name server setup
David Kramer
david at thekramers.net
Tue Oct 2 22:01:41 EDT 2001
So I've been trying to implement
http://www.linuxdocs.org/HOWTOs/DNS-HOWTO.html
I updated to the latest bind, bind-devel, and bind-utils.
Setting up all the files seemed easy, but I couldn't get the tests
working.
dig -x 127.0.0.1 worked, but
dig anyothermachine.tld does not:
[root at kramer /etc]# dig pegasystems.com
; <<>> DiG 8.3 <<>> pegasystems.com
;; res options: init recurs defnam dnsrch
;; res_nsend to server default -- 127.0.0.1: Connection timed out
So I go to check on the status:
[root at kramer /etc]# /sbin/service named status
named 8.2.3-REL Sat Jan 27 05:11:05 EST 2001
prospector at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.3/src/bin/named
config (/etc/named.conf) last loaded at age: Tue Oct 2 21:13:45 2001
number of zones allocated: 64
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is initialising itself
It says it is still initializing itself, but it's been running for several
minutes.
Last symptom, and this might be the kicker. The site mentions a way to
get an updated root.hints from a root server. Now the one on the web page
wasn't working, so I copied the one off of blu.org. Then I tried their
command:
[root at kramer /etc]# dig @e.root-servers.net
; <<>> DiG 8.3 <<>> @e.root-servers.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server e.root-servers.net 192.203.230.10: Connection refused
DOH! I can ping that machine, too, so I know it's reachable.
Then I found this in /var/log/messages:
Oct 2 21:40:07 kramer named[4887]: starting (/etc/named.conf). named
8.2.3-REL Sat Jan 27 05:11:05 EST 2001
^Iprospector at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.3/src/bin/named
Oct 2 21:40:07 kramer named[4887]: hint zone "" (IN) loaded (serial 0)
Oct 2 21:40:07 kramer named[4887]: master zone "0.0.127.in-addr.arpa"
(IN) loaded (serial 1)
Oct 2 21:40:07 kramer named[4887]: listening on [127.0.0.1].53 (lo)
Oct 2 21:40:07 kramer named[4887]: listening on [65.96.156.60].53 (eth0)
Oct 2 21:40:07 kramer named[4887]: listening on [192.168.1.1].53 (eth1)
Oct 2 21:40:07 kramer named[4887]: Forwarding source address is
[0.0.0.0].53
Oct 2 21:40:07 kramer named: named startup succeeded
Oct 2 21:40:07 kramer named[4888]: group = 25
Oct 2 21:40:07 kramer named[4888]: user = named
Oct 2 21:40:07 kramer named[4888]: Ready to answer queries.
Oct 2 21:40:07 kramer named[4888]: sysquery: sendto([192.5.5.241].53):
Operation not permitted
Oct 2 21:51:34 kramer named[4888]: ns_forw: sendto([192.5.5.241].53):
Operation not permitted
Operation not permitted? I have port 53 open on my firewall:
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER_1 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER_1 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER_1 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
Sorry if this is lengthy. I'm just trying to round up all the evidence.
Any clues? Thanks. For now I've restored my resolv.com to look at AT&T's
nameservers.
-------------------------------------------------------------------
DDDD David Kramer http://thekramers.net
DK KD
DKK D Imagine an alternate history where William S. Burroughs was
DK KD actually interested in mainframe hardware design.
DDDD Bob Bruhin
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list