LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-06-2009, 09:49 PM   #1
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Rep: Reputation: 0
DNS Troubleshooting


I have set up a DNS on a Fedora 9 server. It resolves hosts fine locally, but when a remote machine attempts to use the DNS Server (via dig or nslookup) the request times out (";; connection timed out; no servers could be reached"), like the DNS isn't even listening to datagrams (nmap confirms that 53 is open, and iptables is shutdown).

Here is my named.conf
----------begin named conf------------------------
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Bind";
allow-query { localhost; };
recursion yes;
#forwarders { 172.30.0.10; 172.30.0.11; }; #IP of upstream ISP nameserver(s)
#forward only; #rely completely on our upstream nameservers
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "se.dr.com" IN {
type master;
file "se.dr.com.zone";
allow-update {none;};
};

zone "4.30.172.in-addr.arpa" IN {
type master;
file "reverse.se.dr.com.zone";
allow-update {none;};
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update {none;};
};

include "/etc/named.rfc1912.zones";
---------------------------end named.conf---------------------
----------------begin se.dr.com.zone file---------------------

$TTL 3D
; Information about "forward" domain se.dr.com
$ORIGIN se.dr.com.
@ IN SOA ns1.se.dr.com. webmaster.se.dr.com. (
2004042601 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
1D ) ; minimum

NS se17 ;Inet Address of nameserver
localhost A 127.0.0.1
ns1 CNAME se17
se17 A 172.30.4.100
se18 A 172.30.4.102
se19 A 172.30.4.104
-------------------end se.dr.com.zone file--------------------------
-------------------begin reverse.se.dr.com.zone file---------------
; Information about "inverse" domain 0.30.172.in-addr.arpa.
$TTL 3D
@ IN SOA ns1.se.dr.com. webmaster.se.dr.com. (
2004042601 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
3D ) ; minimum

NS ns1.se.dr.com.
5 IN PTR ns1.se.dr.com.
10 IN PTR se17.se.dr.com.
15 IN PTR se18.se.dr.com.
20 IN PTR se19.se.dr.com.
-------------------end reverse.se.dr.com.zine file------------------
I am not sure where to begin, since dig, nslookup etc don't seem to do anything anywyere but the server acting as a DNS. Pings to the DNS from the remote servers reply, and ssh works back and forth.

Thanks for any assistance.
 
Old 10-06-2009, 10:08 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 13,476

Rep: Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801Reputation: 1801
first -- you do know that fedora 9 is past it's end of life and has not had a security update in over 5 months , and NEVER will have any more updates.
 
Old 10-06-2009, 10:15 PM   #3
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by John VV View Post
first -- you do know that fedora 9 is past it's end of life...
Yes, but we are not always masters of our destiny like we would like to be. Without going in to details, I am stuck with FC9 for now.
 
Old 10-07-2009, 03:05 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,973

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

Fisrt make sure that port 53 is open for both tcp and udp protocols. Also you might comment out the 2 "listen" directives, so your server listens on all available interface.
Quote:
allow-query { localhost; };
recursion yes;
Edit the above to:
Code:
#allow-query { localhost; };
allow-recursion {127.0.0.1; 192.168.0.0/24; };
Just add any other hosts/networks you want.
Restart bind and see what you get.

Regards

Last edited by bathory; 10-07-2009 at 12:46 PM. Reason: typo
 
Old 10-07-2009, 11:17 AM   #5
zyzzogeton
LQ Newbie
 
Registered: Oct 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
Hi,
Code:
#allow-query { localhost; };
allow-recursion {127.0.0.1; 92.168.0.0/24; };
Just
Restart bind and see what you get.
That appears to do the trick!

Can you explain to me what these lines were doing?
 
Old 10-07-2009, 12:48 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,973

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Glad it worked. If you want an explanation of the named.conf directives take a look here.
here

Regards
 
  


Reply

Tags
dns, namedconf, nslookup


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Troubleshooting kir2u Fedora 8 08-06-2009 10:00 PM
Win2k3 DNS + PFsense DNS Forwarder = No internal DNS resolution Panopticon Linux - Networking 1 11-19-2007 10:59 PM
DNS Troubleshooting ? soroccoheaven Linux - Server 7 08-13-2007 12:04 PM
Troubleshooting DNS opsraja Linux - Networking 1 02-24-2005 04:29 AM
troubleshooting how-to? chilehead Linux - Hardware 2 02-06-2005 05:58 PM


All times are GMT -5. The time now is 08:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration