| View previous topic :: View next topic |
| Author |
Message |
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
 Posted: Sun May 29, 2005 5:46 pm Post subject: How do you Test DNS BIND w/o Internet IP Address |
 |
|
| i just installed and compiled bind witih a single domain name and local ip address (192.168.x.x) Until I get the internet ips to replace the local ip addresses, is there a way to test BIND locally to see if it works before you put it out live on the internet? |
|
| Back to top |
|
 |
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Sun May 29, 2005 6:38 pm Post subject: |
|
|
Yep, install bind-tools if you haven't already.
It includes "dig". You can do "dig yourdomain.com" and it should return info on your domain.
Conversely, "dig -x IP.AD.RE.SSS" should give you back a host name.
You got to make sure that /etc/resolv.conf is set up to use your nameservers. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Sun May 29, 2005 10:40 pm Post subject: |
|
|
when I run dig, it looks like its not resolving the domain name. I'm assuming this means my named isn't working correctly?
| Code: |
getz etc # dig streamingforjesus.com
; <<>> DiG 9.2.5 <<>> streamingforjesus.com
;; global options: printcmd
;; connection timed out; no servers could be reached
|
however if i change the name server entries in my resolv.conf file from the local machine ip (192.168.1.102) to another name server's ip, it looks up the domain and pulls another name server. below is my resolv.conf file
| Code: | domain streamingforjesus.com
nameserver 192.168.1.102
nameserver 192.168.1.102
|
|
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Sun May 29, 2005 10:44 pm Post subject: |
|
|
Try dig hostname.domain.name
Try dig @127.0.0.1 hostname.domain.name |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Sun May 29, 2005 10:51 pm Post subject: |
|
|
i guess it doesn't look like its working right ?
| Code: |
getz etc # dig getz.streamingforjesus.com
; <<>> DiG 9.2.5 <<>> getz.streamingforjesus.com
;; global options: printcmd
;; connection timed out; no servers could be reached
getz etc # dig @127.0.0.1 getz.streamingforjesus.com
; <<>> DiG 9.2.5 <<>> @127.0.0.1 getz.streamingforjesus.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39606
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;getz.streamingforjesus.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 30 06:48:51 2005
;; MSG SIZE rcvd: 44
|
|
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sun May 29, 2005 11:05 pm Post subject: |
|
|
| Code: | ;; connection timed out; no servers could be reached
getz etc # dig @127.0.0.1 getz.streamingforjesus.com |
BIND isn't listening on your real ethernet interface.
| Code: | | netstat -lp | grep named |
will most likely return 127.0.0.1:53 instead of 0.0.0.0:53 like it should.
The second test shows that your zone isn't configured correctly either, but first things first.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 12:29 am Post subject: |
|
|
ok, here is the output from the netstat
| Code: | getz etc # netstat -lp | grep named
tcp 0 0 localhost:domain *:* LISTEN 32609/named
tcp 0 0 localhost:953 *:* LISTEN 32609/named
udp 0 0 *:32782 *:* 32609/named
udp 0 0 localhost:domain *:* 32609/named
|
I guess this means its not even listining on the right port? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 12:51 am Post subject: |
|
|
No, it's listening on the right port - domain = 53. It's only listening on localhost - 127.0.0.1
netstat -anA inet | grep 53 will give you numeric output (n) |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 1:09 am Post subject: |
|
|
oh ok...
| Code: | getz bind # netstat -anA inet | grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
|
I think i might have fixed it. I added the local machine ip address to the line "Listen-on ( 192.168.1.102; 127.0.0.1 ) in the named.conf file . Does this mean my name server is working correctly?
now it says:
| Code: |
getz bind # netstat -anA inet | grep 53
tcp 0 0 192.168.1.102:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
udp 0 0 192.168.1.102:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
|
and then when I run dig again:
| Code: |
getz bind # dig streamingforjesus.com
; <<>> DiG 9.2.5 <<>> streamingforjesus.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29460
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Mon May 30 09:05:16 2005
;; MSG SIZE rcvd: 39
|
|
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 1:17 am Post subject: |
|
|
| Shouldn't I get an Authority section with the NS records when I dig the local domain name streamingforjesus.com? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 1:27 am Post subject: |
|
|
You must be on a mission. Did you sleep last night?
Yep, you should. You want me to take a peek at your zone files?
BTW, if this is your first go-round with BIND don't get discourage, it's not that easy. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 2:12 am Post subject: |
|
|
nope, no sleep yet.
here is my named.conf file
| Code: | options {
directory "/var/bind";
statistics-file "/var/bind/named.stats";
dump-file "/var/log/named.dump";
zone-statistics yes;
allow-recursion { 127.0.0.1; 192.168.1.102; };
allow-transfer { 192.168.1.102; };
notify yes;
also-notify { 192.168.1.102; };
pid-file "/var/run/named/named.pid";
recursive-clients 10000; // default 1000 is too low for us
serial-query-rate 10; // default 20
max-transfer-time-in 60; // kills transfers after 60 minutes
transfer-format many-answers; // Generates more efficient zone transfers
interface-interval 0; // we have no dynamic interfaces
listen-on-v6 { none; };
listen-on { 192.168.1.102; 127.0.0.1; };
);
zone "." IN {
type hint;
file "named.ca";
};
zone "streamingforjesus.com" IN {
type master;
file "jesus/streamingforjesus.com";
notify no;
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "jesus/db.192.168.1";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
|
and here is my streamingforjesus.com zone file :
| Code: |
$TTL 3D
streamingforjesus.com. IN SOA ns1.streamingforjesus.com.
webmaster.streamingforjesus.com. (
2005052801 ; Serial
8H ; Refresh
2H ; Retry
1W ; Expire - 1 week
1H ) ; Minimum
TXT "Streaming For Jesus"
localhost.streamingforjesus.com. IN A 127.0.0.1
streamingforjesus.com. IN A 192.168.1.102
www.streamingforjesus.com. IN CNAME streamginforjesus.com.
ns.streamingforjesus.com. IN A 192.168.1.102
ns2.streamingforjesus.com. IN A 192.168.1.102
streamingforjesus.com. IN NS ns.streamingforjesus.com.
streamingforjesus.com. IN NS ns2.streamingforjesus.com.
mail.streamingforjesus. IN MX 102 streamingforjesus.com.
ftp.streamingforjesus.com. IN CNAME streamingforjesus.com.
mail.streamingforjesus.com. IN CNAME streamingforjesus.com.
|
|
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 3:02 am Post subject: |
|
|
Let's start with the zone file:
| Code: | ns.streamingforjesus.com. IN A ....
..... IN A ns.streamingforjesus.com.
|
Don't you want this to be ns1? I assume that since it's in the SOA record.
The rest with A records that are all "192.168.1.102" should be converted to CNAME for now, until you get your IP ADDRESSES
102 is a bit high for an MX record. Switch it to 10
New file:
| Code: | $TTL 3D
streamingforjesus.com. IN SOA ns1 webmaster (
2005052801 ; Serial
8H ; Refresh
2H ; Retry
1W ; Expire - 1 week
1H ) ; Minimum
TXT "Streaming For Jesus"
streamingforjesus.com. IN NS ns1.streamingforjesus.com.
streamingforjesus.com. IN NS ns2.streamingforjesus.com.
mail.streamingforjesus.com. IN MX 10 streamingforjesus.com.
localhost.streamingforjesus.com. IN A 127.0.0.1
streamingforjesus.com. IN A 192.168.1.102
www.streamingforjesus.com. IN CNAME streamginforjesus.com.
ns1.streamingforjesus.com. IN CNAME streamingforjesus.com.
ns2.streamingforjesus.com. IN CNAME streamingforjesus.com.
ftp.streamingforjesus.com. IN CNAME streamingforjesus.com. |
You may notice that I've shortened the SOA line. Anything not ending with a "." will automatically have the domainname appended to it. Just makes it easier to read. The same can be done will all the host names. For example, www.streamingforjesus.com. can become just www - Get the picture? It's up to you. Now let me comb thru your named.conf. |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 3:32 am Post subject: |
|
|
| Code: | options {
directory "/var/bind";
statistics-file "/var/bind/named.stats";
dump-file "/var/log/named.dump";
zone-statistics yes;
allow-recursion { 127.0.0.1; 192.168.1.102; };
# allow-transfer { 192.168.1.102; };
# not-running a secondary so you don't need this yet
#notify yes;
# ditto
#also-notify { 192.168.1.102; };
# ditto
pid-file "/var/run/named/named.pid";
recursive-clients 10000; // default 1000 is too low for us
serial-query-rate 10; // default 20
max-transfer-time-in 60; // kills transfers after 60 minutes
transfer-format many-answers; // Generates more efficient zone transfers
interface-interval 0; // we have no dynamic interfaces
listen-on-v6 { none; };
listen-on { 192.168.1.102; 127.0.0.1; };
);
zone "." IN {
type hint;
file "named.ca";
};
zone "streamingforjesus.com" IN {
type master;
file "jesus/streamingforjesus.com"; # Standard dir is pri/ for primary servers, sec/ for secondary
notify no; # fine for now, not running secondary. See BIND ADMIN MANUAL re notiify and no notify in
# options and zone sections
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "jesus/db.192.168.1"; # Standard dir is pri/ for primary servers, sec/ for secondary
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
|
Except for my comments in the file, it looks good. The directories for you zone files is up to you. Just thought I'd throw that in there. You should also take a look at the BIND 9 ADMINISTRATORS MANUAL.
THIS SECTION is regarding notify. Don't worry it's short.
Let 'er rip |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 3:39 am Post subject: |
|
|
Cool, I made the changes and ran dig streamingforjesus.com again and the authority section doesn't list just as when I dig yahoo.com. am i not supposed to have an authority section because i'm not running more than one name server?
| Code: |
getz bind # dig streamingforjesus.com
; <<>> DiG 9.2.5 <<>> streamingforjesus.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43580
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN A
;; Query time: 1 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Mon May 30 11:36:05 2005
;; MSG SIZE rcvd: 39
|
|
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 3:48 am Post subject: |
|
|
| what command did you issue? |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 4:04 am Post subject: |
|
|
ARG, I missed something in your zone file.
| Code: | | TXT "Streaming for Jesus" |
Should be
| Code: | | IN TXT "Streaming for Jesus" |
You don't really need it. Change or delete that, restart BIND and what do you get? |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 12:09 pm Post subject: |
|
|
Is this all i'm supposed to get?
| Code: | getz jesus # dig streamingforjesus.com
; <<>> DiG 9.2.5 <<>> streamingforjesus.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25023
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN A
;; Query time: 22 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Mon May 30 20:07:06 2005
;; MSG SIZE rcvd: 39
|
|
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 5:05 pm Post subject: |
|
|
Change the section under the SOA from
| Code: | TXT "Streaming For Jesus"
streamingforjesus.com. IN NS ns1.streamingforjesus.com.
streamingforjesus.com. IN NS ns2.streamingforjesus.com.
mail.streamingforjesus.com. IN MX 10 streamingforjesus.com. |
To
| Code: | IN TXT "Streaming For Jesus"
IN A 192.168.1.102
IN NS ns1.streamingforjesus.com.
IN NS ns2.streamingforjesus.com.
IN MX 10 mail.streamingforjesus.com. |
"dig streamingforjesus.com" will show an ip address for streamingforjesus.com, but no SOA
"dig streamingforjesus.com -t SOA" will show the SOA.
Basically the line "IN A 192.168.1.102" assigns an ip address to the domain itself (no hostname). If you comment that line out "dig streamingforjesus" will show just the SOA, and not an ip address for the domain.
Give it a shot. I think we got it this time. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 5:33 pm Post subject: |
|
|
i think it worked..
| Code: | getz jesus # dig streamingforjesus.com
; <<>> DiG 9.2.5 <<>> streamingforjesus.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54752
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue May 31 01:28:27 2005
;; MSG SIZE rcvd: 39
getz jesus # dig streamingforjesus.com -t soa
; <<>> DiG 9.2.5 <<>> streamingforjesus.com -t soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61695
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN SOA
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue May 31 01:30:25 2005
;; MSG SIZE rcvd: 39
|
|
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 6:02 pm Post subject: |
|
|
| The firt dig failed. Post the zone file again please. |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 7:37 pm Post subject: |
|
|
| Code: | $TTL 3D
streamingforjesus.com. IN SOA ns1 webmaster (
2005052801 ; Serial
8H ; Refresh
2H ; Retry
1W ; Expire - 1 week
1H ) ; Minimum
IN TXT "Streaming For Jesus"
streamingforjesus.com. IN A 192.168.1.102
streamingforjesus.com. IN NS
ns1.streamingforjesus.com.
streamingforjesus.com IN NS
ns2.streamingforjesus.com.
mail.streamingforjesus.com. IN MX 10
streamingforjesus.com.
localhost.streamingforjesus.com. IN A 127.0.0.1
www.streamingforjesus.com. IN CNAME streamginforjesus.com.
ns1.streamingforjesus.com. IN CNAME streamingforjesus.com.
ns2.streamingforjesus.com. IN CNAME streamingforjesus.com.
ftp.streamingforjesus.com. IN CNAME streamingforjesus.com.
|
|
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Mon May 30, 2005 7:59 pm Post subject: |
|
|
| Quote: | | i think it worked.. |
No it didn't - neither query returns an answer.
From now on, run
| Code: | | dig streamingforjesus.com any |
to get any info there is on the domain, including nameservers, mail exchangers and text records.
A few more comments (also for overkill)
| Code: | | IN MX 10 mail.streamingforjesus.com. |
This is only valid if mail.sfj.com is an A record - it may not be a CNAME!
Your best options here are:
| Code: | $TTL 3D
@ IN SOA ns1 webmaster (
2005053002 ; Serial
8H ; Refresh
2H ; Retry
1W ; Expire - 1 week
1H ) ; Minimum
IN TXT "Streaming For Jesus"
IN NS ns1
IN MX 10 mail
IN A 192.168.1.102
ns1 IN A 192.168.1.102
mail IN A 192.168.1.102
www IN CNAME mail
ftp IN CNAME mail
|
Neither the MX record nor the NS ones should be CNAMEs.
If you change this and reload the database:
an "any" query against your domain should return the SOA, TXT, NS and MX records.
Also, if you
| Code: | | dig streamingforjesus.com www |
it should return both the CNAME and the A record it points to.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
overkll
Veteran
Joined: 21 Sep 2004
Posts: 1249
Location: Austin, Texas
|
| Posted: Mon May 30, 2005 8:24 pm Post subject: |
|
|
Thanks for the tips adaptr! I'm always willing to learn.
I thought if the right side of the RR was an IP, it needed to be unique i.e. no multiple A records with the same IP address.
Glad a veteren jumped in to help! Maybe you can check this one too?
https://forums.gentoo.org/viewtopic-t-343373-highlight-.html |
|
| Back to top |
|
|
phillosophy
Tux's lil' helper
Joined: 23 May 2005
Posts: 94
|
| Posted: Mon May 30, 2005 11:51 pm Post subject: |
|
|
I made the changes above and came up with the following when I dig streamingforjesus.com www. I don't see the cname entries for mail or ftp, i just see one for the www which is an A record. Does this mean its still not working? Also, why do you only use an "@" instead of the domain name?
| Code: | getz jesus # rndc reload
getz jesus # dig streamingforjesus.com any
; <<>> DiG 9.2.5 <<>> streamingforjesus.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31943
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN ANY
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue May 31 07:38:08 2005
;; MSG SIZE rcvd: 39
getz jesus # dig streamingforjesus.com www
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14457
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;streamingforjesus.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue May 31 07:38:19 2005
;; MSG SIZE rcvd: 39
; <<>> DiG 9.2.5 <<>> streamingforjesus.com www
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64647
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www. IN A
;; AUTHORITY SECTION:
. 10740 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2005053000 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Tue May 31 07:38:19 2005
;; MSG SIZE rcvd: 96
|
|
|
| Back to top |
|
|
|
Networking & Security
