| View previous topic :: View next topic |
| Author |
Message |
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
 Posted: Thu Apr 20, 2006 5:11 pm Post subject: Bind running but not work please help!!! |
 |
|
Ok I have look around, read documentations, ran through with the bind wiki on gentoo, and googled about it. Got bind up and running, but it just doesn't work I have figured my router's firewall so the port of DNS is opened for both TCP/UBP.
I am currently playing with these 2 domains: name.sunnz.org and sunnz.info.
I have setup name.sunnz.org to use my registar's nameserver and it resolves to my server, sunnz.org
Now I am trying to setup name.sunnz.org as the nameserver for sunnz.info.
/chroot/dns/etc/bind/named.conf: | Code: | options {
directory "/var/bind";
statistics-file "/var/bind/named.stats";
dump-file "/var/bind/named.dump";
zone-statistics yes;
// uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) :
//forward first;
//forwarders {
// 123.123.123.123;
// 123.123.123.123;
//};
listen-on-v6 { none; };
listen-on { 127.0.0.1; };
// to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
//HOWTO stuff
// Include logging config file
include "/var/bind/conf/logging.conf";
// Include to ACLs
//include "/var/bind/conf/acls.conf";
// Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to
// filter out "wildcard" or "synthesized" data from NAT boxes or from
// authoritative name servers whose undelegated (in-zone) data is of no
// interest.
// See http://www.isc.org/products/BIND/delegation-only.html for more info
//zone "COM" { type delegation-only; };
//zone "NET" { type delegation-only; };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
//my zones
zone "sunnz.info" IN { type master; file "personal/sunnz.info"; }; |
/chroot/dns/var/bind/personal/sunnz.info: | Code: | $TTL 86400
@ IN SOA name.sunnz.org. fatalerror.sunnz.net. (
2006042104; Serial Number
12h; Refresh Rate in seconds
1h; Update retry in seconds
2w; Expiry in seconds
1h; Minimum in seconds
)
IN NS name.sunnz.org.
; IN NS ns2.starserve.info.
; IN NS ns3.starserve.info.
IN MX 10 mail.sunnz.info.
;www IN A 192.168.0.7
@ IN A 151.101.115.5
localhost IN A 127.0.0.1
* IN A 151.101.115.5
;anu IN A 59.167.251.19
;home IN A 59.167.251.19
mail IN CNAME mail.sunnz.net. |
I have tried to substitude 151.101.115.5 with 192.168.0.7 but still doesn't work.
I have been testing by nslookup sunnz.info from an external server, is that how it is suppose to be tested? |
|
| Back to top |
|
 |
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Thu Apr 20, 2006 5:46 pm Post subject: Re: Bind running but not work please help!!! |
|
|
| Sunnz wrote: | | Code: | | @ IN A 151.101.115.5 |
I have tried to substitude 151.101.115.5 with 192.168.0.7 but still doesn't work. |
First things first. Is your IPA 150..., or 151...?
| Code: | dave@InternalSvcs ~ $ dig sunnz.org
; <<>> DiG 9.3.2 <<>> sunnz.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14989
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;sunnz.org. IN A
;; ANSWER SECTION:
sunnz.org. 86400 IN A 150.101.115.5
;; AUTHORITY SECTION:
sunnz.org. 86400 IN NS ns30.1and1.com.
sunnz.org. 86400 IN NS ns29.1and1.com.
;; ADDITIONAL SECTION:
ns29.1and1.com. 73705 IN A 217.160.224.2
ns30.1and1.com. 73705 IN A 217.160.228.2
;; Query time: 154 msec
;; SERVER: 216.88.76.6#53(216.88.76.6)
;; WHEN: Thu Apr 20 12:49:05 2006
;; MSG SIZE rcvd: 122 |
If DNS is pointing to the wrong IPA, ain't nothing else going to help. 
Dave |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Thu Apr 20, 2006 6:49 pm Post subject: Re: Bind running but not work please help!!! |
|
|
| Sunnz wrote: | | Code: |
listen-on-v6 { none; };
listen-on { 127.0.0.1; }; |
I have been testing by nslookup sunnz.info from an external server, is that how it is suppose to be tested? |
You are only listening on the loopback, lookups from an external server are not going to work.... |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 2:22 am Post subject: Re: Bind running but not work please help!!! |
|
|
| DaveArb wrote: | | Sunnz wrote: | | Code: | | @ IN A 151.101.115.5 |
I have tried to substitude 151.101.115.5 with 192.168.0.7 but still doesn't work. |
First things first. Is your IPA 150..., or 151...?
| Code: | dave@InternalSvcs ~ $ dig sunnz.org
; <<>> DiG 9.3.2 <<>> sunnz.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14989
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;sunnz.org. IN A
;; ANSWER SECTION:
sunnz.org. 86400 IN A 150.101.115.5
;; AUTHORITY SECTION:
sunnz.org. 86400 IN NS ns30.1and1.com.
sunnz.org. 86400 IN NS ns29.1and1.com.
;; ADDITIONAL SECTION:
ns29.1and1.com. 73705 IN A 217.160.224.2
ns30.1and1.com. 73705 IN A 217.160.228.2
;; Query time: 154 msec
;; SERVER: 216.88.76.6#53(216.88.76.6)
;; WHEN: Thu Apr 20 12:49:05 2006
;; MSG SIZE rcvd: 122 |
If DNS is pointing to the wrong IPA, ain't nothing else going to help.
Dave |
Oohhh I knew I made a typo somewhere!!!! | Bad Penguin wrote: | | Sunnz wrote: | | Code: |
listen-on-v6 { none; };
listen-on { 127.0.0.1; }; |
I have been testing by nslookup sunnz.info from an external server, is that how it is suppose to be tested? |
You are only listening on the loopback, lookups from an external server are not going to work.... |
I don't know, I have no ideas what that code means, really, the guides I have been through doesn't really explain anything. I tried reading the doc at isc.org but it is so abstract to be understood with their limited example.
So, if that's not going to work, what do I make it work? |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 2:35 am Post subject: |
|
|
Ok, I think I got it working now:
| Code: | nslookup sunnz.info
Server: 150.203.24.1
Address: 150.203.24.1#53
Non-authoritative answer:
Name: sunnz.info
Address: 150.101.115.5 |
150.203.24.1 would be just the ISP or something that my external machine is running, right?
All I have done is well, fix up the IPA typo!  And comment out the accept on { 127.0.0.1; } line.
Is that the right thing to do or is there a better way?
Thanks so much!!! |
|
| Back to top |
|
|
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Fri Apr 21, 2006 2:47 am Post subject: |
|
|
I'm getting wacky results on your whois and dns queries. Depending on what I use to ask, I've received the 150... address you've given, but also 65.98.14.34 which is a Pegasus IPA. The two addresses you've listed are in Australia, or Boston MA USA. And the registrant of the domain seems to be in Tennessee, USA. Wild... 
Dave |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 3:09 am Post subject: |
|
|
Ahh yes, that's because the secondary name server will give a different IP, because I don't really own the secondary name server.
This would arise to another queston, I actually own one server myself, that is, one IP and one BOX. Yet I have to specify at least 2 nameservers for my domains on my registar.
Is it possible to to the same server somehow? Maybe name1.sunnz.org and nam2.sunnz.org both referring to the same DNS server? Do I just setup both master and slave zones on the same box?
By owning I mean the machine I have physicall access to and I have actually setup the machine myself, including installing Gentoo The other one is simply a web host that I am using at the moment. |
|
| Back to top |
|
|
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
| Posted: Fri Apr 21, 2006 1:11 pm Post subject: |
|
|
Better would be to use a different service for your backup nameserver. Your registrar may offer this service for free, or there are other free DNS services (limited in various ways). I've used ZoneEdit and they've done a nice job, relatively simple interface.
Dave |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 2:11 pm Post subject: |
|
|
| DaveArb wrote: | Better would be to use a different service for your backup nameserver. Your registrar may offer this service for free, or there are other free DNS services (limited in various ways). I've used ZoneEdit and they've done a nice job, relatively simple interface.
Dave |
Ohh my registar does do so!!! However it does say that my name server must allow a zone transfer (AXFR), so how do I know if my name server do so? |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Fri Apr 21, 2006 2:15 pm Post subject: Re: Bind running but not work please help!!! |
|
|
| Sunnz wrote: | Oohhh I knew I made a typo somewhere!!!! | Bad Penguin wrote: | | Sunnz wrote: | | Code: |
listen-on-v6 { none; };
listen-on { 127.0.0.1; }; |
I have been testing by nslookup sunnz.info from an external server, is that how it is suppose to be tested? |
You are only listening on the loopback, lookups from an external server are not going to work.... |
I don't know, I have no ideas what that code means, really, the guides I have been through doesn't really explain anything. I tried reading the doc at isc.org but it is so abstract to be understood with their limited example.
So, if that's not going to work, what do I make it work? |
You need set listen-on to the actual ip address that bind is running on. For example if the actual ip address of the nameserver bind is running on is 192.168.0.1, set it to:
| Code: | | listen-on { 127.0.0.1; 192.168.0.1; }; |
|
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 2:21 pm Post subject: Re: Bind running but not work please help!!! |
|
|
| Bad Penguin wrote: | | Sunnz wrote: | Oohhh I knew I made a typo somewhere!!!! | Bad Penguin wrote: | | Sunnz wrote: | | Code: |
listen-on-v6 { none; };
listen-on { 127.0.0.1; }; |
I have been testing by nslookup sunnz.info from an external server, is that how it is suppose to be tested? |
You are only listening on the loopback, lookups from an external server are not going to work.... |
I don't know, I have no ideas what that code means, really, the guides I have been through doesn't really explain anything. I tried reading the doc at isc.org but it is so abstract to be understood with their limited example.
So, if that's not going to work, what do I make it work? |
You need set listen-on to the actual ip address that bind is running on. For example if the actual ip address of the nameserver bind is running on is 192.168.0.1, set it to:
| Code: | | listen-on { 127.0.0.1; 192.168.0.1; }; |
|
I have actually commented out that part so it works... but I guess that's not good practice?
But, what do you really mean by 192.168.0.1? That would be the IP known internal to my network, but not the internet... so should it be "the internet IP"; or just the ip of the given to the server by the router? |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Fri Apr 21, 2006 2:24 pm Post subject: |
|
|
| Sunnz wrote: | | DaveArb wrote: | Better would be to use a different service for your backup nameserver. Your registrar may offer this service for free, or there are other free DNS services (limited in various ways). I've used ZoneEdit and they've done a nice job, relatively simple interface.
Dave |
Ohh my registar does do so!!! However it does say that my name server must allow a zone transfer (AXFR), so how do I know if my name server do so? |
If the IP address of your registrar's DNS server is 1.2.3.4, add this to named.conf:
| Code: |
acl "registrar-xfr" {
1.2.3.4;
};
options {
...
allow-transfer { registrar-xfr; };
...
};
|
Without further tweaking putting allow-transfer in your options section will allow your registrar to transfer any zone you serve. If you want your registrar to only be able to transfer selected zones, stick the statement within the particular zone section. For example:
| Code: |
zone "mydomain.com" IN {
type master;
allow-transfer { registrar-xfr; };
};
|
Last edited by Bad Penguin on Fri Apr 21, 2006 2:38 pm; edited 1 time in total |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Fri Apr 21, 2006 2:33 pm Post subject: Re: Bind running but not work please help!!! |
|
|
| Sunnz wrote: | I have actually commented out that part so it works... but I guess that's not good practice?
But, what do you really mean by 192.168.0.1? That would be the IP known internal to my network, but not the internet... so should it be "the internet IP"; or just the ip of the given to the server by the router? |
If you comment it out then named listens to every interface on the box, which is no big deal unless you want to run named on a specific interface on a box with multiple network cards...
If you do specify listen-on, it has to be an actual physical ip address on the box, natted or not. Well, unless you are using weird local natting options that nats the boxes interfaces to itself. Don't even think about that, just trust me, it has to be set to an actual ip address running on the box If you specify an incorrect address named will either fail to run or will only bind to the loopback address, which will prevent any lookups from anywhere other than 127.0.0.1.
BTW, if you are new to DNS, here is a decent tutorial. |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 2:55 pm Post subject: |
|
|
| Quote: |
If the IP address of your registrar's DNS server is 1.2.3.4, add this to named.conf:
| Code: |
acl "registrar-xfr" {
1.2.3.4;
};
options {
...
allow-transfer { registrar-xfr; };
...
};
|
Without further tweaking putting allow-transfer in your options section will allow your registrar to transfer any zone you serve. If you want your registrar to only be able to transfer selected zones, stick the statement within the particular zone section. For example:
| Code: |
zone "mydomain.com" IN {
type master;
allow-transfer { registrar-xfr; };
};
|
|
Is it possible to do allow-transfer { 1.2.3.4; }; or must I always do acl "registrar-xfr"? | Quote: | If you comment it out then named listens to every interface on the box, which is no big deal unless you want to run named on a specific interface on a box with multiple network cards...
If you do specify listen-on, it has to be an actual physical ip address on the box, natted or not. Well, unless you are using weird local natting options that nats the boxes interfaces to itself. Don't even think about that, just trust me, it has to be set to an actual ip address running on the box If you specify an incorrect address named will either fail to run or will only bind to the loopback address, which will prevent any lookups from anywhere other than 127.0.0.1. |
Oh yea I think I got it now, it is just that ip address are sometime confusing after googling and seeing different examples...
[quote
BTW, if you are new to DNS, here is a decent tutorial.[/quote]Yes I am a total beginner to DNS, I think this link is just what I need!!! Thanks very much!!!
Just a question, if I add more zones, (say I brought a new domain) do I have to restart named everytime? |
|
| Back to top |
|
|
Bad Penguin
Guru
Joined: 18 Aug 2004
Posts: 507
|
| Posted: Fri Apr 21, 2006 3:17 pm Post subject: |
|
|
| Sunnz wrote: | | Is it possible to do allow-transfer { 1.2.3.4; }; or must I always do acl "registrar-xfr"? |
Yep, you can specify the ip address instead. I just find it easier to define all of my acls at the top and only change acl entries there when ip addresses change, when I need to add or edit more transferees (is that a word), etc...
| Sunnz wrote: | | Just a question, if I add more zones, (say I brought a new domain) do I have to restart named everytime? |
I always do because I am too lazy to correctly set up ndc... |
|
| Back to top |
|
|
Sunnz
Guru
Joined: 18 Jun 2005
Posts: 370
|
| Posted: Fri Apr 21, 2006 3:30 pm Post subject: |
|
|
| I see, well, thanks for all your help! Very helpfull indeed! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
