS uses the config file /etc/mydns.conf

This would be the file you want to change similarly to my previous post.

If the config file isn't in "/etc" one way you maybe able to find it is to run this:You can create a "mydns.conf" file by running:I found this at http://mydns.bboy.net/doc/html/mydns_7.html#SEC7

You should have an "/etc/resolv.conf" file that was created during the network part of the setup. In this file should be listed the DNS servers of your Internet Service Provider (ISP).

Example:
nameserver:192.168.x.x
nameserver:xxx.xxx.xxx.xxx

The first line should be the local IP address of the network adapter that your server uses to access the Internet. This didn't show up in my resolv.conf until after I configured my server within ISPConfig. If your isn't listed here yet I don't think that shoudl matter.

The second line is your ISP DNS server, there maybe two listed here.

Assuming you have more than one computer on your local LAN and you want your ISPConfig3 server to be the DNS server...

The way DNS is going to work is:
On your server your Network Interface Card's (NIC) first DNS server shoudl be the IP address of your server. When your server needs an IP address, like say when you are updating software on your system, say using YUM, the request will go to the first DNS server listed in your NIC settings. If your DNS server doesn't have the DNS information then MyDNS will look at the resolve.conf file to see what other DNS servers it can use to resolve the URL to an IP address.

The way to test whether or not your DNS server is working use either the "nslookup" or "dig" commands, like so:NOTE: Replace "192.168.1.10" with the LAN IP address of your servers NIC.

If this is successfull you will get a result such as:
More info on MyDNS can be found at:http://mydns.bboy.net/doc/html/mydns...l#SEC_Contents

MrCompTech...wow! great reply! Sorry I didn't provide more clear info in my post to save you so much trouble.

I am following the standard howto for perfect serve debian lenny with isp3 and mydns.

My main question was ony about getting the local lan to recogize the domains on that server.

my resolv.conf shows only my ISP dns servers. So you're saying I should put the local internal ip of the server as my first dns and the isp dns server as the next 2, correct?

OR
should I only make the change to mydns.conf as you had in the original post.

OR
both?

Those using Debian and who know how to build a source package might be interested to know that I seriously improved the unofficial MyDNS Debian package from the related Debian Bug (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517790), to the point it is near official Debian quality and put the sources here:
http://apt.bxlug.be/sources/
This package then makes it particularly easy to install MyDNS (no need to create an initscript or a configuration file) on your server, for later use by ISPconfig for example.

MyDNS-NG is recommended over plain old MyDNS (which is no longer maintained for a long time), and this URL points to the latter.

Hope it helps

Sorry to bring this one up again but I still cannot get local users to resolv the domains on my ispc3 box.

firewall (dhcp showing ispc3 as dns server) -> ispc3 debian x64 perfect -> lan users.

Everything works great for people outside the network.
Local users cannot get to domains on the ispc3.

debian x64 is running mydns not bind.

/etc/resolv.conf:
nameserver 192.168.1.10
nameserver isp1.isp1.isp1.isp1
nameserver isp2.isp2.isp2.isp2


/etc/mydns.conf already has
listen = *
vs listen-on port 53 { 127.0.0.1; 192.168.1.10; }
which is in the bind example.

There is no entry for
allow-query

Questions:

is allow-query valid for mydns and is that the missing link?
should I change listen = * to what the bind notation shows?

thank you.

I can't help you with this, or rather, I would have to search myself, which you can probably do better than me as you have the bad-behaving system at hand.

Does your router support loopbacks into your local network?

No, this won't work.

I need to research if my router suppports loopback (smoothwall). With guessing at what that means, I'll say it's not turned on even if it is....since anybody on the local network cannot access other public side ip's tied to the same netwrok (I know that wasn't expained well).

Update:
I opted to split the locals off via switch onto another IP and basic router. Now they are treated as Remote like everyone else and everything works perfectly.

Thank you for jogging my brain Falko.