Re: nameserver problems
Rebecca Dridan said:
> home to query this server to test it, I get connection timed out,
> no servers found.
you runing NAT or is the DNS on a real ip address? if NAT is
the port(s) forwarded in? if the firewall is restrictive (e.g.
default deny) then i reccomend configuring bind to use port
53 for everything, otherwise it tries to use random ports
above 1024 which can cause problems on restrictive firewalls.
the machine your testing from is that behind NAT or a firewall?
in the past i have had some problems with direct dns queries
behind NAT ..don't know what caused it but typically i always
check nameservers from a unfirewalled machine.
> I'd like to be sure the nameserver is working before I get all our
> domains redelegated. Can anyone tell me if a nameserver won't work
> if it is not being pointed to by something outside? It has it's
> own static IP, but I'm not sure is a nameserver needs to be
> "declared" or registered it some way.
>
yes you want to register it. i used to work at an isp, and
whoever setup the first nameservers did not register it. the
end result is, more then 2 years after i took the hostnames
out of the zones the root nameservers still resolve them.
network solutions says the root servers don't do this but
they clearly do as the nameservers do not exist anywhere else.
its not easy to find the info to register for the first time.
the quickest way is at network solutions, finding their host
form and filling it out. register.com can register nameservers
for you too but only if the domain is under register.com's control
and even then its a manual process last time i checked.
> Other than that, can anyone tell me how to track down the problem?
> I can't use traceroute as I normally would because there is no
> problem seeing and connecting to the machine normally and I can't
> find any helpful options to dig or nslookup.
it may be a misconfiguration on the nameserver. do you have
any query acls set? (allow-query). maybe post the config
of the nameserver. are you quering the ip of the nameserver
or the dns name?
my config looks something like:
options {
directory "/";
transfer-format many-answers;
named-xfer "/named-xfer";
dump-file "/named_dump";
pid-file "/named.pid";
statistics-file "named.stats";
memstatistics-file "named.memstats";
check-names master warn;
check-names slave warn;
check-names response ignore;
host-statistics no;
deallocate-on-exit no;
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
fetch-glue yes;
fake-iquery no;
notify yes;
auth-nxdomain yes;
multiple-cnames yes;
allow-query { any; };
transfers-in 10;
transfers-per-ns 2;
transfers-out 2;
max-transfer-time-in 120;
transfer-format one-answer;
query-source address * port *;
topology { localhost; localnets; };
cleaning-interval 60;
interface-interval 60;
statistics-interval 60;
listen-on { 216.39.174.24; };
};
logging {
channel chroot_default {
file "log/named.log";
severity info;
};
channel chroot_debug {
file "log/debug.log";
severity dynamic;
};
category default { chroot_default; };
category panic { chroot_default; };
category packet { chroot_debug; };
category eventlib { chroot_debug; };
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "named.local";
allow-transfer { 10.10.10.1; };
};
zone "127.in-addr.arpa" {
type master;
file "named.rev-local";
allow-transfer { 10.10.10.1; };
};
zone "aphroland.org" {
type master;
file "primary/db.aphroland.org";
allow-transfer { 216.39.174.25; 216.39.174.24; 65.113.243.241; };
also-notify { 216.39.174.25; 216.39.174.24; 65.113.243.241; };
note my config is designed in a custom chroot environemnt
so if your config isn't setup the same way you won't be able
to copy/paste my config into yours without changes.
i run 9 debian DNS' without issues..
nate
Reply to: