bind trouble

bbioman85 · 07-26-2007, 05:28 PM

Hi all,

I am semi-new to Linux, but very new to setting up a server. I have a test environment using VMware with 3 virtual machines - 2 Fedora 7 machines and an SLES 10 machine. I am using the one Fedora 7 machine as a server/router/firewall/gateway for the other F7 and SLES machines, simulating a small private network.

I have NAT working, but now I am trying to configure my F7 server as a DNS server. What I have done is I have taken the named.caching-nameserver.conf file, copied it as named.conf, and am using that. Here is the code from that:

Code:

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

nslookup runs successfully from the server machine, but when I change the nameserver to my server's IP in my client machine, nslookup is not successful from the client machine. I am able to ping my server from my client.

I did run tcpdump from both machines during an nslookup from client to server.

From server:

Code:

02:33:17.379031 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain:  2225+ A? www.google.com. (32)
02:33:22.379588 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain:  2225+ A? www.google.com. (32)
02:33:27.381808 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain:  2225+ A? www.google.com. (32)

eth0 is my Internet-facing adapter, and a tcpdump with eth0 shows no activity during an nslookup from one of my clients.

Could iptables be incorrectly configured?

Code:

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush


iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.50.2 -j MASQUERADE

#---------------------------------------------------------------
# Allow outbound DNS queries from the FW and the replies too
#
# - Interface eth0 is the internet interface
#
# Zone transfers use TCP and not UDP. Most home networks
# / websites using a single DNS server won't require TCP statements
#
#---------------------------------------------------------------
 
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 \
         -j ACCEPT
 
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 \
         -j ACCEPT

iptables -A OUTPUT -p udp -o eth1 --dport 53 --sport 1024:65535 \
         -j ACCEPT
 
iptables -A INPUT -p udp -i eth1 --sport 53 --dport 1024:65535 \
         -j ACCEPT

I'd appreciate any troubleshooting tips, because I am stuck!

bathory · 07-27-2007, 04:27 PM

You have a couple of "errors" in your named.conf

Quote:

listen-on port 53 { 127.0.0.1; };

If it listens only on the loopback interface how can a client connect to your dns. The same goes for the other listen statement for ipv6. I suggest you to remove both of them.

Quote:

allow-query { localhost; };

Again if you only allow localhost to query the server it's not going to work with clients