configure a public DNS server on Fedora 9 from scratch

Hi Guys,

I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.

I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.

Any help will be greatly appreciated


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

can you to do telnet to your ip to port 53 ??

do this

telnet yourpublic ip 53
Another thing

so you have created Zone record for your server like this

in zone file you have defined which  ip is for nameserver

when did you change nameserver of your domain to your nameserver ??

its take 48 to 72 hour to propagate world wide.
first check if its working from the host itself, then test from your network , then dnsstuff

/etc/init.d/named status

netstat -tnlp

 iptables -L -n

dig @localhost

see whats the answer

dig @ip-address testname.domain.tld

let us know the results

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

kjorvissAuthor Commented:
Here is the output from the above commands:
/etc/init.d/named status:
[root@www ~]# /etc/init.d/named status
version: 9.5.0-P2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  14354) is running...

[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0     *                   LISTEN      1801/rpc.statd      
tcp        0      0       *                   LISTEN      1782/rpcbind        
tcp        0      0     *                   LISTEN      2225/perl          
tcp        0      0      *                   LISTEN      14354/named        
tcp        0      0        *                   LISTEN      2117/sshd          
tcp        0      0     *                   LISTEN      2206/cupsd          
tcp        0      0     *                   LISTEN      14354/named        
tcp        0      0      *                   LISTEN      2137/sendmail: acce
tcp        0      0 :::80                       :::*                        LISTEN      9585/httpd          
tcp        0      0 ::1:53                      :::*                        LISTEN      14354/named        
tcp        0      0 :::22                       :::*                        LISTEN      2117/sshd          
tcp        0      0 ::1:953                     :::*                        LISTEN      14354/named        
tcp        0      0 :::443                      :::*                        LISTEN      9585/httpd          

[root@www ~]#  iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

[root@www ~]# dig @localhost

; <<>> DiG 9.5.0-P2 <<>> @localhost
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;      IN      A

;; ANSWER SECTION: 38400      IN      CNAME

;; AUTHORITY SECTION:      38400      IN      SOA 1226944124 10800 3600 604800 38400

;; Query time: 1 msec
;; WHEN: Tue Nov 18 07:49:31 2008
;; MSG SIZE  rcvd: 107


; <<>> DiG 9.3.4-P1 <<>>
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

as i said earlier,

can you telnet to your public ip ???

telnet urip 53 ??

and can i see your named.conf file ??
it could be that,

you didnot give permission to do dns check in your named.conf file

check if you have enabled this options

allow-query {  ANY; } ;
from the machine where you did dig
try telnet to port 53 of the dns server

looks like a network connectiviity issue..
kjorvissAuthor Commented:
Hi Everyone,

Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...

Below is the named .conf fiile with the original line commented out and the changes made:

// named.caching-nameserver.conf
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.

options {
        listen-on {
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        #allow-query     { localhost;;;;;;;;;;; };
        allow-query     { ANY; };
        recursion yes;

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
        type hint;
        file "";

I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!

Any help will be greatly appreciated
change this one

isten-on {
      ;  192.168.1/24 ;

change 192.168.1/24  as your ip

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kjorvissAuthor Commented:
That was the problem...... Which I had seen that!!

Thanks for your help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.