-   Linux - Newbie (
-   -   Announcing DNS Server (

steve007 07-20-2005 05:09 AM

Announcing DNS Server
I am still stuck in setting up my DNS server, I have used webmin to do the settings but i dont know if it works or not. I run the command:
host -t ns

and it seemed to return no error (bearing in mind is not a real domain). But how do I get this DNS server out there on the internet? It has a private IP address... EVERY computer in our network is behind one router, the router has the ip address for the internet and all other machines are assigned an ip address by the router - this one on the dns server is static at i understand that I need to register my DNS server with my registrar (UKReg) but how does it know its pointing to my DNS server? It doesnt ask me for an ip address at all, just asks for the name server. the actual domain seems to have an ip address of but can not be pinged (didnt think it wud anyway but at least its returned an IP address). What do I do to get my name server registered, ive typed in my name server with UKREG but it doesnt seem to be changing, and I am thinking I have not announced it to the internet somehow... but how do I do that?

I have used Webmin to set this DNS Server up, i made an A record, a Name server record, a CNAME alias record, and an MX record.

to view my previous thread about setting up the DNS server please clcik here:

Thank you for your help

Michael Johnson 07-21-2005 03:41 AM

You can't use privateaddresses on the internet. Your ISP and the internet will not accept your servers address of 192.168.12. The first point is to clarify what you want your DNS server to do.
Will be used on the internal network only?
Will your DNS server be resolving names for the internet? Is this being done by your router?
What services do you wish to offer people on the internet?
Would you be better of setting up a DMZ?
Does this server do DHCP server as well?

steve007 07-21-2005 11:01 AM

My DHCP is the router, that is what is used to assign IP addresses. I just want my DNS server to allow someone to be able to email us, I have created a name server record, an MX record, CNAME aliase and an A Record. I may also want it to resolve the url of our website though this is not for definate yet as we probably will host externally. For now I just want to be able to email someone on our domain name...
I am able to send emails OUT, but not recieve records in. I have set on the router to map requests for port 53 to point to and I have placed the nameserver with IP address on our domain registrar. But I can not receive emails, I am missing something, probably something really small and I dont know what it is. As stated earlier I used Webmin to set up the DNS, I also used it to set up Postfix, I have apache server running and can access squirrelmail, I have dovecot running..... so what am i missing?


phil.d.g 07-21-2005 11:13 AM

Have you forwarded port 25 from your router to your server.

Use to check your DNS server is working correctly and that your DNS server has been successfully registered

steve007 07-21-2005 11:16 AM

why port 25? what is port 25 for? i thought port 53 was for DNS

phil.d.g 07-21-2005 11:17 AM

smtp, its when email is relayed to your server it connects to your smtp server, in your case I think you said postfix, which listens on port 25

steve007 07-21-2005 11:21 AM

that link you gave me returned an answer.... i typed in my name server, for example and it said it found one server....... but if i type anything in there like is says it finds a name server.........?

steve007 07-21-2005 11:26 AM

hmmm i added another rule to my router to forward port 25 to that same ip address as well but it didnt seem to make any difference, i try and send an email from my hotmail account and it fails, i get a postmaster comming back saying its not recognised email address...... are u able to email me and chat via email or instant messaging.... u seem pretty smart.....

phil.d.g 07-21-2005 11:29 AM

On that dns query page put as the nameserver, put as the domain and change the query type to MX, if you don't understand the output just paste it here.

You should get something along these lines:

;;, type = MX, class = IN
;; ANSWERS:        14400        MX        10        14400        MX        15        14400        MX        20       
;; AUTHORITY RECORDS:        14400        NS        14400        NS        14400        NS       
;; ADDITIONAL RECORDS:          14400  A          14400  A        14400  A

That will tell us that your name server is set up correctly or not, either way we will start to close in on the problem

steve007 07-21-2005 11:34 AM

right well i get nothing like it.......

; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; Ques: 1, Ans: 3, Auth: 3, Addit: 3
;;, type = MX, class = IN

;; ANSWERS: 64632 MX 30 64632 MX 10 64632 MX 20

;; AUTHORITY RECORDS: 39885 NS 39885 NS 39885 NS

;; ADDITIONAL RECORDS: 99611 A 99611 A 45008 A

;; Total query time: 0 msec
;; FROM: to SERVER: default --
;; WHEN: Thu Jul 21 09:33:01 2005
;; MSG SIZE sent: 32 rcvd: 225

at a guess it means my DNS dont exist or dont have an MX record or something??? i dunno.... any chance we can instant message at all for faster responses.... i havent been too lucky on this forum getting good or prompt replies

phil.d.g 07-21-2005 11:46 AM

Not really into im, sorry.

I get the response you gave if you leave the domain name box empty, something must have gone wrong, post your domain here, or mail it me if you don't want it publicly viewable, you'll find my email address at the bottom of the webpage at the www link at the bottom of my post

steve007 07-22-2005 04:12 AM

Ok, thanks for the reply. but no, the IP address you gave me doesnt seem to be our internet ip address. on the router "internet ip address" reads a completley different IP. the IP you mentioned seems to be something that UKReg has given to the domain i think.... if you ping that domain you will find its similar to the one you gave me, also if you ping its the same IP, but you cant ping my ns1 server.... it says its unreachable. How do I check that port 25 is open on my server anyways? How can I check that a particular port is open.... is there a way I can ping the server and the port?



steve007 07-22-2005 04:37 AM

ok, i have just typed in the netstat command on my dns server (which also hosts the email server at the moment for testing) and this is what i got:

[root@sbcdc1 ~]# netstat -an --inet
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address              Foreign Address            State
tcp        0      0      *                  LISTEN
tcp        0      0      *                  LISTEN
tcp        0      0      *                  LISTEN
tcp        0      0      *                  LISTEN
tcp        0      0    *                  LISTEN
tcp        0      0  *                  LISTEN
tcp        0      0      *                  LISTEN
tcp        0      0    *                  LISTEN
tcp        0      0    *                  LISTEN
tcp        0      0      *                  LISTEN
tcp        0      0    *                  LISTEN
tcp        0      0      *                  LISTEN
tcp      10      0          ESTABLISHED
udp        0      0  *
udp        0      0  *
udp        0      0*
udp        0      0  *
udp        0      0*
udp        0      0  *
udp        0      0*
udp        0      0*
udp        0      0  *
udp        0      0    *
udp        0      0  *
udp        0      0  *
udp        0      0  *
udp        0      0  *

as far as i can tell that means port 25 adn 53 are open being listened on right? port 53 is listed on both the top section and the bottom section, should port 25 be listed on the udp section as well or is it fine the way it is?


phil.d.g 07-22-2005 05:39 AM

smtp only listens on the the tcp protocol, dns listens on both but udp is preferred iirc.

What you need to do next can seem a bit confusing.

goto your ISPs control panel and create name servers for your domain. They should provide this functionality, if not email them, note this is not the same as changing the name servers for your domain.

You need to create a namerserver ie and use the IP of your router. Then create another one ie and use the IP of your secondary DNS server, the secondary DNS server can not be the same as the primary. If you do not have a secondary DNS server there are a few websites that provide this service.

Once your name servers have been registered then you need to change the name server that your domain uses, at the minute your domain registrars DNS servers to your newly created name servers. Now you may have up to a 48 hour wait for the changes to take effect.

Then once that is done that should be it


When I did the DNS lookups before it did them on your domains registrar so proved nothing really - I assumed you had allready registered the name servers and changed your domain over to them.

I have done some checks on the IP you gave me that was for your router.

A reverse DNS query gives so that means your using a broadband connection to connect your computer to the internet. Is it a static IP, if it changes every time you connect to the internet then you either need to ask BT for a static IP or call it a day with this project. A static IP is a absolute *must*

I have tried pinging your routers IP and it gave no response, so theres three possibilities - you have your computer/router turned off, your router won't return pings or your router has been reconnected and been given a new IP.

Well nmap gives:


philip@newcastle:~$ nmap -P0

Starting nmap 3.75 ( ) at 2005-07-22 10:19 BST
Interesting ports on (
(The 1661 ports scanned but not shown below are in state: filtered)
25/tcp closed smtp
53/tcp open  domain

Nmap run completed -- 1 IP address (1 host up) scanned in 501.377 seconds

When I queried your IP for the domain it returned no result, so your DNS server is configured wrongly. I have had no experience with BIND, I did this same project years ago and I used a little DNS server that only served records, no caching or fetching from other servers, etc it was called nsd (name server daemon). So you will have to see someone else about BIND.

smtp is closed, I can only assume you didn't have it running at the time I ran the test or you have it configured to allow no relaying. You need to allow relaying from foreign to local, local to local and local to foreign, but not foreign to foreign.

Don't register the name servers and change your domains name servers until you have the DNS working correctly or your domain will stop working. You should be able to test your own DNS server by `dig @localhost`

I think that should keep you going for a bit, any more questions just ask here and I'll do my best

steve007 07-22-2005 06:31 AM

ok, first of all I did not register a name server with BTOpenworld... i guess im missing that part..

I dont have a second nameserver.... is it ok to use the or should I create another? Can this be on the same physical machine as my current DNS server as a separate name server record or shud it be a separate machine? if its a second machine then if i map my router to route to that dns server as well, how does it know which one to send requests to? first in the list??

I am fully aware that a static IP is a must, but currently on a dynamic one... the reason I havent got a static Ip address yet is because the router connects to the net and it hasn't re-dialed for months so its kept the same IP number... I wil get a static one once DNS is set up and working, its still ok to use this ip address for testing purposes isnt it... it keeps it for a long time because we on broadband, connection dont drop.

from the results i posted here about the ports..... did that show that port 25 was open or closed... it said listening... if its closed how do i open it?

I think port 25 must be closed, since i use postfix and it looks quite plain and simple to show about relaying....

Thanks for this help on this.

All times are GMT -5. The time now is 04:16 PM.