LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-23-2008, 02:09 AM   #1
wegadnie
Member
 
Registered: Oct 2007
Posts: 48

Rep: Reputation: 15
DNS server meet random ports problem?


I set up a DNS server for my home networking. The named service start successful but i still can not make query to Internet. Using nslookup command i got message:

[root@dns named]# nslookup
> google.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server

Take a look at /var/log/messages i found that bind is working on random port but SELinux is preventing it.

Nov 23 14:56:23 dns setroubleshoot: SELinux is preventing the /usr/sbin/named (named_t) from binding to port 18006. For complete SELinux messages. run sealert -l 6d8ab655-f1f3-4b64-84c9-034621107115

I absolutely don't want bind to run on random port so in /etc/named.conf at options statement i give

options {
query-source port 53;
directory "/var/named";
};

Note that i put my DNS server behind my Router (Apple Extreme Base Station) so i forward port 53 for both TCP/UDP to my DNS server.

Please, what can i do now? Does any one has the same problem or just me.
 
Old 11-23-2008, 02:53 AM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
What distro are you using, and can you post the config?
 
Old 11-23-2008, 04:29 AM   #3
wegadnie
Member
 
Registered: Oct 2007
Posts: 48

Original Poster
Rep: Reputation: 15
I run RedHat Enterprise 5EL. The bind's version is bind-9.3.4-6.0.2.P1.el5_2. There're 4 config file so what file should i post? named.conf or named.boot. Thank for your reply on this post.
 
Old 11-23-2008, 04:46 AM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Named.conf I expect
 
Old 11-23-2008, 07:02 AM   #5
wegadnie
Member
 
Registered: Oct 2007
Posts: 48

Original Poster
Rep: Reputation: 15
It's very simple:

options {
query-source port 53;
directory "/var/named";
};

zone "." {
type hint;
file "named.ca";
};

zone "mydomain.com" {
type master;
file "aldergood.com";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "192.168.1";
};

In /etc/resolv.conf

search mydomain.com
nameserver 127.0.0.1

I hope you can help me out.
 
Old 11-23-2008, 02:17 PM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'm assuming that you probably don't have a supported version of RHRL5 running, so I'd make the assumption that your SELinux policies are out of date.

You can either fix these (the right way), or disable SELinux for bind (probably the wrong way, but way simpler).

First, I'd do a test without SELinix on. Run "setenforce 0" (that's zero) and try starting named.

If that works, turn it back on ("setenforce 1")

Then, follow http://www.redhat.com/docs/en-US/Red...cy-module.html, or turn off SELinux for named ("setsebool -P named_disable_trans on").
 
Old 11-29-2008, 01:27 AM   #7
wegadnie
Member
 
Registered: Oct 2007
Posts: 48

Original Poster
Rep: Reputation: 15
Thank you a lot. It works now. i can use my DNS server to query another website. BTW, how can i check whether my DNS server is an authoritative DNS server for my domain or not?
 
Old 11-29-2008, 01:42 AM   #8
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
type master makes it authoritative, as opposed to type hint.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 04:50 PM
iptables...prescedence, and random ports Basslord1124 Linux - Security 3 06-26-2007 12:29 PM
meet problem when installing RHEL4 on IBM x330 server lhoperator Linux - Enterprise 0 05-22-2006 11:54 PM
random ports thatsme Linux - Networking 2 08-02-2002 11:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration