newbie struggles....

Hi all,

I've been trying to set up an authoratitive server for my domain name
using BIND 9.2.2.P3 on fedora core 1 with the help of the O'reilly book,
but with no joy.


My network set up is like this :-

Internet <--> firewall <--> DMZ (172.16/16)
" <--> LAN (192.168.4/24)


I have a domain name which I've delegated the authority for via the
domain name registry's web-site, e.g.

MYDOMAIN.co.uk xx.yy.182.113 ns0.MYDOMAIN.co.uk
xx.yy.182.114 ns1.MYDOMAIN.co.uk


I have named running on 172.16.0.20 with the hostname PROD1 and use NAT
to map to 'real' ip address of xx.yy.182.113.


my resolv.conf:-
----------------
[root@prod1 named]# more /etc/resolv.conf
domain MYDOMAIN.co.uk
#nameserver 127.0.0.1
nameserver 172.16.0.20



my named.conf:-
---------------
options {
directory "/var/named";

// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.

query-source address * port 53;
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." {
type hint;
file "db.cache";
};

zone "MYDOMAIN.co.uk" {
type master;
file "db.MYDOMAIN.co.uk";
};


zone "16.172.in-addr.arpa" {
type master;
file "db.172.16";
};

zone "4.168.192.in-addr.arpa" {
type master;
file "db.192.168.4";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
};

include "/etc/rndc.key";


the reverse DNS for my static block is looked after by my ISPs
nameservers and the forward addresses do match. The other in-addr.arpa.
zone files are left out but they look fine.

my db.MYDOMAIN.co.uk:-
-----------------------
$TTL 3h
MYDOMAIN.co.uk. IN SOA prod1.MYDOMAIN.co.uk.
mark.MYDOMAIN.co.uk. (
1 ; Serial
3h ; Refresh every 3 hours
1h ; Retry
1w ; Expires 1 week
1h ) ; negative chaing ttl
;nameservers
MYDOMAIN.co.uk. IN NS ns0.MYDOMAIN.co.uk.
MYDOMAIN.co.uk. IN NS ns1.MYDOMAIN.co.uk.

;hosts
localhost.MYDOMAIN.co.uk. IN A 127.0.0.1

;
; Internet hosts
;
ns0.MYDOMAIN.co.uk. IN A xx.yy.182.113
ns1.MYDOMAIN.co.uk. IN A xx.yy.182.114
www.MYDOMAIN.co.uk. IN A xx.yy.182.115
beta.MYDOMAIN.co.uk. IN A xx.yy.182.116
router.MYDOMAIN.co.uk. IN A xx.yy.182.118
gateway.MYDOMAIN.co.uk. IN A xx.yy.182.117

;
; LAN hosts
;
;dev.MYDOMAIN.co.uk. IN A 192.168.4.37
;windy.MYDOMAIN.co.uk. IN A 192.168.4.10
;lan-fw.MYDOMAIN.co.uk. IN A 192.16.4.77

;
; DMZ hosts
;
prod1.MYDOMAIN.co.uk. IN A 172.16.0.20
;dmz-fw.MYDOMAIN.co.uk. IN A 172.16.0.10


with this configuration I can only do lookups (forward and reverse) for
ns0.MYDOMAIN.co.uk and ns1.MYDOMAIN.co.uk (and only using the FQDN). e.g. :-
-------
[root@prod1 named]# dig ns0.MYDOMAIN.co.uk

; <<>> DiG 9.2.2-P3 <<>> ns0.MYDOMAIN.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1092
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;ns0.MYDOMAIN.co.uk. IN A

;; ANSWER SECTION:
ns0.MYDOMAIN.co.uk. 172800 IN A xx.yy.182.113

;; AUTHORITY SECTION:
MYDOMAIN.co.uk. 172800 IN NS ns0.MYDOMAIN.co.uk.
MYDOMAIN.co.uk. 172800 IN NS ns1.MYDOMAIN.co.uk.

;; ADDITIONAL SECTION:
ns1.MYDOMAIN.co.uk. 172800 IN A xx.yy.182.114

;; Query time: 2 msec
;; SERVER: 172.16.0.20#53(172.16.0.20)
;; WHEN: Wed Apr 7 13:57:22 2004
;; MSG SIZE rcvd: 104


All lookups for say, www.MYDOMAIN.co.uk is NXDOMAIN. I can't even
resolve localhost, or the nameservers DMZ hostname PROD1. but I can
resolve other internet addresses fine.

I've commented out my LAN and DMZ to keep everything as minimal as
possible. but when prod1.MYDOMAIN.co.uk. is commented out the above dig
will time out. I would appreciate any help given.


Regards, -Mark.

p.s. this is not how I expect my final config to be, i.e. no security
etc - I just want to get basic lookups for my domain working first so
please don't hassle me too much. :)