|
BIND and reverse lookups
Hello people!
I suddenly find myself with access to a self managed linux server running Fedora which a bunch of people in my department hired but couldnt use properly. I am now the new to be fall guy.....! The server is somewhere in California and I am nowehere near it. We are to be our own DNS; tech support doesnt exist beyond reboots and hardware failure - anything else COSTS 50$ for a REQUEST! Now I'm not new to linux but this is what we have to do - and I haven't done this before. I've set up networks, gateways, DHCP, NFS, etc - but I've never done this: 1)Configured a DNS server (which I've almost done now..) 2)Set up a mail server... on a remote server I only have SSH access to. However, I think that these things are not impossible. I've already made GOOD progress with 1). ;) Question #1 I was given two IPs to work with. I logged in using SSH on one - the other IP wasn't up. Now the machine has two NICs, and the first IP runs on eth0. But here's the catch - the primary IP given to me is something like 55.44.33.24 and the second IP is of the form 200.100.100.10 NOT 55.44.33.25 now to get the second IP up such that its visible on the internet is it as simple as doing ifconfig eth1 200.100.100.10 I mean - stupid question so - but what's the netmask for the Internet? Do I have to add routes and stuff for the second NIC? The default gateway according to my routing table is of the form 55.44.33.1 . The second IP (200.100.100.1) seems unpingable - and iptables isn't up yet - so it isnt showing on the net. Question #2 DNS I've got BIND running on the system. I've managed to get the forward lookup zones configured properly (I've checked exhaustively with dig, host and nslookup). When I query my own nameserver (which I've just set up) I get the right answers for the nameservers, MX records, A records, etc for my domain and its hosts and other hosts like google.com, yahoo.com. About the reverse lookups - Someone told me I have to ASK it from the service provider. Is that true? I thought I make the reverse zone 33.44.55.in-addr.arpa file myself such that when I do dig -x 55.44.33.25 I get the hostname dns1.mydomain.com . That's what I've done and a reverse lookup query to 55.44.33.1 (my own primary DNS) gives exactly that. However, the domain has not yet been updated with the domain registrar and internet root servers. When I do a reverse lookup on the primary IP from ANY OTHER nameserver (not my own), I get the hostname of the service providers DNS - though we HAVE to maintain our own DNS is part of the deal with them. Thanks! I feel close to cracking this entire BIND/DNS mystery ..any help would make the thing much clearer... The more you learn the less you know about before - digging deeper into higher ground.... :) |
What is the netmask? Ask your network administrator..... and if it's you... then WORRY! :)
The network interface can not guess what IP adress it has to go through in order to get to the internet..... so, you have to set up the gateway for each network. If you have two internet connections, you could try to do load balancing... but be ready to make crazy experiments. :D Have fun! |
DNS... oh, DNS... so many headaches! :)
I guess that the problem you are getting is because you haven't set the DNS as official. When you get the problem it is because the DNS request is being made to official DNS and they are resolving official information, not your Not-Official-Yet servers own information (the Still-Official DNS "think" they have the right information... and they actually do.. they are OFFICIAL, see?). |
eantorantz - give me some credit - not much, but a little :p
No - I'm not the network administrator. Also I'm not anywhere NEAR the server, I'm at least 100,000 Km away from it., so I can't poke around. All I have is an email from the hosting company giving me two IP addresses, telling me that I have to manage my own DNS. Lets make one thing clear - my hosting provider is NOT my registrar. Now how essential is it to update the reverse lookups? Because someone told me not to forget to ask a reverse-DNS entry from my hosting provider, for the IP's I'm using on my server. Apparently, this is especially needed if I want to send mail to other parties from this server. Some people block mail from servers without hostname, this I know. But it's not like I won't have a hostname if the forward lookup entries are updated with the registrar right (by telling him that I'm managing my own DNS, and having the records set up on this DNS)? So what's this deal about the reverse lookups and mail? Right now reverse lookups give my hosting provider's DNS (which I CAN'T use - as they state in the contract). FORGET about the second NIC. LETS NOT EVEN GET into that. |
So what's this deal about the reverse lookups and mail? Right now reverse lookups give my hosting provider's DNS (which I CAN'T use - as they state in the contract).
Some (if not most) ISP's will not delegate the SOA for reverse DNS zones. So you will need to ask your ISP if they do so. If they don't, then hopefully your ISP will change the name (PTR Record) for the IP address(s) on their DNS server to your requirements (like mail.mydomain.com). If your ISP does delegate SOA to your name server, then you will need to add the reverse zones on your DNS server. As for e-mail... some MTA's are configured to reject an inbound e-mail if the reverse DNS name (PTR) of the connecting MTA does not match the forward DNS name. i.e. mail.mydomain.com = x.y.z.a (forward) x.y.z.a = mail.mydomain.com (reverse) So if you want your outbound e-mail to be accepted by "all" e-mail servers, then its in your best interest to contact your ISP and be sure that you resolve the forward/reverse DNS name issues. i.e. They need to match. |
I get what you say scowles...
But this doesn't make sense - my ISP maintains that I need to maintain my own DNS. If they could modify my PTR records with their DNS, then they may as well have maintained my DNS. So I don't think they'll do that. So I should be within my rights to ask them to delegate the SOA for reverse lookups to me, right?? The only reason I'm afraid to ask is that these guys say that any query which is not hardware failure/ reboot / billing enquiry will be charged 50$.... :confused: Thanks... |
Someone's DNS server is responsible (SOA so to speak) for the reverse name for the IP addresses assigned to your server. The whois command can give you a good starting point. ex: whois x.x.x.x Another good DNS site is www.dnsstuff.com Also, using the dig commmand with the trace option will point out which DNS server is the last SOA in the recusion. Ex: dig +trace -x 1.2.3.4
To give you an example of what I'm talking about... I have three registered domains. My registrar for these domains is register.com. My ISP is Verizon. Using register.com's web interface, I changed the SOA's for my domains to point to the IP address of my DNS server. But this was only for the forward zones; which basically updates the root name servers. In order to get the reverse names to match what I had assigned on my DNS server, I had to contact Verzion - who is listed as the authoritative name server for reverse lookups for my IP addresses. Verzion informed me that they do NOT delegate the reverse lookup addresses to DNS servers not under their control (authoritative), but they will make the reverse name change on their DNS servers. Personally, I could care less on whether or not Verizon would delegate reverse lookups to my DNS server, just so long as the forward/reverse names matched. Hope the above helps with some confusion. If all else fails, the dnsstuff site mentioned above is a good resource. |
I got lost long time ago... tell me the results once you get it solved. ;) LOL
|
Hmm. OK. So I take a deep breath and just send these guys an email asking them to update their PTR records to match my MX records for mail.
And there's no doubt about it, dig -x gives the hostname as different from mine - set by my ISP obviously. And the trace gives my ISPs name server as expected. Thanks people - that clears the air up! MERRY CHRISTMAS people! |
Quote:
:p Merry Christmas... |
When you get to setting up your mail server, do yourself a favor and follow the instructions at http://qmailrocks.org
All of it can be done from the command line (through ssh). As to your DNS woes: whoever owns the class C that your server is on needs to do the reverse map (ie: whoever ownes 55.44.33.0 - which is probably your ISP). In the mean time, if you're only dealing with 2 ip addresses - 1 of which is public to the internet - why not just have your domain registrar do your DNS for you? 1 IP address hardly calls for a need for a domain name server. If that option is unavailable to you, just make sure you have things set up right, check things with http://dnsreport.com/ and wait for the zone to update (which could take a few days). By the way, neither 200.xxx.xxx.xxx nor 55.xxx.xxx.xxx are private IP addresses, which means they're both viewable from the internet. |
| All times are GMT -5. The time now is 07:12 PM. |