kjorviss
asked on
configure a public DNS server on Fedora 9 from scratch
Hi Guys,
I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.
I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.
Any help will be greatly appreciated
Kevin
I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.
I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.
Any help will be greatly appreciated
Kevin
Another thing
so you have created Zone record for your server like this
ns1.myserver.com
ns2.myserver.com
in zone file you have defined which ip is for nameserver
when did you change nameserver of your domain to your nameserver ??
its take 48 to 72 hour to propagate world wide.
so you have created Zone record for your server like this
ns1.myserver.com
ns2.myserver.com
in zone file you have defined which ip is for nameserver
when did you change nameserver of your domain to your nameserver ??
its take 48 to 72 hour to propagate world wide.
first check if its working from the host itself, then test from your network , then dnsstuff
/etc/init.d/named status
netstat -tnlp
iptables -L -n
dig @localhost testname.domain.com
see whats the answer
dig @ip-address testname.domain.tld
let us know the results
/etc/init.d/named status
netstat -tnlp
iptables -L -n
dig @localhost testname.domain.com
see whats the answer
dig @ip-address testname.domain.tld
let us know the results
ASKER
Here is the output from the above commands:
/etc/init.d/named status:
[root@www ~]# /etc/init.d/named status
version: 9.5.0-P2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 14354) is running...
[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:52747 0.0.0.0:* LISTEN 1801/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1782/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2225/perl
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14354/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2117/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2206/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14354/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2137/sendmail: acce
tcp 0 0 :::80 :::* LISTEN 9585/httpd
tcp 0 0 ::1:53 :::* LISTEN 14354/named
tcp 0 0 :::22 :::* LISTEN 2117/sshd
tcp 0 0 ::1:953 :::* LISTEN 14354/named
tcp 0 0 :::443 :::* LISTEN 9585/httpd
[root@www ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@www ~]# dig @localhost www.mydomain.net
; <<>> DiG 9.5.0-P2 <<>> @localhost www.mydomain.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.mydomain.net. IN A
;; ANSWER SECTION:
www.mydomain.net. 38400 IN CNAME mydomain.net.
;; AUTHORITY SECTION:
mydomain.net. 38400 IN SOA ns1.mydomain.net. hostmaster.mydomain.net. 1226944124 10800 3600 604800 38400
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 18 07:49:31 2008
;; MSG SIZE rcvd: 107
dig @xxx.xxx.xxx.xxx www.mydomain.net
; <<>> DiG 9.3.4-P1 <<>> @xxx.xxx.xxx.xxx www.mydomain.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
/etc/init.d/named status:
[root@www ~]# /etc/init.d/named status
version: 9.5.0-P2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 14354) is running...
[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:52747 0.0.0.0:* LISTEN 1801/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1782/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2225/perl
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14354/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2117/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2206/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14354/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2137/sendmail: acce
tcp 0 0 :::80 :::* LISTEN 9585/httpd
tcp 0 0 ::1:53 :::* LISTEN 14354/named
tcp 0 0 :::22 :::* LISTEN 2117/sshd
tcp 0 0 ::1:953 :::* LISTEN 14354/named
tcp 0 0 :::443 :::* LISTEN 9585/httpd
[root@www ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@www ~]# dig @localhost www.mydomain.net
; <<>> DiG 9.5.0-P2 <<>> @localhost www.mydomain.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.mydomain.net. IN A
;; ANSWER SECTION:
www.mydomain.net. 38400 IN CNAME mydomain.net.
;; AUTHORITY SECTION:
mydomain.net. 38400 IN SOA ns1.mydomain.net. hostmaster.mydomain.net. 1226944124 10800 3600 604800 38400
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 18 07:49:31 2008
;; MSG SIZE rcvd: 107
dig @xxx.xxx.xxx.xxx www.mydomain.net
; <<>> DiG 9.3.4-P1 <<>> @xxx.xxx.xxx.xxx www.mydomain.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
as i said earlier,
can you telnet to your public ip ???
telnet urip 53 ??
and can i see your named.conf file ??
can you telnet to your public ip ???
telnet urip 53 ??
and can i see your named.conf file ??
it could be that,
you didnot give permission to do dns check in your named.conf file
check if you have enabled this options
allow-query { ANY; } ;
you didnot give permission to do dns check in your named.conf file
check if you have enabled this options
allow-query { ANY; } ;
from the machine where you did dig @xxx.xxx.xxx.xxx www.mydomain.net
try telnet to port 53 of xxx.xxx.xxx.xxx the dns server
looks like a network connectiviity issue..
try telnet to port 53 of xxx.xxx.xxx.xxx the dns server
looks like a network connectiviity issue..
ASKER
Hi Everyone,
Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...
Below is the named .conf fiile with the original line commented out and the changes made:
//
// named.caching-nameserver.c onf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sampl e/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on {
127.0.0.1;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dum p.db";
statistics-file "/var/named/data/named_sta ts.txt";
memstatistics-file "/var/named/data/named_mem _stats.txt ";
#allow-query { localhost; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; };
allow-query { ANY; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!
Any help will be greatly appreciated
Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...
Below is the named .conf fiile with the original line commented out and the changes made:
//
// named.caching-nameserver.c
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sampl
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on {
127.0.0.1;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
#allow-query { localhost; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; };
allow-query { ANY; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!
Any help will be greatly appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was the problem...... Which I had seen that!!
Thanks for your help.
Kevin
Thanks for your help.
Kevin
can you to do telnet to your ip to port 53 ??
do this
telnet yourpublic ip 53