DNS question

Madison Kelly linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri Jan 16 15:13:56 UTC 2004 

Tim Writer wrote:
> Madison Kelly <linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org> writes:
> 
> 
>>   Now, knowing that the DNS servers are not yet available on the web I
>>   decided to try testting the servers on the LAN behind the firewall. To
>>   verify that the ports are up and listening I used 'nmap' to check the
>>   ns1.alteeve.com server; ports 22, 53, 111 and 1026 are accessible (from
>>   behind the FW only). I have 'named' running, too.
> 
> 
> What does:
> 
>     % netstat -ntul
> 
> on the name server(s) tell you?

[root-9sxjOwxo1Bw at public.gmane.org root]# netstat -ntul
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:1026            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:1027          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 209.167.86.46:53        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6011          0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:1024            0.0.0.0:*
udp        0      0 0.0.0.0:1054            0.0.0.0:*
udp        0      0 209.167.86.46:53        0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:67              0.0.0.0:*
udp        0      0 0.0.0.0:870             0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*
[root-9sxjOwxo1Bw at public.gmane.org root]#

>>[root-uRZ2/RANkOA at public.gmane.org boot]# dig @209.167.68.46 madisonave.ca
>>
>>; <<>> DiG 9.2.2-P3 <<>> @209.167.68.46 madisonave.ca
>>;; global options:  printcmd
>>;; connection timed out; no servers could be reached
> 
> 
> This is the same result I get when I use dig against an IP know not to be
> running a name server so it looks like named isn't running, isn't listening
> on that address, or is firewalled.  Have you configured named to listen on a
> specific address?  Are you packet filtering with iptables/ipchains on the
> name server?

 From the outside world, port 53 is currently blocked (which I am trying 
to get our very frustrating ISP to change). From behind the firewall 
though I can see it as open when I use nmap:

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-01-16 10:05 EST
Interesting ports on host.bettermarkets.com (209.167.86.46):
(The 1653 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
111/tcp  open  rpcbind
1026/tcp open  LSA-or-nterm

Nmap run completed -- 1 IP address (1 host up) scanned in 45.076 seconds

So I don't think basic communication is the problem. :(

>>[root-uRZ2/RANkOA at public.gmane.org boot]#
>>
>>[root-uRZ2/RANkOA at public.gmane.org boot]# nslookup
>>Note:  nslookup is deprecated and may be removed from future releases.
>>Consider using the `dig' or `host' programs instead.  Run nslookup with
>>the `-sil[ent]' option to prevent this message from appearing.
>> > server 209.167.86.46
>>Default server: 209.167.86.46
>>Address: 209.167.86.46#53
>> > madisonave.ca
>>;; connection timed out; no servers could be reached
> 
> 
> Note, that's not the same IP as above.
> 
> 
>>   Would it help if I posted 'named.conf' and zone files?
> 
> 
> named.conf (or a portion of it) would help.

The IP address snafu was a typo... The one directly above is the 
accurate IP (My bad).

Here is my 'named.conf' (I know that at the moment it is very basic);

-= /etc/named.conf =-

# Written/maintained by Madison Kelly, sysadmin-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org

options {
	directory "/var/named";
	listen-on-v6 { any; };
	notify no;
	forward first;
	forwarders {
		209.167.86.53;
	};
	auth-nxdomain yes;
	listen-on {
		mynet;
	};
};

zone "." IN {
	type hint;
	file "named.cache";
};

zone "alteeve.com" {
	type master;
	file "db.alteeve.com";
};

zone "feneon.com" {
	type master;
	file "db.feneon.com";
};

zone "madisonave.ca" {
	type master;
	file "db.madisonave.ca";
};

zone "localhost" IN {
	type master;
	file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
	type master;
	file "db.127.0.0";
};

zone "86.167.209.in-addr.arpa" {
	type master;
	file "db.209.167.68";
	allow-query {
		mynet;
	};
	allow-transfer {
		mynet;
	};
	allow-update {
		mynet;
	};
};
  -= /etc/named.conf =-

   Thanks for all the help!!

Madison

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list