bind server not resolving external request
DEAR All,
i configured bind 9 on centos 6.3 and restart the named service its successfully restarted .than i enter the dig command to check its working .is successfully resolve the cnn.com the output is here <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56796 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 2 ;; QUESTION SECTION: ;cnn.com. IN A ;; ANSWER SECTION: cnn.com. 300 IN A 157.166.226.25 cnn.com. 300 IN A 157.166.226.26 ;; AUTHORITY SECTION: cnn.com. 170300 IN NS ns2.p42.dynect.net. cnn.com. 170300 IN NS ns1.p42.dynect.net. cnn.com. 170300 IN NS ns3.timewarner.net. cnn.com. 170300 IN NS ns1.timewarner.net. ;; ADDITIONAL SECTION: ns1.timewarner.net. 170301 IN A 204.74.108.238 ns3.timewarner.net. 170301 IN A 199.7.68.238 ;; Query time: 5948 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Sep 9 16:25:24 2013 ;; MSG SIZE rcvd: 186 when i give this dns to the window machine and go to the cmd and try to resolve cnn.com but here it can not resolve please help me in this regard thanks in advance .the out put of window cmd command is here DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.x.x.x ( dns server ip) DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. |
Quote:
|
Thanks for reply my firewall is in off state and not blocking port 53
|
Quote:
Code:
netstat -tunalp|grep named |
Thanks for reply once again i use only one private ip on bind server . i need public ip on it or not .
|
Quote:
|
the out put of command netstat -tunalp|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13487/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13487/named tcp 0 0 ::1:53 :::* LISTEN 13487/named tcp 0 0 ::1:953 :::* LISTEN 13487/named udp 0 0 0.0.0.0:49554 0.0.0.0:* 13487/named udp 0 0 127.0.0.1:53 0.0.0.0:* 13487/named udp 0 0 ::1:53 :::* 13487/named for your info plz its show its listing on ip |
Quote:
Open named.conf and comment out the "Listen-on..." directive and restart the service |
after comment out the listen on the output of netstat -tunalp| grep named command is as under
tcp 0 0 10.3.20.225:53 0.0.0.0:* LISTEN 15914/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 15914/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 15914/named tcp 0 0 ::1:53 :::* LISTEN 15914/named tcp 0 0 ::1:953 :::* LISTEN 15914/named udp 0 0 10.3.20.225:53 0.0.0.0:* 15914/named udp 0 0 127.0.0.1:53 0.0.0.0:* 15914/named udp 0 0 ::1:53 :::* 15914/named but it still not resolving on window machine |
Quote:
|
Actually we used 20 subnet for server and our cliets where window pc's lies use 50 subnet and natting already be done there is no 192 subnet there i just post for your info the out put of window machine is
DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 10.3.20.225 DNS request timed out. timeout was 2 seconds. |
Quote:
Check if you can access this or other servers on the 20 subnet, using ping, traceroute or telnet to known open ports |
I check on server which on same network means on 20 network and our dns server also on 20 network . i stop the iptables also on dns server .and dig command output is below
dig cnn.com ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6 <<>> cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11384 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cnn.com. IN A ;; Query time: 0 msec ;; SERVER: 10.3.20.225#53(10.3.20.225) ;; WHEN: Tue Sep 10 14:09:33 2013 ;; MSG SIZE rcvd: 25 this is also centos server .i enter dns in reslove.conf file of this server |
Quote:
Specif the subnets that can use your dns like follows: Code:
allow-recursion { 127.0.0.1; |
Thanks a lot its working now . and Thanks once again for your precious time . can you give your email address .if i face any problem i contact you directly on your email address.
Bundle of Thanks |
Quote:
Please mark the thread as "SOLVED" from the "Thread Tools" om top of the page Regards |
After successfully configuring bind server on centos .and its working fine .but i think it not caching the host name because
when i dig some host on first attempt it not resolving .when i enter the same command it start resolving . so help me in this regard |
Quote:
Code:
dig linuxquestions.org Code:
dig linuxquestions.org |
on first attempt it show me this message
dig cnn.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 40296 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;cnn.com. IN A ;; Query time: 1 msec ;; SERVER: ::1#53(::1) ;; WHEN: Wed Sep 11 20:31:02 2013 ;; MSG SIZE rcvd: 25 when i use the up arrow key to enter the same command that it resolve successfully . every time this happen why not resolve on first attempt although i resolve cnn.com 3 or 4 times before that. |
Quote:
You can add it in the "allow-recursion ..." statement, or delete ::1 from /etc/resolv.conf. Or even disable ipv6 completely if you don't need it. |
if i add in allow-recursion statement than how i allow there just i write ::1 this or some thing else
|
Quote:
Code:
allow-recursion { 127.0.0.1; |
thanks i think problem with ip version 6 so i add in allow-recursion .its working fine now.
|
Thanks for supporting in DNS server . Now i configure Openvpn version 2.0 on centos server 6.3 .i configure it and restart the openvpn services successfully . now i want to configure it with LDAP server .and i want to authenticate users from LDAP server. your support in this regard will be highly appreciated
|
Quote:
|
how we can increase the caching of DNS server .and how to check how long it kept the host name in cache and we can increase the caching time and size ?
|
Quote:
Have a look here for the options that control the dns cache. BUT! For the cache size leave it undefined so your caching dns uses as much of your RAM as it's available. Also it's little you can do for the cache time, as it depends on the zone $TTL value of the authoritative dns. E,g. you can have a max-cache-ttl of 1w (one week) while the $TTL on the authoritative dns server is 2d or less, meaning that the record on your dns will expire after that time, so it has to query again the authoritative dns for a fresh copy. |
All times are GMT -5. The time now is 07:21 AM. |