LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-08-2010, 08:05 AM   #1
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Rep: Reputation: 0
BIND9 and Debian


I am relatively new to Linux and am trying to setup BIND9 on Debian 5. I picked BIND and debian as they seem to be the best fit for what I need. Plus this gives me a chance to get me feet wet with Linux.

I am setting up an DNS server for an external domain. I followed a few different setup guides about setting up BIND. Everything seemed fairly straight forward. I have setup my config files and zone files, however I am unable to query the server. When I try locally, it times out. When I run nslookup from another computer I get "query refused". Bind is running, I can see the named process running. At first I thought it may be the local firewall, but I am able to telnet to the server on port 53.

I looked in the system log and didn't see any errors, (or any messages at all) relating to Bind.

Any help is appreciated.
 
Old 11-08-2010, 09:13 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
Hi and welcome to LQ

As a start, posting at least named.conf should be nice.
Also what gives:
Code:
dig mydomain.com @localhost
when executed from the box running bind

Regards
 
Old 11-08-2010, 12:52 PM   #3
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Her you go.

Code:
# dig mydomain.com @localhost

; <<>> DiG 9.6-ESV-R1 <<>> mydomain.com @localhost
;; global options: +cmd
;; connection timed out; no servers could be reached
Here is my named.conf file.

Code:
options {
directory "/etc/named.d";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.d/localhost.rev";
};

zone "128.241.66.in-addr.arpa" {
type master;
file "/etc/named.d/128.241.66.rev";
};

zone "." {
type hint;
file "/etc/named.d/named.ca";
};

zone "mydomain.com" {
type master;
file "/etc/named.d/mydomain.com.db";
};
(I replaced mydomain.com with my actual domain.)
 
Old 11-08-2010, 02:00 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
So you say that named is running and responds to telnet on port 53, but it doesn't respond to the dig command?
What gives:
Code:
netstat -tunapl|grep 53
You didn't mention how you've installed bind, but I think you should follow this tutorial.

Regards
 
Old 11-08-2010, 02:30 PM   #5
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
netstat -tunapl | grep 53:

Code:
ns01:/home/cshiers# netstat -tunapl | grep 53
tcp        0      0 66.241.128.186:53       0.0.0.0:*               LISTEN      5299/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      5299/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      5299/named
tcp        0     52 66.241.128.186:22       172.30.48.54:61923      ESTABLISHED 5332/sshd: cshiers
tcp6       0      0 :::53                   :::*                    LISTEN      5299/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      5299/named
udp        0      0 66.241.128.186:53       0.0.0.0:*                           5299/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           5299/named
udp6       0      0 :::53                   :::*                                5299/named
I installed BIND during the installation of debian.

I remember reading through that doc but it was the 3rd or 4th doc I read. I will go through it again and let you know.
 
Old 11-08-2010, 05:01 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
Doh, named is running and listening on both the local and public IP and for both udp and tcp protocols!
I guess there is some sort of firewall blocking udp port 53, even for localhost. What is the output of:
Code:
iptables -L
What happens if you use the public IP to dig?
Code:
dig mydomain.com @66.241.128.186

Last edited by bathory; 11-08-2010 at 05:06 PM.
 
Old 11-09-2010, 12:07 PM   #7
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
There appears to be nothing listed in iptables. Though I didn't think it would be an issue as I can connect on port 53.

Output of iptables -L
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Same result for dig.
Code:
# dig mydomain.com @66.241.128.186

; <<>> DiG 9.6-ESV-R1 <<>> mydomain.com @66.241.128.186
;; global options: +cmd
;; connection timed out; no servers could be reached
 
Old 11-09-2010, 03:56 PM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
Quote:
Though I didn't think it would be an issue as I can connect on port 53.
Telnet uses tcp, while dns uses udp for the initial connection, that's why I thought it could be something blocking port 53/udp.

Anyway add the following in the options section of /etc/named.conf restart named and see if it works:
Code:
listen-on {
                127.0.0.1;
                66.241.128.186;
          };
allow-recursion {
                127.0.0.1;
                66.241.128.186;;
          };
 
Old 11-10-2010, 08:14 AM   #9
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
I have added the lines you suggested, as well as allow-query. Still no luck. I have reposted my named.conf file.

I am also restarting named by using /etc/init.d/bind9 restart

Code:
options {
        directory "/etc/named.d";
        auth-nxdomain no;
        version none;

        listen-on {
        127.0.0.1;
        66.241.128.186;
        };

        allow-recursion {
        127.0.0.1;
        66.241.128.186;
        };

        allow-query {
        127.0.0.1;
        66.241.128.186;
        };

};

zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.d/localhost.rev";
};

zone "128.241.66.in-addr.arpa" {
type master;
file "/etc/named.d/128.241.66.rev";
};

zone "." {
type hint;
file "/etc/named.d/named.ca";
};

zone "mydomain.com" {
type master;
file "/etc/named.d/mydomain.com.db";
};
We're close, I can feel it. Most likely I over looked a step.
 
Old 11-10-2010, 08:55 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
Hi,

Well, I didn't think it was going to work, because from the error you get, looks like there is no sever running or there is firewall denying access, but netstat shows named running and your iptables rules are empty!!

Could you kill the service
Code:
killall -9 named
and then run named in foreground debug mode, to see if we can get anything?
Code:
/usr/sbin/named -4 -f -d 3 -u named
BTW use double quotes in the version string:
Code:
 version "none";
 
Old 11-10-2010, 10:32 AM   #11
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
I tried killall and it says command could not be found. I did kill the only process of named running though.

I don't have a user named, so I changed -u to root. It just sits there with nothing happening. It doesn't even go back to the prompt. I am not sure what I am looking for.
Code:
When I run /usr/sbin/named -4 -f -d 3 -u root
Thanks, made the change on version "none";
 
Old 11-10-2010, 11:52 AM   #12
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
Quote:
I don't have a user named, so I changed -u to root.
named should run as an unprivileged user. I was under the impression that debian uses a user named, but it look the user is bind.

Quote:
t just sits there with nothing happening. It doesn't even go back to the prompt. I am not sure what I am looking for.
This is right. If there were any errors they should show up on screen.
While named sits there and waiting, open another terminal and try a query to see if you get something.
To stop it you can press Ctrl-C
 
Old 11-10-2010, 12:47 PM   #13
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Still getting connection timed out when I try dig mydomain.com @66.241.128.186 or @127.0.0.1

On the terminal with bind, nothing happens. It just sits there still.
 
Old 11-10-2010, 01:03 PM   #14
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596
If it sits there quiet means that there are no errors...

What's in /etc/resolv.conf?
Also can you resolve external domains?
Code:
dig google.com @127.0.0.1
 
Old 11-10-2010, 01:21 PM   #15
cshiers
LQ Newbie
 
Registered: Nov 2010
Posts: 8

Original Poster
Rep: Reputation: 0
/etc/resolve.conf
Code:
search mydomain.com
nameserver 127.0.0.1
I have tried several things. I can resolve outside domains when it is set to an external DNS server. eg. 4.2.2.2 or 8.8.8.8. But when it is set to 127.0.0.1 I get:

Code:
# dig google.com @127.0.0.1

; <<>> DiG 9.6-ESV-R1 <<>> google.com @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached
ns01:/home/cshiers#
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind9 with OpenLDAP on Debian etch slp1992 Linux - Server 5 10-23-2008 12:11 AM
Debian Bind9 chroot problems eentonig Linux - Server 1 09-24-2008 10:39 AM
is my bind9 on debian box vulnerable? mvidberg Linux - Security 4 08-01-2008 11:37 PM
bind9 on debian not providing reverse lookups to remote machines. slybob Linux - Server 2 06-15-2007 06:52 PM
Conifiguring aliases in BIND9 - Debian Sarge nvbauer Linux - Networking 4 02-10-2005 09:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration