DNS Troubleshooting

zyzzogeton · 10-06-2009, 09:49 PM

I have set up a DNS on a Fedora 9 server. It resolves hosts fine locally, but when a remote machine attempts to use the DNS Server (via dig or nslookup) the request times out (";; connection timed out; no servers could be reached"), like the DNS isn't even listening to datagrams (nmap confirms that 53 is open, and iptables is shutdown).

Here is my named.conf
----------begin named conf------------------------
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
version "Bind";
allow-query { localhost; };
recursion yes;
#forwarders { 172.30.0.10; 172.30.0.11; }; #IP of upstream ISP nameserver(s)
#forward only; #rely completely on our upstream nameservers
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "se.dr.com" IN {
type master;
file "se.dr.com.zone";
allow-update {none;};
};

zone "4.30.172.in-addr.arpa" IN {
type master;
file "reverse.se.dr.com.zone";
allow-update {none;};
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update {none;};
};

include "/etc/named.rfc1912.zones";
---------------------------end named.conf---------------------
----------------begin se.dr.com.zone file---------------------

$TTL 3D
; Information about "forward" domain se.dr.com
$ORIGIN se.dr.com.
@ IN SOA ns1.se.dr.com. webmaster.se.dr.com. (
2004042601 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
1D ) ; minimum

NS se17 ;Inet Address of nameserver
localhost A 127.0.0.1
ns1 CNAME se17
se17 A 172.30.4.100
se18 A 172.30.4.102
se19 A 172.30.4.104
-------------------end se.dr.com.zone file--------------------------
-------------------begin reverse.se.dr.com.zone file---------------
; Information about "inverse" domain 0.30.172.in-addr.arpa.
$TTL 3D
@ IN SOA ns1.se.dr.com. webmaster.se.dr.com. (
2004042601 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
3D ) ; minimum

NS ns1.se.dr.com.
5 IN PTR ns1.se.dr.com.
10 IN PTR se17.se.dr.com.
15 IN PTR se18.se.dr.com.
20 IN PTR se19.se.dr.com.
-------------------end reverse.se.dr.com.zine file------------------
I am not sure where to begin, since dig, nslookup etc don't seem to do anything anywyere but the server acting as a DNS. Pings to the DNS from the remote servers reply, and ssh works back and forth.

Thanks for any assistance.

John VV · 10-06-2009, 10:08 PM

first -- you do know that fedora 9 is past it's end of life and has not had a security update in over 5 months , and NEVER will have any more updates.

zyzzogeton · 10-06-2009, 10:15 PM

Quote:

Originally Posted by John VV

first -- you do know that fedora 9 is past it's end of life...

Yes, but we are not always masters of our destiny like we would like to be. Without going in to details, I am stuck with FC9 for now.

bathory · 10-07-2009, 03:05 AM

Hi,

Fisrt make sure that port 53 is open for both tcp and udp protocols. Also you might comment out the 2 "listen" directives, so your server listens on all available interface.

Quote:

allow-query { localhost; };
recursion yes;

Edit the above to:

Code:

#allow-query { localhost; };
allow-recursion {127.0.0.1; 192.168.0.0/24; };

Just add any other hosts/networks you want.
Restart bind and see what you get.

Regards

zyzzogeton · 10-07-2009, 11:17 AM

Quote:

Originally Posted by bathory

Hi,

Code:

#allow-query { localhost; };
allow-recursion {127.0.0.1; 92.168.0.0/24; };

Just
Restart bind and see what you get.

That appears to do the trick!

Can you explain to me what these lines were doing?

bathory · 10-07-2009, 12:48 PM

Glad it worked. If you want an explanation of the named.conf directives take a look here.
here

Regards