[Novices] Re: DNS Help

Nikolas Reist novices@kalamazoolinux.org
Mon, 5 Apr 2004 05:40:32 -0700 (PDT) 

--0-1909137574-1081168832=:20051
Content-Type: text/plain; charset=us-ascii

Yes a little more info is required.

somercet@core.com wrote:On Sun, Apr 04, 2004 at 08:26:59PM -0400, Nikolas Reist was only escaped
alone to tell thee:

> Try the host name daggit.internal. or just plain daggit. Otherwise it
> may be trying to resolve names from an outside fqdn that doesn't
> exist.

If the daggitt.org zone files are on the server and included in
named.conf as "type master;", then any request answered by that server
for those names will be resolved from those zone files, even if you list
forwarders {}; in named.conf.

> On Sun, 2004-04-04 at 18:28, Jessica Caswell wrote:

> > When I perform a dig command to my dummy host daggitt.org I dont get
> > anything except timed out....

Dummy host???

Are you running the dig command on the serving host? What happens if you
do? What does the AUTHORITY SECTION of dig's reply say (on the server
and off)?

A time out means the server isn't running at all (or is very badly
misconfigured) or the default firewall on your would-be NS is blocking
port 53 from external hosts. Check the results of iptables-save(8) for
your firewall status.

> > and when i shut down my rndc comes up
> > with the connection refused error and I am fresh out of ideas.

That is probably a problem with the rndc keys. Somewhere in named.conf is:

controls 
{ inet 127.0.0.1 
port 953 
allow { 127.0.0.1; } 
keys { "rndc-key"; }; 
} ;

Most /etc/init.d/bind scripts use rndc to shutdown the bind server. You
should have a file like so:

# rndc.key

key "rndc-key" {
algorithm hmac-md5;
secret "sECreTIgOTaSEcReT==";
};

If you haven't the permissions to read that key file, rndc can't
shutdown bind. Or the rndc keys weren't properly setup on bind
installation.

The BIND v9 Admin's Reference Manual, which your distro probably has (as
bind9-doc on Debian) is your friend here. bind9 comes with helper
programs to create and manage those keys, and the ARM tells you what
you're doing with them.

rndc only affects the control of the nameserver, not the names served.
So this is probably a separate problem.

-- 
[The Basement Tapes were] like the Watergate tapes... Bob
would say, 'We should destroy this.' -- Robbie Robertson
_______________________________________________
Novices mailing list
Novices@kalamazoolinux.org
http://www.kalamazoolinux.org/mailman/listinfo/novices

--0-1909137574-1081168832=:20051
Content-Type: text/html; charset=us-ascii

<DIV>Yes a little more info is required.<BR><BR><B><I>somercet@core.com</I></B> wrote:
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">On Sun, Apr 04, 2004 at 08:26:59PM -0400, Nikolas Reist was only escaped<BR>alone to tell thee:<BR><BR>&gt; Try the host name daggit.internal. or just plain daggit. Otherwise it<BR>&gt; may be trying to resolve names from an outside fqdn that doesn't<BR>&gt; exist.<BR><BR>If the daggitt.org zone files are on the server and included in<BR>named.conf as "type master;", then any request answered by that server<BR>for those names will be resolved from those zone files, even if you list<BR>forwarders {}; in named.conf.<BR><BR>&gt; On Sun, 2004-04-04 at 18:28, Jessica Caswell wrote:<BR><BR>&gt; &gt; When I perform a dig command to my dummy host daggitt.org I dont get<BR>&gt; &gt; anything except timed out....<BR><BR>Dummy host???<BR><BR>Are you running the dig command on the serving host? What happens if you<BR>do? What does the AUTHORITY SECTION of dig's reply say (on the server<BR>and
 off)?<BR><BR>A time out means the server isn't running at all (or is very badly<BR>misconfigured) or the default firewall on your would-be NS is blocking<BR>port 53 from external hosts. Check the results of iptables-save(8) for<BR>your firewall status.<BR><BR>&gt; &gt; and when i shut down my rndc comes up<BR>&gt; &gt; with the connection refused error and I am fresh out of ideas.<BR><BR>That is probably a problem with the rndc keys. Somewhere in named.conf is:<BR><BR>controls <BR>{ inet 127.0.0.1 <BR>port 953 <BR>allow { 127.0.0.1; } <BR>keys { "rndc-key"; }; <BR>} ;<BR><BR>Most /etc/init.d/bind scripts use rndc to shutdown the bind server. You<BR>should have a file like so:<BR><BR># rndc.key<BR><BR>key "rndc-key" {<BR>algorithm hmac-md5;<BR>secret "sECreTIgOTaSEcReT==";<BR>};<BR><BR>If you haven't the permissions to read that key file, rndc can't<BR>shutdown bind. Or the rndc keys weren't properly setup on bind<BR>installation.<BR><BR>The BIND v9 Admin's Reference Manual, which
 your distro probably has (as<BR>bind9-doc on Debian) is your friend here. bind9 comes with helper<BR>programs to create and manage those keys, and the ARM tells you what<BR>you're doing with them.<BR><BR>rndc only affects the control of the nameserver, not the names served.<BR>So this is probably a separate problem.<BR><BR>-- <BR>[The Basement Tapes were] like the Watergate tapes... Bob<BR>would say, 'We should destroy this.' -- Robbie Robertson<BR>_______________________________________________<BR>Novices mailing list<BR>Novices@kalamazoolinux.org<BR>http://www.kalamazoolinux.org/mailman/listinfo/novices</BLOCKQUOTE></DIV>
--0-1909137574-1081168832=:20051--