asked on

configure a public DNS server on Fedora 9 from scratch

Hi Guys,

I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.

I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.

Any help will be greatly appreciated

Kevin

fosiul01

Ok
can you to do telnet to your ip to port 53 ??

do this

telnet yourpublic ip 53

fosiul01

Another thing

so you have created Zone record for your server like this

ns1.myserver.com
ns2.myserver.com

in zone file you have defined which ip is for nameserver

when did you change nameserver of your domain to your nameserver ??

its take 48 to 72 hour to propagate world wide.

nabeelmoidu

first check if its working from the host itself, then test from your network , then dnsstuff

/etc/init.d/named status

netstat -tnlp

iptables -L -n

dig @localhost testname.domain.com

see whats the answer

dig @ip-address testname.domain.tld

let us know the results

kjorviss

ASKER

Here is the output from the above commands:
/etc/init.d/named status:
[root@www ~]# /etc/init.d/named status
version: 9.5.0-P2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 14354) is running...

[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:52747 0.0.0.0:* LISTEN 1801/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1782/rpcbind
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2225/perl
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14354/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2117/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2206/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14354/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2137/sendmail: acce
tcp 0 0 :::80 :::* LISTEN 9585/httpd
tcp 0 0 ::1:53 :::* LISTEN 14354/named
tcp 0 0 :::22 :::* LISTEN 2117/sshd
tcp 0 0 ::1:953 :::* LISTEN 14354/named
tcp 0 0 :::443 :::* LISTEN 9585/httpd

[root@www ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@www ~]# dig @localhost www.mydomain.net

; <<>> DiG 9.5.0-P2 <<>> @localhost www.mydomain.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mydomain.net.      IN      A

;; ANSWER SECTION:
www.mydomain.net. 38400      IN      CNAME      mydomain.net.

;; AUTHORITY SECTION:
mydomain.net.      38400      IN      SOA      ns1.mydomain.net. hostmaster.mydomain.net. 1226944124 10800 3600 604800 38400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 18 07:49:31 2008
;; MSG SIZE rcvd: 107

dig @xxx.xxx.xxx.xxx www.mydomain.net

; <<>> DiG 9.3.4-P1 <<>> @xxx.xxx.xxx.xxx www.mydomain.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached

fosiul01

as i said earlier,

can you telnet to your public ip ???

telnet urip 53 ??

and can i see your named.conf file ??

fosiul01

it could be that,

you didnot give permission to do dns check in your named.conf file

check if you have enabled this options

allow-query { ANY; } ;

nabeelmoidu

from the machine where you did dig @xxx.xxx.xxx.xxx www.mydomain.net
try telnet to port 53 of xxx.xxx.xxx.xxx the dns server

looks like a network connectiviity issue..

kjorviss

ASKER

Hi Everyone,

Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...

Below is the named .conf fiile with the original line commented out and the changes made:

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//

options {
listen-on {
127.0.0.1;
};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
#allow-query { localhost; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; };
allow-query { ANY; };
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!

Any help will be greatly appreciated

ASKER CERTIFIED SOLUTION

fosiul01

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

kjorviss

ASKER

That was the problem...... Which I had seen that!!

Thanks for your help.

Kevin