Hi everybody,
I reinstalled my gateway yesterday and it seems like named is causing issues that it did not do before on other versions. I am running named on the external interface to advertise the domains I'm hosting and on the internal and local interface as a caching server.
The named.conf file follows:
Code:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
query-source address * port 53;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "localhost_resolver"
{
match-clients { localhost; 10.0.0.1; 10.0.0.0/8; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "MY_REV_IP.in-addr.arpa" {
type master;
notify no;
file "named.rev.domains";
allow-query { any; };
};
zone "domain1"{
type master;
file "named.domain1";
notify no;
allow-query { any; };
};
zone "domain2"{
type master;
file "named.domain2";
notify no;
allow-query { any; };
};
include "/etc/named.rfc1912.zones";
};
view external {
match-clients { any ; };
recursion no;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "MY_REV_IP.in-addr.arpa" {
type master;
notify yes;
file "named.rev.domains";
allow-query { any; };
also-notify { ISP_DNS };
};
zone "domain1"{
type master;
file "named.domain1";
notify yes;
allow-query { any; };
also-notify { ISP_DNS };
};
zone "domain2"{
type master;
file "named.domain2";
notify yes;
allow-query { any; };
also-notify { ISP_DNS };
};
};
Also, here is one of the domains config zones:
Code:
$TTL 604800
domain1. IN SOA ns1.domain1. hostmaster.domain1. (
200911200; serial
86400 ; refresh
7200 ; retry
1209600 ; expire
604800 ) ; default_ttl
IN A MY_PUBLIC_IP
;
; Name servers for the domain
;
IN NS ns1.domain1.
IN NS ns2.domain1.
;
; Mail server for domain
;
IN MX 5 mail
;
; Nodes in domain
;
node1 IN A MY_PUBLIC_IP
ns1 IN A MY_PUBLIC_IP
mail IN A MY_PUBLIC_IP
radio IN A MY_PUBLIC_IP
cubemail IN A MY_PUBLIC_IP
node2 IN A MY_PUBLIC_IP
ns2 IN A MY_PUBLIC_IP
;
; Aliases to existing nodes in domain
;
www IN CNAME node1
ftp IN CNAME node1
I will attach also the /var/log/maillog section where you can see the domains and if you look, you will notice that named sends notifies on the external "view", so the ISP DNS should receive the advertisements.
Code:
Nov 20 09:08:03 server_name named[9706]: zone MY_IP_REV.in-addr.arpa/IN/external: loaded serial 200911200
Nov 20 09:08:03 server_name named[9706]: zone domain1/IN/external: loaded serial 200911200
Nov 20 09:08:03 server_name named[9706]: zone domain2/IN/external: loaded serial 200911200
Nov 20 09:08:03 server_name named[9706]: zone domain3/IN/external: loaded serial 200911200
Nov 20 09:08:03 server_name named[9706]: zone domain4/IN/external: loaded serial 200911200
Nov 20 09:08:03 server_name named[9706]: zone MY_IP_REV.in-addr.arpa/IN/external: sending notifies (serial 200911200)
Nov 20 09:08:03 server_name named[9706]: zone domain1/IN/external: sending notifies (serial 200911200)
Nov 20 09:08:03 server_name named[9706]: zone domain2/IN/external: sending notifies (serial 200911200)
Nov 20 09:08:03 server_name named[9706]: zone domain3/IN/external: sending notifies (serial 200911200)
Nov 20 09:08:03 server_name named[9706]: zone domain4/IN/external: sending notifies (serial 200911200)
Nov 20 09:08:03 server_name named[9706]: running
Nov 20 09:08:03 server_name named[9706]: client MY_PUBLIC_IP#63545: view localhost_resolver: received notify for zone 'MY_IP_REV.in-addr.arpa'
Nov 20 09:08:03 server_name named[9706]: client MY_PUBLIC_IP#63545: view localhost_resolver: received notify for zone 'domain1'
Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain2'
Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain3'
Nov 20 09:08:04 server_name named[9706]: client MY_PUBLIC_IP#33243: view localhost_resolver: received notify for zone 'domain4
If I do a query from kloth.net (for example), the DNS is answering, but for some reason is not advertising the domains. The iptables rules are the following:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.0.0.0/8 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:kme-trap-port
ACCEPT tcp -- anywhere anywhere tcp dpt:infowave
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:servexec
ACCEPT tcp -- anywhere anywhere tcp dpt:down
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:umsp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT udp -- anywhere anywhere udp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpts:50000:51000
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:snmp
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:irdmi
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp echo-reply
DROP icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere 10.0.0.101 tcp dpt:http
ACCEPT tcp -- anywhere 10.0.0.102 tcp dpt:http
ACCEPT tcp -- anywhere 10.0.0.2 tcp dpt:vnc-server
ACCEPT tcp -- anywhere 10.0.0.3 tcp dpt:5901
ACCEPT tcp -- anywhere 10.0.0.2 tcp dpt:60000
ACCEPT udp -- anywhere 10.0.0.2 udp dpt:60000
ACCEPT tcp -- anywhere 10.0.0.3 tcp dpt:60001
ACCEPT udp -- anywhere 10.0.0.3 udp dpt:60001
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 10.0.0.0/8
DROP tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:servexec
ACCEPT tcp -- anywhere anywhere tcp spt:down
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:nicname state NEW
ACCEPT tcp -- anywhere anywhere tcp spt:umsp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:webcache
ACCEPT tcp -- anywhere anywhere tcp spts:50000:51000
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:snmp
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp spt:openvpn
ACCEPT udp -- anywhere anywhere udp spt:openvpn
ACCEPT udp -- anywhere anywhere udp spts:filenet-rpc:65535 dpts:traceroute:33523 state NEW
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:irdmi
ACCEPT icmp -- anywhere anywhere icmp echo-request
If I do nslookup at the provider I'm getting:
Code:
nslookup domain1
;; Got SERVFAIL reply from ISP_DNS1, trying next server
;; Got SERVFAIL reply from ISP_DNS2, trying next server
Server: ISP_DNS1
Address: ISP_DNS1#53
** server can't find domain1: NXDOMAIN
But when I nslookup for it locally or on the internal interface, it answers:
Code:
nslookup domain1 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: domain1
Address: MY_PUBLIC_IP
I tried to do DNS query from outside to yahoo.com and it refuses, so it is not a public DNS, that is fine as in the configuration. So, here, it behaves as it should. I will also attach the log for it:
Code:
Nov 20 09:50:46 server_name named[9706]: client 88.198.39.133#16791: view external: query (cache) 'yahoo.com/A/IN' denied
I don't know if my DNS is sending advertisements. How can I check? Can anybody help me? My domain has been down for more than 24 hours and I'm losing e-mails. LOTS!
Thank you...
Redhat / Fedora Linux Help Help and discussion related to Redhat and Fedora Linux.
Submit Your Article
Latest Articles
Article Categories
Join Linux Forums Today
Fedora 12 DNS problen 
Linear Mode
