LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNS issue - DNS works perfect on server but not on any other computer (https://www.linuxquestions.org/questions/linux-networking-3/dns-issue-dns-works-perfect-on-server-but-not-on-any-other-computer-628240/)

jtneal 03-15-2008 11:04 AM
DNS issue - DNS works perfect on server but not on any other computer
 
Wasn't sure to post this in linux server or networking, sorry..

I've started running Fedora 8, and I've setup apache and PHP and everything needed. The server works great, running via my IP address:
http://66.191.200.167

Now, I own teamod.net. So, I want to use teamod.net instead...

So I researched a lot, and ended up with a configuration that works 100% correctly on the server itself. When I open u firefox from the GUI, i can use ftp.teamod.net www.teamod.net teamod.net mail.teamod.net and all the other aliases and they work. If I type one that I didn't set up an alias for, such as webmail.teamod.net, it doesn't work (expected)

Now, on my router, I set up a DMZ for the linux server. I did this because originally i was forwarding both UDP and TCP 80 22 and 53, but it wasn't working. I thought maybe DNS was using a different port in addition to 53 so the DMZ basically fixes that issue.

I setup through my domain config in godaddy ns1 and ns2.teamod.net and they point to my server, and my nameservers are set to ns1.teamod.net and ns2.teamod.net...Everything is setup just as it's supposed to.

Once again, when I run it on my linux server's firefox, everything works, but when I run it off my windows machine (which is on the local network) it doesn't work..or from anywhere else in the world it doesn't.

Here is the setup of the current files..I have changed them over and over trying to get it working, I'm open to any suggestions I really want to get this working.

/etc/named.conf
Code:
options {
        directory      "/var/named";
        version "Bind";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "teamod.net" IN {
        type master;
        file "teamod.net.zone";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
In case you want to know what's inside that include file...

/etc/named.rfc1912.zones
Code:
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};
/var/named/teamod.net.zone
Code:
$TTL 1H
$ORIGIN teamod.net.
@      IN      SOA    ns1.teamod.net. webmaster.teamod.net. (
                                                                2
                                                                3H
                                                                1H
                                                                1W
                                                                1H )
                NS      ns1.teamod.net.
                NS      ns2.teamod.net.
                MX      10 teamod.net.

localhost      A      127.0.0.1
router          A      192.168.1.1

teamod.net.    A      66.191.200.167
ns1            A      66.191.200.167
ns2            A      66.191.200.167
www            A      66.191.200.167
ftp            A      66.191.200.167
mail            A      66.191.200.167
Now, YES I know you aren't supposed to use ns1 and ns2 with the same IP address, but as far as public IP addresses go (like IP's given to my by my ISP) i only have the one, 66.191.200.167...And I don't think that's the problem. Yes I know I'm not supposed to do it like that, but I think the problem lies elsewhere...Once again, it does work on the linux server's gui firefox. Here are also some of the outputs of various commands ran on the server itself:

ENTERED COMMAND:
host teamod.net
OUTPUT GIVEN:
teamod.net has address 66.191.200.167
teamod.net mail is handled by 10 teamod.net.

ENTERED COMMAND:
nslookup teamod.net
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: teamod.net
Address: 66.191.200.167

file: /etc/resolv.conf
; generated by /sbin/dhclient-script
search sc.charter.com
domain www.teamod.net; I added this from a help file i read
nameserver 127.0.0.1; I added this from a help file i read
nameserver 24.197.97.136
nameserver 24.197.97.132

file: /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost localhost
::1 localhost6.localdomain6 localhost6

Okay, trying to give you as much info as possible..i'm using the latest version of bind (9 I believe) and Fedora 8's latest available version. I used yum to install bind. "yum install bind" ... If you want to know anything else let me know.

If anyone has any ideas, I'd really appreciate it. I'm pretty certain the problem lies in the linux configuration somewhere, although I'm open to possiblilities that the problem could lie with godaddy or even my router? I use a BEFSR41 V3 Linksys router.

rayfordj 03-15-2008 01:16 PM
I believe that the latest versions of BIND require the use of views even if it is just a single view for everything (internal/external).

Do you have anything in /var/log/messages reporting a problem when you start named?
you can open two shells and 'tail -f /var/log/messages' in one and then 'service named restart' in the second. look for any indication of a problem in the output on the 'tail' shell.

Code:

options {
        directory      "/var/named";
        version "Bind";
        dump-file      "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

// a single [everyone] view
view "everywhere" {
match-clients { any; };
recursion no;
//

zone "." IN {
        type hint;
        file "named.ca";
};

zone "teamod.net" IN {
        type master;
        file "teamod.net.zone";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";

//close the view
};
//

If you have iptables rules, are you allowing DNS requests? I don't think this port is open by default on the default Fedora firewall. When I tried to dig a hostname from you server directly the connection timed out.


Hope this helps.

jtneal 03-15-2008 02:41 PM
Hey rayfordj,

Thanks so much for your help.

The view thing was incorrect as i tried doing it, and it said all zones had to use view if you use one view, anyways, I did the tail thing, noticed nothing odd...So I moved on to iptables.

I'm not good with iptables in fact never used it, so I just decided to go into the GUI and click on system > administrator > firewall...low and behold, I notice DNS is not checked, so it's not allowed...So you were right, I checked DNS, and sure enough right away the website is now working.. www.teamod.net

Thanks very much for your help..Now, in case I'm ever in a situation where I don't have access to a GUI, perhaps I just have a virtual dedicated server through godaddy for instance, how would I allow DNS through the shell, say using iptables? I'm sure I can search for this answer ..

Jason

rayfordj 03-15-2008 03:30 PM
Awesome!

I initially learned just by reading the man page and a lot of trial-and-error testing. Once you learn how to read the man page for iptables it gets much easier to find and implement what you want.

Here's a good iptables tutorial.


The RedHat/Fedora rules by default create a custom chain that INPUT and FORWARD jump to for all of their rules (something like RH-Firewall-INPUT-1).


You can either add it to this chain or just throw it to the top of your INPUT chain like so:
Code:
iptables -I INPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p tcp --dport 53 -j ACCEPT
If manually entering rules via 'iptables' you'll want to be sure to save it once you get it working how you want with service iptables save. service iptables status will show your current rule-set. I generally use iptables -nvL. If you mess up and just want to start over (and have not yet saved the rules) you simply restart the iptables service. It really isn't a service per-se but rather a script to modify the kernel's netfilter rules; there is no iptables daemon.


All times are GMT -5. The time now is 06:25 AM.