| View previous topic :: View next topic |
| Author |
Message |
double00
n00b
Joined: 30 Sep 2002
Posts: 42
|
 Posted: Thu May 22, 2003 12:21 am Post subject: named/bind issues |
 |
|
This isn't specifically a gentoo issue, but i'm having a problem with setting up BIND, and hoping someone can help 
Essentially I can resolve queries if I query my server direclty ( ie in /etc/resolv.conf my server is specified ) however, if I use another DNS server ( my ISP, samspade.org ) to look up names/ip's, then I get a timed out error (from nslookup).
I have registered a domain (doublezero.net) and dns1.doublezero.net and dns2.doublezero.net are registered (or is that delegated) for the domain. and have just emerged bind. my conf file looks like this:
| Code: |
options {
directory "/var/bind";
listen-on { 192.168.9.17; };
listen-on { 81.2.76.162; };
pid-file "/var/run/named/named.pid";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "yada-yada";
};
zone "." IN {
type hint;
file "db.cache";
};
zone "doublezero.net" IN {
type master;
file "zones/db.doublezero.net";
allow-update { none; };
notify no;
};
zone "localhost" IN {
type master;
file "zones/localhost";
allow-update { none; };
notify no;
};
zone "76.2.81.in-addr.arpa" IN {
type master;
file "zones/db.76.2.81.in-addr";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "zones/127";
allow-update { none; };
notify no;
};
|
my zone file looks like this
| Code: |
$TTL 3h
doublezero.net. IN SOA dns1.doublezero.net. dns.doublezero.net. (
200305211 ; serial
21600 ; refresh (6 hours)
1800 ; retry (30 mins)
2592000 ; expire (30 days)
86400 ) ; minimum (1 day)
doublezero.net. IN NS dns1.doublezero.net.
doublezero.net. IN NS dns2.doublezero.net.
dns1.doublezero.net. IN A 81.2.76.162
squirrel.doublezero.net. IN CNAME dns1.doublezero.net.
|
and reverse zone file thus:
| Code: |
$ttl 3h
76.2.81.in-addr.arpa IN SOA dns1.doublezero.net. dns.doublezero.net. (
200305211 ; serial
21600 ; refresh (6 hours)
1800 ; retry (30 mins)
2592000 ; expire (30 days)
86400 ) ; minimum (1 day)
;Nameserver
76.2.81.in-addr.arpa. IN NS dns1.doublezero.net.
76.2.81.in-addr.arpa. IN NS dns2.doublezero.net.
;Addresses
162 IN PTR dns1.doublezero.net. |
[/code]
I get no error messages in syslog upon startup, and I see lots of queries coming in whenever I try to resolve addresses, but no results.
| Code: | May 22 01:16:46 squirrel named[26476]: May 22 01:16:46.063queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
May 22 01:17:00 squirrel named[26476]: May 22 01:17:00.075queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
May 22 01:17:14 squirrel named[26476]: May 22 01:17:14.084queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
May 22 01:17:21 squirrel named[26476]: May 22 01:17:21.452queries: info: client 217.169.20.20#32768: query: squirrel.doublezero.net IN A
May 22 01:17:29 squirrel named[26476]: May 22 01:17:29.102queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
May 22 01:17:42 squirrel named[26476]: May 22 01:17:42.480queries: info: client 217.169.20.20#32768: query: squirrel.doublezero.net IN A
May 22 01:17:45 squirrel named[26476]: May 22 01:17:45.133queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
May 22 01:18:05 squirrel named[26476]: May 22 01:18:05.562queries: info: client 217.169.20.20#32768: query: squirrel.doublezero.net IN A
May 22 01:18:15 squirrel named[26476]: May 22 01:18:15.137queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
|
any suggestion pls? |
|
| Back to top |
|
 |
uxbod
Guru
Joined: 30 Dec 2002
Posts: 474
Location: UK
|
| Posted: Thu May 22, 2003 12:51 am Post subject: |
|
|
Just tried connecting to you and here are the results :
slider root # nmap -P0 -sU -p 53 81.2.76.162
Starting nmap 3.20 ( www.insecure.org/nmap/ ) at 2003-05-22 01:45 GMT
Interesting ports on 81.2.76.162:
Port State Service
53/udp open domain
Nmap run completed -- 1 IP address (1 host up) scanned in 22.025 seconds
slider root # nmap -P0 -sT -p 53 81.2.76.162
Starting nmap 3.20 ( www.insecure.org/nmap/ ) at 2003-05-22 01:46 GMT
Interesting ports on 81.2.76.162:
Port State Service
53/tcp filtered domain
Nmap run completed -- 1 IP address (1 host up) scanned in 46.115 seconds
So it seems that your firewall is okay for queries so thats a good start  tried querying it and get no response. Can you check your logfiles again for errors and post any back plz. |
|
| Back to top |
|
|
double00
n00b
Joined: 30 Sep 2002
Posts: 42
|
| Posted: Thu May 22, 2003 7:30 am Post subject: |
|
|
I guess I could close down tcp:53? Here is the logs from the daemon restart. I don't seem to be able to squeeze any more logging info from client queries, even though logging is set to debug within named.conf
| Code: |
May 22 08:22:40 squirrel named[14641]: starting BIND 9.2.2 -u named -n 1 -t /chroot/named
May 22 08:22:40 squirrel named[14641]: using 1 CPU
May 22 08:22:40 squirrel named[24174]: loading configuration from '/etc/bind/named.conf'
May 22 08:22:40 squirrel named[24174]: listening on IPv4 interface eth0, 81.2.76.162#53
May 22 08:22:40 squirrel named[24174]: listening on IPv4 interface wlan0, 192.168.9.17#53
May 22 08:22:41 squirrel named[24174]: command channel listening on 127.0.0.1#953
May 22 08:22:41 squirrel named[24174]: /etc/bind/named.conf:12: unknown logging category 'statistics' ignored
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.005general: debug 1: now using logging configuration from config file
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.007general: debug 1: load_configuration: success
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.008general: debug 1: zone 127.in-addr.arpa/IN: starting load
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.011general: debug 1: zone 127.in-addr.arpa/IN: loaded
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.013general: debug 1: zone 127.in-addr.arpa/IN: journal rollforward completed successfully: no journal
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.014general: info: zone 127.in-addr.arpa/IN: loaded serial 2002081601
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.014general: debug 1: zone 76.2.81.in-addr.arpa/IN: starting load
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.022general: debug 1: zone 76.2.81.in-addr.arpa/IN: loaded
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.023general: debug 1: zone 76.2.81.in-addr.arpa/IN: journal rollforward completed successfully: no journal
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.024general: info: zone 76.2.81.in-addr.arpa/IN: loaded serial 200305221
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.025general: debug 1: zone localhost/IN: starting load
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.028general: debug 1: zone localhost/IN: loaded
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.029general: debug 1: zone localhost/IN: journal rollforward completed successfully: no journal
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.030general: info: zone localhost/IN: loaded serial 2002081601
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.031general: debug 1: zone doublezero.net/IN: starting load
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.034general: debug 1: zone doublezero.net/IN: loaded
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.035general: debug 1: zone doublezero.net/IN: journal rollforward completed successfully: no journal
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.036general: info: zone doublezero.net/IN: loaded serial 200305222
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.037general: debug 1: dns_zone_maintenance: zone doublezero.net/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.038general: debug 1: dns_zone_maintenance: zone localhost/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.038general: debug 1: dns_zone_maintenance: zone 76.2.81.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.039general: debug 1: dns_zone_maintenance: zone 127.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.039general: debug 1: dns_zone_maintenance: zone version.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.040general: debug 1: dns_zone_maintenance: zone authors.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.040general: info: running
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.042general: debug 1: zone_timer: zone doublezero.net/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.042general: debug 1: zone_maintenance: zone doublezero.net/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.043general: debug 1: zone_timer: zone localhost/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.043general: debug 1: zone_maintenance: zone localhost/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.044general: debug 1: zone_timer: zone 127.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.045general: debug 1: zone_maintenance: zone 127.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.045general: debug 1: zone_timer: zone 76.2.81.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.046general: debug 1: zone_maintenance: zone 76.2.81.in-addr.arpa/IN: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.046general: debug 1: zone_timer: zone version.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.047general: debug 1: zone_maintenance: zone version.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.047general: debug 1: zone_timer: zone authors.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.048general: debug 1: zone_maintenance: zone authors.bind/CH: enter
May 22 08:22:41 squirrel named[24174]: May 22 08:22:41.849queries: info: client 217.169.20.20#32768: query: 162.160-167.76.2.81.in-addr.arpa IN PTR
|
|
|
| Back to top |
|
|
uxbod
Guru
Joined: 30 Dec 2002
Posts: 474
Location: UK
|
| Posted: Thu May 22, 2003 9:08 am Post subject: |
|
|
| Are there any entries in your logfiles for your Firewall? Should be some as I did a few checks against your node. May be worth switching on full logging on the firewall just to see if any packets are being dropped. |
|
| Back to top |
|
|
double00
n00b
Joined: 30 Sep 2002
Posts: 42
|
| Posted: Thu May 22, 2003 9:55 am Post subject: |
|
|
| i see what you are saying, but even if I flush all iptables I still see the same behaviour. I can definetely see the packets coming in and I am not dropping any outbound packets. |
|
| Back to top |
|
|
uxbod
Guru
Joined: 30 Dec 2002
Posts: 474
Location: UK
|
| Posted: Thu May 22, 2003 4:02 pm Post subject: |
|
|
| This has me baffled ! Out of interest have you asked you upstream provider if they can query your DNS ? Are they potentially blocking it ? |
|
| Back to top |
|
|
|
Networking & Security
