Difference between revisions of "DNS"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Domain Name Servers are how clients are able to get automatic hostname-to-IP-address resolution.  Since all servers and clients on our network must be set up with static IP addresses, the settings for DNS are very important for getting communication to function properly. Currently, [[einstein]] and [[roentgen]] are set up as DNS servers.
+
Domain Name Servers are how clients are able to get automatic hostname-to-IP-address resolution.  Since all servers and clients on our network must be set up with static IP addresses, the settings for DNS are very important for getting communication to function properly. Currently, [[einstein]] and [[roentgen]] are set up as DNS servers. A DNS server is setup with '''named''' see [[named]]
 
==Server Configuration==
 
==Server Configuration==
 
The related RPMs installed on einstein are:
 
The related RPMs installed on einstein are:
Line 12: Line 12:
 
The important config files are ''/etc/host.conf'', ''/etc/hosts'', and ''/etc/resolv.conf''.  The information in these files can also be safely editied via the graphical ''system-config-network'' program.
 
The important config files are ''/etc/host.conf'', ''/etc/hosts'', and ''/etc/resolv.conf''.  The information in these files can also be safely editied via the graphical ''system-config-network'' program.
 
; /etc/host.conf : Defines the oder in which the client will search for hostname resolution.  This typically contains only <code>order hosts,bind</code>, which means to first check the "hosts" file, then try bind to a DNS server and get the answer there.
 
; /etc/host.conf : Defines the oder in which the client will search for hostname resolution.  This typically contains only <code>order hosts,bind</code>, which means to first check the "hosts" file, then try bind to a DNS server and get the answer there.
; /etc/hosts : Contains a list of IP addresses and their associated hostnames.  This typically constains info for localhost, einstein, and the machine's own hostname(s) (although the last one should be unnecessary).
+
; /etc/hosts : Contains a list of IP addresses and their associated hostnames.  This typically constains info for localhost, einstein, and the machine's own hostname(s).
; /etc/resolv.conf : Contains the subnet to search and a list of DNS servers' IP addresses.  This typically contains "unh.edu farm.physics.unh.edu" along with einstein and roentgen's IP addresses.
+
; /etc/resolv.conf : Contains the subnet to search and a list of DNS servers' IP addresses.  For systems with connections to the [[farm]] network the search path should be ''farm.physics.unh.edu unh.edu'', and ''unh.edu'' for systems only connected to the UNH network. The DNS server IPs included should be [[jalapeno]] and [[tomato]]. Workstations without a farm connection can also use one or more of UNH's DNS servers as a backup. These are 132.177.128.99, 132.177.102.2, 132.177.102.30, and 132.177.128.56.
  
 
== Long DNS packets and EDNS0 ==  
 
== Long DNS packets and EDNS0 ==  
  
 
This is complicated stuff that can be causing trouble when behind a firewall. See [http://homepages.tesco.net/J.deBoynePollard/FGA/dns-edns0-and-firewalls.html DNS EDNS0 and Firewalls]. Or MS Knowledge base [http://support.microsoft.com/kb/828731/]
 
This is complicated stuff that can be causing trouble when behind a firewall. See [http://homepages.tesco.net/J.deBoynePollard/FGA/dns-edns0-and-firewalls.html DNS EDNS0 and Firewalls]. Or MS Knowledge base [http://support.microsoft.com/kb/828731/]
 +
 +
 +
=== Aaron's email ===
 +
Why was I looking into this?  Because Bill couldn't send mail to his lawyers @fr.com .  It may have caused minor problems with other domains, but most of those "Name service error" entries in the mail log are for " fr.com".  I think that this is the real problem that was behind the DNS problems back in July.
 +
 +
The evidence:
 +
$ dig -t mx @132.177.128.99 fr.com +short +bufsize=4096
 +
vs
 +
$ dig -t mx @132.177.128.99 fr.com +short
 +
 +
The fix:
 +
I added the following lines to named.conf on einstein and roentgen:
 +
server 132.177.128.99 { edns no; };
 +
server 132.177.128.56 { edns no; };
 +
server 132.177.102.2  { edns no; };
 +
server 132.177.102.30 { edns no; };
 +
 +
I also added the recommended fix to named.conf on tomato, since it's running bind 9.3:
 +
edns-udp-size 512;

Latest revision as of 19:55, 22 November 2011

Domain Name Servers are how clients are able to get automatic hostname-to-IP-address resolution. Since all servers and clients on our network must be set up with static IP addresses, the settings for DNS are very important for getting communication to function properly. Currently, einstein and roentgen are set up as DNS servers. A DNS server is setup with named see named

Server Configuration

The related RPMs installed on einstein are:

bind.i386
includes DNS server, named
bind-utils.i386
utilities for querying DNS servers about host information
bind-libs.i386
libraries used by the bind server and utils package
caching-nameserver.i386
config files for a simple caching nameserver

Client Configuration

The important config files are /etc/host.conf, /etc/hosts, and /etc/resolv.conf. The information in these files can also be safely editied via the graphical system-config-network program.

/etc/host.conf
Defines the oder in which the client will search for hostname resolution. This typically contains only order hosts,bind, which means to first check the "hosts" file, then try bind to a DNS server and get the answer there.
/etc/hosts
Contains a list of IP addresses and their associated hostnames. This typically constains info for localhost, einstein, and the machine's own hostname(s).
/etc/resolv.conf
Contains the subnet to search and a list of DNS servers' IP addresses. For systems with connections to the farm network the search path should be farm.physics.unh.edu unh.edu, and unh.edu for systems only connected to the UNH network. The DNS server IPs included should be jalapeno and tomato. Workstations without a farm connection can also use one or more of UNH's DNS servers as a backup. These are 132.177.128.99, 132.177.102.2, 132.177.102.30, and 132.177.128.56.

Long DNS packets and EDNS0

This is complicated stuff that can be causing trouble when behind a firewall. See DNS EDNS0 and Firewalls. Or MS Knowledge base [1]


Aaron's email

Why was I looking into this? Because Bill couldn't send mail to his lawyers @fr.com . It may have caused minor problems with other domains, but most of those "Name service error" entries in the mail log are for " fr.com". I think that this is the real problem that was behind the DNS problems back in July.

The evidence: $ dig -t mx @132.177.128.99 fr.com +short +bufsize=4096 vs $ dig -t mx @132.177.128.99 fr.com +short

The fix: I added the following lines to named.conf on einstein and roentgen:

server 132.177.128.99 { edns no; };
server 132.177.128.56 { edns no; };
server 132.177.102.2  { edns no; }; 
server 132.177.102.30 { edns no; };

I also added the recommended fix to named.conf on tomato, since it's running bind 9.3: edns-udp-size 512;