DNS server not resolving except with dig <at>localhost

[SilverSonic]

Ok, I had a nice long detailed post all ready to go with lots of information for troubleshooting, but the *explitive deleted* forum s/w thinks I'm trying to post URLs, and try as I could to sanitize the post, it still thought there was a URL somewhere in there. SO... here's the really simplified version without any really useful copy/pastes from the command line...
(and I think I figured out one thing on the forum - it thinks anything that has an 'at sign' is a URL - so when I say 'dig <at>localhost', imagine the "At" symbol there...)


Fedora 11, fresh install, did all the software updates.

Server has eth0 and eth1, both on private IP subnets, one has an upstream to the Internet, one's isolated.

Can ping numerically to public hosts from server command line. Default gateway routing is good.

Port 53 is opened up through the firewall (Gnome: System/Administration/Firewall). Not sure about SELinux. I'm not very well versed in that, though I did look close enough to see that port 53 was configured for MLS/MCS of s0. Not sure if that's good or bad.

nslookup fails to resolve, either on another system accessing it through eth0 or eth1, or on the server itself. It always gives a "connection timed out; no servers could be reached" (or Windows equivalent) message. From another host, the rejection is immediate. Locally on the server, it takes awhile.

dig fails to resolve if executed with the "dig hostname" or "dig server-IP hostname" usage. It DOES however resolve if you execute it as "dig <at>localhost hostname". So, the DNS server is functioning. Access to it just appears to be blocked most of the time.


Possibly related??: I've configured Remote Desktop to be available on the server and opened port 5900 in the firewall, but when I try to connect to it through tightVNC from another system, it fails. Is there a firewall issue that I can't see here that's affecting both services?? I've disabled the firewall through Gnome and by stopping the iptables service, and neither changes the problem.


Ideas???

Thanks in advance

P.S. I think this may be related to new or changed defaults in F11. I originally built the system on different hardware yesterday using F7 (because it was the only install DVD I had handy at the time), and it worked just fine including VNC. The other server had motherboard problems so I moved to a different box and, having downloaded F11 overnight, I installed that. Neither DNS nor VNC have worked yet... ???

[Lazydog]

You say port 53 is open, which protocol? UDP or TCP or Both?
Are all the other machines pointing to this machine for their DNS resolution?
can you paste the following?

/etv/sysconfig/iptables

/etc/resolv.conf

Have you restarted your firewall after you made the changes?

[robertdaleweir]

Ok, I had a nice long detailed post all ready to go with lots of information for troubleshooting, but the *explitive deleted* forum s/w thinks I'm trying to post URLs, and try as I could to sanitize the post, it still thought there was a URL somewhere in there. SO... here's the really simplified version without any really useful copy/pastes from the command line...
(and I think I figured out one thing on the forum - it thinks anything that has an 'at sign' is a URL - so when I say 'dig <at>localhost', imagine the "At" symbol there...)


Fedora 11, fresh install, did all the software updates.

Server has eth0 and eth1, both on private IP subnets, one has an upstream to the Internet, one's isolated.

Can ping numerically to public hosts from server command line. Default gateway routing is good.

Port 53 is opened up through the firewall (Gnome: System/Administration/Firewall). Not sure about SELinux. I'm not very well versed in that, though I did look close enough to see that port 53 was configured for MLS/MCS of s0. Not sure if that's good or bad.

nslookup fails to resolve, either on another system accessing it through eth0 or eth1, or on the server itself. It always gives a "connection timed out; no servers could be reached" (or Windows equivalent) message. From another host, the rejection is immediate. Locally on the server, it takes awhile.

dig fails to resolve if executed with the "dig hostname" or "dig server-IP hostname" usage. It DOES however resolve if you execute it as "dig <at>localhost hostname". So, the DNS server is functioning. Access to it just appears to be blocked most of the time.


Possibly related??: I've configured Remote Desktop to be available on the server and opened port 5900 in the firewall, but when I try to connect to it through tightVNC from another system, it fails. Is there a firewall issue that I can't see here that's affecting both services?? I've disabled the firewall through Gnome and by stopping the iptables service, and neither changes the problem.


Ideas???

Thanks in advance

P.S. I think this may be related to new or changed defaults in F11. I originally built the system on different hardware yesterday using F7 (because it was the only install DVD I had handy at the time), and it worked just fine including VNC. The other server had motherboard problems so I moved to a different box and, having downloaded F11 overnight, I installed that. Neither DNS nor VNC have worked yet... ???

Hi SilverSonic
Hi fellow F11user. Have you downloaded autoten and ran it. It is one of the best tools available and I never install Fedora without getting it and running it. URL autoten . It installs all kinds of goodies.
I have had issues with DNS before and one thing that is important is if the hardware has two NIC cards it can be a lot of fun.
Another issue is that the connections must be set to comply with your ISP settings. Under System -> Administration -> Network you will get a Config Window. In it go to the DNS tab.
Make sure that your DNS is setup for your ISP, Hostname, Primary and secondary DNS as provided from your ISP.
This can possibly solve some of your issues with DNS. I use Vinagre for my VNC and it works well. I am using the default Gnome GUI. Hope this helps in some way. Cheers...
Robert