Find the answer to your Linux question:
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 11 to 20 of 23
Reading back thru my posts, I can see that they were ambiguous. *In theory*, you do not *have* to configure a forwarder. In my experience, due to network restrictions/firewall rules ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746

    Reading back thru my posts, I can see that they were ambiguous. *In theory*, you do not *have* to configure a forwarder.

    In my experience, due to network restrictions/firewall rules (especially with ISP's), configuring your "local" DNS server to send requests to an "official" DNS server (whatever is appropriate for your network) will greatly increase your odds of a quick installation/working configuration. This is what I meant to get across and did not do well.

    There are many "shooting in the dark" things you can try, but the real steps are to

    A) Get a simple, basic config.

    B) Use tcpdump/wireshark to look at where your packets are going and what is/isn't coming back.

  2. #12
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Fedora 11.

    Peter

  3. #13
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Here is two outputs from /var/log/messages. The first one is when named service starts. The second one is when nslookup is run looking for wwwDotgoogleDotcom:

    I have a feeling that somehow named is looking ONLY for ipv6 protocol and not ipv4.

    Peter

    Output when named service starts:
    --------------------------------------------
    Jul 28 11:13:31 einstein named[2335]: starting BIND 9.6.1-RedHat-9.6.1-3.fc11 -u named
    Jul 28 11:13:31 einstein named[2335]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i586-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i586-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
    Jul 28 11:13:31 einstein named[2335]: adjusted limit on open files from 1024 to 1048576
    Jul 28 11:13:31 einstein named[2335]: found 1 CPU, using 1 worker thread
    Jul 28 11:13:31 einstein named[2335]: using up to 4096 sockets
    Jul 28 11:13:31 einstein named[2335]: loading configuration from '/etc/named.conf'
    Jul 28 11:13:31 einstein named[2335]: using default UDP/IPv4 port range: [1024, 65535]
    Jul 28 11:13:31 einstein named[2335]: using default UDP/IPv6 port range: [1024, 65535]
    Jul 28 11:13:31 einstein named[2335]: listening on IPv4 interface lo, 127.0.0.1#53
    Jul 28 11:13:31 einstein named[2335]: listening on IPv4 interface eth0, 192.168.15.7#53
    Jul 28 11:13:31 einstein named[2335]: listening on IPv6 interface lo, ::1#53
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 127.IN-ADDR.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 254.169.IN-ADDR.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: D.F.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 8.E.F.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: 9.E.F.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: A.E.F.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: automatic empty zone: B.E.F.IP6.ARPA
    Jul 28 11:13:31 einstein named[2335]: command channel listening on 127.0.0.1#953
    Jul 28 11:13:31 einstein named[2335]: command channel listening on ::1#953
    Jul 28 11:13:31 einstein named[2335]: the working directory is not writable
    Jul 28 11:13:31 einstein named[2335]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
    Jul 28 11:13:31 einstein named[2335]: zone 0.in-addr.arpa/IN: loaded serial 0
    Jul 28 11:13:31 einstein named[2335]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
    Jul 28 11:13:31 einstein named[2335]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
    Jul 28 11:13:31 einstein named[2335]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
    Jul 28 11:13:31 einstein named[2335]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
    Jul 28 11:13:31 einstein named[2335]: zone localhost.localdomain/IN: loaded serial 0
    Jul 28 11:13:31 einstein named[2335]: zone localhost/IN: loaded serial 0
    Jul 28 11:13:32 einstein named[2335]: running

    Output on nslookup:
    ------------------------

    Jul 28 11:14:05 einstein named[2335]: network unreachable resolving './NS/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:06 einstein named[2335]: network unreachable resolving './NS/IN': 2001:7fd::1#53
    Jul 28 11:14:06 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:08 einstein named[2335]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
    Jul 28 11:14:10 einstein named[2335]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:13 einstein named[2335]: network unreachable resolving './NS/IN': 2001:dc3::35#53
    Jul 28 11:14:14 einstein named[2335]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:14 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:14 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:500:2f::f#53
    Jul 28 11:14:15 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:7fd::1#53
    Jul 28 11:14:15 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:15 einstein named[2335]: network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:dc3::35#53
    Jul 28 11:14:15 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:16 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:17 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:17 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:18 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:19 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:20 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:20 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:21 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:21 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:21 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:22 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:22 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:22 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:22 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:22 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:23 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:24 einstein named[2335]: network unreachable resolving 'L.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 2001:dc3::35#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:7fd::1#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:25 einstein named[2335]: network unreachable resolving 'I.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53
    Jul 28 11:14:26 einstein named[2335]: network unreachable resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:26 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:503:c27::2:30#53
    Jul 28 11:14:26 einstein named[2335]: network unreachable resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:503:ba3e::2:30#53

  4. #14
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Hi,

    Can you please tell me what parameters I must use with tcpdump?

    I guess "-n" is important so that ip addresses are displayed.

    Peter

  5. #15
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    One more question. Although I have disabled the firewall on my linux box, my linksys router still has a firewall. Do I need to open up UDP port 53 on my firewall?

    The DNS server will be used only for Intranet use. I don't want to expose the server to the outside world.

    Thank you for your help.

    Regards,
    Peter

  6. #16
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    ok. Now, I have dump info from tcpdump.

    In my first test, I used nslookup and set the server to 202.12.27.33 . This host is one of the root servers. When I do a lookup for a site called redwood.he.net, here is what is captured:

    14:28:02.740265 IP 192.168.15.7.34217 > 202.12.27.33.domain: 34802+ A? redwood.he.net. (32)
    14:28:02.745103 IP 202.12.27.33.domain > 192.168.15.7.34217: 34802 1/0/0 A 216.218.255.66 (4

    In the second test, I used nslookup and set to server to 192.168.15.7 (my machine running DNS server). The tcpdump output is:

    14:22:50.681547 IP 192.168.15.7.29893 > 198.41.0.4.domain: 23496% [1au] A? redwood.he.net. (43)
    14:22:57.102230 IP 192.168.15.7.35368 > 128.8.10.90.domain: 38404% [1au] A? redwood.he.net. (43)
    14:23:03.752270 IP 192.168.15.7.29563 > 192.112.36.4.domain: 27495% [1au] A? redwood.he.net. (43)
    14:23:10.414517 IP 192.168.15.7.59005 > 202.12.27.33.domain: 40447% [1au] A? redwood.he.net. (43)

    It appears it reaches out to four different root servers. However, none of them respond back.

    The only difference I see is that in the second case bind is sending some information such as "38404% [1au]." Perhaps the root servers do not like this format and never respond back.

    Is this possible?

    Thank you for your help.

    Regards,
    Peter

  7. #17
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Quote Originally Posted by PeterTaps View Post
    I have a feeling that somehow named is looking ONLY for ipv6 protocol and not ipv4.
    I will agree with this remove the IPv6 stuff from your named.conf file

    Jul 28 11:13:31 einstein named[2335]: loading configuration from '/etc/named.conf'
    If you are using Fedora then your config files for DNS should be under /var/named/chroot as RH uses a chroot env.
    Is this the case?

    Jul 28 11:13:31 einstein named[2335]: the working directory is not writable
    This is stating that the directory where you have your files named does not have write access to. If using SELlinux then the only dirs that named has access to by default is

    /var/named/chroot/var/named/slaves
    and
    /var/named/chroot/var/named/data

    [quote]
    Jul 28 11:14:05 einstein named[2335]: network unreachable resolving './NS/IN': 2001:500:1::803f:235#53
    Jul 28 11:14:06 einstein named[2335]: network unreachable resolving './NS/IN': 2001:7fd::1#53
    /QUOTE]

    This is all IPv6 stuff and could be the reason why you are not resolving.

    Quote Originally Posted by PeterTaps View Post
    One more question. Although I have disabled the firewall on my linux box, my linksys router still has a firewall. Do I need to open up UDP port 53 on my firewall?

    The DNS server will be used only for Intranet use. I don't want to expose the server to the outside world.

    Thank you for your help.

    Regards,
    Peter
    Linksys allows everything out and ESTABLISHED connection back in so you do not need to do anything unless you are trying to allow the outside to use your dns server but until you get this thing up and running I would not advise this.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #18
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    OK, lets see if we cannot get you resolving first.
    Try the following config. Be sure to backup the one you have now just in case you need to go back to it.

    Code:
    options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes;
    };
    
    logging {
        channel "named_log" {
            // send most BIND logs to a dedicated log file
            file "/var/named/data/dns_named.log" versions 5 size 1m;
            severity dynamic;
            print-category yes;
            print-severity yes;
            print-time yes;
        };
    };
    
    zone "." IN {
    type hint;
    file "named.ca";
    };
    Ensure that named.ca is in /var/named and that it contains the following;

    Code:
    ; <<>> DiG 9.2.4 <<>> @e.root-servers.net . ns
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21935
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
    
    ;; QUESTION SECTION:
    ;.                              IN      NS
    
    ;; ANSWER SECTION:
    .                       518400  IN      NS      A.ROOT-SERVERS.NET.
    .                       518400  IN      NS      L.ROOT-SERVERS.NET.
    .                       518400  IN      NS      D.ROOT-SERVERS.NET.
    .                       518400  IN      NS      G.ROOT-SERVERS.NET.
    .                       518400  IN      NS      K.ROOT-SERVERS.NET.
    .                       518400  IN      NS      F.ROOT-SERVERS.NET.
    .                       518400  IN      NS      I.ROOT-SERVERS.NET.
    .                       518400  IN      NS      M.ROOT-SERVERS.NET.
    .                       518400  IN      NS      H.ROOT-SERVERS.NET.
    .                       518400  IN      NS      E.ROOT-SERVERS.NET.
    .                       518400  IN      NS      C.ROOT-SERVERS.NET.
    .                       518400  IN      NS      J.ROOT-SERVERS.NET.
    .                       518400  IN      NS      B.ROOT-SERVERS.NET.
    
    ;; ADDITIONAL SECTION:
    A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
    A.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:503:ba3e::2:30
    B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
    C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
    D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
    E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
    F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
    F.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:2f::f
    G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
    H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
    H.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:1::803f:235
    I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
    J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
    J.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:503:c27::2:30
    
    ;; Query time: 110 msec
    ;; SERVER: 192.203.230.10#53(192.203.230.10)
    ;; WHEN: Tue Jul 28 18:56:03 2009
    ;; MSG SIZE  rcvd: 500
    This is what tells named where to look when it doesn't have the information it needs.
    Now try to resolve
    Code:
    www.testnet.net

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #19
    Just Joined!
    Join Date
    Jul 2009
    Posts
    8
    can u post your external mechine resolv.conf.

    Also pleaase post the output of the following command from external linux mechine .

    >nslookup
    >NS < your name server>
    >set q=A
    ><your externel domain name>

  10. #20
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Problem solved.

    In my desparation, I replaced the Linksys router with a DLink one. The problem disappeared. This was a higher-end linksys router. I spent 3 days trying to fix the problem. Not buying any Linksys routers anymore.

    Thank you all, especially Robert, for your help.

    Regards,
    Peter

Page 2 of 3 FirstFirst 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •