Solved

root.hints update - connection refused

Posted on 2011-02-21
4
1,097 Views
Last Modified: 2012-06-27
Am setting up a DNS bind9.3 on rhel.  Am using webmin for convenience to setup.  
When adding in a new root zone, am of course asked for location of root.hints for each view.  Cannot get the new zone to add sucessfully as the error is returned "Failed to connect to 192.112.0.64; connection refused".  

Initially thought is was firewall (setting up new one as well) and ensured that ports 21 and 53 open (stateful).  Observed that port 21 was being called for ftp download of root.hints file.  Monitored connection in progress and ftp is sucessfull.  

Other possiblity is location of root.hints. m placing in "/var/named/chroot/etc/data/root.hints". Possibly cannot create file if wrong directory.  

So cannot get root zone created or root.hints downloaded.  Any ideas?
0
Comment
Question by:ascray
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 34951861
You are using an obsolete version of root.hints.

Create a new one with this command and restart named.


cat > root.hints << "EOF"
.                       6D  IN      NS      A.ROOT-SERVERS.NET.
.                       6D  IN      NS      B.ROOT-SERVERS.NET.
.                       6D  IN      NS      C.ROOT-SERVERS.NET.
.                       6D  IN      NS      D.ROOT-SERVERS.NET.
.                       6D  IN      NS      E.ROOT-SERVERS.NET.
.                       6D  IN      NS      F.ROOT-SERVERS.NET.
.                       6D  IN      NS      G.ROOT-SERVERS.NET.
.                       6D  IN      NS      H.ROOT-SERVERS.NET.
.                       6D  IN      NS      I.ROOT-SERVERS.NET.
.                       6D  IN      NS      J.ROOT-SERVERS.NET.
.                       6D  IN      NS      K.ROOT-SERVERS.NET.
.                       6D  IN      NS      L.ROOT-SERVERS.NET.
.                       6D  IN      NS      M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     6D  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     6D  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     6D  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     6D  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     6D  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     6D  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     6D  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     6D  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     6D  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     6D  IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
EOF

Open in new window

0
 
LVL 27

Expert Comment

by:Nopius
ID: 34951894
most probably it is in your /etc/ dir...
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 34952493
On RHEL, if you are chrooted, your root hints file most likely is:

    /var/named/chroot/var/named/named.ca

To get an updated hints file:

   http://www.internic.net/zones/named.root

To specify that file in your views:

  1) in named.conf, within the "options" section

        directory "/var/named";

   2) in named.conf within each view

        zone "." in {
                type hint;
                file "named.ca";
        };

The firewall needs to allow both TCP and UDP if you are configuring zones for which that server will be authoritative.

Your named.conf needs to allow querying for authorized IPs that may use that DNS server for recursion.

If you are running named with the user named, you need to check the permissions on the chrooted files and directories that 'named' user can ready, and if necessary, write zone data and read configuration files.
0
 

Author Closing Comment

by:ascray
ID: 34957605
Complete and concise - many thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What are acceptable WiFi signal strengths 6 71
RDNS & PTR Recrods for mail server 4 19
RRAS AND DNS 15 46
Changing Web Hosts: Need Your Expert Opinion & Ideas 6 35
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question