Solved

root.hints update - connection refused

Posted on 2011-02-21
4
1,099 Views
Last Modified: 2012-06-27
Am setting up a DNS bind9.3 on rhel.  Am using webmin for convenience to setup.  
When adding in a new root zone, am of course asked for location of root.hints for each view.  Cannot get the new zone to add sucessfully as the error is returned "Failed to connect to 192.112.0.64; connection refused".  

Initially thought is was firewall (setting up new one as well) and ensured that ports 21 and 53 open (stateful).  Observed that port 21 was being called for ftp download of root.hints file.  Monitored connection in progress and ftp is sucessfull.  

Other possiblity is location of root.hints. m placing in "/var/named/chroot/etc/data/root.hints". Possibly cannot create file if wrong directory.  

So cannot get root zone created or root.hints downloaded.  Any ideas?
0
Comment
Question by:ascray
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 34951861
You are using an obsolete version of root.hints.

Create a new one with this command and restart named.


cat > root.hints << "EOF"
.                       6D  IN      NS      A.ROOT-SERVERS.NET.
.                       6D  IN      NS      B.ROOT-SERVERS.NET.
.                       6D  IN      NS      C.ROOT-SERVERS.NET.
.                       6D  IN      NS      D.ROOT-SERVERS.NET.
.                       6D  IN      NS      E.ROOT-SERVERS.NET.
.                       6D  IN      NS      F.ROOT-SERVERS.NET.
.                       6D  IN      NS      G.ROOT-SERVERS.NET.
.                       6D  IN      NS      H.ROOT-SERVERS.NET.
.                       6D  IN      NS      I.ROOT-SERVERS.NET.
.                       6D  IN      NS      J.ROOT-SERVERS.NET.
.                       6D  IN      NS      K.ROOT-SERVERS.NET.
.                       6D  IN      NS      L.ROOT-SERVERS.NET.
.                       6D  IN      NS      M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     6D  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     6D  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     6D  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     6D  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     6D  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     6D  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     6D  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     6D  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     6D  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     6D  IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
EOF

Open in new window

0
 
LVL 27

Expert Comment

by:Nopius
ID: 34951894
most probably it is in your /etc/ dir...
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 34952493
On RHEL, if you are chrooted, your root hints file most likely is:

    /var/named/chroot/var/named/named.ca

To get an updated hints file:

   http://www.internic.net/zones/named.root

To specify that file in your views:

  1) in named.conf, within the "options" section

        directory "/var/named";

   2) in named.conf within each view

        zone "." in {
                type hint;
                file "named.ca";
        };

The firewall needs to allow both TCP and UDP if you are configuring zones for which that server will be authoritative.

Your named.conf needs to allow querying for authorized IPs that may use that DNS server for recursion.

If you are running named with the user named, you need to check the permissions on the chrooted files and directories that 'named' user can ready, and if necessary, write zone data and read configuration files.
0
 

Author Closing Comment

by:ascray
ID: 34957605
Complete and concise - many thanks.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MacBook wifi issues 6 45
Making Linux server appear in Windows DNS Manager 4 41
Powershell command 2 37
Ping in Fortigate 2 10
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question