Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 23
Folks, I am getting an DNS error that I cannot figure out. I would appreciate it if someone can provide some guidance. I have set up DNS server on Fedora ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23

    DNS server times out when testing from different machine


    Folks,

    I am getting an DNS error that I cannot figure out. I would appreciate it if someone can provide some guidance.

    I have set up DNS server on Fedora 11. The configuration files are at the end of the message. (Note: I couldn't include zone files as I get an "url not allowed" error while posting this info).

    The DNS server machine is called einstein.

    When I run nslookup for local machine, I have no problems in resolving intranet addresses as well as extranet addresses.

    When I run nslookup from a different machine (Windows), local intranet queries work fine. However, when I type in an extranet address such as wwwDotgoogleDotcom, I get an error that "DNS request timed out.

    It is not a firewall problem as I am able to resolve local addresses correctly. I even tried "telnet einstein 53" and that seems to connect. As you know, 53 is the port where DNS server is listening.

    I also see that ludewig (my Windows machine) successfully registers itself with einstein when booten. Both forward and reverse zone files are getting updated with new information.

    On the Internet, there was some comment about not having reverse pointer in the zone file. However, if you look at my configuration, you will see that I do have reverse configuration set up.

    Can someone please tell me what is it that I am not doing right?

    Regards,
    Peter

    Configuration files:

    #file /etc/resolv.conf

    domain abc.net
    search abc.net
    nameserver 127.0.0.1
    nameserver 66.60.130.2

    #file /etc/named.conf


    options {
    listen-on port 53 {any; };
    listen-on-v6 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    };

    acl ournet {
    192.168.15.0/24;
    127.0.0.1;
    };

    zone "abc.net" {
    type master;
    notify no;
    allow-query {any; };
    allow-update { ournet; };
    file "abc.zone";
    };

    zone "15.168.192.in-addr.arpa" {
    type master;
    notify no;
    allow-query {any;};
    file "192-168-15.zone";
    };

    (some more standard stuff here in the file)

  2. #2
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Folks,

    I reinstalled Fedora 11. Disabled SELinux. Disabled firewall. Still getting the same problem.

    To summarize my problem:

    nslookup for wwwDotgoogleDotcom works great from the local linux machine. When I try nslookup from another machine, I get an error "DNS request timed out."

    File /var/log/messages show the following error:

    network unreachable resolving 'wwwDotgoogleDotcom/A/IN': 2001:500:1:803f:235#53.

    I think what is going on is that, on the local machine, nslookup first looks at
    127.0.01. Next, it looks at 66.60.130.2 (the dns server given by my ISP provider). The ip is resolved and returned. However, from remote machines, 66.60.130.2 was never consulted.

    So I commented out "nameserver 66.60.130.2" line from my /etc/resolv.conf. Now, I can reproduce the problem on the local machine itself.

    I still don't know how to fix the problem. I would appreciate it if someone can point me in the right direction.

    Thank you in advance for your help.

    Regards,
    Peter

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Do you have a root hint file for your dns setup? This is what DNS uses to locate the corect serve with the information you are trying to resolve.

    66.60.130.2 is never questioned if dns is up and running on 127.0.0.1

    To test this you can move 66.60.130.2 up and lookup google again.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. #4
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,756
    How DNS Works

    Forwarders
    A DNS server generally attempts to resolve a query against its local cache and zone files. Failing that, the DNS server queries one or more other name servers to resolve the query.
    I don't see any BIND forwarders entry in your server config.

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by HROAdmin26 View Post
    How DNS Works



    I don't see any BIND forwarders entry in your server config.
    The only time you need forwards is when you are looking for another DNS server to do the work.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,756
    If the DNS *server* is not configured to forward, then lookups outside the authority of the server's SOA will fail.

    This is because of client behavior. If the DNS client gets a response from a server, that's the answer - name not found, here's the IP, etc. If the DNS server doesn't respond (seems to be offline), the client will move to the next DNS server in the list. I have seen variation in some DNS clients depending on OS as well.

  7. #7
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    Thank you all for your help.

    I added "forwarders {66.60.130.2; };}" in options file and restarted named. Still the problem does not go away.

    My firewall is disabled.
    SELinux is disabled
    chkconfig iptables off
    chkconfig ip6tabes off

    I see a bunch of people having the same problem on the Internet. However, I haven't found any solution.

    Anyone has any idea on what could be going on?

    Thank you once again for your help.

    Regards,
    Peter

  8. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by HROAdmin26 View Post
    If the DNS *server* is not configured to forward, then lookups outside the authority of the server's SOA will fail.

    This is because of client behavior. If the DNS client gets a response from a server, that's the answer - name not found, here's the IP, etc. If the DNS server doesn't respond (seems to be offline), the client will move to the next DNS server in the list. I have seen variation in some DNS clients depending on OS as well.
    The OP is setting up his own DNS server. Since he is setting up his own server with zones and all it will be able to properly resolve all requests as long as the root.hints section is setup correctly.

    Forwarders are used when you want another server to do the work for you. Either because you do not know what you are doing or too lazy to set it up correctly.

    If you are setting up you own DNS server you do not need to forward as the DNS server can do it all.

    Quote Originally Posted by PeterTaps View Post
    Thank you all for your help.

    I added "forwarders {66.60.130.2; };}" in options file and restarted named. Still the problem does not go away.

    My firewall is disabled.
    SELinux is disabled
    chkconfig iptables off
    chkconfig ip6tabes off
    Looking at the above I am going to assume you are using a RH product or one like it.

    Run the following commands please and post the output;

    Code:
    named-checkconf <path>/named.conf
    named-checkzone <zone name> <path to file>
    Please also give the complete path to named.conf and the zone files.

    I see a bunch of people having the same problem on the Internet. However, I haven't found any solution.

    Anyone has any idea on what could be going on?

    Thank you once again for your help.

    Regards,
    Peter
    Not sure yet. Would like to see a complete named.conf file

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #9
    Just Joined!
    Join Date
    Jul 2009
    Posts
    23
    I just rebuilt the box once again. This time, I did not even set up the internal zones yet as the problem was with external names only.

    Here is the complete listing from my /etc/named.conf. I just used the sample named.conf that is found in /usr/share/doc/bind.../sample directory.

    Peter

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside . trust-anchor dlv.isc.org.;

    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    include "/etc/named.rfc1912.zones";

    include "/etc/pki/dnssec-keys//named.dnssec.keys";
    include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";

  10. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    What is the OS running on this box?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •