Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Linux Redhat 9 Dns Problem, Dns works locally but not remotely
cubboi25
post Nov 13 2004, 08:50 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 13-November 04
Member No.: 4,160



I am a newbie and trying to bring dns up. Linux Red Hat 9. I have a router/firewall connected to cable modem. Only computers on the LAN can resolve via the linux box. Named (Bind 9.2.1) does authoritative lookups for my zonefile entries no problems, forward and reverse lookups on all records work fine. DNS configured per TLDP.ORG, dig works great nslookup works fine. Router/Firewall ports are properly forwarded, as ssh, ftp, telnet, http ports work fine. Sendmail works fine no probs. Named.log shows requests comming in, and looks like it is responding. Tcpdump shows requests and responses. Seems responses do not make it back to user.

My Problem is: External users from the internet receive the error: Nameserver not responding from dnsreport.com and from windows xp clients: *** Can't find address for server DNS::: request timed out. timeout was 2 seconds. This only happens for the users on the internet. If any particular logs would be needed, please let me know, and I thank you in advance for lookin at my problem =)
Cubboi25
Go to the top of the page
 
+Quote Post
hughesjr
post Nov 13 2004, 12:47 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



You need to open UDP ... not TCP into port 53 if you want the outside world to use your internal DNS...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
cubboi25
post Nov 13 2004, 07:40 PM
Post #3


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 13-November 04
Member No.: 4,160



UDP ports from 20-80 are available with forward to correct internal IP. How to I open internal ports on Linux? seems to be avail, when running nmap. This problem also exists despite what state iptables is in as well.
Go to the top of the page
 
+Quote Post
hughesjr
post Nov 14 2004, 07:31 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



If you are forwarding port 53 (udp) in to the linux machine, with iptables off on the linux machine, then it should work ... _BUT__ONLY_ if the internet knows to look at your external IP to resolve DNS names for your domain.

Is your external ip registered as the Primary Name server for your domain with your domain provider?

Here are all DNS records assioated with my domain (use the same dig command to find the info for your domain)...
QUOTE
[root@CentOS-31 root]# dig @ns5.zoneedit.com -t ANY hughesjr.com

; <<>> DiG 9.2.4rc6 <<>> @ns5.zoneedit.com -t ANY hughesjr.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2001
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;hughesjr.com.                  IN      ANY

;; ANSWER SECTION:
hughesjr.com.          300    IN      A      24.155.104.176
hughesjr.com.          300    IN      NS      ns5.zoneedit.com.
hughesjr.com.          300    IN      NS      ns4.zoneedit.com.
hughesjr.com.          300    IN      SOA    ns5.zoneedit.com. soacontact.zoneedit.com. 1013487454 14400 7200 864000 300
hughesjr.com.          300    IN      RP      jhughes.hughesjr.com. .
hughesjr.com.          300    IN      MX      0 mail.hughesjr.com.

;; AUTHORITY SECTION:
hughesjr.com.          300    IN      NS      ns5.zoneedit.com.
hughesjr.com.          300    IN      NS      ns4.zoneedit.com.

;; Query time: 146 msec
;; SERVER: 65.125.228.92#53(ns5.zoneedit.com)
;; WHEN: Sun Nov 14 06:35:54 2004
;; MSG SIZE  rcvd: 210


So, the DNS servers for my domain, on the internet are ns4.zoneedit.com and ns5.zoneedit.com ... if I want to update names that the internet can see, I have to update the records on ns4.zoneedit.com and ns5.zoneedit.com ... I could only use my local DNS server if I changed my Primary and Secondary name servers with my domain name provider.

If you use this command from your linux box, you should see the info for your domain:

dig @ns5.zoneedit.com -t ANY your_domain.com
(substitute your actual domain name for your_domain.com)


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
cubboi25
post Nov 16 2004, 09:27 PM
Post #5


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 13-November 04
Member No.: 4,160



Yes port 53 is forwarded to correct internal IP. Results from my dig from linux box are here, with correct IP: email works, dont know if that will help though. I do use zoneedit as primary dns, and Myself as secondary.

[root@royunderwood root]# dig @ns5.zoneedit.com -t ANY royunderwood.com

; <<>> DiG 9.2.1 <<>> @ns5.zoneedit.com -t ANY royunderwood.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37195
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;royunderwood.com. IN ANY

;; ANSWER SECTION:
royunderwood.com. 7200 IN A 67.149.56.104
royunderwood.com. 7200 IN NS ns19.zoneedit.com.
royunderwood.com. 7200 IN NS ns18.zoneedit.com.
royunderwood.com. 7200 IN SOA ns19.zoneedit.com. soacontact.zo
needit.com. 1086218234 14400 7200 950400 7200
royunderwood.com. 7200 IN MX 0 mail.royunderwood.com.

;; AUTHORITY SECTION:
royunderwood.com. 7200 IN NS ns19.zoneedit.com.
royunderwood.com. 7200 IN NS ns18.zoneedit.com.

;; Query time: 41 msec
;; SERVER: 65.125.228.92#53(ns5.zoneedit.com)
;; WHEN: Tue Nov 16 21:15:52 2004
;; MSG SIZE rcvd: 193

[ Here is a copy of my named.log from where I turned on logging in named.conf: ]
[ It is obviously receiving requests, therefore queries make it inside the network from outside ]
[ the queries are never answered though ]

/var/log/named.log
Nov 16 20:56:48.974 client 67.149.94.130#1034: query: americaonline.aol.com IN A
Nov 16 20:56:48.989 client 67.149.94.130#1038: query: americaonline.aol.com IN A
Nov 16 20:56:48.997 client 67.149.94.130#1035: query: americaonline.gt01.aol.com IN A
Nov 16 20:56:49.015 client 67.149.94.130#1041: query: www.aol.com IN A
Nov 16 20:56:53.987 client 67.149.94.130#1035: query: americaonline.gt01.aol.com IN A
Nov 16 20:56:59.006 client 67.149.94.130#1035: query: americaonline.gt01.aol.com IN A
Nov 16 20:56:59.149 client 67.149.94.130#1047: query: recovery.cda.wildtangent.com IN A
Nov 16 20:56:59.158 client 67.149.94.130#1048: query: login.passport.com IN A
Nov 16 20:57:06.866 client 67.149.94.130#1051: query: www.aol.com IN A
Nov 16 21:00:14.890 client 67.149.94.130#1084: query: 104.56.149.67.in-addr.arpa IN PTR
Nov 16 21:10:15.961 client 127.0.0.1#32770: query: 1.0.0.127.in-addr.arpa IN PTR
Nov 16 21:14:12.725 client 127.0.0.1#32770: query: ns5.zoneedit.com IN A
Nov 16 21:15:52.405 client 127.0.0.1#32770: query: ns5.zoneedit.com IN A



[windows remote lookups get this error:]

D:Documents and SettingsBug>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 67.149.56.104: Timed out
*** Can't find server name for address 64.233.217.2: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 67.149.56.104

>

[ here is the local nslookup from my machine that works ]

C:>nslookup
Default Server: ns.royunderwood.com
Address: 67.149.56.104

> royunderwood.com
Server: ns.royunderwood.com
Address: 67.149.56.104

Name: royunderwood.com
Address: 67.149.56.104

> yahoo.com
Server: ns.royunderwood.com
Address: 67.149.56.104

Non-authoritative answer:
Name: yahoo.com
Addresses: 66.94.234.13, 216.109.112.135

>

Im not sure what to do. Everything looks like it should be working. My router doesnt block any outgoing stuff, and like i said IPtables is off. It performs authoritative lookups locally for anything local in my .zone file and lookups for all others including reverse lookups. It just doesnt send the info back to the user remotely.

One more thing I noticed. When I do nslookups here at my machine not linux box, the logs show the lookup comming from IP of my local gateway (router) not my machine's IP, but when remote users try it shows their IP (not the gateway).

Once again I do thank you for all your help!

Roy
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 18th December 2017 - 02:15 AM