DNS Problem
I'm having a problem setting up my dns. I think I have everything configured correctly and everything running. I can do a 'dig www.nebraskaultimate.com' on my dns machine and it returns me
; <<>> DiG 9.2.3 <<>> nebraskaultimate.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17036 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nebraskaultimate.com. IN A ;; ANSWER SECTION: nebraskaultimate.com. 38400 IN A 68.226.73.177 ;; AUTHORITY SECTION: nebraskaultimate.com. 38400 IN NS ns1.nebraskaultimate.com. ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 24 09:22:20 2004 ;; MSG SIZE rcvd: 72 However when I do a 'dig www.nebraskaultiamte.com' from another machine not dns I get a server cannot reach ; <<>> DiG 9.2.2-P3 <<>> www.nebraskaultimate.com ;; global options: printcmd ;; connection timed out; no servers could be reached I've tried some web based nslookup pages and the same then I don't get any data return. It is like the main name server are not getting my dns records. Anyone have any idea. I will post my name.conf options { //Remember, this is already CHROOTed. /var/named IS correct directory "/var/named"; //Do NOT have the server listening on localhost or the internal interface listen-on port 53 { 68.226.73.177; }; listen-on port 53 { 192.168.0.122; }; listen-on port 53 { 127.0.0.1; }; // multiple-cnames yes; // Clean the cache every 6 hours (default is 1). // cleaning-interval 360; // Do NOT respond to DNS queries for any domains other than local zones // // All remote DNS lookups for this host and any internal machines will // be served from the INTERNAL DNS server // recursion no; // Uncommenting this might help if you have to go through a // firewall and things are not working out: // query-source address * port 53; }; // Controls controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; }; // RNDCKEY setup key "rndckey" { algorithm hmac-md5; secret "SECRETKEY"; }; zone "." { type hint; file "root.hints"; }; zone "0.0.127.in-addr.arpa" { type master; file "pz/127.0.0"; }; //// Forward Zone Setup for nebraskaultimate.com zone "nebraskaultimate.com" IN { type master; notify no; allow-query { any; }; file "nebraskaultimate.zone"; }; // Reverse Zone Setup zone "68.226.73.in-addr.arpa" IN { type master; notify no; file "68-226-73.zone"; }; logging { // leave current logging channels here channel query_info { file "named_query.log" versions 3 size 40m; severity debug; print-category yes; print-time yes; }; category queries { query_info; }; category resolver { query_info; }; //category queries { null; }; } ; // end of logging stanza Here is what is in my zone file $ttl 38400 nebraskaultimate.com. IN SOA ns1.nebraskaultimate.com. trichard.techovations.com. ( 1086280793 ; serial # 10800 ; refresh, seconds 3600 ; retry, seconds 604800 ; expire seconds 38400 ) ; minimum, seconds nebraskaultimate.com. IN NS ns1.nebraskaultimate.com. www.nebraskaultimate.com. IN A 68.226.73.177 nebraskaultimate.com. IN A 68.226.73.177 mail.nebraskaultimate.com. IN MX 100 mail.nebraskaultimate.com. Hope someone can help. Thanks troy |
your domain (nebraskaultimate.com) was registered? if it is so it takes about 2 days, other nameservers to learn that your namesever is located at 68.226.73.177
|
It has been registered for almost 2 weeks now.
|
I agree. The DNS root servers have no idea what nebraskaultimate.com is
or that it exists, or how to get to it. Recheck your DNS settings with yourDNS Registrar and verify the host and IPs you entered. From a remote PC, verify that you can ping your DNS server. Does the DNS server work locally on your network? If it doesn not, it certainly wont work on the internet. |
I checked my dns register and it has the correct ip for the dns server and I can ping the dns server ns1.nebraskaultimate.com from a remote server and that works. And I can see the dns entries on the dns server and do lookups and stuff from there so the dns server works.
I'm pretty stumped. |
atomicx
Have you entered nameserver 192.168.0.122 into /etc/resolv.conf on your other machines ? this will test the server locally You have'nt got a router blocking port 53 by any chance Root servers do resolve to your IP CheckDNS.NET is asking root servers about authoritative NS for domain Got DNS list for 'nebraskaultimate.com' from a.gtld-servers.net Found NS record: ns1.nebraskaultimate.com[68.226.73.177], was resolved to IP address by a.gtld-servers.net So the problem is access to your machine from the internet CheckDNS.NET is verifying if NS are alive Error fetching SOA from ns1.nebraskaultimate.com [68.226.73.177]: Connection reset. Probably DNS server is offline. 0 server(s) are alive Pete |
I have nameserver 127.0.0.1 so I changed that to 192.168.0.122. Do I need restart the server when I change the resolve.conf?
Here is what I get when I do a status on named [root@webserv122 trichard]# /etc/rc.d/init.d/named status number of zones: 6 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON server is up and running And I have verified that I'm forwarding my port 53 through my smoothwall firewall. I have also change the resolve.conf on a different machince and ran a dig and it gave me the correct information. |
atomicx
Quote:
This is the machine to change /etc/resolve.conf on not your DNS server I assume it's on the same network Not sure if you have to reboot but it would'nt hurt Then try 'dig nebraskaultiamte.com' again Pete |
I did that on the machine I was timing out on and it gave the the dns entry that is correct.
So looks like the dns server is set up correctly. I would assume. Thanks |
atomicx
Did you edit your last post after I read it ? Okay try this $ttl 38400 nebraskaultimate.com. IN SOA ns1.nebraskaultimate.com. trichard.techovations.com. ( 1086280793 ; serial # 10800 ; refresh, seconds 3600 ; retry, seconds 604800 ; expire seconds 38400 ) ; minimum, seconds IN NS ns1.nebraskaultimate.com. IN MX 100 mail.nebraskaultimate.com. nebraskaultimate.com. IN A 68.226.73.177 mail.nebraskaultimate.com. IN A 68.226.73.177 www CNAME nebraskaultimate.com. ns1 CNAME nebraskaultimate.com. You should also enter a PTR record for ns1 into // Reverse Zone Setup zone "68.226.73.in-addr.arpa" IN { In fact post your Reverse Zone file lets see what you have in there Assuming port 53 is forwarded as you say entering ns1 as a CNAME should do the trick Pete |
Eerrr, he can't have DNS for the in-addr.arpa zone his IP is in, that's owned by Cox, he's not authoritative! What's more, the zone is backwards. The IP order needs to be reveresed for in-addr.arpa. Any way, the reverse DNS has nothing to do with this problem.
It appears that there is a firewall in front of that machine that is blocking DNS requests. You need to forward ports 53/UDP and 53/TCP from your firewall to 68.226.73.177. If the firewall is on the box itself, then you just need to open incoming connections to port 53/UDP and 53/TCP. Contrary to popular advice, you do need both UDP and TCP, because queries that return too much info for a single UDP datagram will have to be resent in TCP. |
Ok it looks like I only had tcp forwarding so when I opened up udp everything seems to be working. Thanks for the help guys.
A couple other questions reguardig DNS. 1. Do you have to have the reverse zone lookup in the named.conf file? I see the above post says it will not work since COX owns my ip. 2. In the zone files do I need to change the serial number every time I update the zone file? 3. Can the named.conf file have includes in it? I would like to create just a file for the forward setup stuff. Thanks for all you help. Troy |
All times are GMT -5. The time now is 12:20 AM. |