Skip to main content

bind9 on ubuntu not pingible from bind9 server (but pingible from other machines) (noob) [Resolved]

As in question. Is it possible to ping on bind9 server machine to dns its serving?

I want to do:

ping hpc.lan

PING hpc.lan (12.1.1.1) 56(84) bytes of data.
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=1 ttl=64 time=0.146 ms
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=2 ttl=64 time=0.171 ms
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=3 ttl=64 time=0.175 ms

And its working besides server machine with bind9.

What could be the reason. I mess up config of bind, or should state it in hosts? I can ping to hostnames in my lan... Im noob in networking, sit like one day this lan + dhcp + dns, so please show some compassion :D

When I do dig from other machines i have:

dig hpc.lan

; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hpc.lan.           IN  A

;; ANSWER SECTION:
hpc.lan.        604800  IN  A   12.1.1.1

;; AUTHORITY SECTION:
hpc.lan.        604800  IN  NS  M.hpc.lan.

;; ADDITIONAL SECTION:
M.hpc.lan.      604800  IN  A   12.1.1.1

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Jul 01 10:49:52 CEST 2018
;; MSG SIZE  rcvd: 84

Also from windows machine:

nslookup hpc.lan

Server: gateway.hpc.lan
Address: 12.1.1.1

Name: hpc.lan
Address: 12.1.1.1

or reverse

nslookup 12.1.1.1
Server:     127.0.1.1
Address:    127.0.1.1#53

1.1.1.12.in-addr.arpa   name = M.hpc.lan.
1.1.1.12.in-addr.arpa   name = gateway.hpc.lan.

But from bind9 server machine dig gives:

dig hpc.lan


; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6784
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hpc.lan.           IN  A

;; AUTHORITY SECTION:
.           86398   IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2018063002 1800 900 604800 86400

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jul 01 10:58:31 CEST 2018
;; MSG SIZE  rcvd: 111

and for nslookup

nslookup hpc.lan
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find hpc.lan: NXDOMAIN

a@M:~$ nslookup 12.1.1.1
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN

a@M:~$ nslookup 12.1.1.50
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 50.1.1.12.in-addr.arpa: NXDOMAIN

a@M:~$ nslookup 12.1.1.90
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 90.1.1.12.in-addr.arpa: NXDOMAIN

or reverse one

nslookup 12.1.1.1
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN

Clearly it dont see dns of my lan, then go in sky...

My config on bind9 server is as follows:

sudo nano /etc/bind/named.conf.options

acl "trusted" {
    12.1.1.0/24; # ns1
    //192.168.1.0/24;
    localhost;
    localnets;
};

options {
    directory "/var/cache/bind";

    recursion yes;
    allow-recursion { trusted; };
    listen-on { trusted; };
    //allow-transfer { none; };

    //allow-recursion { any; };
    allow-query { trusted; };
    allow-query-cache { any; };

    forwarders {
        12.1.1.1;
        8.8.8.8;
        8.8.4.4;
    };

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

sudo nano /etc/bind/named.conf.local

include "/etc/bind/zones.rfc1918";

// send ads to black hole
include "/etc/bind/ad-blacklist";


// our local zone
zone "hpc.lan" {
    type master;
    file "/etc/bind/db.hpc.lan";
};


// reverse for .hpc domain
zone "1.1.12.in-addr.arpa" {
    type master;
    notify yes;
    file "/etc/bind/db.hpc.lan.r";
};

sudo nano /etc/bind/db.hpc.lan

;
; BIND data file for local loopback interface
;
$TTL    604800
@   IN  SOA M.hpc.lan. root.hpc.lan. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
hpc.lan.    IN  NS  M.hpc.lan.
hpc.lan.    IN  A   12.1.1.1
;@      IN  NS  localhost.
;@      IN  A   127.0.0.1
;@      IN  AAAA    ::1
M       IN  A   12.1.1.1
N0      IN  A   12.1.1.55
L0      IN  A   12.1.1.90
www     IN  CNAME   hpc.lan.
gateway     IN  A   192.168.1.1

sudo nano /etc/hpc/db.hpc.lan.r

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@   IN  SOA M.hpc.lan. root.hpc.lan. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@   IN  NS  M.
1   IN  PTR gateway.hpc.lan.
1   IN  PTR M.hpc.lan.
55  IN  PTR N0.hpc.lan.
90  IN  PTR L0.hpc.lan.

sudo nano /etc/hosts

127.0.0.1   localhost
127.0.1.1   M #VN278AA-UUW-m9860sc
12.1.1.1    M #VN278AA-UUW-m9860sc-enp1s10
192.168.1.106   MS #VN278AA-UUW-m9860sc-enp0s10

sudo nano /etc/hostname

M

sudo nano /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback


# external
auto enp0s10
iface enp0s10 inet dhcp
#iface enp0s10 inet static
#   address 192.168.1.106
#   gateway 192.168.1.1
#   mtu 1500
#   metric 1000
#   dns-nameservers 8.8.8.8 4.4.4.4

# internal 
auto enp1s10
iface enp1s10 inet static
    address 12.1.1.1
    network 12.1.1.0
    netmask 255.255.255.0
    gateway 192.168.1.106
    broadcast 12.1.0.255
    mtu 7152
    dns-nameservers 12.1.1.1
    metric 100

sudo nano /etc/apparmor.d/usr.sbin.named

... 
  /var/log/bind/** rw,
  /var/log/bind/ rw,

}

sudo nano /etc/dhcp/dhcpd.conf

ddns-update-style none;

option domain-name "hpc.lan";
option domain-name-servers 12.1.1.1;

default-lease-time 86400;
max-lease-time 172800;

authoritative;

log-facility local7;

# wan network, we dont provide service here
subnet 192.168.1.0 netmask 255.255.255.0 {
}

# lan network we provide service for
subnet 12.1.1.0 netmask 255.255.255.0 {
    range 12.1.1.50 12.1.1.99;
    option routers 12.1.1.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 12.1.0.255;
}

host N0 {
    hardware ethernet 00:25:11:4f:9d:92;
    fixed-address 12.1.1.55;
}

host L0 {
    hardware ethernet f0:de:f1:5b:d3:da;
    fixed-address 12.1.1.90;
}

Edit

by they way nslookup works dns and reverse dns works, but problem is that on server machine, lookup is skipping 12.1.1.1 and go directly to 8.8.8.8

may there be some problem with forwarding here?

my iptables are

cat /etc/iptables.conf

# Generated by iptables-save v1.6.0 on Mon Jul  2 01:22:43 2018
*nat
:PREROUTING ACCEPT [406:28839]
:INPUT ACCEPT [180:15615]
:OUTPUT ACCEPT [2024:169350]
:POSTROUTING ACCEPT [66:3986]
-A POSTROUTING -o enp0s10 -j MASQUERADE
-A POSTROUTING -o enp1s10 -j MASQUERADE
COMMIT
# Completed on Mon Jul  2 01:22:43 2018
# Generated by iptables-save v1.6.0 on Mon Jul  2 01:22:43 2018
*filter
:INPUT ACCEPT [1211066:4289490990]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [750206:1045506458]
-A FORWARD -i enp1s10 -o enp0s10 -j ACCEPT
-A FORWARD -i enp0s10 -o enp1s10 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Jul  2 01:22:43 2018

Question Credit: Robert Grzelka
Question Reference
Asked July 11, 2018
Posted Under: Network
29 views
2 Answers

The resolver on the BIND9 server is apparently configured to use the Google name server 8.8.8.8. You need to change that to use its local BIND9 instance instead. In file /etc/resolv.conf, change the line

nameserver 8.8.8.8

to

nameserver 127.0.0.1

credit: Tilman Schmidt
Answered July 11, 2018
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA