Configuring my VPS

gassganso · 03-16-2010, 10:22 AM

Hallo to every one,

I'm trying to move all my websites to a VPS that I hired.
(CentOS Linux 5.4)
To create my DNS server I'm using co.cc addresses (free domains) for test until I get a correct configuration.
What I am trying to do is this:

I create in co.cc site the domain aaa.co.cc and configure the ZONE RECORD:

aaa.co.cc A 111.111.111.111
ns1.aaa.co.cc A 111.111.111.111
ns2.aaa.co.cc A 111.111.111.111

(names and ips showed here are fictitious, of course)

Also I create bbb.co.cc domain and configure the Service Type as "name server DNS" to:

ns1.aaa.co.cc
ns2.aaa.co.cc

In my VPS server configure BIND:
Create MASTER ZONE aaa.co.cc:

aaa.co.cc. A 111.111.111.111
ns1.aaa.co.cc. A 111.111.111.111
ns2.aaa.co.cc. A 111.111.111.111
aaa.co.cc. NS Default ns1.aaa.co.cc.

Create MASTER ZONE bbb.co.cc:
bbb.co.cc A 111.111.111.111
bbb.co.cc NS Default ns1.aaa.co.cc.

And I create in my Apache 2 Virtual Hosts, one for aaa.co.cc and another for bbb.co.cc. Each with its path and a test index.html file in each home.
I also open port 53 for TCP and UDP on firewall.
Obviously I can "dig" to aaa.co.cc and all is right, but when I dig bbb.co.cc it says:

;; Connection timed out, no servers could be reached

When I dig @localhost everything seems to be ok...

Am I making a big mistake?
I already know that ns1 and ns2 have the same IP, but I want to see if my idea works before "buying" another IP.

Any idea for me?

Thank you very much for your patience and sorry for my accent.

Blue_Ice · 03-16-2010, 01:33 PM

Can you provide us with your named.conf and the complete zone files, not just parts of it. What you put in your post shows that you have records in your zone file, but there should be a lot more.

gassganso · 03-17-2010, 04:23 AM

Hi Blue_Ice,

Thank you very much for your interest, but last night (about 2:30 h) after 10 days working arround this problem I had a good idea.... I scaned the port 53 and guess what....

The VPS provider has filtered this port.
Well, it's a 5$ /mo VPS so I will look for another system.

Any way, to scan the port should have been first thing to do, isn't it?

Thank you again,

Blue_Ice · 03-17-2010, 04:54 AM

Well, I guess you better checked with the provider if they supported this. But it is always a good thing to check your configurations, especially when it is about firewalls.

gassganso · 03-17-2010, 11:22 AM

Right,
I show my firewall config, just in case...

Code:

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 10000 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 21 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 53 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 53 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

Should be properly configured.

Thx for you time.

Blue_Ice · 03-17-2010, 11:50 AM

Should be ok... Looks like mine accept I opened port 953 as well for rndc. I run my DNS server in a Xen VPS, although on my own servers.

malikperera · 03-24-2010, 05:36 AM

I'm not sure what's wrong with your configuration. Better if you use proper DNS server.
You could use free DNS service like http://www.everydns.com/