Solved

Domain names not resolving

Posted on 2007-03-20
2
365 Views
Last Modified: 2010-05-18
I am running BIND on a newly installed Fedora core 6 server.  I'm not sure of the version of Bind but looking at the config files it accepts it's probably 4 something.

named loads and seems to run fine, it even says 39 zones:
 /etc/init.d/named status
number of zones: 39
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Here's the process:
 ps -ef|grep named
named     2428     1  0 02:38 ?        00:00:00 /usr/sbin/named -u named -c /etc/named.caching-nameserver.conf -t /var/named/chroot

cat /etc/named.caching-nameserver.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        query-source    port 53;
        query-source-v6 port 53;
        allow-query     { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};


[root@kirkyonline ~]# cat "/etc/named.rfc1912.zones";
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

zone "kirkyonline.com" {
        type master;
        file "kirkyonline.com";
};

zone "toptipper.com" {
        type master;
        file "toptipper.com";
};

zone "leaguetipping.com" {
        type master;
        file "leaguetipping.com";
};

zone "roosterstipping.com" {
        type master;
        file "roosterstipping.com";
};

zone "officetipping.com" {
        type master;
        file "officetipping.com";
};

zone "augustflorist.com" {
        type master;
        file "augustflorist.com";
};

zone "augustflorist.co.uk" {
        type master;
        file "augustflorist.co.uk";
};

zone "houseplantdoctor.com" {
        type master;
        file "houseplantdoctor.com";
};

zone "resultsinsport.com" {
        type master;
        file "resultsinsport.com";
};

zone "sportspunter.com" {
        type master;
        file "sportspunter.com";
};

zone "asianhandicapodds.com" {
        type master;
        file "asianhandicapodds.com";
};

zone "melbournecupbetting.net" {
        type master;
        file "melbournecupbetting.net";
};

zone "sportspunter.com.au" {
        type master;
        file "sportspunter.com.au";
};

zone "netnaturopath.com" {
        type master;
        file "netnaturopath.com";
};

zone "tennisbettingodds.net" {
        type master;
        file "tennisbettingodds.net";
};

zone "rugbybettingodds.net" {
        type master;
        file "rugbybettingodds.net";
};

zone "nflbettingodds.net" {
        type master;
        file "nflbettingodds.net";
};

zone "cricketbettingodds.net" {
        type master;
        file "cricketbettingodds.net";
};
zone "nhlbettingodds.net" {
        type master;
        file "nhlbettingodds.net";
};
zone "nbabettingodds.net" {
        type master;
        file "nbabettingodds.net";
};
zone "gocasinogambling.co.uk" {
        type master;
        file "gocasinogambling.co.uk";
};


zone "eurosoccerbetting.net" {
        type master;
        file "eurosoccerbetting.net";
};

zone "frenchsoccerbetting.net" {
        type master;
        file "frenchsoccerbetting.net";
};

zone "germansoccerbetting.net" {
        type master;
        file "germansoccerbetting.net";
};

zone "italiansoccerbetting.net" {
        type master;
        file "italiansoccerbetting.net";
};

zone "spanishsoccerbetting.net" {
        type master;
        file "spanishsoccerbetting.net";
};

zone "englishsoccerbetting.net" {
        type master;
        file "englishsoccerbetting.net";
};


zone "pickswarehouse.com" {
        type master;
        file "pickswarehouse.com";
};


zone "comparejackpots.com" {
        type master;
        file "comparejackpots.com";
};


zone "scottishsoccerbetting.net" {
        type master;
        file "scottishsoccerbetting.net";
};

zone "rleaguebetting.com" {
        type master;
        file "rleaguebetting.com";
};

zone "sydneyfctipping.com" {
        type master;
        file "sydneyfctipping.com";
};

zone "goalservebetting.com" {
        type master;
        file "goalservebetting.com";
};

one of the many zone files:

 cat /var/named/chroot/var/named/kirkyonline.com
;
; Zone file for kirkyonline.com
;

$TTL 3D
@       IN      SOA     ns0.kirkyonline.com. dkirk.bigpond.net.au. (
                        2007032004
                        8H
                        2H
                        4W
                        1D )
;
                NS      ns0.kirkyonline.com. ; Inet Address of name server
                NS      ns1.kirkyonline.com. ; Inet Address of name server
                MX      10 mail.kirkyonline.com. ; Primary Mail Exchanger
;
localhost       A       207.228.252.47
ns0             A       207.228.252.47
ns1             A       207.228.252.194
www             A       207.228.252.47
mail            A       207.228.252.47

An example domain name is www.kirkyonline.com
which has name servers ns0.kirkyonline.com and ns1.kirkyonline.com

and another example:

 cat /var/named/chroot/var/named/sportspunter.com
;
; Zone file for sportspunter.com
;
$TTL 3D
@       IN      SOA     ns0.kirkyonline.com. webmaster@kirkyonline.com. (
                        20030128
                        8H
                        2H
                        4W
                        1D )
;
                NS      ns0.kirkyonline.com. ; Inet Address of name server
                NS      ns1.kirkyonline.com. ; Inet Address of name server
                MX      10 mail.sportspunter.com. ; Primary Mail Exchanger
;
localhost       A       207.228.252.47
ns0             A       207.228.252.47
ns1             A       207.228.252.194
www             A       207.228.252.47
xml             A       207.228.252.8
arbs            A       207.228.252.8
bettingbox      A       207.228.252.8
@               A       207.228.252.47
afl             A       207.228.252.47
nrl             A       207.228.252.47
soccer          A       207.228.252.47
football        A       207.228.252.47
nfl             A       207.228.252.47
nbl             A       207.228.252.47
rugby           A       207.228.252.47
seriea          A       207.228.252.47
super12         A       207.228.252.47
cricket         A       207.228.252.47
premierleague   A       207.228.252.47
championsleague A       207.228.252.47
facup           A       207.228.252.47
nsl             A       207.228.252.47
bundesliga      A       207.228.252.47
germansoccer    A       207.228.252.47
germanfootball  A       207.228.252.47
italiansoccer   A       207.228.252.47
italianfootball A       207.228.252.47
englishsoccer   A       207.228.252.47
englishfootball A       207.228.252.47
scottishsoccer  A       207.228.252.47
spanishsoccer   A       207.228.252.47
spanishfootball A       207.228.252.47
laliga          A       207.228.252.47
sportsbetting   A       207.228.252.47
betting         A       207.228.252.47
bet             A       207.228.252.47
sport           A       207.228.252.47
sports          A       207.228.252.47
sportbetting    A       207.228.252.47
footballbetting A       207.228.252.47
aflbetting      A       207.228.252.47
soccerbetting   A       207.228.252.47
nrlbetting      A       207.228.252.47
mail            A       207.228.252.47

 cat /etc/resolv.conf
nameserver 207.228.226.50
nameserver 207.228.225.50

i've tried with and without a firewall, when the firewall is active:
 cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Do you know why nothing is resolving?

thanks
0
Comment
Question by:danielkirk
2 Comments
 
LVL 5

Accepted Solution

by:
suggestionstick earned 500 total points
Comment Utility
Hi

Just did a brief skim of your setup, so I might have missed some points.
I am assuming that this name server is public facing.
I am assuming that you are actually running version 9.3.4

In your named.conf your are listening on ip address 127.0.0.1 (locahost)

try listen-on {
                  127.0.0.1;        
                  external ip address of server;  
                  };  

also change the following statement.

allow-query { any; };
this allows everybody to query your DNS server, previously on your DNS server could query itself.

also your firewall needs to be opened for port 53  inbound

assuming that this is a none recursive name server (it only allows queries for domains hosted on server) you might want to add the following statement.

allow-recursion {  none; };

might also need the following statement if you don't have a secondary dns Server
allow-transfer {none;};

trev
 




0
 

Author Comment

by:danielkirk
Comment Utility
This is now fixed.

the problem was the "view".  Anything that doesn't match a view gets rejected.

All of trev's points were also valid.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now