Solved

root.hints update - connection refused

Posted on 2011-02-21
4
1,101 Views
Last Modified: 2012-06-27
Am setting up a DNS bind9.3 on rhel.  Am using webmin for convenience to setup.  
When adding in a new root zone, am of course asked for location of root.hints for each view.  Cannot get the new zone to add sucessfully as the error is returned "Failed to connect to 192.112.0.64; connection refused".  

Initially thought is was firewall (setting up new one as well) and ensured that ports 21 and 53 open (stateful).  Observed that port 21 was being called for ftp download of root.hints file.  Monitored connection in progress and ftp is sucessfull.  

Other possiblity is location of root.hints. m placing in "/var/named/chroot/etc/data/root.hints". Possibly cannot create file if wrong directory.  

So cannot get root zone created or root.hints downloaded.  Any ideas?
0
Comment
Question by:ascray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Expert Comment

by:Nopius
ID: 34951861
You are using an obsolete version of root.hints.

Create a new one with this command and restart named.


cat > root.hints << "EOF"
.                       6D  IN      NS      A.ROOT-SERVERS.NET.
.                       6D  IN      NS      B.ROOT-SERVERS.NET.
.                       6D  IN      NS      C.ROOT-SERVERS.NET.
.                       6D  IN      NS      D.ROOT-SERVERS.NET.
.                       6D  IN      NS      E.ROOT-SERVERS.NET.
.                       6D  IN      NS      F.ROOT-SERVERS.NET.
.                       6D  IN      NS      G.ROOT-SERVERS.NET.
.                       6D  IN      NS      H.ROOT-SERVERS.NET.
.                       6D  IN      NS      I.ROOT-SERVERS.NET.
.                       6D  IN      NS      J.ROOT-SERVERS.NET.
.                       6D  IN      NS      K.ROOT-SERVERS.NET.
.                       6D  IN      NS      L.ROOT-SERVERS.NET.
.                       6D  IN      NS      M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     6D  IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     6D  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     6D  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     6D  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     6D  IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     6D  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     6D  IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     6D  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     6D  IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     6D  IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
EOF

Open in new window

0
 
LVL 27

Expert Comment

by:Nopius
ID: 34951894
most probably it is in your /etc/ dir...
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 34952493
On RHEL, if you are chrooted, your root hints file most likely is:

    /var/named/chroot/var/named/named.ca

To get an updated hints file:

   http://www.internic.net/zones/named.root

To specify that file in your views:

  1) in named.conf, within the "options" section

        directory "/var/named";

   2) in named.conf within each view

        zone "." in {
                type hint;
                file "named.ca";
        };

The firewall needs to allow both TCP and UDP if you are configuring zones for which that server will be authoritative.

Your named.conf needs to allow querying for authorized IPs that may use that DNS server for recursion.

If you are running named with the user named, you need to check the permissions on the chrooted files and directories that 'named' user can ready, and if necessary, write zone data and read configuration files.
0
 

Author Closing Comment

by:ascray
ID: 34957605
Complete and concise - many thanks.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Resolve DNS query failed errors for Exchange
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question