Visit Our UNIX and Linux User Community

Split DNS not working with Bind-9.7

Thread Tools Search this Thread
Operating Systems Linux Red Hat Split DNS not working with Bind-9.7
# 1  
Old 05-11-2012
Split DNS not working with Bind-9.7

Hi All,

Distros of machines : RHEL6
Bind Vesrion : Bind-9.7-3.2

I am trying to set up a test DNS for my home network. I have two rhel 6 machines A and B. Machine A has 2 NICs and is acting as a router also, one NIC is facing intranet and the otehr is facing intranet. On machine A i have configured the DNS server on the internal interface and i am forwarding all the queries from DNS server to another DNS. It works fine when i try to do any name lookup from machine A.

Now there is a machine B which has a private IP configured. From this machine i try to ping the machine A's internal interface IP on which DNS is configured, ping works fine, then i try doing a telnet on the same IP on port 53 and that also works fine. However when i use this internal DNS to do lookup on machine B it never works. I get an error saying

connection timed out, no server could be reached.

Internal IP of machine A :
External IP of machine A :
IP of machine B :

I am pasting my named.conf file
 Sample named.conf BIND DNS server 'named' configuration file
 for the Red Hat BIND distribution.

 See the BIND Administrator's Reference Manual (ARM) for details, in:
 Also see the BIND Configuration GUI : /usr/bin/system-config-bind and
 its manual.

        // Put files that named is allowed to write in the data/ directory:
        directory               "/var/named";           // "Working" directory
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";

          Specify listenning interfaces. You can use list of addresses (';' is
          delimiter) or keywords "any"/"none"
        //listen-on port 53     { any; };
        listen-on port 53       {;; };

        allow-query             { localhost; };

        // Enable/disable recursion - recursion yes/no;
        recursion yes;

/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the '' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
        channel default_debug {
                file "data/";
                severity dynamic;

 Views let a name server answer a DNS query differently depending on who is asking.

 By default, if named.conf contains no "view" clauses, all zones are in the
 "default" view, which matches all clients.

 Views are processed sequentially. The first match is used so the last view should
 match "any" - it's fallback and the most restricted view.

 If named.conf contains any "view" clause, then all zones MUST be in a view.

#view "localhost_resolver"
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
#       match-clients           { localhost; };
#       recursion yes;

        # all views must contain the root hints zone:
#       zone "." IN {
#               type hint;
#               file "/var/named/";
#       };

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * not leak to the other nameservers:
#       include "/etc/named.rfc1912.zones";
view "internal"
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
        match-clients           {; };
        recursion yes;
        forwarders {;};
        zone "." IN {
                type hint;
                file "/var/named/";

        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * not leak to the other nameservers:
        include "/etc/named.rfc1912.zones";

        // These are your "authoritative" internal zones, and would probably
        // also be included in the "localhost_resolver" view above :

          NOTE for dynamic DNS zones and secondary zones:


          If you are using views and DDNS/secondary zones it is strongly
          recommended to read FAQ on ISC site (, section
          "Configuration and Setup Questions", questions
          "How do I share a dynamic zone between multiple views?" and
          "How can I make a server a slave for both an internal and an external
           view at the same time?"

#       zone "" {
#               type master;
#               file "";
#       };
#       zone "" {
#               type slave;
#               file "slaves/";
#               masters { /* put master nameserver IPs here */; } ;
                // put slave zones in the slaves/ directory so named can update them
#       };
#       zone "" {
#               type master;
#               allow-update { key ddns_key; };
#               file "dynamic/";
                // put dynamically updateable zones in the slaves/ directory so named can update them
#       };

#key ddns_key
#       algorithm hmac-md5;
#       secret "use /usr/sbin/dnssec-keygen to generate TSIG keys";

#view "external"
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not match any above view:
#       match-clients           { any; };

#       zone "." IN {
#               type hint;
#               file "/var/named/";
#       };

#       recursion no;
        // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers

        // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

#       zone "" {
#               type master;
#               file "";
#       };

/* Trusted keys

  This statement contains DNSSEC keys. If you want DNSSEC aware resolver you
  have to configure at least one trusted key.

  Note that no key written below is valid. Especially root key because root zone
  is not signed yet.
trusted-keys {
// Root Key
"." 257 3 3 "BNY4wrWM1nCfJ+CXd0rVXyYmobt7sEEfK3clRbGaTwSJxrGkxJWoZu6I7PzJu/

// Key for forward zone 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe
                      OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC
                      iuvF4qJCyduieHukuY3H4XMAcR+xia2 nIUPvm/oyWR8BW/hWdzOvn

// Key for reverse zone.
2.0.192.IN-ADDRPA.NET. 257 3 5 "AQOnS4xn/IgOUpBPJ3bogzwcxOdNax071L18QqZnQQQA
                                tszYqbtvchmgQC8CzKojM/W16i6MG/ea fGU3siaOdS0
                                4LB0lC7aOnsMyYKHHYeRv PxjIQXmdqgOJGq+vsevG06

Also logging is also not working properly. I am not getting any useful information in the logs, if you could explain about that too, it would be great.
Please let me know if you would need any information to diagnose the issue better.

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Bind (DNS) error on EL 6.4

Gurus I have configured bind 9 on Red hat EL 6.4, it can resolve from hostname i.e from domain name (like, through IP its shows following error. Need your expert opinion to solve it. error Server: Address: ** server can't... (1 Reply)
Discussion started by: smazshah
1 Replies

2. Solaris

DNS Bind Upgradation in Solaris 10

Hi All , My current Bind version is BIND 9.6.1 and I want upgrade the same to BIND 9.8.1-P1 ,Can any one provide the steps to do the same ? Solaris Version : 5.10 Generic_144488-11 sun4v sparc Thanks , (0 Replies)
Discussion started by:
0 Replies

3. Red Hat

Public dns bind 9

Hi Friends, I need help to understand how to publish my public dns to internet. I have configured bind 9 on thel5 server and it working fine. My question is, as i donot want to expose my orginal hostname to outside and my zone files are configured with the NS recorde of the orginal hostname,... (5 Replies)
Discussion started by: arumon
5 Replies

4. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

5. UNIX for Advanced & Expert Users

DNS Bind

Hello, I have a question about dns file zone. Every zone file begins like: @ 86400 IN SOA ( It means that name server ns1 is responsible for this zone. At the ending I can add the records like IN A So it will... (2 Replies)
Discussion started by: mirusnet
2 Replies

6. Solaris

solaris - BIND / DNS

hi all forgive my ignorance, but when IVe set up DNS Ive put in the various server details in the /etc/resolv.conf and away I go. Suddenly Ive been reading about DNS, and I need to created a /etc/named.conf file. so, my question is this. DNS, what part does the /etc/resolv.conf play in... (3 Replies)
Discussion started by: sbk1972
3 Replies

7. UNIX for Dummies Questions & Answers


Hi, Does anyone know anything about DNS/BIND? I need to tell my dns for every sub-domain foward on to my main domain.... so * gets sent to Any ideas. I've looked at bind on my machine and theres about 10 files....i just don't know where to put the rule or exactly... (2 Replies)
Discussion started by: elduderino
2 Replies

8. IP Networking

Question on DNS/BIND

I have set up a BIND server running on Redhat AS 3.0 and the question I have is that I can point my laptop to that server and resolve all the hosts I have put in my .zone file but for the life of me I can resolve any outside information. I have verified the server can talk to the world. Any hints... (2 Replies)
Discussion started by: Acleoma
2 Replies

9. UNIX for Dummies Questions & Answers

BIND DNS replication

I have a RedHat 7.1 box that we use for DNS in our System Engineering lab. We have a Windows 2000 box that handles DNS in our main office. The Microsoft Admin and I have been given the task of making both of our domains accessible to each other. I had originally made his domain my forwarder, so... (5 Replies)
Discussion started by: Jody
5 Replies

10. UNIX for Dummies Questions & Answers

DNS/BIND question, is it ze germans?

First some back ground info: I am working on a computer running SuSE 7.3 I am still trying to set up a DNS I downloaded BIND 9.2.1 and was following a tutorial about BIND. It said at virtually the start of the tutorial that I should find a file called named.conf in my /etc directory. Yes, I... (1 Reply)
Discussion started by: ignus7
1 Replies

Featured Tech Videos