LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-25-2006, 09:24 PM   #1
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Rep: Reputation: 0
Frustrated at DNS HELP PLEASE


Hello, my named is Jim and I am trying to setup DNS Bind 9
I have exhausted all my knowledge. I just can get it to work

Can anyone help walk me thru this?
 
Old 11-25-2006, 10:38 PM   #2
gruntwerk
Member
 
Registered: Dec 2003
Location: PA
Distribution: fc9
Posts: 89

Rep: Reputation: 15
Is there some area in particular you are havin problems with
you may want to try searching the forums for dns or bind or google
If you are getting a particular error, let us know what it is and maybe someone can help./
 
Old 11-25-2006, 10:38 PM   #3
Kruddler
LQ Newbie
 
Registered: Nov 2006
Posts: 2

Rep: Reputation: 0
I have been doing some reading and I heard BIND is crap.

There is another DNS server around which boasts no security breaches to date.

It is called DJBDNS. It sounds fantastic but god knows how to install it and get it working. I wouldn't know the first thing about configuring a DNS server.
 
Old 11-25-2006, 10:51 PM   #4
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Original Poster
Rep: Reputation: 0
DNS follow on

when I do a dns look up from the web I get a timeout error.
This is what I get when I do a dig
QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

I can post the zone file and named file if this will help
 
Old 11-26-2006, 01:59 AM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Before you start posting zone-files tell us more about what we're
looking at; is your zone officially registered, if so, with who?
If not - how would you hope to get stuff resolved "from the web"?


Cheers,
Tink
 
Old 11-26-2006, 01:56 PM   #6
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Starting from the beginning

Tink,
I understand, I am like a bull in a china shop wanting to get this resolve right now. Anyway

I have a domain acfd.biz with godaddy. I also have a static IP address that I have given my server. The two ns servers from godaddy is ns1.acfd.biz and ns2.acfd.biz. So I believe that is set up right Now, I have configured the
resolv.con, named.conf and set two zone files

This is my first zone file:

$TTL 88440
$ORIGIN acfd.biz.
@ 1D IN SOA www.acfd.biz. jscedunn@yahoo.com. (
2006112542 ; serial
6H ; refresh 6 hours
3600 ; retry 1 hour
1W ; expire 1 week
1D ) ; minimum

1D IN NS ns1.acfd.biz.
1D IN NS ns2.acfd.biz.

IN MX 10 mailmymail.

IN A Myipaddress oof my server
www IN CNAME @
mail IN CNAME @

This seems to work and produce when i do a did on my domain
 
Old 11-27-2006, 04:19 PM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You need A records for your DNS servers. If your "servers" are really just one server, give them both the same IP.

Code:
ns1	IN A myipaddress
ns2	IN A myipaddress
PS I don't know if BIND9 now allows @ signs in the SOA record, but typically the e-mail address in SOA uses dots:
jscedunn.yahoo.com.

PPS why are you only showing the first line of output from dig? "QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0" shows that you performed 1 query, and got two answers, both of which were authoritative. It doesn't show what the answers are, though.

Last edited by chort; 11-27-2006 at 04:22 PM.
 
Old 11-27-2006, 10:15 PM   #8
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Continued DNS problem

Chort,
I completed the suggestions you made and still do not get an answer. Here is the dig output

; <<>> DiG 9.2.4 <<>> www.acfd.biz
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.acfd.biz. IN A

;; ANSWER SECTION:
www.acfd.biz. 88440 IN CNAME acfd.biz.
acfd.biz. 88440 IN A myipaddress

;; AUTHORITY SECTION:
acfd.biz. 86400 IN NS myipaddress.

;; Query time: 6 msec
;; SERVER: myipaddress#53(myipaddress)
;; WHEN: Mon Nov 27 20:57:24 2006
;; MSG SIZE rcvd: 86

I am using dnsstuff.com to test and the result i get from them testing is:
Timeout occurred getting the NS records from your nameserver! None of your nameservers responded fast enough. They are down or unreachable .....

Any thoughts?
 
Old 11-28-2006, 03:30 AM   #9
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You dig query did not fail. It returned exactly the information that it was supposed to.

Now the question is: Is myipaddress an internal-only IP, such as 192.168.n.n, or 10.n.n.n? If so, then it's little wonder why the external tools cannot perform a lookup. There is no way to reach your DNS server.

You need to login to your godaddy.com account and setup "Domain Hosts". This will allow you to put in ns1 and ns2 and put in your external IP address (hopefully it's static). This is the only way hosts on the Internet can lookup your DNS records since they need to know the IP addresses of your DNS servers.
 
Old 11-28-2006, 09:25 PM   #10
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Coninued DNS problem

Chort,
Yes this is a static ip address from my isp. I can ping the ip address from the web and it returns. I also have pointed my ns1.acfd.biz and ns2.acfd.biz to my static
ip. If you do an dns look up from the web you will see that they point it to my static ip. The error I get is

"Searching for www.acfd.biz A record at NS2.acfd.biz. [myipaddress]: Timed out. Trying again."

This repeats 6 times.

The only thing I can thing of is how long does it take for the new zone file to take effect?

Is there some kind of firewall that I am not aware of? I have the linux firewall disabled now and SeLinux disabled

One more thing I have check the ports and UDP and TCP are on for port 53

I am still stumped
Thoughts?

Jim
 
Old 11-29-2006, 02:39 AM   #11
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
It still does not look like you added your static IP to your GoDaddy account as a host for ns1 and ns2. If you do not put your IP in your account at GoDaddy.com there is no way for anyone on the Internet to look up your DNS servers... How are we supposed to know what IP address to connect to? The only place it is in DNS is on your servers, and all we have is the name of your DNS servers, but not the IP... It's impossible. You need to enter the IP on GoDaddy.com so we know what IP address to find your DNS servers at.
 
Old 11-29-2006, 03:27 AM   #12
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Actually, I take that back. It hasn't fully propagated yet, but if I query the servers by hand I can find the tld servers for .biz and they have your IP... The problem is that you're behind some really weird firewall. Your ISP is doing some crazy filtering. Every single port comes up as open, except for telnet, bgp, and https, all of which are filtered. Very odd. Actual DNS query attempts do not go through, needless to say. I do not think your current ISP is going to allow you to host a server.
 
Old 11-29-2006, 08:40 PM   #13
jscedunn
LQ Newbie
 
Registered: Nov 2006
Posts: 12

Original Poster
Rep: Reputation: 0
Chort,
I have contacted my ISP and they assure me that all ports are open. I spent 30 minutes on the phone with them and they insist that it is my problem and that other people are hosting web sites thru their company.

I am at a loss at what to do. Is there maybe a patch or upgrade to dns or maybe another product that I can verify my configuration?

Should I try to reinstall bind? I am just grabbing at straws

any suggestions?

Jim
 
Old 11-29-2006, 11:30 PM   #14
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
There's no problem with BIND, it's the path to you from the Internet that is the problem. Are you running any kind of firewall on your network? The nmap scan guessed your IP is protected by a Netscreen firewall, but that might not be accurate. Are you using NAT to your server? Are you running iptables on your server? There is something between the Internet and your server, whether it's your ISP or inside your house, something is blocking the requests.
 
Old 11-29-2006, 11:56 PM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
http://www.dnsstuff.com/tools/dnsrep...=+www.acfd.biz

Quite interesting read ...



Cheers,
Tink
 
  


Reply

Tags
bind, nameserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New and frustrated galantesghost LinuxQuestions.org Member Intro 2 09-11-2005 05:16 PM
I am frustrated (HELP) dimsun Linux - Newbie 3 11-02-2004 09:29 PM
getting really frustrated... minm Linux - Software 17 09-27-2004 11:25 PM
So frustrated!!! brit Mandriva 7 09-16-2003 07:45 AM
I'm about to get frustrated! EyeGuy Linux - Software 14 11-09-2001 01:30 PM


All times are GMT -5. The time now is 01:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration