Results 1 to 6 of 6
Hi everybody,
I reinstalled my gateway yesterday and it seems like named is causing issues that it did not do before on other versions. I am running named on the ...
- 11-20-2009 #1Just Joined!
- Join Date
- Jul 2007
- Posts
- 10
Fedora 12 DNS problen
Hi everybody,
I reinstalled my gateway yesterday and it seems like named is causing issues that it did not do before on other versions. I am running named on the external interface to advertise the domains I'm hosting and on the internal and local interface as a caching server.
The named.conf file follows:
Also, here is one of the domains config zones:Code:options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; query-source address * port 53; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "localhost_resolver" { match-clients { localhost; 10.0.0.1; 10.0.0.0/8; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; zone "MY_REV_IP.in-addr.arpa" { type master; notify no; file "named.rev.domains"; allow-query { any; }; }; zone "domain1"{ type master; file "named.domain1"; notify no; allow-query { any; }; }; zone "domain2"{ type master; file "named.domain2"; notify no; allow-query { any; }; }; include "/etc/named.rfc1912.zones"; }; view external { match-clients { any ; }; recursion no; zone "." IN { type hint; file "/var/named/named.ca"; }; zone "MY_REV_IP.in-addr.arpa" { type master; notify yes; file "named.rev.domains"; allow-query { any; }; also-notify { ISP_DNS }; }; zone "domain1"{ type master; file "named.domain1"; notify yes; allow-query { any; }; also-notify { ISP_DNS }; }; zone "domain2"{ type master; file "named.domain2"; notify yes; allow-query { any; }; also-notify { ISP_DNS }; }; };
I will attach also the /var/log/maillog section where you can see the domains and if you look, you will notice that named sends notifies on the external "view", so the ISP DNS should receive the advertisements.Code:$TTL 604800 domain1. IN SOA ns1.domain1. hostmaster.domain1. ( 200911200; serial 86400 ; refresh 7200 ; retry 1209600 ; expire 604800 ) ; default_ttl IN A MY_PUBLIC_IP ; ; Name servers for the domain ; IN NS ns1.domain1. IN NS ns2.domain1. ; ; Mail server for domain ; IN MX 5 mail ; ; Nodes in domain ; node1 IN A MY_PUBLIC_IP ns1 IN A MY_PUBLIC_IP mail IN A MY_PUBLIC_IP radio IN A MY_PUBLIC_IP cubemail IN A MY_PUBLIC_IP node2 IN A MY_PUBLIC_IP ns2 IN A MY_PUBLIC_IP ; ; Aliases to existing nodes in domain ; www IN CNAME node1 ftp IN CNAME node1
If I do a query from kloth.net (for example), the DNS is answering, but for some reason is not advertising the domains. The iptables rules are the following:Code:Nov 20 09:08:03 server_name named[9706]: zone MY_IP_REV.in-addr.arpa/IN/external: loaded serial 200911200 Nov 20 09:08:03 server_name named[9706]: zone domain1/IN/external: loaded serial 200911200 Nov 20 09:08:03 server_name named[9706]: zone domain2/IN/external: loaded serial 200911200 Nov 20 09:08:03 server_name named[9706]: zone domain3/IN/external: loaded serial 200911200 Nov 20 09:08:03 server_name named[9706]: zone domain4/IN/external: loaded serial 200911200 Nov 20 09:08:03 server_name named[9706]: zone MY_IP_REV.in-addr.arpa/IN/external: sending notifies (serial 200911200) Nov 20 09:08:03 server_name named[9706]: zone domain1/IN/external: sending notifies (serial 200911200) Nov 20 09:08:03 server_name named[9706]: zone domain2/IN/external: sending notifies (serial 200911200) Nov 20 09:08:03 server_name named[9706]: zone domain3/IN/external: sending notifies (serial 200911200) Nov 20 09:08:03 server_name named[9706]: zone domain4/IN/external: sending notifies (serial 200911200) Nov 20 09:08:03 server_name named[9706]: running Nov 20 09:08:03 server_name named[9706]: client MY_PUBLIC_IP#63545: view localhost_resolver: received notify for zone 'MY_IP_REV.in-addr.arpa' Nov 20 09:08:03 server_name named[9706]: client MY_PUBLIC_IP#63545: view localhost_resolver: received notify for zone 'domain1' Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain2' Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain3' Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain4
If I do nslookup at the provider I'm getting:Code:Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- 10.0.0.0/8 anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:openvpn ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:kme-trap-port ACCEPT tcp -- anywhere anywhere tcp dpt:infowave ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:servexec ACCEPT tcp -- anywhere anywhere tcp dpt:down ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:umsp ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT udp -- anywhere anywhere udp spt:http ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ACCEPT tcp -- anywhere anywhere tcp dpts:50000:51000 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT udp -- anywhere anywhere udp dpt:snmp ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn ACCEPT udp -- anywhere anywhere udp dpt:openvpn ACCEPT udp -- anywhere anywhere udp dpt:ntp ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp dpt:irdmi DROP icmp -- anywhere anywhere icmp echo-request DROP icmp -- anywhere anywhere icmp echo-reply DROP icmp -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn DROP udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere 10.0.0.101 tcp dpt:http ACCEPT tcp -- anywhere 10.0.0.102 tcp dpt:http ACCEPT tcp -- anywhere 10.0.0.2 tcp dpt:vnc-server ACCEPT tcp -- anywhere 10.0.0.3 tcp dpt:5901 ACCEPT tcp -- anywhere 10.0.0.2 tcp dpt:60000 ACCEPT udp -- anywhere 10.0.0.2 udp dpt:60000 ACCEPT tcp -- anywhere 10.0.0.3 tcp dpt:60001 ACCEPT udp -- anywhere 10.0.0.3 udp dpt:60001 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 10.0.0.0/8 DROP tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn DROP udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data ACCEPT tcp -- anywhere anywhere tcp spt:ftp ACCEPT tcp -- anywhere anywhere tcp spt:servexec ACCEPT tcp -- anywhere anywhere tcp spt:down ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:nicname state NEW ACCEPT tcp -- anywhere anywhere tcp spt:umsp ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:http ACCEPT tcp -- anywhere anywhere tcp spt:webcache ACCEPT tcp -- anywhere anywhere tcp spts:50000:51000 ACCEPT tcp -- anywhere anywhere tcp spt:pop3 ACCEPT udp -- anywhere anywhere udp spt:snmp ACCEPT tcp -- anywhere anywhere tcp spt:https ACCEPT tcp -- anywhere anywhere tcp spt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp spt:openvpn ACCEPT udp -- anywhere anywhere udp spt:openvpn ACCEPT udp -- anywhere anywhere udp spts:filenet-rpc:65535 dpts:traceroute:33523 state NEW ACCEPT udp -- anywhere anywhere udp spt:ntp ACCEPT tcp -- anywhere anywhere tcp spt:mysql ACCEPT tcp -- anywhere anywhere tcp spt:irdmi ACCEPT icmp -- anywhere anywhere icmp echo-request
But when I nslookup for it locally or on the internal interface, it answers:Code:nslookup domain1 ;; Got SERVFAIL reply from ISP_DNS1, trying next server ;; Got SERVFAIL reply from ISP_DNS2, trying next server Server: ISP_DNS1 Address: ISP_DNS1#53 ** server can't find domain1: NXDOMAIN
I tried to do DNS query from outside to yahoo.com and it refuses, so it is not a public DNS, that is fine as in the configuration. So, here, it behaves as it should. I will also attach the log for it:Code:nslookup domain1 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1#53 Name: domain1 Address: MY_PUBLIC_IP
I don't know if my DNS is sending advertisements. How can I check? Can anybody help me? My domain has been down for more than 24 hours and I'm losing e-mails. LOTS!Code:Nov 20 09:50:46 server_name named[9706]: client 88.198.39.133#16791: view external: query (cache) 'yahoo.com/A/IN' denied
Thank you...
- 11-20-2009 #2Linux Guru
- Join Date
- Jun 2004
- Location
- The Key Stone State
- Posts
- 2,045
What are the real names for 'domain1' and 'domain2' and any other domain that is not working?
If you expect help we need real world names to check with.
- 11-20-2009 #3Just Joined!
- Join Date
- Jul 2007
- Posts
- 10
In this case domain1 is blueuniverse.org. I found what the issue is, but I need a way to avoid it. When I bought the domain, I had to associate it with 2 nameservers, that NEED to have IPs associated with them. The IPs are actually the same:
ns1.blueuniverse.org as 68.147.9.25
ns2.blueuniverse.org as 68.147.9.25
The registrar is misk.com.
Now the problem is the registrar because it probably doesn't have a DDNS service that I could use to change my IP when it changes dynamically. What would be your advice in this case? Is there a free DDNS service out there to transfer the domain without cost? Do I actually have to move the domain in order to make it work?
Thank you!
- 11-22-2009 #4Linux Guru
- Join Date
- Jun 2004
- Location
- The Key Stone State
- Posts
- 2,045
Sorry it has taken me so long to get back. Work is killing me at the moment.
As to DDNS I don't know or could not recommend any as I do not use them. You should be able to search the web and find one that you like.
- 11-22-2009 #5Just Joined!
- Join Date
- Jul 2007
- Posts
- 10
I talked to misk.com and they told me that every time a nameserver IP address changes, I have to wait 48 to propagate, so for now I'm stuck with this solutions. The ISP I'm connected to could offer static IP addresses for an amount of money, but they could offer this service at no cost (they are not willing to do it). My main issue was actually coming from the nameserver propagation.
In the end my DNS is configured properly. Thenk you for all the help. And...for the records, I'm in Canada and I'm using Shaw Cable...
- 11-23-2009 #6Linux Guru
- Join Date
- Jun 2004
- Location
- The Key Stone State
- Posts
- 2,045
As stated I don't use any of these but this GOOGLE Search I seen one that might be what you are looking for. It is the second one down. Look at all of them you might find something that fits your needs.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
