configure a public DNS server on Fedora 9 from scratch

Posted on 2008-11-17
Last Modified: 2013-12-06
Hi Guys,

I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.

I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.

Any help will be greatly appreciated


Question by:kjorviss
    LVL 29

    Expert Comment

    can you to do telnet to your ip to port 53 ??

    do this

    telnet yourpublic ip 53
    LVL 29

    Expert Comment

    Another thing

    so you have created Zone record for your server like this

    in zone file you have defined which  ip is for nameserver

    when did you change nameserver of your domain to your nameserver ??

    its take 48 to 72 hour to propagate world wide.
    LVL 10

    Expert Comment

    first check if its working from the host itself, then test from your network , then dnsstuff

    /etc/init.d/named status

    netstat -tnlp

     iptables -L -n

    dig @localhost

    see whats the answer

    dig @ip-address testname.domain.tld

    let us know the results


    Author Comment

    Here is the output from the above commands:
    /etc/init.d/named status:
    [root@www ~]# /etc/init.d/named status
    version: 9.5.0-P2
    number of zones: 16
    debug level: 0
    xfers running: 0
    xfers deferred: 0
    soa queries in progress: 0
    query logging is OFF
    recursive clients: 0/0/1000
    tcp clients: 0/100
    server is up and running
    named (pid  14354) is running...

    [root@www ~]# netstat -tnlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
    tcp        0      0     *                   LISTEN      1801/rpc.statd      
    tcp        0      0       *                   LISTEN      1782/rpcbind        
    tcp        0      0     *                   LISTEN      2225/perl          
    tcp        0      0      *                   LISTEN      14354/named        
    tcp        0      0        *                   LISTEN      2117/sshd          
    tcp        0      0     *                   LISTEN      2206/cupsd          
    tcp        0      0     *                   LISTEN      14354/named        
    tcp        0      0      *                   LISTEN      2137/sendmail: acce
    tcp        0      0 :::80                       :::*                        LISTEN      9585/httpd          
    tcp        0      0 ::1:53                      :::*                        LISTEN      14354/named        
    tcp        0      0 :::22                       :::*                        LISTEN      2117/sshd          
    tcp        0      0 ::1:953                     :::*                        LISTEN      14354/named        
    tcp        0      0 :::443                      :::*                        LISTEN      9585/httpd          

    [root@www ~]#  iptables -L -n
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination        

    [root@www ~]# dig @localhost

    ; <<>> DiG 9.5.0-P2 <<>> @localhost
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;      IN      A

    ;; ANSWER SECTION: 38400      IN      CNAME

    ;; AUTHORITY SECTION:      38400      IN      SOA 1226944124 10800 3600 604800 38400

    ;; Query time: 1 msec
    ;; SERVER:
    ;; WHEN: Tue Nov 18 07:49:31 2008
    ;; MSG SIZE  rcvd: 107


    ; <<>> DiG 9.3.4-P1 <<>>
    ; (1 server found)
    ;; global options:  printcmd
    ;; connection timed out; no servers could be reached

    LVL 29

    Expert Comment

    as i said earlier,

    can you telnet to your public ip ???

    telnet urip 53 ??

    and can i see your named.conf file ??
    LVL 29

    Expert Comment

    it could be that,

    you didnot give permission to do dns check in your named.conf file

    check if you have enabled this options

    allow-query {  ANY; } ;
    LVL 10

    Expert Comment

    from the machine where you did dig
    try telnet to port 53 of the dns server

    looks like a network connectiviity issue..

    Author Comment

    Hi Everyone,

    Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...

    Below is the named .conf fiile with the original line commented out and the changes made:

    // named.caching-nameserver.conf
    // Provided by Red Hat caching-nameserver package to configure the
    // ISC BIND named(8) DNS server as a caching only nameserver
    // (as a localhost DNS resolver only).
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    // DO NOT EDIT THIS FILE - use system-config-bind or an editor
    // to create named.conf - edits to this file will be lost on
    // caching-nameserver package upgrade.

    options {
            listen-on {
            listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            #allow-query     { localhost;;;;;;;;;;; };
            allow-query     { ANY; };
            recursion yes;

    logging {
            channel default_debug {
                    file "data/";
                    severity dynamic;

    zone "." IN {
            type hint;
            file "";

    I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!

    Any help will be greatly appreciated
    LVL 29

    Accepted Solution

    change this one

    isten-on {
          ;  192.168.1/24 ;

    change 192.168.1/24  as your ip

    Author Closing Comment

    That was the problem...... Which I had seen that!!

    Thanks for your help.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
    1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now