| DKLeader |
10-08-2009 07:01 AM |
DNS Server WAN-LAN connection problem
Hi,
I have a problem when trying to test connection with my nameservers. I am sorry that this post will be long but trying to get as much info added as posible.
I have 3 servers were 2 servers are both running Debian Lenny and Bind9 and the third is running Debian Lenny and HostingController (HC8 - Master)
Server 1 (Pri DNS / Domains / Mail) is behind a router. Public IP is 217.116.244.43 and private IP is 192.168.1.44. On the router I have forwarded port 53 to 192.168.1.44.
Server 2 (Sec DNS) is not behind a router and has public IP 217.116.244.35.
Server 3 (HC8 Master) is on public IP 217.116.244.57.
In HC8 I have added domains and done the setup of the DNS system.
My plan is to have superweb.dk as my primary domain name and nameservers has been named ns1.superweb.dk and ns2.superweb.dk.
Both ns have been approved by DK-Hostmaster.
The zones for superweb looks like this
Code:
@ IN SOA ns1.superweb.dk. admin.superweb.dk. (
2009100703 ; Serial
3600 ; Refresh
600 ; Retry
1209600 ; Expire
3600 ) ; TTL
@ IN NS ns1.superweb.dk.
@ IN NS ns2.superweb.dk.
@ IN NS ns3.superweb.dk.
superweb.dk. IN A 217.116.244.43
ftp.superweb.dk. IN CNAME superweb.dk.
www.superweb.dk. IN CNAME superweb.dk.
mail.superweb.dk. IN A 217.116.244.43
superweb.dk. IN MX 10 mail.superweb.dk.
superweb.dk. IN MX 15 superweb.dk.
superweb.dk. IN TXT "v=spf1 a mx ptr ~all"
My named.conf looks like this
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
// include "/etc/bind/named.conf.options";
options {
directory "/var/cache/bind";
recursion yes;
allow-query { "any"; };
allow-recursion { "any"; };
allow-transfer { "any"; };
query-source address * port 53;
// forward first;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
217.116.227.8;
217.116.227.58;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { any; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
zone "superweb.dk" IN {
type master;
file "db.superweb.dk";
allow-transfer {
193.163.102.6;
217.116.244.35;
213.173.243.0/28; // *.gratisdns.dk
};
also-notify {
213.173.243.11; // axfr.gratisdns.dk
};
};
zone "ns1.superweb.dk" IN {
type master;
file "db.ns1.superweb.dk";
allow-transfer {
193.163.102.6;
217.116.244.35;
213.173.243.0/28; // *.gratisdns.dk
};
also-notify {
213.173.243.11; // axfr.gratisdns.dk
};
};
zone "ns2.superweb.dk" IN {
type master;
file "db.ns2.superweb.dk";
allow-transfer {
193.163.102.6;
217.116.244.35;
213.173.243.0/28; // *.gratisdns.dk
};
also-notify {
213.173.243.11; // axfr.gratisdns.dk
};
};
zone "ns3.superweb.dk" IN {
type master;
file "db.superweb.dk";
allow-transfer {
217.116.244.35;
213.173.243.0/28; // *.gratisdns.dk
};
also-notify {
213.173.243.11; // axfr.gratisdns.dk
};
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "my-key";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
and my resolv.conf :
Code:
domain superweb.dk
search superweb.dk
nameserver 192.168.1.44
// nameserver 217.116.244.43
nameserver 193.163.102.6 // DK-Hostmaster
nameserver 217.116.227.8 // My ISP Pri DNS
// nameserver 217.116.227.58 // My ISP Sec DNS
If I test nameservers here : http://www.dns.lu/en/EN-LUTestNoms.php I get :
Code:
Success: Nameserver test succeded
Info: Nameserver test for domain superweb.dk
Note: Nameserver ns1.superweb.dk at 217.116.244.43 (provided)
Note: Nameserver ns2.superweb.dk at 217.116.244.35 (provided)
but if I test them at DK-Hostmaster ( https://www.dk-hostmaster.dk/english...on-nameserver/) I get :
Code:
Search result
; Candidate name server: ns1.superweb.dk
; Asked for 217.116.244.43, type PTR
; 108 octets from 193.163.102.5
; Response code: NXDOMAIN
; Answer contains 0 answers to your query.
Then I tried redelegate superweb.dk with ns1.superweb.dk here : https://www.dk-hostmaster.dk/english...e-domain-name/ but got this :
Code:
Error: general
Primary name server doesn't exist.
If I do a AXFR between pri and sec I do not get any errors - tried on sec "dig superweb.dk axfr @ns1.superweb.dk" and on pri "dig superweb.dk axfr @ns2.superweb.dk"
I did a port check to see if outer-world could send through port 53 - and it turned out OK.
My question is : what have I done wrong since I cannot get the domain redelegated.
Best Regards
DKLeader aka Jakob. |
