| View previous topic :: View next topic |
| Author |
Message |
EASYdoor
Tux's lil' helper
Joined: 21 Aug 2004
Posts: 79
Location: Novo mesto
|
 Posted: Tue Dec 20, 2005 10:24 am Post subject: BIND & DNS resolution - [SOLVED] |
 |
|
I'm trying to established a domain "domain.net" & bunch of subdomains like pop.domain.net, smtp.domain.net...etc. This configuration worked before very well with a bit older release of BIND. The problem is that my main ns.domain.net works well i can ping it from outside, but any other sub domain like www, smtp, pop doesn't work.... this should be apache2, myql & mail server for domain.net. Here are my configs:
/etc/conf.d/hostname
/etc/conf.d/domainname
| Code: |
OVERRIDE=1
DNSDOMAIN="domain.net"
|
/etc/conf.d/named
/etc/bind/named.conf
| Code: |
options {
directory "/var/bind";
// uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) :
//forward first;
//forwarders {
// 123.123.123.123;
// 123.123.123.123;
//};
listen-on-v6 { none; };
listen-on { 127.0.0.1; };
// to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
//zone "domain.net" IN {
//# type master;
//# file "domain.net";
//#};
zone "domain.net" {
type master;
// notify yes;
file "domain.net";
// allow-transfer {
// 216.110.187.226;
// };
};
|
/etc/bind/pri/126.zone
| Code: |
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2002081601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS localhost.
* 1D IN PTR localhost.
|
/var/bind/named.ca
| Code: |
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
|
/var/bind/pri/127.zone
| Code: | $ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
2002081601 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS localhost.
* 1D IN PTR localhost.
|
/var/bind/pri/localhost.zone
| Code: | $TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2002081601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns
localhost. IN A 127.0.0.1
|
/var/bind/domain.net
| Code: |
$TTL 3D
$ORIGIN domain.net.
@ IN SOA ns.domain.net hostmaster.domain.net. (
200512160
28800
7200
604800
86400
);
NS ns.domain.net.
MX 10 mail
;
A myipadress
ns A myipadress
mail A myipadress
imap A myipadress
smtp A myipadress
pop A myipadress
ftp A myipadress
www A myipadress
|
my firewall rules i'm behind NAT:
| Code: |
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT #apache
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT #apache-ssh
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #ftp
iptables -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT #ssh
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT #bind
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 33459 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport rndc -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 953 -j ACCEPT #bind
#iptables -A INPUT -p udp -m udp --dport 3306 -j ACCEPT
#iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
|
here's netstat -lp:
| Code: |
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 mail.domain.net:mysql *:* LISTEN 16935/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 6776/smbd
tcp 0 0 *:2222 *:* LISTEN 6696/sshd
tcp 0 0 *:http *:* LISTEN 12910/apache2
tcp 0 0 mail.domain.net:domain *:* LISTEN 19263/named
tcp 0 0 *:3000 *:* LISTEN 6801/ntop
tcp 0 0 mail.domain.net:rndc *:* LISTEN 19263/named
tcp 0 0 *:https *:* LISTEN 12910/apache2
tcp 0 0 *:microsoft-ds *:* LISTEN 6776/smbd
udp 0 0 mail:netbios-ns *:* 6785/nmbd
udp 0 0 *:netbios-ns *:* 6785/nmbd
udp 0 0 mail:netbios-dgm *:* 6785/nmbd
udp 0 0 *:netbios-dgm *:* 6785/nmbd
udp 0 0 mail.domain.net:domain *:* 19263/named
udp 0 0 *:33465 *:* 19263/named
udp 0 0 mail.domain.net:33623 *:* 5743/smbd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 166416 16935/mysqld /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 160202 12911/apache2 /var/run/cgisock
unix 2 [ ACC ] STREAM LISTENING 6337 4116/acpid /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 6583 4246/syslog-ng /dev/log
|
ps fax:
| Code: |
6801 ? Ss 0:01 /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6842 ? S 0:00 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6843 ? S 0:00 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6844 ? S 0:33 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6845 ? S 0:10 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6846 ? S 0:01 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6851 ? S 0:00 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6852 ? S 0:00 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
6853 ? S 0:31 \_ /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop --http-server 3000 --https-server 0 --interface ppp0
19263 ? Ss 0:00 /usr/sbin/named -u named -n 1
|
That's all what i could think that might be usefull, to you. So the zone reloades just fine everything is ok (also logs!) but it just not work. I've given my domain provider my ns.domain.net and it's ok, i can ping it,...but anything else is a fucking problem...
please if anyone has an idea about this topic it would be greatelly apreciated...thnx!
_________________
Pejt na pir! Ne, ne,...se boljs,....JST grem na pir 
Last edited by EASYdoor on Tue Dec 20, 2005 10:43 am; edited 1 time in total |
|
| Back to top |
|
 |
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
| Posted: Tue Dec 20, 2005 10:30 am Post subject: |
|
|
Er, at a quick glance, your named is only listening on localhost - i.e., | Code: | | listen-on { 127.0.0.1; }; |
Given that, it's no surprise that resolution doesn't work from the outside...
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
| Back to top |
|
|
EASYdoor
Tux's lil' helper
Joined: 21 Aug 2004
Posts: 79
Location: Novo mesto
|
| Posted: Tue Dec 20, 2005 10:43 am Post subject: weee |
|
|
moocha u rock!!! fixed!
_________________
Pejt na pir! Ne, ne,...se boljs,....JST grem na pir |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
