LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-15-2008, 11:04 AM   #1
jtneal
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Rep: Reputation: 0
DNS issue - DNS works perfect on server but not on any other computer


Wasn't sure to post this in linux server or networking, sorry..

I've started running Fedora 8, and I've setup apache and PHP and everything needed. The server works great, running via my IP address:
http://66.191.200.167

Now, I own teamod.net. So, I want to use teamod.net instead...

So I researched a lot, and ended up with a configuration that works 100% correctly on the server itself. When I open u firefox from the GUI, i can use ftp.teamod.net www.teamod.net teamod.net mail.teamod.net and all the other aliases and they work. If I type one that I didn't set up an alias for, such as webmail.teamod.net, it doesn't work (expected)

Now, on my router, I set up a DMZ for the linux server. I did this because originally i was forwarding both UDP and TCP 80 22 and 53, but it wasn't working. I thought maybe DNS was using a different port in addition to 53 so the DMZ basically fixes that issue.

I setup through my domain config in godaddy ns1 and ns2.teamod.net and they point to my server, and my nameservers are set to ns1.teamod.net and ns2.teamod.net...Everything is setup just as it's supposed to.

Once again, when I run it on my linux server's firefox, everything works, but when I run it off my windows machine (which is on the local network) it doesn't work..or from anywhere else in the world it doesn't.

Here is the setup of the current files..I have changed them over and over trying to get it working, I'm open to any suggestions I really want to get this working.

/etc/named.conf
Code:
options {
        directory       "/var/named";
        version "Bind";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "teamod.net" IN {
        type master;
        file "teamod.net.zone";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
In case you want to know what's inside that include file...

/etc/named.rfc1912.zones
Code:
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};
/var/named/teamod.net.zone
Code:
$TTL 1H
$ORIGIN teamod.net.
@       IN      SOA     ns1.teamod.net. webmaster.teamod.net. (
                                                                2
                                                                3H
                                                                1H
                                                                1W
                                                                1H )
                NS      ns1.teamod.net.
                NS      ns2.teamod.net.
                MX      10 teamod.net.

localhost       A       127.0.0.1
router          A       192.168.1.1

teamod.net.     A       66.191.200.167
ns1             A       66.191.200.167
ns2             A       66.191.200.167
www             A       66.191.200.167
ftp             A       66.191.200.167
mail            A       66.191.200.167
Now, YES I know you aren't supposed to use ns1 and ns2 with the same IP address, but as far as public IP addresses go (like IP's given to my by my ISP) i only have the one, 66.191.200.167...And I don't think that's the problem. Yes I know I'm not supposed to do it like that, but I think the problem lies elsewhere...Once again, it does work on the linux server's gui firefox. Here are also some of the outputs of various commands ran on the server itself:

ENTERED COMMAND:
host teamod.net
OUTPUT GIVEN:
teamod.net has address 66.191.200.167
teamod.net mail is handled by 10 teamod.net.

ENTERED COMMAND:
nslookup teamod.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: teamod.net
Address: 66.191.200.167

file: /etc/resolv.conf
; generated by /sbin/dhclient-script
search sc.charter.com
domain www.teamod.net; I added this from a help file i read
nameserver 127.0.0.1; I added this from a help file i read
nameserver 24.197.97.136
nameserver 24.197.97.132

file: /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost localhost
::1 localhost6.localdomain6 localhost6

Okay, trying to give you as much info as possible..i'm using the latest version of bind (9 I believe) and Fedora 8's latest available version. I used yum to install bind. "yum install bind" ... If you want to know anything else let me know.

If anyone has any ideas, I'd really appreciate it. I'm pretty certain the problem lies in the linux configuration somewhere, although I'm open to possiblilities that the problem could lie with godaddy or even my router? I use a BEFSR41 V3 Linksys router.
 
Old 03-15-2008, 01:16 PM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
I believe that the latest versions of BIND require the use of views even if it is just a single view for everything (internal/external).

Do you have anything in /var/log/messages reporting a problem when you start named?
you can open two shells and 'tail -f /var/log/messages' in one and then 'service named restart' in the second. look for any indication of a problem in the output on the 'tail' shell.

Code:
options {
        directory       "/var/named";
        version "Bind";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

// a single [everyone] view 
view "everywhere" {
match-clients { any; };
recursion no; 
//

zone "." IN {
        type hint;
        file "named.ca";
};

zone "teamod.net" IN {
        type master;
        file "teamod.net.zone";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";

//close the view
};
//

If you have iptables rules, are you allowing DNS requests? I don't think this port is open by default on the default Fedora firewall. When I tried to dig a hostname from you server directly the connection timed out.


Hope this helps.
 
Old 03-15-2008, 02:41 PM   #3
jtneal
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Hey rayfordj,

Thanks so much for your help.

The view thing was incorrect as i tried doing it, and it said all zones had to use view if you use one view, anyways, I did the tail thing, noticed nothing odd...So I moved on to iptables.

I'm not good with iptables in fact never used it, so I just decided to go into the GUI and click on system > administrator > firewall...low and behold, I notice DNS is not checked, so it's not allowed...So you were right, I checked DNS, and sure enough right away the website is now working.. www.teamod.net

Thanks very much for your help..Now, in case I'm ever in a situation where I don't have access to a GUI, perhaps I just have a virtual dedicated server through godaddy for instance, how would I allow DNS through the shell, say using iptables? I'm sure I can search for this answer ..

Jason
 
Old 03-15-2008, 03:30 PM   #4
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
Awesome!

I initially learned just by reading the man page and a lot of trial-and-error testing. Once you learn how to read the man page for iptables it gets much easier to find and implement what you want.

Here's a good iptables tutorial.


The RedHat/Fedora rules by default create a custom chain that INPUT and FORWARD jump to for all of their rules (something like RH-Firewall-INPUT-1).


You can either add it to this chain or just throw it to the top of your INPUT chain like so:
Code:
iptables -I INPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
If manually entering rules via 'iptables' you'll want to be sure to save it once you get it working how you want with service iptables save. service iptables status will show your current rule-set. I generally use iptables -nvL. If you mess up and just want to start over (and have not yet saved the rules) you simply restart the iptables service. It really isn't a service per-se but rather a script to modify the kernel's netfilter rules; there is no iptables daemon.

Last edited by rayfordj; 03-15-2008 at 03:38 PM. Reason: fixed type-o
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS server issue? ZeroCool42 Linux - Networking 4 02-02-2008 09:06 AM
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 04:50 PM
DNS Server Issue ikw38 Linux - Networking 1 05-22-2007 09:56 PM
Perfect DNS Server Suggestions imsam Linux - Newbie 3 10-19-2004 11:58 PM


All times are GMT -5. The time now is 04:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration