Problem Setting up DNS server

krtin · 12-04-2009, 08:03 AM

os: ubuntu 9.1 server(gui added)
DNS Software: Bind9
Link To Config Files: Contains:named.conf, named.conf.local,
named.conf.options, zone files

Problem:
On entering "dig 1.168.192.in-addr.arpa. AXFR" in terminal I get this error Connection to 192.168.1.1#53(192.168.1.1) for 1.168.192.in-addr.arpa. failed: connection refused.
but on entering "ping 192.168.1.1" which is my nameserver I get no errors and i get the reply 64 bytes from 192.168.1.1: icmp_seq=147 ttl=64 time=1.71 ms

I don't know whether server is working or not since I have not yet registered the domain
I want to know whether the current configuration will work when I register a domain
Thanks in advance

------------------------------------------------------------------------

For those of you who don't want to download the files
1.Zone setup
$TTL 604800
@ IN SOA ns1.mydomain.in. admin.mydomain.in. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

@ IN NS ns1.mydomain.in.
@ IN MX 10 mail.mydomain.in.

www IN A 192.168.1.2-->LAN IP of my comp
mail IN A 192.168.1.2
ns1 IN A 192.168.1.2

2.Reverse Zone Setup
$TTL 604800
@ IN SOA ns1.mydomain.in. admin.mydomain.in. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL

@ IN NS ns.
2 IN PTR ns.mydomain.in

3.named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

4.named.conf.local
zone "allguides.in" {
type master;
file "/etc/bind/zones/allguides.in.db";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};

5.named.conf.options
options {
directory "/var/cache/bind";
forwarders {
192.168.1.1;-------->nameserver (listed in resolv.conf)
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

tinuzz · 12-04-2009, 08:39 AM

Since the error is 'connection refused', there are two options:
- Your nameserver is not listening on TCP port 53
- You have TCP port 53 blocked in your firewall

For AXFR you must have TCP port 53 open.

What happens if you telnet to localhost 53 on the box itself? If you get a connection, then it's probably your firewall.

Best regards,
Martijn.

krtin · 12-04-2009, 12:18 PM

I have forwarded port 53 in my router config page

Quote:

Originally Posted by tinuzz

What happens if you telnet to localhost 53 on the box itself?

Can you tell me how to do this?

tinuzz · 12-06-2009, 08:25 AM

Just log in to the DNS server and type 'telnet localhost 53'.

thePiet · 12-07-2009, 09:19 AM

Quote:

Originally Posted by tinuzz

- Your nameserver is not listening on TCP port 53

Is it even running?

krtin · 12-08-2009, 09:49 PM

Quote:

Originally Posted by tinuzz

Just log in to the DNS server and type 'telnet localhost 53'.

Thanks for your reply

It gives me the below

telnet localhost 53
Trying ::1...
Connected to localhost.

krtin · 12-08-2009, 09:54 PM

Quote:

Originally Posted by thePiet

Is it even running?

Bind is running but I don't know whether the configured it correctly or not as I have not used my WAN IP anywhere
If WAN IP is to be used somewhere please tell me where

thePiet · 12-09-2009, 02:56 AM

Hmm I think you really need to update your knowledge about DNS / TCP/IP / BIND a bit more. If you don't understand what you are trying to configure and what's the goal of it, you really aren't going to succeed

I suggest you start over, by reading https://help.ubuntu.com/community/BIND9ServerHowto . That's a nice guide with some explanation how this stuff actually works, so you're really know what you're doing.

Good luck!

tinuzz · 12-10-2009, 03:07 AM

I agree with thePiet. But from the conversation above, we can conlude that:
- the server is running and it's listening on localhost (tcp 53)
- the server is not reachable from the outside on 192.168.1.1

Things you can check:
- is the server listening on 192.168.1.1? log in to the box itself and telnet 192.168.1.1 53. If so, it's most probably the firewall blocking access from outside.
- the config posted above, does not specify any IP-adresses to listen on, so it SHOULD be listening on all IP adresses
- if you have 'lsof' (aptitude install lsof), you can check this:

lsof -nP | grep ^named | grep -E '(TCP|UDP)'

You should see something like this:

named 21243 bind 20u IPv4 70246475 TCP 127.0.0.1:53 (LISTEN)
named 21243 bind 21u IPv4 70246477 TCP 192.168.1.1:53 (LISTEN)
named 21243 bind 22u IPv4 70246478 TCP 127.0.0.1:953 (LISTEN)
named 21243 bind 23u IPv6 70246479 TCP [::1]:953 (LISTEN)
named 21243 bind 512u IPv4 70246474 UDP 127.0.0.1:53
named 21243 bind 513u IPv4 70246476 UDP 192.168.1.1:53

If 192.168.1.1 is there, your Bind is doing fine, and your connection problems are somewhere else, likely the firewall.

Now, please do some reading before asking any more questions.

Best regards,
Martijn.

tinuzz · 12-10-2009, 03:11 AM

Oh, one more thing: using

forwarders {
192.168.1.1;
};

on the box itself is probably not a good idea, it doesn't make any sense. However, in absence of a 'forward' statement, it shouldn't hurt either.