LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-24-2004, 09:26 AM   #1
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Rep: Reputation: 15
DNS Problem


I'm having a problem setting up my dns. I think I have everything configured correctly and everything running. I can do a 'dig www.nebraskaultimate.com' on my dns machine and it returns me

; <<>> DiG 9.2.3 <<>> nebraskaultimate.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17036
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;nebraskaultimate.com. IN A

;; ANSWER SECTION:
nebraskaultimate.com. 38400 IN A 68.226.73.177

;; AUTHORITY SECTION:
nebraskaultimate.com. 38400 IN NS ns1.nebraskaultimate.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 24 09:22:20 2004
;; MSG SIZE rcvd: 72

However when I do a 'dig www.nebraskaultiamte.com' from another machine not dns I get a server cannot reach

; <<>> DiG 9.2.2-P3 <<>> www.nebraskaultimate.com
;; global options: printcmd
;; connection timed out; no servers could be reached

I've tried some web based nslookup pages and the same then I don't get any data return. It is like the main name server are not getting my dns records.

Anyone have any idea.

I will post my name.conf

options {
//Remember, this is already CHROOTed. /var/named IS correct
directory "/var/named";

//Do NOT have the server listening on localhost or the internal interface
listen-on port 53 {
68.226.73.177;
};
listen-on port 53 {
192.168.0.122;
};
listen-on port 53 {
127.0.0.1;
};

// multiple-cnames yes;

// Clean the cache every 6 hours (default is 1).
// cleaning-interval 360;

// Do NOT respond to DNS queries for any domains other than local zones
//
// All remote DNS lookups for this host and any internal machines will
// be served from the INTERNAL DNS server
// recursion no;

// Uncommenting this might help if you have to go through a
// firewall and things are not working out:
// query-source address * port 53;
};

// Controls
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
// RNDCKEY setup
key "rndckey" {
algorithm hmac-md5;
secret "SECRETKEY";
};

zone "." {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};

//// Forward Zone Setup for nebraskaultimate.com
zone "nebraskaultimate.com" IN {
type master;
notify no;

allow-query { any; };
file "nebraskaultimate.zone";

};

// Reverse Zone Setup
zone "68.226.73.in-addr.arpa" IN {

type master;
notify no;
file "68-226-73.zone";

};

logging {

// leave current logging channels here

channel query_info {
file "named_query.log" versions 3 size 40m;
severity debug;
print-category yes;
print-time yes;
};

category queries { query_info; };
category resolver { query_info; };
//category queries { null; };

} ;
// end of logging stanza


Here is what is in my zone file
$ttl 38400
nebraskaultimate.com. IN SOA ns1.nebraskaultimate.com. trichard.techovations.com. (
1086280793 ; serial #
10800 ; refresh, seconds
3600 ; retry, seconds
604800 ; expire seconds
38400 ) ; minimum, seconds

nebraskaultimate.com. IN NS ns1.nebraskaultimate.com.
www.nebraskaultimate.com. IN A 68.226.73.177
nebraskaultimate.com. IN A 68.226.73.177
mail.nebraskaultimate.com. IN MX 100 mail.nebraskaultimate.com.


Hope someone can help.

Thanks
troy
 
Old 06-24-2004, 10:33 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
your domain (nebraskaultimate.com) was registered? if it is so it takes about 2 days, other nameservers to learn that your namesever is located at 68.226.73.177
 
Old 06-24-2004, 10:38 AM   #3
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Original Poster
Rep: Reputation: 15
It has been registered for almost 2 weeks now.
 
Old 06-24-2004, 12:46 PM   #4
teddymills
LQ Newbie
 
Registered: Jun 2004
Location: The Far side of Charon
Posts: 15

Rep: Reputation: 0
I agree. The DNS root servers have no idea what nebraskaultimate.com is
or that it exists, or how to get to it.

Recheck your DNS settings with yourDNS Registrar and verify the host and IPs you entered.

From a remote PC, verify that you can ping your DNS server.

Does the DNS server work locally on your network?
If it doesn not, it certainly wont work on the internet.
 
Old 06-24-2004, 12:50 PM   #5
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Original Poster
Rep: Reputation: 15
I checked my dns register and it has the correct ip for the dns server and I can ping the dns server ns1.nebraskaultimate.com from a remote server and that works. And I can see the dns entries on the dns server and do lookups and stuff from there so the dns server works.

I'm pretty stumped.
 
Old 06-24-2004, 01:04 PM   #6
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 32
atomicx

Have you entered

nameserver 192.168.0.122

into /etc/resolv.conf on your other machines ? this will test the server locally

You have'nt got a router blocking port 53 by any chance

Root servers do resolve to your IP

CheckDNS.NET is asking root servers about authoritative NS for domain
Got DNS list for 'nebraskaultimate.com' from a.gtld-servers.net
Found NS record: ns1.nebraskaultimate.com[68.226.73.177], was resolved to IP address by a.gtld-servers.net

So the problem is access to your machine from the internet

CheckDNS.NET is verifying if NS are alive
Error fetching SOA from ns1.nebraskaultimate.com [68.226.73.177]: Connection reset. Probably DNS server is offline.
0 server(s) are alive

Pete
 
Old 06-24-2004, 01:22 PM   #7
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Original Poster
Rep: Reputation: 15
I have nameserver 127.0.0.1 so I changed that to 192.168.0.122. Do I need restart the server when I change the resolve.conf?

Here is what I get when I do a status on named

[root@webserv122 trichard]# /etc/rc.d/init.d/named status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
server is up and running

And I have verified that I'm forwarding my port 53 through my smoothwall firewall.

I have also change the resolve.conf on a different machince and ran a dig and it gave me the correct information.

Last edited by atomicx; 06-24-2004 at 01:27 PM.
 
Old 06-24-2004, 01:36 PM   #8
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 32
atomicx

Quote:
However when I do a 'dig www.nebraskaultiamte.com' from another machine not dns I get a server cannot reach

This is the machine to change /etc/resolve.conf on not your DNS server I assume it's on the same network

Not sure if you have to reboot but it would'nt hurt

Then try 'dig nebraskaultiamte.com' again

Pete
 
Old 06-24-2004, 01:46 PM   #9
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Original Poster
Rep: Reputation: 15
I did that on the machine I was timing out on and it gave the the dns entry that is correct.

So looks like the dns server is set up correctly. I would assume.

Thanks
 
Old 06-24-2004, 01:57 PM   #10
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 32
atomicx

Did you edit your last post after I read it ?

Okay try this

$ttl 38400
nebraskaultimate.com. IN SOA ns1.nebraskaultimate.com. trichard.techovations.com. (
1086280793 ; serial #
10800 ; refresh, seconds
3600 ; retry, seconds
604800 ; expire seconds
38400 ) ; minimum, seconds

IN NS ns1.nebraskaultimate.com.
IN MX 100 mail.nebraskaultimate.com.

nebraskaultimate.com. IN A 68.226.73.177
mail.nebraskaultimate.com. IN A 68.226.73.177
www CNAME nebraskaultimate.com.
ns1 CNAME nebraskaultimate.com.

You should also enter a PTR record for ns1 into

// Reverse Zone Setup
zone "68.226.73.in-addr.arpa" IN {

In fact post your Reverse Zone file lets see what you have in there

Assuming port 53 is forwarded as you say entering ns1 as a CNAME should do the trick

Pete
 
Old 06-24-2004, 03:10 PM   #11
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Eerrr, he can't have DNS for the in-addr.arpa zone his IP is in, that's owned by Cox, he's not authoritative! What's more, the zone is backwards. The IP order needs to be reveresed for in-addr.arpa. Any way, the reverse DNS has nothing to do with this problem.

It appears that there is a firewall in front of that machine that is blocking DNS requests. You need to forward ports 53/UDP and 53/TCP from your firewall to 68.226.73.177. If the firewall is on the box itself, then you just need to open incoming connections to port 53/UDP and 53/TCP. Contrary to popular advice, you do need both UDP and TCP, because queries that return too much info for a single UDP datagram will have to be resent in TCP.
 
Old 06-28-2004, 04:06 PM   #12
atomicx
Member
 
Registered: Oct 2003
Posts: 48

Original Poster
Rep: Reputation: 15
Ok it looks like I only had tcp forwarding so when I opened up udp everything seems to be working. Thanks for the help guys.

A couple other questions reguardig DNS.

1. Do you have to have the reverse zone lookup in the named.conf file? I see the above post says it will not work since COX owns my ip.

2. In the zone files do I need to change the serial number every time I update the zone file?

3. Can the named.conf file have includes in it? I would like to create just a file for the forward setup stuff.

Thanks for all you help.
Troy

Last edited by atomicx; 06-28-2004 at 04:09 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS problem. Please help! auroratrading Linux - Networking 1 04-05-2005 02:14 AM
problem with DNS bglad Linux - Networking 9 10-20-2003 05:39 AM
Possible DNS problem? JimBass Linux - Newbie 8 10-03-2003 10:23 PM
DNS problem with RH 8.0 datamisc Linux - Newbie 2 12-20-2002 12:37 PM
DNS problem Cubiq Linux - Networking 12 09-06-2002 03:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration