big fat n00b who's lost his way on the internet

Okay, so here's the deal. I'm a long-time Windows user trying to teach himself the workings of Linux by setting up his own "everything" server. HTTP, FTP, Mail, etc. Things have been rocky, but up until this point I've made it through whatever got thrown at me. Until now.

As you can tell by the topic title, I'm having problems setting up a DNS on my Fedora Core 5 box running BIND 9 from behind a Linksys router/LAN on a Comcast cable connection. I have traversed Google far and wide and can come to no logical conclusion on how to make this thing work—the goal is to use my own nameserver rather than the parked ones GoDaddy has currently assigned.

Everything is set up the way it should be: .conf file is syntatically correct, Linksys Port Forwarding is ON for TCP/UDP port 53, with the appropriate openings in my iptables firewall.

When I...

dig my domain locally—awesome, everything shows up.
dig my domain externally—timeout error.
dig my domain externally forcing TCP—same results as local.

So, it has to do with outside UDP connections, right? Well, I checked netstat, and named is running on both protocols...but only listening on TCP.

Is this normal? There's got to be something that I've missed. var/log/messages isn't outputting any discernable errors. I'm out of ideas. Appreciate the help if anybody's got it. TIA.

Need some info

OK, this really shouldn't be too difficult. FC5 comes preconfigured to run as a caching name server. Its most likely a firewall problem on the box itself. Make sure that DNS is allowed in the firewall. A quick way to see if this is the problem is to shut down iptables

service iptables stop

then re-run your dns queries from outside and see if it works. If it does, then you know which direction to take. If that doesn't work, then paste your /etc/named.conf file here and I can take a look at it. Oh, and after you run your test, don't forget to turn the firewall back on:

service iptables start

If you need a hand, let me know and I'd be glad to help you.

Thanks for the reply!

Shutting down iptables didn't do anything; as mentioned I don't think it's a firewall problem. I also tried disabling SELinux, and installing the optional "caching nameserver" configuration files from the Add/Remove programs list (thought these were too obvious) but neither made a difference. Or are there additional files that I have to set up?

named.conf is below, "mydomain" is in place of my actual domain, which I'd like to keep private for now, unless it's necessary to test things on someone else's end.

Code:

// // named.conf for Red Hat caching-nameserver // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; include "/etc/rndc.key"; zone "mydomain.com" { type master; file "/var/named/mydomain.hosts"; };

Yep, that's what it looks like out of the box. I pared it down a bit, and its running fine. Try this one on for size. Don't add your zone file entries yet, just run it as-is first. Then, set your resolv.conf to say

nameserver 127.0.0.1

Here's the link to the named.conf file.

Code:

options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; include "/etc/rndc.key";

Hey, that worked! (Well, I know you had already tested it, but this was my first time getting some actual results. :) ) Thank you so much, this has been bugging me for weeks now. Do you think you could you tell me what it is you did differently, so that I know what to do in the future?

Also, is there anything I need to change in order to set up my zone files?

Thanks again!

Cool, I'm glad it worked for you! I actually pared yours down more than my own. I need to do mine. I took out all the ipv6 stuff that isn't required for a working DNS server. To be honest, I've forgotten how it differs from the one that comes out of the box with FC5. You should run a diff on them to see. Should prove educational.

Did you add your zone file to it and try it?

Take care,

Ryan

Damn, I may have jumped the gun on that one.

Looks like it's the same as before. I forgot that I was connecting to localhost rather than to my public IP, which is still unresponsive. :mad: There's got to be something blocking the request, but I don't know what else it could be if it isn't the firewall or the config. Any ideas?