[Novices] Re: DNS Help

novices@kalamazoolinux.org novices@kalamazoolinux.org
Sun, 4 Apr 2004 23:58:11 -0400 

On Sun, Apr 04, 2004 at 08:26:59PM -0400, Nikolas Reist was only escaped
   alone to tell thee:

> Try the host name daggit.internal. or just plain daggit.  Otherwise it
> may be trying to resolve names from an outside fqdn that doesn't
> exist.

If the daggitt.org zone files are on the server and included in
named.conf as "type master;", then any request answered by that server
for those names will be resolved from those zone files, even if you list
forwarders {}; in named.conf.

> On Sun, 2004-04-04 at 18:28, Jessica Caswell wrote:

> > When I perform a dig command to my dummy host daggitt.org I dont get
> > anything except timed out....

Dummy host???

Are you running the dig command on the serving host? What happens if you
do? What does the AUTHORITY SECTION of dig's reply say (on the server
and off)?

A time out means the server isn't running at all (or is very badly
misconfigured) or the default firewall on your would-be NS is blocking
port 53 from external hosts. Check the results of iptables-save(8) for
your firewall status.

> > and when i shut down my rndc comes up
> > with the connection refused error and I am fresh out of ideas.

That is probably a problem with the rndc keys. Somewhere in named.conf is:

controls 
 { inet 127.0.0.1 
	port 953 
	allow { 127.0.0.1; } 
	keys { "rndc-key"; }; 
 } ;

Most /etc/init.d/bind scripts use rndc to shutdown the bind server. You
should have a file like so:

# rndc.key

key "rndc-key" {
	algorithm hmac-md5;
	secret "sECreTIgOTaSEcReT==";
};

If you haven't the permissions to read that key file, rndc can't
shutdown bind. Or the rndc keys weren't properly setup on bind
installation.

The BIND v9 Admin's Reference Manual, which your distro probably has (as
bind9-doc on Debian) is your friend here. bind9 comes with helper
programs to create and manage those keys, and the ARM tells you what
you're doing with them.

rndc only affects the control of the nameserver, not the names served.
So this is probably a separate problem.

-- 
[The Basement Tapes were] like the Watergate tapes... Bob
would say, 'We should destroy this.' -- Robbie Robertson