Hi all,

I am semi-new to Linux, but very new to setting up a server. I have a test environment using VMware with 3 virtual machines - 2 Fedora 7 machines and an SLES 10 machine. I am using the one Fedora 7 machine as a server/router/firewall/gateway for the other F7 and SLES machines, simulating a small private network.

I have NAT working, but now I am trying to configure my F7 server as a DNS server. What I have done is I have taken the named.caching-nameserver.conf file, copied it as named.conf, and am using that. Here is the code from that:

options {
        listen-on port 53 {; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;

zone "." IN {
        type hint;
        file "named.ca";

include "/etc/named.rfc1912.zones";
nslookup runs successfully from the server machine, but when I change the nameserver to my server's IP in my client machine, nslookup is not successful from the client machine. I am able to ping my server from my client.

I did run tcpdump from both machines during an nslookup from client to server.

From server:
02:33:17.379031 IP >  2225+ A? www.google.com. (32)
02:33:22.379588 IP >  2225+ A? www.google.com. (32)
02:33:27.381808 IP >  2225+ A? www.google.com. (32)
eth0 is my Internet-facing adapter, and a tcpdump with eth0 shows no activity during an nslookup from one of my clients.

Could iptables be incorrectly configured?

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE

# Allow outbound DNS queries from the FW and the replies too
# - Interface eth0 is the internet interface
# Zone transfers use TCP and not UDP. Most home networks
# / websites using a single DNS server won't require TCP statements
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 \
         -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 \
         -j ACCEPT

iptables -A OUTPUT -p udp -o eth1 --dport 53 --sport 1024:65535 \
         -j ACCEPT
iptables -A INPUT -p udp -i eth1 --sport 53 --dport 1024:65535 \
         -j ACCEPT
I'd appreciate any troubleshooting tips, because I am stuck!