Join Log in
Score:0
Ilya Shmadchenko avatar Server

Bind9 works properly but I can’t ping names from the DNS server machine

lu flag
Ilya Shmadchenko

I have the machine dnsserver with the bind9 service in domain ent.com. I also boot other machines: firewall and webserver. All machines are operated by Ubuntu-server-22.04.

I’ve configured these files:

/etc/bind/named.conf.options

listen-on {
        192.168.0.0/24;
}
allow-query { any ;};
dnssec-validation auto;
forwarders {
                192.168.0.1;
        };

/etc/bind/named.conf.local

zone "ent.com" IN {
        type master;
        file "/etc/bind/forward.ent.com";
        allow-transfer {192.168.0.211; };
        also-notify {192.168.0.211; };
};

zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "/etc/bind/reverse.ent.com";
};

The zone files. /etc/bind/forward.ent.com

$TTL    604800
@       IN      SOA     dnsserver.ent.com. root.dnsserver.ent.com. (
                            5       ; Serial
                        604800      ; Refresh
                        86400       ; Retry
                        2419200         ; Expire
                        604800 )    ; Negative Cache TTL
;
@       IN      NS      dnsserver.ent.com.
@       IN      A       192.168.0.211
dnsserver       IN      A       192.168.0.211
firewall        IN      A       192.168.0.201
mailserver      IN      A       192.168.0.212
webserver       IN      A       192.168.0.213
vault   IN      A       192.168.0.214

/etc/bind/forward.ent.com

$TTL    604800
@       IN      SOA     dnsserver.ent.com. root.dnsserver.ent.com. (
                            2       ; Serial
                        604800      ; Refresh
                        86400       ; Retry
                        2419200         ; Expire
                        604800 )    ; Negative Cache TTL
;
@       IN      NS      dnsserver.ent.com.
@       IN      PTR     ent.com.
211     IN      PTR     dnsserver.ent.com.
201     IN      PTR     firewall.ent.com.
212     IN      PTR     mailserver.ent.com.
213     IN      PTR     webserver.ent.com.
214     IN      PTR     vault.ent.com.

Commands named, checkconf and checkzone work without any issues.

So, when I connect to firewall and ping machines by their names, it works perfectly:

ilya@firewall:~$ nslookup dnsserver
Server:      127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:    dnsserver.ent.com
Address: 192.168.0.211

ilya@firewall:~$ ping webserver
PING webserver.ent.com (192.168.0.213) 56(84) bytes of data.
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=1 ttl=64 time=0.567 ms
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=2 ttl=64 time=0.657 ms
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=3 ttl=64 time=0.514 ms
^C
--- webserver.ent.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2028ms
rtt min/avg/max/mdev = 0.514/0.579/0.657/0.059 ms

But when try to ping names from dnsserver I have an error:

ilya@dnsserver:~$ ping webserver
ping: webserver: Temporary failure in name resolution
ilya@dnsserver:~$ ping firewall
ping: firewall: Temporary failure in name resolution

ilya@dnsserver:~$ nslookup webserver
Server:      127.0.0.53
Address:    127.0.0.53#53

** server can't find webserver: SERVFAIL

The dnsserver’s netplan configuration is here:

network:
  version: 2
  ethernets:
    ens33:
    dhcp4: no
    match:
        macaddress: 00:0c:29:7b:56:ad
    set-name: ext0
    addresses:
        - 192.168.0.211/24
    gateway4: 192.168.0.1
    nameservers:
        addresses: [192.168.0.211]
        search: [ent.com]

Can’t find the mistake in my DNS server configuration. Could you help me?

319
0 + 3
diya avatar
la flag
diya
In your questions please refrain from using random domain names (that you don't own/operate) and use either your *own domain* or one of the [RFC 6761](https://tools.ietf.org/html/rfc6761#section-6.5) reserved domain names such as `example.com`, `example.org` or similar . Please refer to [this Q&A](http://meta.serverfault.com/q/963/37681) for our recommendations with regards to how and what (not) to obfuscate. - Second, is the problem only with resolving "short" hostnames ? Or do you also see a failure when using the FQDN *webserver.ent.com* and/or when resolving other domain names?
0
Reply
diya avatar
la flag
diya
Is `sudo systemctl status systemd-resolved.service` showing anything helpful?
0
Reply
Ilya Shmadchenko avatar
lu flag
Ilya Shmadchenko
@diya, thank you for your crucial remarks! It seems to be solved after the last VMware upgrade. I've started machines that morning and now I can ping long and short names successfully.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.