nameserver not visible, or not answering queries

[Crymson]

Well, what I thought was correct from the tutorials apparently isn't. I'm sure the same people will reply, so maybe they can find the error in this-

I have a cable modem, IP 24.121.34.160. The modem goes to a WiFi router, so I can have fun with WiFi. It acts as a gateway, 192.168.1.1. The router connects to a switch, for those unfortunates who don't have a wireless card. The machine is plugged in to that switch, hard coded IP of 192.168.1.2. (The DHCP range starts at 192.168.1.100).

I went to godaddy, where my domain is registered, and I told it to use me as the primary nameserver (24.121.34.160) It accepted the changes, but my nameserver isn't answering. I'm fairly certain it's possible to run a ns off a router, (NAT I think it's called), but if not, I can get another IP devoted just to the linux machine.

In order to preclude any possible questions, I'm going to post all the files that I believe are relevant.

[TheDweller]

Well, I tried connecting to your IP and theres no response from theDNS server. So either you havent started the named service, or you havent set up the port forwarding properly.

From memory, you must forward TCP and UDP to the port 53 of the DNS server.

[Crymson]

named is starting, and running, I've already verified that.

TCP and UDP port 53 are now forwarded to the server.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[To]

Even if you foward port 53 to your computer it doesn't work correctly, cause the IP's 192.168.1.1 and 24.121.34.160 aren't from your computer but from the switch. You could configure your named to lissin on 192.168.1.2, that's his IP, and foward the traffic from the switch to it.

Tó
_________________

------------------------------------------------
Linux Gandalf 3.2.35-grsec
Gentoo Base System version 2.2
------------------------------------------------

[kezzla]

To be more specific:

Change this:
listen-on- { 127.0.0.1; 192.168.1.1; 24.121.34.160; };
To this:
listen-on- { 127.0.0.1; 192.168.1.2; };

DNS queries are strictly UDP so you only need to forward UDP from your router to your linux server at 192.168.1.2. You also might want to add primary/reverse zones for your domain if you are going to be authoritative..

[kpack]

It looks to me like your server is up, but misconfigured. I tried the following:

nslookup
> server 24.121.34.160
> microsoft.com

I got:

Server: cm-24-121-34-160.flagstaff.az.npgco.com
Address: 24.121.34.160

*** Request to cm-24-121-34-160.flagstaff.az.npgco.com timed-out

If your server wasn't up, the server command would have failed.

Look in your log for more info.[/quote]

[Crymson]

Ok, I changed the line in named.conf, to reflect the earlier suggestion. I also took another look at my wiring, turns out I had one thing all screwed up, and I fixed it.

But, from my winbloz machine, I still can't ping/tracert to x.crymson.org (whether x is ns, www, ftp, mail)

Would some soul out there try to connect again, and see if something else is screwy? I also changed the port forwarding to just be UDP on port 53 to 192.168.1.2.

As for the suggestion of reverse zones, I thought I already did that? Isn't that what the 0.0.127.in-addr.arpa zone files do? I suppose a better question would be, which address do I need to reverse zone lookup for?

There's a lot of information here to get right, and I really appreciate you working with me on it.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[kezzla]

I tried it again, same result. Your server responds, but is unable to query anything.

For me it just hangs >>
# nslookup
# server 24.121.34.160
> 127.0.0.1
;; connection timed out; no servers could be reached

A good way to troubleshoot errors now would be through your logs.
Stop named, clear logfile, start named and check for errors when zones are loading. It will tell you line numbers and such..good stuff. Post it here if you like.

Edit your resolv.conf to have:
nameserver 127.0.0.1
domain <yourdomain.com>

Then do:
# nslookup msn.com
# nslookup 127.0.0.1
See what answers you get back.

FIX: crymson.org
$TTL 3D
@ IN SOA ns.crymson.org. hostmaster.ns.crymson.org. (
... lalala )
TXT "Crymson.org, our heads a splode"
NS ns
MX 10 mail.crymson.org.
localhost IN A 127.0.0.1
loopback IN CNAME localhost
ns IN A 24.124.34.160
www IN CNAME ns
mail IN CNAME ns
ftp IN CNAME ns

You need to add proper reverse zone for your public IP.
zone "34.124.24.in-addr.arpa" in {
type master;
file "34.124.24.zone";
};

34.124.24.zone
$TTL 3D
@ IN SOA ns.crymson.org. hostmaster.ns.crymson.org. (
.... lalalala )
NS crymson.org.
160 IN PTR ns.crymson.org.

[kpack]

Try this:

dig crymson.org +trace

You'll see that it goes into an infinite loop bouncing back and forth between the following:

[kpack]

Another problem is that your domain is listed as having two name servers:

ns2.npgco.com and
ns.crymson.org

ns2.npgco.com doesn't have any records for your domain.

[Crymson]

Yes, I know that ns2.npgco.com doesn't have any. I haven't set up secondary DNS yet. godaddy won't let me change only one of the nameservers, so I'm just trying to get my primary to work first, then worry about setting up secondary.

I put that one in, for no other reason than to pacify godaddy. So that explains that.

I'll get to work on the other stuff right now. Thanks again guys!!
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[Crymson]

[Crymson]

[kezzla]

Ok you are almost there

One thing I forgot was you need to add this to your crymson.org zone file:
crymson.org. IN A 24.121.34.160

And lastly so the rest of the world can view you, contact the folks you registered your domain with. You might have web access to modify DNS server settings.

Doing a "# whois crymson.org" yields these to be your nameservers:
Name Server:NS2.NPGCO.COM
Name Server:NS.CRYMSON.ORG

The problem is that NS2.NPGCO.COM knows nothing of crymson.org. You may need to remove that name server from the list. When this is done it can take up to 48 hours for this change to replicate.

[Crymson]

[kezzla]

Well I'm not 100% on this, but I believe that it tries the 2nd listed DNS server if the first one is NOT available or answering. Thus people on the outside will always get responses from the nameserver that knows nothing of crymson.org. So you will want to at least change the order so your nameserver "ns.crymson.org" is listed first.

[Crymson]

I just checked what godaddy has for my nameserver setup, and they say that my primary (nameserver 1) NS is ns.crymson.org, and my secondary (nameserver 2) is ns2.npgco.com. I don't have a nameserver 3.

It will not let me only have one nameserver.

So, should I simply change the order around, and wait another 48 hours? I was thinking, that if my ns is working, then it would never get to ns2.npgco.com, since mine would be answering/working correctly. Since it is getting referred to ns2.npgco.com, something is obviously still not set correctly in my computer. Either that, or all you guys trying to help me out just have the information cached, so it's just assuming you want to connect to the secondary ns.

I guess I'll do whatever you recommend. If you think I should change them, and wait two days, I will.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[kezzla]

w00t ! It appears to be working perfectly.
See below:

[Crymson]

w00t is right! This is awesome-

So now that I have DNS working, I already emerged apache. I obviously want to set up email/ftp/web - but I'll work on it one step at a time.

I'm just guessing now, but I need to configure apache, put my web page up, and people type in www.crymson.org, and they'll get my webpage. Along the same lines, once I set up ftp/email, they can connect to mail.crymson.org, and ftp.crymson.org, and it'll direct them to appropriate program?

Basically, my DNS is set up correctly, so now I just need to configure the appropriate services?

Again, thanks so much for your help!!!
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[kezzla]

You are EXACTLY right !!

[Crymson]

Ok, noone can seem to get through. I set up apache, and it's being weird from inside my network (more on that later) yet noone can connect. I had a friend try to connect to www.crymson.org - it timed out. He ran host www.crymson.org and got the following:

host www.crymson.org
www.crymson.org is an alias for ns.crymson.org.
ns.crymson.org has address 24.121.34.160

So, I think the ns is working, it just happens to be ignoring every request that gets sent its way.

Since I have the server plugged in to my router, so I need to forward all ports to the server? And if I do that, won't it really screw up using my laptop via dhcp? (In other words, if all traffic is forwarded to the linux machine, will my computer still function at all?)

Am I missing something else?

On a side note- when I try to connect to www.crymson.org from within my own network, I get connected to the router. The same goes if I try to connect directly to my IP (24.121.34.160). Yet, if I type http://192.168.1.2, I get the apache page. Is there some reason that within my network, I'm getting pointed to the router (192.168.1.1)?
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[Crymson]

Weird... so I set up port forwarding, and now it's behaving. Weird. So, looks like I gotta set up port forwarding for port 80, 21 (23 for ssh), and 25 for mail. Then it'll work. What a pain.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[Crymson]

I've figured out that I need a good MTA for my domain. I've looked at qmail, squirrelmail, and a few others, and I really can't tell one from another. Perhaps if I list my intentions, someone can narrow it down for me.

As you all already know, I have crymson.org. I want to dish out email addresses from there for myself, friends, family, etc. I want them to be able to connect using any mail client they want, simply by giving their l/p to mail.crymson.org.

I don't know if my ISP blocks port 25 incoming, but I'm sure I'll figure it out real quick when I try to set it up. I'd rather it not be a relay server, I'd much rather handle all this stuff on my own.

So, with that kind of setup in mind, which MTA is best for me? I could easily see running around 20-25 email accounts, so ease of management/maintenance is a good thing.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[kezzla]

My reccomendations:
MTA: Postfix
Webmail: Squirrelmail
IMAP: Courier-Imap

It's what I use and is rather easy to maintain and setup.
Might want to start a new thread for mail stuff