mark951
asked on
DNS Setup Problem
Hello,
I am trying to setup 2 dns servers, the OS is Fedora 2 runing BIND, and I am not using the GUI. I can post any info. that would be of help.
I receive this error message when I check the "named status"
"rndc: connect failed: connection refused"
I have searched everywhere for what can cause this and I am comming up with nothing. Any help would be greatly appreciated.
I am trying to setup 2 dns servers, the OS is Fedora 2 runing BIND, and I am not using the GUI. I can post any info. that would be of help.
I receive this error message when I check the "named status"
"rndc: connect failed: connection refused"
I have searched everywhere for what can cause this and I am comming up with nothing. Any help would be greatly appreciated.
That error probably means that you've got errors in named.conf or one or more of your zone files that is keeping named from starting. To see what's happening run a 'tail -f /var/log/messages' in one window while you attempt to start named in another. We can more easily help with the fix if we can see your named.conf and your zone files.
ASKER
jlevie
thanks for the info! i will get the named.conf and my zone files and post them.
thanks for the info! i will get the named.conf and my zone files and post them.
hi mark951 ,
Your two dns servers are master slave ?
Your two dns servers are master slave ?
ASKER
jlevie & aashishkunte
Yes ns1 will be the mast ns2 will be the slave.
I am trying to setup a very standard and scalable network. I current have a LAN (inside) and am building my WAN (outside network). My 2 DNS servers both have two network cards and are connected to my LAN so I can use SAMBA to backup files on my Windows 2003 server. I use the 2003 server for internal DNS so I don’t need the Linux boxes to do anything for my LAN.
Please let me know if I need to clarify anything else. I have already registered the IP’s of the DNS servers with Network Solutions.
Here is the named.conf
options {
directory "/var/named";
};
view "outside" {
match-clients { any; };
recursion no;
zone "." IN {
type hint;
file "named.ca";
};
zone "vcsnetworks.net" {
type master;
file "db.vcsnetworks.net.outsid
allow-transfer { 64.213.221.96; };
};
};
include "/etc/rndc.key";
Here is the db.vcsnetworks.net
$TTL 86400
@ IN SOA vcsnetworks.net. hostmaster.vcsnetworks.net
2004102904 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
; Name servers
IN NS ns1.vcsnetworks.net.
IN NS ns2.vcsnetworks.net.
; Mail server for domain
IN MX 10 mail.vcsnetworks.net.
; Public servers
ns1 IN A 64.213.220.123
ns2 IN A 64.213.217.231
mail IN A 64.213.219.42
www IN A 64.213.221.96
nova IN A 64.213.216.227
; EOF
------
Thanks in adavance for working with me throught this.
Yes ns1 will be the mast ns2 will be the slave.
I am trying to setup a very standard and scalable network. I current have a LAN (inside) and am building my WAN (outside network). My 2 DNS servers both have two network cards and are connected to my LAN so I can use SAMBA to backup files on my Windows 2003 server. I use the 2003 server for internal DNS so I don’t need the Linux boxes to do anything for my LAN.
Please let me know if I need to clarify anything else. I have already registered the IP’s of the DNS servers with Network Solutions.
Here is the named.conf
options {
directory "/var/named";
};
view "outside" {
match-clients { any; };
recursion no;
zone "." IN {
type hint;
file "named.ca";
};
zone "vcsnetworks.net" {
type master;
file "db.vcsnetworks.net.outsid
allow-transfer { 64.213.221.96; };
};
};
include "/etc/rndc.key";
Here is the db.vcsnetworks.net
$TTL 86400
@ IN SOA vcsnetworks.net. hostmaster.vcsnetworks.net
2004102904 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
; Name servers
IN NS ns1.vcsnetworks.net.
IN NS ns2.vcsnetworks.net.
; Mail server for domain
IN MX 10 mail.vcsnetworks.net.
; Public servers
ns1 IN A 64.213.220.123
ns2 IN A 64.213.217.231
mail IN A 64.213.219.42
www IN A 64.213.221.96
nova IN A 64.213.216.227
; EOF
------
Thanks in adavance for working with me throught this.
If you are locating your DNS servers outside of your firewall you don't need to set up views. And you do need to zone files for localhost and the reverse zone file for 127.0.0.1. Otherthan that I don't see any thing wrong with what you have so far.
It sounds like each of the DNS servers has one interface outside of the firewall and on inside. From a security standpoint that's a really bad idea. Anyone that penetrates either of the servers has carte blanc access to your windows server. To store backups on the 2k box it makes more sense to me to backup data (just config and user data, not the OS) into a file and use scp from the 2k box to pull it down. That eliminates the need for the interfaces into the protected LAN.
It sounds like each of the DNS servers has one interface outside of the firewall and on inside. From a security standpoint that's a really bad idea. Anyone that penetrates either of the servers has carte blanc access to your windows server. To store backups on the 2k box it makes more sense to me to backup data (just config and user data, not the OS) into a file and use scp from the 2k box to pull it down. That eliminates the need for the interfaces into the protected LAN.
ASKER
jlevie,
thanks for the tip on security. this is my first attempt at DNS i may be missing something simple that is causing this not to work. i will post my localhost zone file and i don't know if i have a reverse zone file for 127.0.0.1. what would it be named? i do have a named.local. i will post that.
Localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
2004110201 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
named.local
$TTL 86400
@ IN SOA 0.0.127.in-addr.arpa. hostmaster.localhost. (
2004110201 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS 0.0.127.in-addr.arpa.
1 IN PTR vcsnetworks.net.
2 IN PTR www.vcsnetworks.net.
2 IN PTR nova.vcsnetworks.net.
;EOF
i hope this helps shed some light on where i am tripping up. thanks!!
thanks for the tip on security. this is my first attempt at DNS i may be missing something simple that is causing this not to work. i will post my localhost zone file and i don't know if i have a reverse zone file for 127.0.0.1. what would it be named? i do have a named.local. i will post that.
Localhost.zone
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
2004110201 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
named.local
$TTL 86400
@ IN SOA 0.0.127.in-addr.arpa. hostmaster.localhost. (
2004110201 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS 0.0.127.in-addr.arpa.
1 IN PTR vcsnetworks.net.
2 IN PTR www.vcsnetworks.net.
2 IN PTR nova.vcsnetworks.net.
;EOF
i hope this helps shed some light on where i am tripping up. thanks!!
Your localhost zones are wrong. The local.zone file must contain:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
IN MX 10 localhost.
localhost. IN A 127.0.0.1
and the reverse zone must contain:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
IN MX 10 localhost.
localhost. IN A 127.0.0.1
and the reverse zone must contain:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
ASKER
just to help me clarify the named.local is the reverse zone for local.zone?
To help keel things straight I'd name the forward zone file local.zone and the reverse (surprisingly) local.rev. In a like manner I name the hints file root.zone. That results in named.conf containing:
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
listen-on {64.213.220.123 ; 127.0.0.1; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "root.zone";
};
zone "localhost" IN {
type master;
file "local.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "local.rev";
allow-update { none; };
};
...Site zones follow...
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
listen-on {64.213.220.123 ; 127.0.0.1; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "root.zone";
};
zone "localhost" IN {
type master;
file "local.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "local.rev";
allow-update { none; };
};
...Site zones follow...
ASKER
thank you, that helps me clarify things.
i just made all the changes that you suggested and ran named-checkconf, named-checkzone, with no errors.
i unfortunally still have the: "rndc: connect failed: connection refused" error when i start named. is there a key i need to generate somewhere or something to make this work?
i just made all the changes that you suggested and ran named-checkconf, named-checkzone, with no errors.
i unfortunally still have the: "rndc: connect failed: connection refused" error when i start named. is there a key i need to generate somewhere or something to make this work?
Yes, there's a key, usually in /etc/rndc.key on a RedHat system. Including:
include "/etc/rndc.key";
in named.conf will make it operational.
include "/etc/rndc.key";
in named.conf will make it operational.
ASKER
that is what is confusing me. i have a rndc.key in my /etc/, and if you look above to my named.conf you will see i have include "/etc/rndc.key"; there also.......anything else i can look for?
There are three cases where rndc won't work:
1) The rndc key is invalid
2) No key is provided in the config
3) named is failing to start du to errors.
Assuming that /etc/rndc.key contains data the most cedible cause if (3). What do you see in /var/log/messages when you attempt to start named?
1) The rndc key is invalid
2) No key is provided in the config
3) named is failing to start du to errors.
Assuming that /etc/rndc.key contains data the most cedible cause if (3). What do you see in /var/log/messages when you attempt to start named?
ASKER
i found two errors
couldn't add command channel 127.0.0.1#953: not found
couldn't add command channel ::1#953
couldn't add command channel 127.0.0.1#953: not found
couldn't add command channel ::1#953
Are you sure that there wasn't a copy of named running when you tried to start it?
The key that gets placed there by the installation of Bind is a dummy key. You will need to generate a new key using the following command:
rndc-confgen
You can find additional details here:
http://linuxreviews.org/man/rndc-confgen/
This should take care of your problem. Hope this helps.
Regards,
John
rndc-confgen
You can find additional details here:
http://linuxreviews.org/man/rndc-confgen/
This should take care of your problem. Hope this helps.
Regards,
John
ASKER
jlevie,
to answer your question yes there was, i had restarted the service.
cyb3rrj0hn,
thanks for the info. i followed the instructions but with no change in the outcome. i am going to reload the os on my server and start over. i am going to save the zone files and my named.conf that jlevie helped me create. i'll try the rndc-confgen again and see what happens. i hope to have this completed by the 28th.
thanks for all the help. i am really excited to get this running. i'll let you know as soon as i have it back online.
to answer your question yes there was, i had restarted the service.
cyb3rrj0hn,
thanks for the info. i followed the instructions but with no change in the outcome. i am going to reload the os on my server and start over. i am going to save the zone files and my named.conf that jlevie helped me create. i'll try the rndc-confgen again and see what happens. i hope to have this completed by the 28th.
thanks for all the help. i am really excited to get this running. i'll let you know as soon as i have it back online.
ASKER
well i just finished reloading my server. all went well except i still have been unable to get dns to work. i have actually talken a step back it seems. now i can't do a dig for vcsnetworks at all.
in the 'tail -f /var/log/messages' i receive:
couldn't add command channel 127.0.0.1#953: not found
couldn't add command channel ::1#953
and when i do a dig on vcsnetworks.net i receive:
lame server resolving 'vcsnetworks.net' (in 'vcsnetworks.net'/): 64.213.216.231#53
i also still have the "rndc: connect failed: connection refused" in the services windows when i restart named.
i will post any files you guys think might help. i am about at the end of my rope with this. i have read through many tutorials and have bought a couple of linx books and still can't see what i am doing wrong.
i also tried the "rndc-confgen -a" to automatically take care of the key, that didn't work so i did "rndc-confgen" and copied the key into my named.conf but to no avail.
any help would be greatly appreciated.
in the 'tail -f /var/log/messages' i receive:
couldn't add command channel 127.0.0.1#953: not found
couldn't add command channel ::1#953
and when i do a dig on vcsnetworks.net i receive:
lame server resolving 'vcsnetworks.net' (in 'vcsnetworks.net'/): 64.213.216.231#53
i also still have the "rndc: connect failed: connection refused" in the services windows when i restart named.
i will post any files you guys think might help. i am about at the end of my rope with this. i have read through many tutorials and have bought a couple of linx books and still can't see what i am doing wrong.
i also tried the "rndc-confgen -a" to automatically take care of the key, that didn't work so i did "rndc-confgen" and copied the key into my named.conf but to no avail.
any help would be greatly appreciated.
Are those the only messages related to named when it starts?
Does the hosts file have:
127.0.0.1 localhost.localdomain localhost
What does '/sbin/ifconfig lo' show?
Does the hosts file have:
127.0.0.1 localhost.localdomain localhost
What does '/sbin/ifconfig lo' show?
ASKER
here is the complete output related to named from when i restart it
Dec 1 00:10:00 ns1 named: named shutdown succeeded
Dec 1 05:10:02 ns1 named[28557]: starting BIND 9.2.3 -u named -t /var/named/chroot
Dec 1 05:10:02 ns1 named[28557]: using 1 CPU
Dec 1 05:10:02 ns1 named[28557]: loading configuration from '/etc/named.conf'
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface eth0, 10.10.10.251#53
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface eth1, 64.213.217.231#53
Dec 1 05:10:02 ns1 named[28557]: couldn't add command channel 127.0.0.1#953: not found
Dec 1 05:10:02 ns1 named[28557]: couldn't add command channel ::1#953: not found
Dec 1 05:10:02 ns1 named[28557]: running
Dec 1 00:10:03 ns1 named: named startup succeeded
here is my /etc/hosts
127.0.0.1 ns1.vcsnetworks.net ns1 localhost.
localdomain local host
-----
here is the output of /sbin/ifconfig lo
[root@ns1 root]# /sbin/ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9711 errors:0 dropped:0 overruns:0 frame:0
TX packets:9711 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11018461 (10.5 Mb) TX bytes:11018461 (10.5 Mb)
Dec 1 00:10:00 ns1 named: named shutdown succeeded
Dec 1 05:10:02 ns1 named[28557]: starting BIND 9.2.3 -u named -t /var/named/chroot
Dec 1 05:10:02 ns1 named[28557]: using 1 CPU
Dec 1 05:10:02 ns1 named[28557]: loading configuration from '/etc/named.conf'
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface eth0, 10.10.10.251#53
Dec 1 05:10:02 ns1 named[28557]: listening on IPv4 interface eth1, 64.213.217.231#53
Dec 1 05:10:02 ns1 named[28557]: couldn't add command channel 127.0.0.1#953: not found
Dec 1 05:10:02 ns1 named[28557]: couldn't add command channel ::1#953: not found
Dec 1 05:10:02 ns1 named[28557]: running
Dec 1 00:10:03 ns1 named: named startup succeeded
here is my /etc/hosts
127.0.0.1 ns1.vcsnetworks.net ns1 localhost.
localdomain local host
-----
here is the output of /sbin/ifconfig lo
[root@ns1 root]# /sbin/ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9711 errors:0 dropped:0 overruns:0 frame:0
TX packets:9711 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11018461 (10.5 Mb) TX bytes:11018461 (10.5 Mb)
What do you have in /var/named/chroot (hint 'ls -R /var/named/chroo' will show everything)?
ASKER
var, etc, dev
Yes, but what are the contents of those directories. Please post the results of 'ls -R /var/named/chroot'.
ASKER
[root@ns1 root]# ls -R /var/named/chroot
/var/named/chroot:
dev etc var
/var/named/chroot/dev:
null random
/var/named/chroot/etc:
named.conf rndc.key
/var/named/chroot/var:
named run
/var/named/chroot/var/name
localhost.zone named.ca named.local
/var/named/chroot/var/run:
named
/var/named/chroot/var/run/
named.pid
[root@ns1 root]#
----
i have never edited anything in the chroot dir. is this a mistake? is my etc hosts file correct?
here is an overview of what i have done.
reinstalled Fedora Core 2
set the hostname upon install
set the network settings
copied my named.conf to /etc/
copied my zone files to the /var/named/
started the named service
/var/named/chroot:
dev etc var
/var/named/chroot/dev:
null random
/var/named/chroot/etc:
named.conf rndc.key
/var/named/chroot/var:
named run
/var/named/chroot/var/name
localhost.zone named.ca named.local
/var/named/chroot/var/run:
named
/var/named/chroot/var/run/
named.pid
[root@ns1 root]#
----
i have never edited anything in the chroot dir. is this a mistake? is my etc hosts file correct?
here is an overview of what i have done.
reinstalled Fedora Core 2
set the hostname upon install
set the network settings
copied my named.conf to /etc/
copied my zone files to the /var/named/
started the named service
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
YES!! the rndc problem has been solved....i had no idea the files were supposed to be in the /var/named/chroot/etc instead of the /var/named.
my dns is still not resolving but at least i can move on from this problem. thank you so much jlevie for sticking with me all the way through this and also for helping me with my reverse lookup zone...i will start a new question if i can't get my dns to resolve correctly.
my dns is still not resolving but at least i can move on from this problem. thank you so much jlevie for sticking with me all the way through this and also for helping me with my reverse lookup zone...i will start a new question if i can't get my dns to resolve correctly.