wookaka
asked on
DNS Server Setup
I'm setting up my first DNS server on RedHat Linux 9 and have come across a problem when other computers attempt to query my server.
The server itself can resolve names to IP's but from a remote computer the server doesn't responed.
For example:
From a windows computer on the same LAN I try to do a nslookup for google.com and get the following response:
> google.com
Server: [192.168.1.30]
Address: 192.168.1.30
*** [192.168.1.30] can't find google.com: No response from server
Why would the server not give responses to other remote computers?
The server itself can resolve names to IP's but from a remote computer the server doesn't responed.
For example:
From a windows computer on the same LAN I try to do a nslookup for google.com and get the following response:
> google.com
Server: [192.168.1.30]
Address: 192.168.1.30
*** [192.168.1.30] can't find google.com: No response from server
Why would the server not give responses to other remote computers?
ASKER
I already removed all other DNs servers from the resolv.conf file except for 127.0.0.1 and also check the /log/messages file. I did have one error about the 0.0.127 zone file missing but corrected that and the same problem continued.
Since this was a "getting my feet wet setup" I formatted and reinstalled without the firewall and I can now get DNS requests from the server.
Thanks anyway.
Since this was a "getting my feet wet setup" I formatted and reinstalled without the firewall and I can now get DNS requests from the server.
Thanks anyway.
Is the RedHat server running IPTABLES and not allowing access to the BIND instance?
RedHat 9 installs IPTables by default, and bases its setup on how you answer a question or two during the installation.
See if IPTables is installed/running with iptables -L -n
You may need to stop the firewall rules with /etc/init.d/iptables stop and try your DNS query again.
RedHat 9 installs IPTables by default, and bases its setup on how you answer a question or two during the installation.
See if IPTables is installed/running with iptables -L -n
You may need to stop the firewall rules with /etc/init.d/iptables stop and try your DNS query again.
ASKER
Here's what I get when I run the first command...
[root@nsi1 root]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I'm guessing that since I've reinstalled with no firewall that the IPTables are already stopped.
I'm guessing I would use /etc/init.d/iptables start to turn it on?
How would I then customize this to allow only ports 22 and 53 into the box?
[root@nsi1 root]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I'm guessing that since I've reinstalled with no firewall that the IPTables are already stopped.
I'm guessing I would use /etc/init.d/iptables start to turn it on?
How would I then customize this to allow only ports 22 and 53 into the box?
The output shows that you have no restrictions in place for communications. Other machines should be able to access the NAMED server.
Let's keep the IPTables out of it for now...
You will need to check your /etc/named.conf and /etc/named.custom files for things like "allow-query" statements. It is quite possible that the server has ACL's on it (although this is not a default) that are preventing it from working properly. Use RedHat's on-line documentation to make sure you have everything set the way you need it...
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-bind.html
Let's keep the IPTables out of it for now...
You will need to check your /etc/named.conf and /etc/named.custom files for things like "allow-query" statements. It is quite possible that the server has ACL's on it (although this is not a default) that are preventing it from working properly. Use RedHat's on-line documentation to make sure you have everything set the way you need it...
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-bind.html
ASKER
mburdick,
Just to make sure you are aware, the DNS server is working now. If you read above the server has been working since I reinstalled RedHat. I did 2 things in this setup different:
1) disabled the firewall during the initial installation.
2) didn't play with named.conf
It's now a caching name server and even setup as a slave for 1 domain.
I can't give the points for the DNS problem but would be happy to if you could give me some info on enambling the IPTables to secure the box and only allow ports 22 and 53 in.
Thanks
Just to make sure you are aware, the DNS server is working now. If you read above the server has been working since I reinstalled RedHat. I did 2 things in this setup different:
1) disabled the firewall during the initial installation.
2) didn't play with named.conf
It's now a caching name server and even setup as a slave for 1 domain.
I can't give the points for the DNS problem but would be happy to if you could give me some info on enambling the IPTables to secure the box and only allow ports 22 and 53 in.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If there's a serious error in your DNS configuration you should be able to see what's wrong by watching the tail end of /var/log/messages (tail -f /var/log/messages) while you start named.