Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-26-2007, 05:28 PM   #1
LQ Newbie
Registered: Dec 2004
Posts: 15

Rep: Reputation: 0
bind trouble

Hi all,

I am semi-new to Linux, but very new to setting up a server. I have a test environment using VMware with 3 virtual machines - 2 Fedora 7 machines and an SLES 10 machine. I am using the one Fedora 7 machine as a server/router/firewall/gateway for the other F7 and SLES machines, simulating a small private network.

I have NAT working, but now I am trying to configure my F7 server as a DNS server. What I have done is I have taken the named.caching-nameserver.conf file, copied it as named.conf, and am using that. Here is the code from that:

options {
        listen-on port 53 {; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
        type hint;
        file "";

include "/etc/named.rfc1912.zones";
nslookup runs successfully from the server machine, but when I change the nameserver to my server's IP in my client machine, nslookup is not successful from the client machine. I am able to ping my server from my client.

I did run tcpdump from both machines during an nslookup from client to server.

From server:
02:33:17.379031 IP >  2225+ A? (32)
02:33:22.379588 IP >  2225+ A? (32)
02:33:27.381808 IP >  2225+ A? (32)
eth0 is my Internet-facing adapter, and a tcpdump with eth0 shows no activity during an nslookup from one of my clients.

Could iptables be incorrectly configured?

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE

# Allow outbound DNS queries from the FW and the replies too
# - Interface eth0 is the internet interface
# Zone transfers use TCP and not UDP. Most home networks
# / websites using a single DNS server won't require TCP statements
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 \
         -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 \
         -j ACCEPT

iptables -A OUTPUT -p udp -o eth1 --dport 53 --sport 1024:65535 \
         -j ACCEPT
iptables -A INPUT -p udp -i eth1 --sport 53 --dport 1024:65535 \
         -j ACCEPT
I'd appreciate any troubleshooting tips, because I am stuck!
Old 07-27-2007, 04:27 PM   #2
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,819

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
You have a couple of "errors" in your named.conf
listen-on port 53 {; };
If it listens only on the loopback interface how can a client connect to your dns. The same goes for the other listen statement for ipv6. I suggest you to remove both of them.
allow-query { localhost; };
Again if you only allow localhost to query the server it's not going to work with clients



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trouble with ssh port forward (bind address) Ratclaws Linux - Security 3 04-24-2007 05:26 PM
How do I import bind ".hosts" files into another BIND server chantman Linux - Software 0 06-30-2006 11:51 AM
LXer: DNS: The Bind Leading the Bind LXer Syndicated Linux News 0 06-15-2006 10:33 PM
How to update BIND ./etc/bind/db.coaxcables AndeAnderson Debian 0 03-03-2006 09:35 AM
trouble setting up BIND noisybastard Linux - Networking 1 05-15-2003 06:36 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:27 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration