Linux BIND and NAMED help needed!

Discussion in 'OT Technology' started by dimins, Jun 8, 2005.

  1. dimins

    dimins I'll bring the beers ... OT Supporter

    Joined:
    Feb 13, 2002
    Messages:
    3,234
    Likes Received:
    0
    Location:
    Long Island, NY
    I'm having IP conflict issues which cause NAMED to stop responding.

    Here is the situation. We have a few people who take their laptops home and have routers which start assigning IPs at 192.168.1.2 (which happens to be our DNS server's address here at work). So when they bring their laptops back into work and plug into the network, they still have the 192.168.1.2 address and it brings down the network. Once the culprit laptop is unplugged from the network, the NAMED service remains hung indefinately. The only way to resolve the issue is to restart the service.

    Solutions?
    1) We've had the people bring their routers in and we've reconfigured them so this "shouldn't" happen again, but this isn't the best solution.
    2) ??

    I looked at the syslog file and there are no named or bind errors being reported. And we're running BIND 9.2.3

    Thanks in advance

    ibnoresponses
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    how about you change your business network subnet to be something other than the grossely over-used 192.168.x.x??? Every business network I setup is on a class A or class B network for this reason, specifically. So I assume you use DHCP, and the client-side switch would be transparant. Switch to 10.1.1.x and you're set.
     
  3. vwgeekdotcom

    vwgeekdotcom Silver Surfer

    Joined:
    Sep 6, 2001
    Messages:
    1,012
    Likes Received:
    0
    Location:
    Maine
    My first suggestion would be to change your network class to something like 10.251.175.x
    depending of course on how many computers you have, but 192.168.1.x is asking for trouble, especially when you have computers from outsite networks coming in. Of course that's really not the best thing either, I hope you guys have ample virus protection.
     
  4. dimins

    dimins I'll bring the beers ... OT Supporter

    Joined:
    Feb 13, 2002
    Messages:
    3,234
    Likes Received:
    0
    Location:
    Long Island, NY
    thanks for the suggestions guys. We're a very small company of about 18-20 people and I wasn't around when the network was set up origonally, but that is not relevant.

    We have solid virus protection, and the only machines coming into our network are those which have virus software and originated here. We have a seperate network setup for our clients/partners who come in and need internet access.

    I am more concerned with the named process failing to respond. I was expecting the issues to be resolved once the culprit machine was removed from the netowrk, but it looks like that isn't the case. Ah well, a subnet change is a good suggestion. Thanks again
     
  5. vwgeekdotcom

    vwgeekdotcom Silver Surfer

    Joined:
    Sep 6, 2001
    Messages:
    1,012
    Likes Received:
    0
    Location:
    Maine
    Yeah, with that many people, a subnet change should only take a few hours, and will save you bundles of time.
     
  6. vwgeekdotcom

    vwgeekdotcom Silver Surfer

    Joined:
    Sep 6, 2001
    Messages:
    1,012
    Likes Received:
    0
    Location:
    Maine
    P.S., didn't see jollyogre's post because he is on my ignore list, sorry for redundant information.
    And don't use DHCP, if you have a decent host file, there is no need for it. You are going to have an easier time not figuring out mac addresses when you know what machines are linked to what IP addresses IMHO. It will also allow you to control who can and cannot get on your network. With a DHCP server, unless you have it setup exactly right, someone can just come into your building, plug in a PC and go to town.
     
  7. dimins

    dimins I'll bring the beers ... OT Supporter

    Joined:
    Feb 13, 2002
    Messages:
    3,234
    Likes Received:
    0
    Location:
    Long Island, NY
    No worries. I like hearing differnt people's opinions and views as long as they make sense. :)

    Well, we're in a very secure building (multiple access cards and alarm systems), so it's doubtful anyone will be able to plug into our network without us knowing. But it's worth taking a look. Thanks.
     
  8. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    Best practice says that any machine providing services should be in its own subnet... a "server net" if you will. That prevents things like these from happening. Its good practice even with only 20 users.
     
  9. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,631
    Likes Received:
    41
    Location:
    Atlanta, GA
    That would not solve this problem in any way.

    Whether you have the DNS server in the same subnet as the clients or in another one as soon as the new laptop comes into the network and the other machines discover it via ARP there are going to be problems.
     
  10. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    although I disagree with the server in a seperate subnet (defeats the purpose in many ways) you are wrong about ARP. The laptop will not take over from the server or interfer in any way.
     
  11. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,631
    Likes Received:
    41
    Location:
    Atlanta, GA
    Ahhh you are correct.

    If they were on another subnet then there would need to be a static route on the clients and they would only use ARP to find the hw address of the router.

    Muh bad. :o
     
  12. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    How do you disagree about having servers on a different subnet? Defeats what purpose?

    Servers (DNS server in this case) are in 10.0.0.x subnet. Clients are in a 192.168.0.x subnet. Idiot user can assign himself whatever IP address he wants and physically plugs into the 192 client network. DNS server stays up, other clients stay happy?
     
  13. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    because many servers are more for INTERNAL use than external... so they need to be accessible by local clients. Thus they require local ips.
     
  14. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,631
    Likes Received:
    41
    Location:
    Atlanta, GA
    One problem that I could see is that it bottlenecks the throughput. A router with a couple 100mbit connections isn't that cheap.

    You could do a linux box with a couple NICs though.
     
  15. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    Huh? I never said anything about internal / external anything. Both the servers and the clients are in private IP address spaces -- just different subnets.
     
  16. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    You don't need a router.

    Even cheap 24 port Netgear switches can do VLANs and inter VLAN routing at line speed.
     
  17. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,631
    Likes Received:
    41
    Location:
    Atlanta, GA
    :eek3: I didn't realize that.
     
  18. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    not quite. You have to look at the switches bandwidth and you will see that they're a horrible bottleneck.

    We were using cheap 100Mbps switches (16 and 24 ports) with a ghost server and it was at a crawl... we upgraded to some better switches, and went from 10 hours for a ghost, to under 1 hour.
     
  19. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    yes, but if the server is for INTERNAL use, then they need to be accessible by the client subnets.
     
  20. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    You're talking about a budget issue. Not a network architecture issue. You've even mentioned the solution -- buy a switch that is more appropriate. For 18 users, a 24 port managed netgear/3com/youNameIt switch is more than adequate for anything I could possibly see them doing.
     
  21. ShapeShifterz

    ShapeShifterz Longtime Lurker

    Joined:
    Mar 15, 2000
    Messages:
    183
    Likes Received:
    0
    Location:
    Bay Area, CA
    Still not clear what you mean. The server IS internal, and it WILL be accessible by the client subnets? Only difference is the subnet its assigned to?
     
  22. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    if the server is on a different subnet than the client machine, then the client will send the packets to it's gateway... which probably will not know how to get to the server.
     
  23. dimins

    dimins I'll bring the beers ... OT Supporter

    Joined:
    Feb 13, 2002
    Messages:
    3,234
    Likes Received:
    0
    Location:
    Long Island, NY
    I'm thouroughly confused by having them on seperate subnets (but I'm not really a trained network admin so maybe that's why). If the DNS server also handles DHCP, how would the clients grab an IP for let's say a 192.168.1.x subnet and still have proper DNS lookups from the 10.0.0.x subnet? Would there need to be some host mapping on each client?
     
  24. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    that's my point...


    ShapeShifterz really doesn't know what he's talking about right now... Because your DNS server *NEEDS* to communicate with your local boxes, you MUST keep it in the same subnet. My solution of changing the whole subnet to a class A (10.x.x.x) solves your problem with the least "change" and zero cost. ShapeShifterz's method, on the other hand, would single-handedly bring down your entire network :mamoru:
     
  25. Rob

    Rob OT Supporter

    Joined:
    Jul 6, 2002
    Messages:
    88,631
    Likes Received:
    41
    Location:
    Atlanta, GA

    Cisco routers let you setup a DHCP helper that will forward DHCP requests between subnets.
     

Share This Page