Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2721
  • Last Modified:

configure a public DNS server on Fedora 9 from scratch

Hi Guys,

I am a beginner with Linux, so I really need a step by step guide.... I have configured a Fedora 9 box with the correct firewall rules etc. I have Googled this to death this morning and cannot find a complete guide on how to do this, I know I am missing something, but I am not experienced enough to work out what.

I have configured bind using Webmin, it looks like all the zone and host information is there, I have changed the domain I am testing to point to the public IP of this box, but when I use DNStuff to produce a report it keeps saying the server is unreachable.

Any help will be greatly appreciated

Kevin

0
kjorviss
Asked:
kjorviss
  • 5
  • 3
  • 2
1 Solution
 
fosiul01Commented:
Ok
can you to do telnet to your ip to port 53 ??

do this

telnet yourpublic ip 53
0
 
fosiul01Commented:
Another thing

so you have created Zone record for your server like this

ns1.myserver.com
ns2.myserver.com

in zone file you have defined which  ip is for nameserver

when did you change nameserver of your domain to your nameserver ??

its take 48 to 72 hour to propagate world wide.
0
 
nabeelmoiduCommented:
first check if its working from the host itself, then test from your network , then dnsstuff

/etc/init.d/named status

netstat -tnlp

 iptables -L -n

dig @localhost testname.domain.com

see whats the answer

dig @ip-address testname.domain.tld

let us know the results


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
kjorvissAuthor Commented:
Here is the output from the above commands:
/etc/init.d/named status:
[root@www ~]# /etc/init.d/named status
version: 9.5.0-P2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  14354) is running...

[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:52747               0.0.0.0:*                   LISTEN      1801/rpc.statd      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1782/rpcbind        
tcp        0      0 0.0.0.0:10000               0.0.0.0:*                   LISTEN      2225/perl          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      14354/named        
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2117/sshd          
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2206/cupsd          
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      14354/named        
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2137/sendmail: acce
tcp        0      0 :::80                       :::*                        LISTEN      9585/httpd          
tcp        0      0 ::1:53                      :::*                        LISTEN      14354/named        
tcp        0      0 :::22                       :::*                        LISTEN      2117/sshd          
tcp        0      0 ::1:953                     :::*                        LISTEN      14354/named        
tcp        0      0 :::443                      :::*                        LISTEN      9585/httpd          

[root@www ~]#  iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

[root@www ~]# dig @localhost www.mydomain.net

; <<>> DiG 9.5.0-P2 <<>> @localhost www.mydomain.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48961
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mydomain.net.      IN      A

;; ANSWER SECTION:
www.mydomain.net. 38400      IN      CNAME      mydomain.net.

;; AUTHORITY SECTION:
mydomain.net.      38400      IN      SOA      ns1.mydomain.net. hostmaster.mydomain.net. 1226944124 10800 3600 604800 38400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Nov 18 07:49:31 2008
;; MSG SIZE  rcvd: 107

dig @xxx.xxx.xxx.xxx www.mydomain.net

; <<>> DiG 9.3.4-P1 <<>> @xxx.xxx.xxx.xxx www.mydomain.net
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

0
 
fosiul01Commented:
as i said earlier,

can you telnet to your public ip ???

telnet urip 53 ??

and can i see your named.conf file ??
0
 
fosiul01Commented:
it could be that,

you didnot give permission to do dns check in your named.conf file

check if you have enabled this options

allow-query {  ANY; } ;
0
 
nabeelmoiduCommented:
from the machine where you did dig @xxx.xxx.xxx.xxx www.mydomain.net
try telnet to port 53 of xxx.xxx.xxx.xxx the dns server

looks like a network connectiviity issue..
0
 
kjorvissAuthor Commented:
Hi Everyone,

Sorry for the delay in getting back. on looking at the named.conf file I noticed that the allow-query line was definitely what it should not be...

Below is the named .conf fiile with the original line commented out and the changes made:

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//

options {
        listen-on {
                127.0.0.1;
                };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        #allow-query     { localhost; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; 10.7.0.0/24; };
        allow-query     { ANY; };
        recursion yes;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

I cannot telnet to port 53 from any computer to the server, even one from the same LAN. I cannot dig @ the server from another machine on the same LAN either.... But I can from the command prompt on the machine itself.... I have the Linux firewall turned off and SELinux disabled!

Any help will be greatly appreciated
0
 
fosiul01Commented:
change this one

isten-on {
                127.0.0.1;  192.168.1/24 ;
                };

change 192.168.1/24  as your ip
0
 
kjorvissAuthor Commented:
That was the problem...... Which I had seen that!!

Thanks for your help.

Kevin
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now