I have One CentOS 5.2 Installed server having two public IP .
I want to configure this server as a DNS server as well as Webserver.
I have installed DirectAdmin control panel to manage all the my web clients.
Regarding DNS I want to configure my server as Master DNS server as well as I want to forward all the DNS records created in my server to the my ISP DNS sever.

Now I have few questions.
1. To make my server as DNS Master Server, How I have to configure IP address of my LAN ?

IP address of my LAN:221.243.X.X/29
Primary DNS Address of my Sever: 221. 243. X.X/ 29(Am I right here)
Secondary DNS address of My server: ISPs DNS address given by ISP(am I right?)
Gateway:221.243.X.X

2. DNS configuration Files, How many the major DNS configuration Files that I need to create?

3. I want to resolve 3 websites, In this case what will be the contents in all the DNS configuration related files?
www.linuxguru.com-- 221.243.X.X/29
www.mylinuxbox.com-- 221.243.X.x/29 (Same IP)
www.lovelinux.com-- 221..243.X.X/29 (Same IP)
(note: each website will have www, ftp, mail, smtp, pop3 etc)

4. NameSever, My hostname is "web08.linuxdad.com" In this case what will be the Nameserver?

5. resolv.conf (what should be the setting of my reslov.conf, do I need to put ISPs DNS address in my reslove.conf?)

Hopping to get answers from all gurus.

It doesn't really matter. However, if I am correct about where you are seeing these settings, the primary and secondary DNS servers settings here are the resolvers for what your server will use to resolve queries. Accordingly, you should *NOT* set them to the server itself. Your ISP has probably supplied you with the IPs of resolvers you can use. Put those here.

You need one configuartion file for BIND, and one for each zone. Given that you will host three zones, you will need three zone files.

First is the configuration file for BIND itself. This is normally at /etc/named.conf. A sample named.conf:
Then you need the zone files. A sample for the zone linuxguru.com might be /var/named/linuxguru.com.db as follows:
Note that the SOA record includes the authoritative name server ns1.linuxdad.com, and the email address of the person responisble for the zone, admin@linuxdad.com (the form in the zone file replaces "@" with ".").

I'm not sure I understand the question, but I think you are asking what names you should use for the name servers. If so, the answer is that it doesn't matter as long as in the zone for the host name's domain you have the proper records, and the name server host names are registered through the domain's registrar, and the domains that are using them as name servers have told their respective registrars so.

In the example above, I have assumed that you are using ns1.linuxdad.com as the primary and dns.yourisp.net as the secondary name servers for the domain linuxguru.com. If that is the case, you will want to make sure that you have registered ns1.linuxdad.com as a host with the registrar for the domain linuxdad.com, and that the zone file for linuxdad.com has an A record point ns1.linuxdad.com to 221.243.x.x.

That's right. I assumed that the LAN settings you were talking about in Question 1 included this information. If I'm on the right page here, setting Primary and Secondary DNS Servers as above, with the ISP information, is going to update your /etc/resolv.conf file.

You will want to make sure that your ISP is really going to act as a secondary to host your zone file, and that they have not simply agreed to provide you with resolvers. It's not unheard of for an ISP to do the former...you'll just want to make sure.

Thanks zaichik !!now I am working on it. After the result I will again write you!

I have tried as follows still I could not solve my problem.
When I do ping www.saraadhikari.com it does not reply nor saraadhikari.com also. All the my configuration files are given below.
-------------------
//file /etc/resolv.conf- configuration is as follows
search linuxdad.com
namserver 221.243.63.180
nameservr 61.122.127.74 /*This is one of the IP address provided by My
*ISP as primary DNS server address*/
-----------------------
I have put two ip address in my 2 seperate Ethernet port.
eth0- 221.243.63.179- I am using this address for webserver control pannel
eth1- 221.243.63.180- I am using this address for DNS configuration propose

ISP has provided me 2 DNS address
Primary DNS server- 61.122.127.74
Secondary DNs server- 61.122.116.174

---------
//file /etc/sysconfig/network-scripts/ifcfg-eth1- configuration is as follows

# Broadcom Corporation NetXtreme BCM5703 Gigabit Ethernet
search linuxdad.com
nameserver 221.243.63.180
nameserver 61.122.127.74
DEVICE=eth1
BOOTPROTO=static
BROADCAST=221.243.63.183
HWADDR=00:11:0A:86:1E:74
IPADDR=221.243.63.180
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.248
NETWORK=221.243.63.176
ONBOOT=yes

-------------------

//file /var/named/179.63.243.221.in-addr.arpa.db- Configuration of file as follows
---------
Pratically what is the role of this file. Is this file is important?
What type of content do I have to write in this file?
-----

$TTL 14400
@ IN SOA 221.243.63.180. root.linuxdad.com. (
2008090600
14400
3600
1209600
86400 )

180.63.243.221.in-addr.arpa. 14400 IN NS 221.243.63.180.

180.63.243.221.in-addr.arpa. 14400 IN PTR saraadhikari.com.

--------------------

//file /etc/named.conf- Configuration as follows
------

inet 127.0.0.1 allow { localhost; } keys {"rndckey"; };
};
options {
directory "/var/named";
//dump-file "/var/named/data/cache_dump.db";
//statistics-file "/var/named/data/named_stats.txt";
//query-source address * port 53;
//
// also-notify { ip.address.of.secondary }; // what is mean by this?
// Which IP do I need to write here.
//
};

zone "." IN {
type hint;
file "/var/named/named.ca";
};

zone "saraadhikari.com" {
type master;
file "/var/named/saraadhikari.com.db";
};

Few my questions-
1- Where is my mistakes?
2- Do I need to register my DNS server as Name Server for ex. ns1.linuxdad.com (if yes from where I need to register this one?)
3. I have already register www.saraadhikari.com and redirected name server as 221.243.63.180
Still there is other process that I have to do to view my website www.saraadhikari.com
4. To properly run my DNS server Do I need to tell any things to my ISPs, who have provided my Internet b/w in my room. If yes what i have to request them? Except internet b/w and 1 set of /29 Public IP address I have not taken any other services from my ISP
Please suggest me what I have to do for properlly running my DNS sever and to view my webcontent of my webserver.

post the output of


dig www.saraadhikari.com

Hi Billymayday here is the dig report of www.saraadhikari.com
[root@web08 ~]# dig www.saraadhikari.com

; <<>> DiG 9.3.4-P1 <<>> www.saraadhikari.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31217
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.saraadhikari.com. IN A

;; Query time: 0 msec
;; SERVER: 221.243.63.180#53(221.243.63.180)
;; WHEN: Sun Sep 7 13:39:28 2008
;; MSG SIZE rcvd: 38

Is 221.243.63.180 the correct IP for your DNS? If it is the correct exptenal IP, what's internal IP?

What's in /etc/resolv.conf?

Edit - just saw your resolv.conf further up.

Can you explain your network setup a bit more?

Can you

telnet 221.243.63.180 53

Is your firewall open for port 53?

Here is the content in side /etc/resolv.conf

search linuxdad.com
nameserver 221.243.63.179
nameserver 61.122.127.74

I can not do telnet 221.243.63.180 53

but remotely I can do ssh. Also I can ping my both IP
My network setup is following
I have taken Internet service from the ISP which has provided me Public IP 221.243.63.176/29
The ISp'S Fiber cable is in my room connected with the router setup by ISP in my room. I have not used any firewall. The router is working as my gateway. It's IP is 221.243.63.177
I have installed 2 Lan cards etho and eth1
following are the setting of these two node
/etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth0
BOOTPROTO=static
BROADCAST=221.243.63.183
HWADDR=00:1A:4B:CD:9A:C8
IPADDR=221.243.63.179
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.248
NETWORK=221.243.63.176
ONBOOT=yes
/etc/sysconfig/network-scripts/ifcfg-eth1

# Broadcom Corporation NetXtreme BCM5703 Gigabit Ethernet
DEVICE=eth1
BOOTPROTO=static
BROADCAST=221.243.63.183
HWADDR=00:11:0A:86:1E:74
IPADDR=221.243.63.180
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.248
NETWORK=221.243.63.176
ONBOOT=yes

Also I have off the IPtables.

ssh uses port 22, whereas DNS uses 53. You need to make sure that your firewall allows port 53 through and that your ISP allows port 53 through.

What does

netstat -alnp | grep :53

show, and

iptables -L

Output of iptalbes -L
---------------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n fs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n etbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:m icrosoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:t elnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited

------
Out put of netstat -alnp | grep :53
--

[root@web08 ~]# netstat -alnp | grep :53
tcp 0 0 221.243.63.179:53 0.0.0.0:* LISTEN 20208/na med
tcp 0 0 221.243.63.180:53 0.0.0.0:* LISTEN 20208/na med
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20208/na med
udp 0 0 221.243.63.179:53 0.0.0.0:* 20208/na med
udp 0 0 221.243.63.180:53 0.0.0.0:* 20208/na med
udp 0 0 127.0.0.1:53 0.0.0.0:* 20208/na med
udp 0 0 0.0.0.0:5353 0.0.0.0:* 7116/ava hi-daemon:
udp 0 0 :::5353 :::* 7116/ava hi-daemon:

So your firewall is blocking port 53. How do you control your firewall, is it through a script or do you use some graphical interface?

You should think carefully about what services you plan to run, for example you almost certainly don't want telnet open, and do you plan on running a web server, samba over the net, etc? You have all those ports open, plus IPP, etc.

Thanks billymayday,

In my network there is not firewall. If it is in my own linux server linuxdad.com how I need to mange it I don't have idea. could you suggest me how I can do it?

Well you are using iptables in some way (hence the output of iptables -L which lists the rules).

A simple pair of rules like

/sbin/iptables -A -p TCP --dport dns -j ACCEPT
/sbin/iptables -A -p UDP --dport dns -j ACCEPT

should enable you to test things (just type those as root from command line).

I'm pretty sure (I don't do it this way) that your firewall rules are stored in /etc/sysconfig/iptables. You should be able to add the lines:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT

to make the previous change effective on reboot.

Note thst you can't just stick them on the end, because order is important. Put them under a similar rule (there's probably something like

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT

there already and you could insert these lines immediately after.