Hello linuxquestions.org. Lurked for years, and actually ran into something I can't solve without posting
I've recently been tasked with running a vps. General linux things are no problem, but it has been a while, and I've never touched named/bind before. I am a complete newbie in this area and it rocks! But I could really use some assistance to get it working.
Code:
# /var/named/chroot/var/named/example.local
$TTL 14400
@ IN SOA example.com. admin.example.com.(
2012092401 ; serial
86400 ; refresh, seconds
7200 ; retry, seconds
3600000 ; expire, seconds
86400 ) ; minimum, seconds
example.com. 86400 IN NS 10.0.0.0
example.com. 86400 IN NS 10.0.0.1
ns1 IN A 10.0.0.0
ns2 IN A 10.0.0.1
example.com. IN A 10.0.0.1
www IN CNAME example.com.
Code:
#/var/named/chroot/etc/named.caching-nameserver.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { localhost; };
allow-recursion {"recursive_subnets";};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
acl "recursive_subnets" {
localhost;
};
Code:
#/var/named/chroot/etc/named.rfc1912.zones
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "example.com" {
type master;
notify no;
file "/var/named/example.local";
allow-transfer {10.0.0.1;};
allow-query {any;};
allow-update { none; };
};
Code:
#dig example.com (on the server)
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.4 <<>> example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16341
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 14400 IN A 10.0.0.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS 10.0.0.0.exmaple.com.
example.com. 86400 IN NS 10.0.0.1.example.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 24 19:46:38 2012
;; MSG SIZE rcvd: 100
All dns tools tell me the that the servers refuse to reply to queries.
Using such tools while named is not running verifies the domain is at least set up to point to those ns and they are visible.
"10.0.0.0.example.com" in the authority section concerns me, as it does not seem like that is what its supposed to look like. Am I right in that respect?
Trying to resolve the dns for the domain or name servers from my local machine all result in "server not found" type messages. I do get a ping response.
If I telnet to the machine on 53, nada, just a blank screen.
iptables looks like this:
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 190.93.240.0/20 anywhere udp dpt:domain
ACCEPT tcp -- 190.93.240.0/20 anywhere tcp dpt:http
ACCEPT udp -- 108.162.192.0/18 anywhere udp dpt:domain
ACCEPT tcp -- 108.162.192.0/18 anywhere tcp dpt:http
ACCEPT udp -- 141.101.64.0/18 anywhere udp dpt:domain
ACCEPT tcp -- 141.101.64.0/18 anywhere tcp dpt:http
ACCEPT udp -- 103.22.200.0/22 anywhere udp dpt:domain
ACCEPT tcp -- 103.22.200.0/22 anywhere tcp dpt:http
ACCEPT udp -- 173.245.48.0/20 anywhere udp dpt:domain
ACCEPT tcp -- 173.245.48.0/20 anywhere tcp dpt:http
ACCEPT udp -- 199.27.128.0/21 anywhere udp dpt:domain
ACCEPT tcp -- 199.27.128.0/21 anywhere tcp dpt:http
ACCEPT udp -- network/24 anywhere udp dpt:domain
ACCEPT tcp -- network/24 anywhere tcp dpt:http
ACCEPT udp -- unknown.scnet.net/24 anywhere udp dpt:domain
ACCEPT tcp -- unknown.scnet.net/24 anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere
DROP all -f anywhere anywhere
DROP all -- 0.0.0.0/8 anywhere
DROP all -- 127.0.0.0/8 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 192.168.0.0/16 anywhere
DROP all -- base-address.mcast.net/3 anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp recent: SET name: FTP side: dest
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 recent: CHECK seconds: 10800 name: FTP side: source
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 recent: CHECK seconds: 10800 name: FTP side: dest
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:26
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `LOG_INPUT '
DROP all -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp recent: SET name: FTP side: dest
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 recent: CHECK seconds: 10800 name: FTP side: source
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 recent: CHECK seconds: 10800 name: FTP side: dest
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:smtps
ACCEPT tcp -- anywhere anywhere tcp dpt:svn
ACCEPT udp -- anywhere anywhere udp dpts:traceroute:33534
LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `LOG_OUTPUT '