LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-29-2005, 09:19 PM   #1
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Rep: Reputation: 30
Bind9 help!!


My never ending battle .. . .. .

lol, well anywaysi m still working away at running my very own name server =)

got my domain dns hosting set to my server. I have waited over 48hours and im trying to test them out.

From my local server when i run nslookup i get


nslookup
>ns1.mydomain.com.
server: My_isp_nameserver ip
Address: there server address 22.22.1.11#53

Non-authoritative answer:
name: ns1.mydomain.com
address: My-ipaddress (yeaa)

then i change the name server im looking from say to someones like hp.com
and try it over

ns1.mydomain.com.
server hp.com.
address: 192.151.52.187#53

**server can't find ns1.mydomain.com: REFUSED

does this mean that my nameserver is blocking all request thats not within my network

please help!!

thanks
 
Old 08-30-2005, 12:05 AM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
It doesn't mean much of anything, becasue nslookup is a craptacular tool, that gives no information at all. All the BIND folks recomend you use dig as your lookup tool, because it lets you check many more things than nslookup does. Also, when asking questions about how your nameserver should be set up, asking about the mysterious "mydomain.com" helps neither you nor me, because I can't actually check and see what in the hell is going on with yourdomain.com.

If you had given the real domain name, I or anyone else could check your nameserver by giving the command
Code:
dig yourdomainname.com @ns1.yourdomainname.com
That asks for the info of your domain, and if something fails, you know where the failure is. If that resolves correctly, then everything is set, and you can just wait for your domain/authoritative nameserver info to propagate. Also, looking at what you wrote above, it is pointless doing what you did, becasue you aren't asking HP's nameserver for info, your are asking their webserver for info. They do happen to be running a webserver on the same IP address as their website, but chances are very good that it isn't an open nameserver. Many of the large scale DNS folks (and most knowledgeable small ones as well) do not allow hosts not on their networks to query for domains which they aren't authoritative for. HP isn't authoritative for whatever your domain is, you presumably aren't on the HP network, so they refuse your query.

If you go to the whois section of any of the big registrars, like netsol, and check your domain name, that should see if you are authoritative. If it says ns1.yoursite.com in the whois query, you are all set, assuming you set up BIND right for your domain. What are you hiding the domain for anyway? Do you think someone is going to remotely take over your nameserver, and then feed false ino about your IP address to the public at large?

Install dig, check the whois for your domain, and chances are very good that all is in line.

Peace,
JimBass
 
Old 08-30-2005, 12:27 PM   #3
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
sorry about the domain thing >< it just seemed to be the common thing that most people do so i assumed there must have been some reason for it.

the domain is Aero-dev.com.

I tried the following dig

Code:
dig aero-dev.com @ns1.aero-dev.com
which gave me the following

Code:
<<>> DiG 9.3.1 <<>> aero-dev.com @ns1.aero-dev.com
(1 server found)
global options: printcmd
connection timed out; no server could be reached
Also i whois my aero-dev.com and it returned the correct informations with importance to

Domain servers inb listed order
NS1.AERO-DEV.COM
NS2.AERO-DEV.COM

if all is correct does this mean that my problem lies within my bind configuration.

as always thanks for the clarification!

**edit**
When i return home i will post my bind9 configuration.

Last edited by Fredstar; 08-30-2005 at 12:35 PM.
 
Old 08-30-2005, 06:48 PM   #4
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Yes, there is certainly some problem with your BIND config. When I try to dig your domain, I time out. I also see that you have ns1.aero-dev and ns2.aero-dev, but those IPs would be resolved by the aero-dev.com domain, which can't be reached at present. If you could post your /etc/bind/named.conf that would help, also check the basics, like does your aero-dev.com zone have a start of authority, a valid serial number, an A record for aero-dev.com as well as A records for ns1 and ns2? Can the nameserver itself resolv the zone correctly?

I'm glad you posted the domain. I am on the BIND mailing list, and 90% of the postings are people in your position, who ask for help then don't give the real domain name. Half of the email traffic for the mailing list is people saying "I'd be glad to help, if you'd tell us the zone". Now you know, if you need help, the "somerandomdomain.biz" query won't allow folks to help!

Peace,
JimBass
 
Old 08-30-2005, 08:50 PM   #5
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
ill give you my files in order of master --> slave

Master conf. (24.39.230.33)

/*****************************************'
the short version without comments
*******************************************


Code:
options {
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";
};


zone "." {
	type hint;
	file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
	type master;
	file "master/localhost.rev";
};

// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
	type master;
	file "master/localhost-v6.rev";
};

// RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
	type master;
	file "master/localhost-v6.rev";
};

zone "aero-dev.com" {
	type master;
	file "master/aero-dev.com.db";
};

zone "230.39.24.in-addr.arpa" in {
	type master;
	file "db.24.39.230";
};
and my aero-dev.com zone file

Code:

@ IN SOA ns1.aero-dev.com. root.aero-dev.com. (
	1
	3h
	1h
	1w
	1h )

aero-dev.com.	IN NS	ns1.aero-dev.com.
aero-dev.com.	IN NS	ns2.aero-dev.com.

localhost	IN A	127.0.0.1
hosting		IN A	24.39.230.33
script		IN A	24.39.230.33
mail		IN A	24.39.230.34
@		IN A	24.39.230.33
www		IN A	24.39.230.33
ns1		IN A	24.39.230.33
NS2		IN A	24.39.230.34
Code:
TTL 3h

@ IN SOA ns1.aero-dev.com. root.aero-dev.com. (
	1
	3h
	1h
	1w
	1h )

	IN NS ns1.aero-dev.com.
	IN NS ns2.aero-dev.com.
	
33	IN PTR ns1.aero-dev.com.
34	IN PTR ns2.aero-dev.com.
and the local one



This is my master still installing x11 on slave so i can copy and paste =)

thanks

Code:
$TTL	3600

@	IN	SOA	ns1.aero-dev.com. root.ns1.aero-dev.com.  (
				20050829	; Serial
				3600	; Refresh
				900	; Retry
				3600000	; Expire
				3600 )	; Minimum
	IN	NS	ns1.aero-dev.com.
1	IN	PTR	localhost.aero-dev.com.

Last edited by Fredstar; 08-30-2005 at 08:54 PM.
 
Old 08-30-2005, 09:00 PM   #6
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
Also i have noticed the following errors when i try to restart using rndc


Code:
neither /etc/namedb/rndc.conf nor /etc/namedb/rndc.key was found
thanks
 
Old 08-30-2005, 09:24 PM   #7
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
OK, according to what I see above, your file should be in /etc/namedb/master/aero-dev.com.db Is that the case? When I try to dig, I get no response. The rndc is not important, unless you want it. It looks like your named.conf has nothing about rndc, but that error suggests that something is looking for rndc. Did you install this from an rpm? It seems like you may have a permissions issue. Does the file exist where your config says it should? If so, what are the read and write permissions on it, and what user/group owns the file and the directory that contains it?

Peace,
JimBass
 
Old 08-30-2005, 09:29 PM   #8
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
that is the odd thing.

The named.conf says nothing about it and the file according to the error is supposed to be located in the /etc/namedb/* . However, the reall digger is that there is not file that it is looking for there.

here is what my messages are when i start named



Code:
Aug 30 20:13:47 ns1 named[77918]: starting BIND 9.3.1
Aug 30 20:13:47 ns1 named[77918]: not listening on any interfaces
Aug 30 20:13:47 ns1 named[77918]: none:0: open: /etc/namedb/rndc.key: file not found
Aug 30 20:13:47 ns1 named[77918]: couldn't add command channel 127.0.0.1#953: file not found
Aug 30 20:13:47 ns1 named[77918]: none:0: open: /etc/namedb/rndc.key: file not found
Aug 30 20:13:47 ns1 named[77918]: couldn't add command channel ::1#953: file not found
Aug 30 20:13:47 ns1 named[77918]: running
and yes my zone files (master) are located in /etc/namedb/master/*zone file*

Also no this was standerd installed with os

Last edited by Fredstar; 08-30-2005 at 09:33 PM.
 
Old 08-30-2005, 09:45 PM   #9
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
You need to create the rndc.key. The way to do that is to do rndc-confgen. Read the man pages on that. Then copy the rndc files that command creates to the /etc/namedb directory. Also, you have to get named listening on your interface. You shold include a listen-on statement in named.conf - should look like this -

listen-on {
127.0.0.1;
24.39.230.33;
};

Which should be included in the options section.

Peace,
JimBass
 
Old 08-30-2005, 10:27 PM   #10
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
BY GOD!!!! IT IS WORKING x.x

man if you lived just a few hours closer i'd buy you a drink !!!!

for anyone else stuck on this the rndc is easy just do the following



Code:
rndc-confgen -a
This will add the rndc.key to /etc/namedb

After that you need to edit named.conf to use the correct rndc

Code:
/****************************************
Add this to named.cof
******************************************/

key "rndc-key" {
             algorithm xxxxxxxxxxx;  
              secret "a;lkdjgapo;irga;oirgja;og";
};
replacing the algorithm and secret with the actual output in rndc.key

and all works

thanks a lot Jimbass
 
Old 08-30-2005, 10:47 PM   #11
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
No problem man, glad it worked out for you. I grew up just up the 90 from you, in Buffalo. I went to U of R/Eastman for undergrad. NYC is a little far for a beer! You could send me a garbage plate from Mark's, or Nick Tahoe's. The distillery had good wings and pizzas too.

Peace,
JimBass
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND9 Blues rjkfsm Debian 1 04-21-2005 12:53 PM
Looking for good HOW-TO for BIND9 LJ151 Linux - Software 2 07-14-2004 08:56 PM
Bind9 problem WiWa Linux - Networking 3 06-06-2004 06:27 AM
Bind9 tandre Linux - Software 1 04-08-2003 10:29 AM
bind9 unixkid Linux - Networking 3 08-30-2002 03:43 AM


All times are GMT -5. The time now is 03:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration