Hello, my named is Jim and I am trying to setup DNS Bind 9
I have exhausted all my knowledge. I just can get it to work

Can anyone help walk me thru this?

Is there some area in particular you are havin problems with
you may want to try searching the forums for dns or bind or google
If you are getting a particular error, let us know what it is and maybe someone can help./

I have been doing some reading and I heard BIND is crap.

There is another DNS server around which boasts no security breaches to date.

It is called DJBDNS. It sounds fantastic but god knows how to install it and get it working. I wouldn't know the first thing about configuring a DNS server.

when I do a dns look up from the web I get a timeout error.
This is what I get when I do a dig
QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

I can post the zone file and named file if this will help

Before you start posting zone-files tell us more about what we're
looking at; is your zone officially registered, if so, with who?
If not - how would you hope to get stuff resolved "from the web"?


Cheers,
Tink

Tink,
I understand, I am like a bull in a china shop wanting to get this resolve right now. Anyway

I have a domain acfd.biz with godaddy. I also have a static IP address that I have given my server. The two ns servers from godaddy is ns1.acfd.biz and ns2.acfd.biz. So I believe that is set up right Now, I have configured the
resolv.con, named.conf and set two zone files

This is my first zone file:

$TTL 88440
$ORIGIN acfd.biz.
@ 1D IN SOA www.acfd.biz. jscedunn@yahoo.com. (
2006112542 ; serial
6H ; refresh 6 hours
3600 ; retry 1 hour
1W ; expire 1 week
1D ) ; minimum

1D IN NS ns1.acfd.biz.
1D IN NS ns2.acfd.biz.

IN MX 10 mailmymail.

IN A Myipaddress oof my server
www IN CNAME @
mail IN CNAME @

This seems to work and produce when i do a did on my domain

You need A records for your DNS servers. If your "servers" are really just one server, give them both the same IP.

PS I don't know if BIND9 now allows @ signs in the SOA record, but typically the e-mail address in SOA uses dots:
jscedunn.yahoo.com.

PPS why are you only showing the first line of output from dig? "QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0" shows that you performed 1 query, and got two answers, both of which were authoritative. It doesn't show what the answers are, though.

Chort,
I completed the suggestions you made and still do not get an answer. Here is the dig output

; <<>> DiG 9.2.4 <<>> www.acfd.biz
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50874
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.acfd.biz. IN A

;; ANSWER SECTION:
www.acfd.biz. 88440 IN CNAME acfd.biz.
acfd.biz. 88440 IN A myipaddress

;; AUTHORITY SECTION:
acfd.biz. 86400 IN NS myipaddress.

;; Query time: 6 msec
;; SERVER: myipaddress#53(myipaddress)
;; WHEN: Mon Nov 27 20:57:24 2006
;; MSG SIZE rcvd: 86

I am using dnsstuff.com to test and the result i get from them testing is:
Timeout occurred getting the NS records from your nameserver! None of your nameservers responded fast enough. They are down or unreachable .....

Any thoughts?

You dig query did not fail. It returned exactly the information that it was supposed to.

Now the question is: Is myipaddress an internal-only IP, such as 192.168.n.n, or 10.n.n.n? If so, then it's little wonder why the external tools cannot perform a lookup. There is no way to reach your DNS server.

You need to login to your godaddy.com account and setup "Domain Hosts". This will allow you to put in ns1 and ns2 and put in your external IP address (hopefully it's static). This is the only way hosts on the Internet can lookup your DNS records since they need to know the IP addresses of your DNS servers.

Chort,
Yes this is a static ip address from my isp. I can ping the ip address from the web and it returns. I also have pointed my ns1.acfd.biz and ns2.acfd.biz to my static
ip. If you do an dns look up from the web you will see that they point it to my static ip. The error I get is

"Searching for www.acfd.biz A record at NS2.acfd.biz. [myipaddress]: Timed out. Trying again."

This repeats 6 times.

The only thing I can thing of is how long does it take for the new zone file to take effect?

Is there some kind of firewall that I am not aware of? I have the linux firewall disabled now and SeLinux disabled

One more thing I have check the ports and UDP and TCP are on for port 53

I am still stumped
Thoughts?

Jim

It still does not look like you added your static IP to your GoDaddy account as a host for ns1 and ns2. If you do not put your IP in your account at GoDaddy.com there is no way for anyone on the Internet to look up your DNS servers... How are we supposed to know what IP address to connect to? The only place it is in DNS is on your servers, and all we have is the name of your DNS servers, but not the IP... It's impossible. You need to enter the IP on GoDaddy.com so we know what IP address to find your DNS servers at.

Actually, I take that back. It hasn't fully propagated yet, but if I query the servers by hand I can find the tld servers for .biz and they have your IP... The problem is that you're behind some really weird firewall. Your ISP is doing some crazy filtering. Every single port comes up as open, except for telnet, bgp, and https, all of which are filtered. Very odd. Actual DNS query attempts do not go through, needless to say. I do not think your current ISP is going to allow you to host a server.

Chort,
I have contacted my ISP and they assure me that all ports are open. I spent 30 minutes on the phone with them and they insist that it is my problem and that other people are hosting web sites thru their company.

I am at a loss at what to do. Is there maybe a patch or upgrade to dns or maybe another product that I can verify my configuration?

Should I try to reinstall bind? I am just grabbing at straws

any suggestions?

Jim

There's no problem with BIND, it's the path to you from the Internet that is the problem. Are you running any kind of firewall on your network? The nmap scan guessed your IP is protected by a Netscreen firewall, but that might not be accurate. Are you using NAT to your server? Are you running iptables on your server? There is something between the Internet and your server, whether it's your ISP or inside your house, something is blocking the requests.

http://www.dnsstuff.com/tools/dnsrep...=+www.acfd.biz

Quite interesting read ...



Cheers,
Tink