I have an ubuntu host machine running a CentOS guest that is hosting a webserver.
The Ubuntu host/local machine is 172.29.15.1 (static) - hostname is sysengtest01
The CentOS guest is 172.29.15.7 (static) - hostname I would like to use is ixchariot-server to resolve this address (e.g. http://ixchariot-server/)
--------------- --------------- ------------------------
- Cent OS - - DHCP/Host - - Clients -
- 172.29.15.7 - -- vmnet0 (bridge) ---- - 172.29.15.1 - --- eno4 -- switch --- 172.29.14.1 - 254 -
- ixchariot-server DNS 8.8.8.8
--------------- --------------- ------------------------
I have a DHCP server that is addressing various clients being attached, below is DHCP configuration if this is necessary:
subnet 172.29.14.0 netmask 255.255.254.0 {
authoritative;
max-lease-time 3600;
option subnet-mask 255.255.254.0;
option broadcast-address 172.29.15.254;
option routers 172.29.15.0;
option domain-name-servers 8.8.8.8;
option domain-name "example.org";
pool {
range 172.29.14.1 172.29.14.254; # address range for dynamic
# static reserve for 172.29.15.1 - 172.29.15.254
}
host Switch { # static ip for switch
hardware ethernet 8c:3b:ad:35:61:0a;
fixed-address 172.29.15.2;
}
host IxiaServer { # static ip for Ixia Server
hardware ethernet 00:0C:29:29:C4:A5;
fixed-address 172.29.15.7;
}
host eno4 { # static ip for eno4 interface
hardware ethernet ac:1f:6b:60:56:61;
fixed-address 172.29.15.1;
}
host eno3 { # static ip for eno3 interface
hardware ethernet ac:1f:6b:60:56:60;
fixed-address 172.29.15.5;
}
}
What I would like to do is as clients attach redirect traffic from a hostname ixchariot-server to 172.29.15.7 (the actual webserver). I figure the best mechanism to do this would be to set up a local DNS server but I am failing to configure bind9 correctly I believe...
Below is my named.conf.local:
zone "example.org" {
type master;
file "/etc/bind/zones/db.example.org";
// allow-transfer { localhost };
};
and my named.conf.options:
options {
directory "/var/cache/bind";
// recursion yes;
// allow-recursion { trusted; };
// listen-on { localhost; };
// allow-transfer { none; };
forwarders {
8.8.8.8;
// 8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
and lastly, here is my db.example.org file under /etc/bind/zones:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA sysengtest01.example.org. syseng.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS sysengtest01.example.org.
@ IN A 127.0.0.1
@ IN AAAA ::1
; record addresses
ixchariot-server IN A 172.29.15.7
However, ixchariot-server is not able to be resolved on my clients, so it doesn't seem like the DNS is properly either listening to request, providing the address or some other like this.
It seems like the service is running, just unsure if this error may be the reason why?
syseng@sysengTest01:/etc/bind/zones$ service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (running) since Mon 2018-04-09 10:40:44 PDT; 2min 5s ago
Docs: man:named(8)
Process: 18734 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 18740 (named)
CGroup: /system.slice/bind9.service
└─18740 /usr/sbin/named -f -4 -u bind
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: journal file is out of date: removing journal file
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: loaded serial 18
Apr 09 10:40:44 sysengTest01 named[18740]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone localhost/IN: loaded serial 2
**Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: NS 'sysengtest01.example.org' has no address records (A or AAAA)
Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: not loaded due to errors.**
Apr 09 10:40:44 sysengTest01 named[18740]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone 255.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: all zones loaded
Apr 09 10:40:44 sysengTest01 named[18740]: running
Your SOA record in the zone file should refer to the domain example.org
, thus:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA example.org. syseng.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS sysengtest01.example.org.
@ IN A 127.0.0.1
@ IN AAAA ::1
; record addresses
sysengtest01 IN A 172.29.15.1
ixchariot-server IN A 172.29.15.7
Do you really want example.org
to resolve to 127.0.0.1 though? That seems wrong. You can directly test the DNS with the dig
tool by the way.
Also your named.conf.options
needs to allow recursive queries from your clients. Thus:
acl trusted { 172.29.14.0/24; };
and in the options
section:
recursion yes;
allow-recursion { trusted; };
More on DNS caching and forwarding at Digital Ocean. I would recommend testing first on the DNS server with e.g. dig @172.29.15.1 -t A ixchariot-server.example.org.
to check that the DNS resolves and then dig @172.29.15.1 -t any www.google.com
to check that recursive queries work before testing from the clients.