Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th June 2011, 13:37
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
Default Adding DNS Forwarders to ISPConfig

Hi,

I have installed and configured ISPConfig 3 for the sole purpose of providing Bind DNS answers to my internal clients for internal zones. However, I need to add forwarding of DNS for non-authoritative zones/domains to the internet for resolution. I know I can manipulate bind to do this for me, but does this compromise the functionality of ISPConfig by doing this?

I'm primarily using ISPConfig as a way to provide a GUI interface to Bind for non-CLI admins.

If ISPConfig is not the 'kiddie' for the job, I'm open to suggestion...

Thank you in advance.
Gavin.
Reply With Quote
Sponsored Links
  #2  
Old 14th June 2011, 15:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,754
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

You can modify the named.conf file, but dont modify the named.conf.local.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
gavinlowle (14th June 2011)
  #3  
Old 21st June 2011, 16:14
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
Default

Hi Till,

When I add the following to my /etc/bind/named.conf my Bind DNS stops answering any queries. any clues?

options {
forwarders { 8.8.8.8; 8.8.4.4; };
};

Cheers,
Gavin.
Reply With Quote
  #4  
Old 21st June 2011, 16:28
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,754
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Please check the syslog or messages log file for errors.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st June 2011, 17:01
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
Default

With forwarders enabled, I get nothing, I don't see errors and DNS doesn't function, clients just get DNS request timeouts.

Without forwarders, local DNS queries are fine, but internet bound queries are greeted with (in /var/log/syslog)

client ip.add.re.ss. query (cache) 'bbc.co.uk/A/IN' denied

Which I would expect as forwarders are not enabled.
Reply With Quote
  #6  
Old 1st July 2011, 13:17
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
Default

Hi,
This is the output I see when forwarders are enabled in my /etc/bind/named.conf file

Extract from named.conf
-----------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
options {
forwarders { 8.8.8.8; 8.8.4.4; };
};

Tail of log
------------------------------
Jul 1 12:11:01 s1-ns0-int named[4734]: adjusted limit on open files from 4096 to 1048576
Jul 1 12:11:01 s1-ns0-int named[4734]: found 1 CPU, using 1 worker thread
Jul 1 12:11:01 s1-ns0-int named[4734]: using up to 4096 sockets
Jul 1 12:11:01 s1-ns0-int named[4734]: loading configuration from '/etc/bind/named.conf'
Jul 1 12:11:01 s1-ns0-int named[4734]: /etc/bind/named.conf:12: 'options' redefined near 'options'
Jul 1 12:11:01 s1-ns0-int named[4734]: loading configuration: already exists
Jul 1 12:11:01 s1-ns0-int named[4734]: exiting (due to fatal error)
Reply With Quote
  #7  
Old 1st July 2011, 13:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,754
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

The named otions are defined in the file /etc/bind/named.conf.options. So remove the options part that you added in named.conf file and edit the /etc/bind/named.conf.options instead, add or edit the forwarders line in that file inside the existing options part.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 1st July 2011, 13:45
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
Default

OK, with that done BIND loads cleanly again, however forwarded queries are dumped with

/ispconfig/cron.log)
Jul 1 12:41:03 s1-ns0-int named[3107]: client 10.1.20.1#49339: query (cache) 'google.com/A/IN' denied
Reply With Quote
  #9  
Old 1st July 2011, 13:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,754
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Plaese post the content of the file /etc/bind/named.conf.options and the complete named.conf file.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 1st July 2011, 13:51
gavinlowle gavinlowle is offline
Junior Member
 
Join Date: Jun 2011
Posts: 13
Thanks: 2
Thanked 2 Times in 1 Post
 
Default

/etc/bind/named.conf
-------------------------
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
//options {
//forwarders { 8.8.8.8; 8.8.4.4; };
//};

/etc/bind/named.conf.options
----------------------------------

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
8.8.8.8;8.8.4.4;
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3 - Problem: Clients creating new DNS zones bergur01 General 1 27th January 2009 10:45
Google Apps dayjahone General 19 29th March 2008 17:25
Reverse DNS + SPF and ISPConfig as my DNS Server yurtboy1 General 1 6th November 2007 09:15
Setting up a DNS server to slave from ISPConfig jerutley Installation/Configuration 4 6th November 2006 19:22
ISP-Ubuntu breezy ispconfig dns email e-mail working finally yellowjelly HOWTO-Related Questions 0 19th November 2005 20:30


All times are GMT +2. The time now is 19:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.