|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
SlickEdit: Code in over 40 languages across 7 platforms. SlickEdit’s unmatched power, speed, and flexibility allows even the most accomplished developers to write better code faster. Download a free trial today! |
|
#1
February 19th, 2004, 04:55 PM
|
|||
|
|||
Problems making my DNS resolve my new domain
First off, I'm a Computer Engineering major trying to learn the whole process of running a functional website for fun.
I have Red Hat 9 installed on a spare computer that will be the nameserver for my new domain. I'll list my setup as I have it now. I have a static IP assigned by my ISP, 24.53.231.244. I run this connection through a Coyote Linux Router. The router forwards requests on TCP/UDP 53 to my Red Hat 9 machine which is named 'server'. The ip of 'server' is internal and is 192.168.0.246. Right now 'server' will resolve names fine. eg. If I assign my DNS server as 192.168.0.246 on another machine (also internal) I can browse the internet and everything fine. I have registered ocranch.us and registered my nameservers with my domain registrar as ns1.ocranch.us and ns2.ocranch.us both pointing to 24.53.231.244 (i know this sucks but I'm a student w/o the $$$). Here the files that named is using: **** /etc/named.conf **** Code:
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/named.custom";
include "/etc/rndc.key";
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};
zone "231.53.24.in-addr.arpa" {
type master;
file "231.53.24.in-addr.arpa.zone";
};
zone "localhost" {
type master;
file "localhost.zone";
};
zone "ocranch.us" {
type master;
file "ocranch.us.zone";
};
**** /var/named/ocranch.us.zone **** Code:
$TTL 86400 @ IN SOA ns1 root.ocranch.us ( 5 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) NS ns1 NS ns2 A 24.53.231.244 ns1 A 24.53.231.244 ns2 A 24.53.231.244 www A 24.53.231.244 **** /var/named/0.0.127.in-addr.arpa.zone **** Code:
$TTL 86400 @ IN SOA ns1 root.ocranch.us ( 1 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk ) NS ns1.ocranch.us. NS ns2.ocranch.us. 1 IN PTR ns1.ocranch.us. **** /var/named/231.53.24.in-addr.arpa.zone **** Code:
$TTL 86400 @ IN SOA ns1 root.ocranch.us ( 7 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk ) NS ns1 NS ns2 A 24.53.231.244 ;Server 244 IN PTR NS1.ocranch.us. I've been searching the internet high and low and this is the implementation I attempted and as you can tell it isn't working. Any help would be GREATLY apprectiated! After I get this project figured out, I plan to learn how to run a functional mail server with pop3,imap,smtp, and webmail features. If you have any suggestions where to start I'd love to hear them. Thanks again, your time and efforts truly are appreciated. -skiloup
|
|
#2
February 19th, 2004, 05:54 PM
|
||||
|
||||
|
It appears you are not allowing UDP port 53 through your redhat and/or router firewall.
Timed out ns1.ocranch.us UDP request Succeeded ns1.ocranch.us TCP request
__________________
Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links: Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts Last edited by SilentRage : April 20th, 2004 at 09:28 PM.
|
|
#3
February 20th, 2004, 02:44 AM
|
|||
|
|||
Any other explanation?
Quote:
I followed all the instructions to allow UDP 53 through the router firewall and through redhat's firewall and still got a TIMED OUT response from your above DNS Crawler. I'm having a hard time testing if each (the router firewall and redhats) is allowing UDP 53 requests. Does it appear as though my setup should work from my previous post? Might my ISP be dropping my incoming UDP requests? Is there any simple way to 'unit test' each machine to see if my requests are being blocked or not?
|
|
#4
February 20th, 2004, 07:30 AM
|
||||
|
||||
|
heh, you're tickling my imagination, but sure, I figured out a way to test if your ISP is blocking UDP ports. Also, there's a small possability that your DNS server is failing to respond to UDP packets, but not TCP requests. So we need to eliminate that possability too.
Below is a UDP DNS request sent to my computer via port 54. resolver.dollardns.net UDP port 54 As you can see DNS Crawler notifies you that it recieved a "Port Unreachable" ICMP response (did ya learn what those are in engineering classes?  ). If you open YOUR port 54 and forward it to a machine and make sure it passes through all firewalls, then you can attempt to send a request to that port to see if a unreachable occurs. If you do get the unreachable then the request was a success and UDP port 53 MAY be blocked by your ISP, if you continue to get timeouts, then something is wrong with your firewall configuration on redhat most likely. Routers are easier to configure, so it's not likely to be that.So that's the test for ISP blockage. Now for a test to see if it is a DNS server failure. Do the following command at your DNS server and show me the response. dig @ns1.ocranch.us ocranch.us any Last edited by SilentRage : April 20th, 2004 at 09:29 PM.
|
|
#5
February 20th, 2004, 01:52 PM
|
|||
|
|||
|
First off, I want to thank you, SilentRage, for spending the time to help all of us out!
Okay, so I forwarded udp 54 through my router to my redhat machine and told it to accept udp 54 requests using: iptables -I INPUT 1 -p udp -s 0.0.0.0/0 -d 192.168.0.246 port 53 -j ACCEPT Then using the last link you gave me to your Crawler I did this: Server: ns1.ocranch.us:54 Name: test.com And it says: "Port Unreachable", if I leave the :54 off it Times Out From your previous response this made me think that maybe my ISP is blocking UDP 53. I continued to do what you asked using 'dig @ns1.ocranch.us any' and the following code segment is what I got. Note: On my redhat machine (the one I'm running this dig on) I have set the primary and secondary DNS to those of my ISP. Code:
[root@server root]# dig @ns1.ocranch.us any ; <<>> DiG 9.2.1 <<>> @ns1.ocranch.us any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45676 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 511804 IN NS K.ROOT-SERVERS.NET. . 511804 IN NS L.ROOT-SERVERS.NET. . 511804 IN NS M.ROOT-SERVERS.NET. . 511804 IN NS A.ROOT-SERVERS.NET. . 511804 IN NS B.ROOT-SERVERS.NET. . 511804 IN NS C.ROOT-SERVERS.NET. . 511804 IN NS D.ROOT-SERVERS.NET. . 511804 IN NS E.ROOT-SERVERS.NET. . 511804 IN NS F.ROOT-SERVERS.NET. . 511804 IN NS G.ROOT-SERVERS.NET. . 511804 IN NS H.ROOT-SERVERS.NET. . 511804 IN NS I.ROOT-SERVERS.NET. . 511804 IN NS J.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 598204 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 598204 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 598204 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 598204 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 598204 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 598204 IN A 192.5.5.241 G.ROOT-SERVERS.NET. 598204 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 598204 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 598204 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 598204 IN A 192.58.128.30 K.ROOT-SERVERS.NET. 598204 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 598204 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 598204 IN A 202.12.27.33 ;; Query time: 1436 msec ;; SERVER: 24.53.231.244#53(ns1.ocranch.us) ;; WHEN: Fri Feb 20 11:08:34 2004 ;; MSG SIZE rcvd: 436 Quote:
Haha, and no. I feel more like an electrical engineer than a computer engineer right now. Lots of using differential equations. Thanks again for: 1) Your time 2) Your help and willingness to help 3) Your patience I know some days you've gotta feel like people are complete idiots!
|
|
#6
February 20th, 2004, 05:38 PM
|
||||
|
||||
|
Well since you proved quite competent setting up forwarding for UDP port 54, then I feel you must've done it right with 53. The only other conclusion is that your ISP is blocking 53. Contact your ISP and confirm this. If indeed they are blocking port 53, then you cannot host your own dns server. There are no work-arounds.
For testing purposes you may use any of these free domain hosting services. DollarDNS hosting configuration is fairly similar to setting up zones using BIND. http://www.dollardns.net/compare.html And as for idiots, I only start thinking of a person as an idiot if I describe to them how to get things setup and they still don't understand. It insults my teaching ability too. Last edited by SilentRage : April 20th, 2004 at 09:29 PM.
|
|
#7
February 21st, 2004, 02:22 AM
|
|||
|
|||
|
Ok... So I called my ISP and the tech said they only block tcp 80 25 110. I don't really know what else to try. I ran a port scanning utility from the University and it confirmed that tcp 80 was blocked, but more importantly showed that tcp/udp 53 were NOT. I must be overlooking something obvious. I think that I am goint to try BIND on WinXp and see what happens there. Can I copy the files above straight over? I'll have to look into it a little bit. Even though I hope everything works once I get it installed on Xp, my ultimate goal is to get it running on the RedHat machine because I could run NAT routing, DNS, web, sql, ftp, mail... all from the on machine (FOR FREE). I realize this isn't the ideal setup, but I figure its a start, and I'm not actually RELYING on the services.
FOR NOW, I don't need to get ahead of myself. The task at hand is making my DNS work properly. So to recap;
Also interesting I have registered ns1.usranch.us as my nameserver through my GoDaddy, well since that machine is internal it has the same address as my webserver. My ISP is blocking port 80 so if you go to http://ns1.ocranch.us:69 you will get my webserver. Anyhow, I want to do this right. Should I just go ahead and try the setup of Bind on WinXp, then get back to asking questions depending on how that works? Or do you think it'd be better to try and work through my problems setting it up on RedHat? I realize this isn't really a DNS question so I'll try and get it up on WinXp over the next week. If you think of any suggestions, please send them over. You can always IM me on ICQ as well. Thanks again!
|
|
#8
February 21st, 2004, 03:11 AM
|
||||
|
||||
|
* SilentRage starts cracking his knuckles threateningly
I definately want to see this problem kicked with redhat. So let's test again. I just noticed that you did the wrong command when digging your server. I told you to do this: dig @ns1.ocranch.us ocranch.us any And instead you did this: dig @ns1.ocranch.us any But now I want you to do this: dig @24.53.231.244 ocranch.us any paste for me the results. Also I want to know how you know port UDP 53 was open when you scanned it from the university. Did you do a UDP scan or something and got something back? Or did you accidentally mean you scanned TCP port 53 and found it open? (which I had already confirmed) And sorry, I don't use instant messengers. I just IRC.
|
|
#9
February 21st, 2004, 01:54 PM
|
|||
|
|||
|
Results from 'dig @24.53.231.244 ocranch.us any' :
Code:
[root@server root]# dig @24.53.231.244 ocranch.us any ; <<>> DiG 9.2.1 <<>> @24.53.231.244 ocranch.us any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13644 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;ocranch.us. IN ANY ;; ANSWER SECTION: ocranch.us. 86400 IN SOA ns1.ocranch.us. admin.ocranch.us. 5 28800 7200 604800 86400 ocranch.us. 86400 IN NS ns1.ocranch.us. ocranch.us. 86400 IN NS ns2.ocranch.us. ocranch.us. 86400 IN A 24.53.231.244 ;; ADDITIONAL SECTION: ns1.ocranch.us. 86400 IN A 24.53.231.244 ns2.ocranch.us. 86400 IN A 24.53.231.244 ;; Query time: 785 msec ;; SERVER: 24.53.231.244#53(24.53.231.244) ;; WHEN: Sat Feb 21 10:50:39 2004 ;; MSG SIZE rcvd: 154 NOTE: I just made a small changed to the zone files before this dig. For the old email address I had 'root.ocranch.us' which meant 'root.ocranch.us.ocranch.us' so i just changed it to 'admin' Heres how I could tell that udp 53 was open. I downloaded a piece of software from glocksoft.com called AATools (Advanced Administrative Tools). In AATools they have a port scanner and I scanned for all TCP and UDP open ports. The results I got back match up with the ports I am forwarding through my router's firewall, which included udp 53 and tcp 53. I wonder if someone outside my network set their DNS as 24.53.231.244 if they would be able to resolve any names?
|
|
#10
February 21st, 2004, 02:34 PM
|
||||
|
||||
|
I want you to try the same dig command from the university. Also, is your ISP/IP related in any way to the university? Like, maybe they're on the same subnet or something?
|
|
#11
February 21st, 2004, 03:58 PM
|
|||
|
|||
|
The ISP and the university are in no way related (completely different backbone). When I run the 'dig @24.53.231.244 ocranch.us any' from the university I get:
; <<>> DiG 9.1.3 <<>> @24.53.231.244 ocranch.us any ;; global options: printcmd ;; connection timed out; no servers could be reached; I did this by ssh-ing into a unix shell on campus then running the command.
|
|
#12
February 21st, 2004, 05:07 PM
|
||||
|
||||
|
Alrighty, shut down the dns server. Then start it manually like this:
named -u named -g show me the response. This is to determine if there are any warnings or errors when the server starts up.
|
|
#13
February 21st, 2004, 05:42 PM
|
|||
|
|||
|
Very interesting. I shut it down using the Service Configuration panel, then start it up with the command you gave me and this is what I get:
Code:
[root@server root]# named -u named -g Feb 21 15:34:55.758 starting BIND 9.2.1 -u named -g Feb 21 15:34:55.761 using 1 CPU Feb 21 15:34:56.551 loading configuration from '/etc/named.conf' Feb 21 15:34:57.062 no IPv6 interfaces found Feb 21 15:34:57.064 listening on IPv4 interface lo, 127.0.0.1#53 Feb 21 15:34:57.469 listening on IPv4 interface eth1, 192.168.0.246#53 Feb 21 15:34:57.889 command channel listening on 127.0.0.1#953 Feb 21 15:34:57.890 ignoring config file logging statement due to -g option Feb 21 15:34:58.316 zone 0.0.127.in-addr.arpa/IN: loaded serial 1 Feb 21 15:34:58.326 zone 231.53.24.in-addr.arpa/IN: loaded serial 7 Feb 21 15:34:59.089 zone localhost/IN: loaded serial 1 Feb 21 15:34:59.099 zone ocranch.us/IN: loaded serial 5 Feb 21 15:34:59.894 running Feb 21 15:34:59.896 zone 0.0.127.in-addr.arpa/IN: sending notifies (serial 1) Feb 21 15:35:00.318 zone 231.53.24.in-addr.arpa/IN: sending notifies (serial 7) Feb 21 15:35:00.320 zone ocranch.us/IN: sending notifies (serial 5) And it appears to just hang there. If I <ctrl+c> to break out it shuts named down. But if I look in the Service Configuration panel while it is hung up, it shows everything started and is running fine. Is how it's supposed to be? |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
