Re: newbie struggles....
This is a discussion on Re: newbie struggles.... within the Bind Users forums, part of the DNS and Related Forums category; thanks for responding - the problem turns out to be that the /etc/named.conf on fedora is not read by ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-09-2004
|
|||
|
|||
Re: newbie struggles....
thanks for responding - the problem turns out to be that the
/etc/named.conf on fedora is not read by BIND at startup if running in chroot jail (despite what /var/log/messages says) - moved it to /var/named/chroot/etc and it now works. Bit stupid really, but there you go. On Wed, 2004-04-07 at 14:59, phn@icke-reklam.ipsec.nu wrote: > Mark Page <mark@weballistics.com> wrote: > > Hi all, > > > I've been trying to set up an authoratitive server for my domain name > > using BIND 9.2.2.P3 on fedora core 1 with the help of the O'reilly book, > > but with no joy. > > Ok, i'll answer "interleaved". But first i'm not clears about > your topology. In the nameservers located outside your NAT-device ? > Hiding ip-addresses will interfere with understanding your problem, > just like hiding your real domain. > > Another thing, you should implement "split-dns" so your rfc1918 > addresses are hidden from Internet(while usable from inside) > > > > My network set up is like this :- > > > Internet <--> firewall <--> DMZ (172.16/16) > > " <--> LAN (192.168.4/24) > > > > I have a domain name which I've delegated the authority for via the > > domain name registry's web-site, e.g. > > > MYDOMAIN.co.uk xx.yy.182.113 ns0.MYDOMAIN.co.uk > > xx.yy.182.114 ns1.MYDOMAIN.co.uk > > > > I have named running on 172.16.0.20 with the hostname PROD1 and use NAT > > to map to 'real' ip address of xx.yy.182.113. > > > > my resolv.conf:- > > On which machine ? The dns server or a client box ? > > ---------------- > > [root@prod1 named]# more /etc/resolv.conf > > domain MYDOMAIN.co.uk > > #nameserver 127.0.0.1 > > nameserver 172.16.0.20 > > > > > my named.conf:- > > --------------- > > options { > > directory "/var/named"; > > > // Uncommenting this might help if you have to go through a > > // firewall and things are not working out. But you probably > > // need to talk to your firewall admin. > > > query-source address * port 53; > > The above is unneeded, remove. ( unless your firewall is really stupid) > > > }; > > > controls { > > inet 127.0.0.1 allow { localhost; } keys { rndckey; }; > > }; > > > zone "." { > > type hint; > > file "db.cache"; > > }; > > > zone "MYDOMAIN.co.uk" { > > type master; > > file "db.MYDOMAIN.co.uk"; > > }; > > > > zone "16.172.in-addr.arpa" { > > type master; > > file "db.172.16"; > > }; > > > zone "4.168.192.in-addr.arpa" { > > type master; > > file "db.192.168.4"; > > }; > > > zone "0.0.127.in-addr.arpa" { > > type master; > > file "db.127.0.0"; > > }; > > > include "/etc/rndc.key"; > > > > the reverse DNS for my static block is looked after by my ISPs > > nameservers and the forward addresses do match. The other in-addr.arpa. > > zone files are left out but they look fine. > > Yes, you need to resolve rfc1918 addresses if your clients should not > suffer long delays. > > > > my db.MYDOMAIN.co.uk:- > > ----------------------- > > $TTL 3h > > MYDOMAIN.co.uk. IN SOA prod1.MYDOMAIN.co.uk. > > mark.MYDOMAIN.co.uk. ( > > 1 ; Serial > > 3h ; Refresh every 3 hours > > 1h ; Retry > > 1w ; Expires 1 week > > 1h ) ; negative chaing ttl > > ;nameservers > > MYDOMAIN.co.uk. IN NS ns0.MYDOMAIN.co.uk. > > MYDOMAIN.co.uk. IN NS ns1.MYDOMAIN.co.uk. > > > ;hosts > > localhost.MYDOMAIN.co.uk. IN A 127.0.0.1 > > > ; > > ; Internet hosts > > ; > > ns0.MYDOMAIN.co.uk. IN A xx.yy.182.113 > > ns1.MYDOMAIN.co.uk. IN A xx.yy.182.114 > > www.MYDOMAIN.co.uk. IN A xx.yy.182.115 > > beta.MYDOMAIN.co.uk. IN A xx.yy.182.116 > > router.MYDOMAIN.co.uk. IN A xx.yy.182.118 > > gateway.MYDOMAIN.co.uk. IN A xx.yy.182.117 > > > ; > > ; LAN hosts > > ; > > ;dev.MYDOMAIN.co.uk. IN A 192.168.4.37 > > ;windy.MYDOMAIN.co.uk. IN A 192.168.4.10 > > ;lan-fw.MYDOMAIN.co.uk. IN A 192.16.4.77 > > > ; > > ; DMZ hosts > > ; > > prod1.MYDOMAIN.co.uk. IN A 172.16.0.20 > > ;dmz-fw.MYDOMAIN.co.uk. IN A 172.16.0.10 > > > > with this configuration I can only do lookups (forward and reverse) for > > ns0.MYDOMAIN.co.uk and ns1.MYDOMAIN.co.uk (and only using the FQDN). e.g. :- > > > You probably only see delegation data. > > > > ------- > > [root@prod1 named]# dig ns0.MYDOMAIN.co.uk > > > ; <<>> DiG 9.2.2-P3 <<>> ns0.MYDOMAIN.co.uk > > ;; global options: printcmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1092 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 > > > ;; QUESTION SECTION: > > ;ns0.MYDOMAIN.co.uk. IN A > > > ;; ANSWER SECTION: > > ns0.MYDOMAIN.co.uk. 172800 IN A xx.yy.182.113 > > > ;; AUTHORITY SECTION: > > MYDOMAIN.co.uk. 172800 IN NS ns0.MYDOMAIN.co.uk. > > MYDOMAIN.co.uk. 172800 IN NS ns1.MYDOMAIN.co.uk. > > > ;; ADDITIONAL SECTION: > > ns1.MYDOMAIN.co.uk. 172800 IN A xx.yy.182.114 > > > ;; Query time: 2 msec > > ;; SERVER: 172.16.0.20#53(172.16.0.20) > > ;; WHEN: Wed Apr 7 13:57:22 2004 > > ;; MSG SIZE rcvd: 104 > > > > All lookups for say, www.MYDOMAIN.co.uk is NXDOMAIN. I can't even > > resolve localhost, or the nameservers DMZ hostname PROD1. but I can > > resolve other internet addresses fine. > > > I've commented out my LAN and DMZ to keep everything as minimal as > > possible. but when prod1.MYDOMAIN.co.uk. is commented out the above dig > > will time out. I would appreciate any help given. > > > > Regards, -Mark. > > > p.s. this is not how I expect my final config to be, i.e. no security > > etc - I just want to get basic lookups for my domain working first so > > please don't hassle me too much. :) > > One key issue is your interaction with firewall/nat device. Start > working on dns-servers and when they work ok, see that other server(s) > and clients do what's intended. > > > > > 
|
Linear Mode
