Frustration getting DNS properly working

[shacall]

Hi all,
I'll freely admit that I am a complete idiot when it comes to DNS configuration. I really need to pick up a book, and understand it much better than I do.

I've been struggling with this for an awfully long time, so any suggestions or help would be very much appreciated.

Here's my issue. When I "dig" on the server itself (the nameserver), everything works fine.

Code:

 dig zipsync1.net

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> zipsync1.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48955
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;zipsync1.net.                  IN      A

;; ANSWER SECTION:
zipsync1.net.           86400   IN      A       216.18.22.58

;; AUTHORITY SECTION:
zipsync1.net.           86400   IN      NS      ns1.zipsync1.net.
zipsync1.net.           86400   IN      NS      ns2.zipsync1.net.

;; ADDITIONAL SECTION:
ns1.zipsync1.net.       86400   IN      A       216.18.22.58
ns2.zipsync1.net.       86400   IN      A       216.18.22.57

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 18 22:13:33 2010

If I attempt to dig from the outside world, I never get an answer:

Code:

 dig zipsync1.net

; <<>> DiG 9.3.4-P1 <<>> zipsync1.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59635
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;zipsync1.net.                  IN      A

;; Query time: 6017 msec
;; SERVER: 216.227.220.3#53(216.227.220.3)
;; WHEN: Thu Mar 18 22:17:35 2010
;; MSG SIZE  rcvd: 30

I've tried running the diagnostic tests at dnssy dot com, and it is throwing numerous errors. It's claiming I don't have an A records, and that none of my nameservers are returning an SOA record for my domain.

I'll post my files in the next post...

Any help would be greatly appreciated. I'm at the end of the rope with this DNS issue.

Thanks,
Gary

[retired1af]

Have you registered your name server with the domain registrar?

[shacall]

Ugghh...it's not letting me post the actual code, because I have less than 15 posts and it's interpreting a lot of the data as URLs. I'm not sure how I can post the actual files...

Any ideas without looking at the files right now?

Thanks,
Gary

[shacall]

Yes. I have management access to the domain registrar. I've modified the nameservers to match my 2 nameservers. This was done several weeks ago, so I assume everything has propagated.

I'll go back an confirm though. Thanks for the reply.

[shacall]

Here's the first file...

named.conf:

Code:

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
};

include "/etc/rndc.key";

zone "zipsync1.net" {
        type master;
        notify no;
        file "data/zipsync1.net.domain";
};

zone "22.18.216.in-addr.arpa" {
        type master;
        file "data/reverse-22.18.216";
};

I've changed all of these files at least 10 different times, all with the same result. My registrar has the correct nameservers listed. Thoughts?

Thanks!

[shacall]

I checked my domain registrar, and the nameservers are properly set.

whois also shows the correct nameservers:

Name Server: NS1.ZIPSYNC1.NET
Name Server: NS2.ZIPSYNC1.NET

I tried posting my zone files, but am unable to. Any other thoughts?

[shacall]

Could it be as simple as my registrar not mapping the domain to my nameservers? Could it be on their end? If it might be, I can contact them to find out why the mapping between my domain and nameservers aren't working.

[shacall]

So...I'm now thinking that my server is blocking all DNS related traffic. I'm working on opening the necessary port to allow traffic. Hopefully this will resolve my issues.

[shacall]

Okay...I've figured out what's happening. IPTables was indeed blocking all DNS traffic. I temporarily turned off iptables, and everything worked. Now I need to figure out what iptable commands I need to allow DNS traffic.

Sorry for the panic. Appreciate your help.

Gary

[retired1af]

This should get you fixed up.

Linux Iptables block or open DNS / bind service port 53