[Novices] Re: DNS help again

novices@kalamazoolinux.org novices@kalamazoolinux.org
Wed, 7 Apr 2004 16:19:54 -0400 

On Wed, Apr 07, 2004 at 12:39:49PM -0400, Jessica Caswell was only escaped
   alone to tell thee:

> This is for Linux Server Red Hat 9.  Ok i checked my named.conf and that is 
> fine...my forward and reverse lookup zones that i had to create for this 
> class is fine as well.  I am not connected to the internet because WMU is 
> too cheap to do so.  So we had to create our own forward and reverse lookup 
> zones in order to create a DNS.

Most normal.

> I looked at my reslove.conf files and they check out ok.

/etc/resolv.conf, make sure you spelled it right (wrong). This file
tells applications running on the host where the NS are. On the
computers connecting to your NS, they should be 192.168.$SERVER.$IP. On
the server itself, it should be:

nameserver 127.0.0.1

You still haven't specified whether you're running dig from the NS or
another computer on your isolated net.

> I looked at my named.custom and added my IP address to the forwarders. 

Remove any forwarder options in named.conf. If you aren't connected to
anything, to what do you think you're forwarding? This may be causing
the timeout problem, because BIND is trying to talk to non-existant
servers.

forwarders {}; is there because it is generally a good idea to chain
name resolvers through your ISP's NSs and not have every computer on the
internet use the root servers directly.

> However I am looking at my /etc/rc.d/init.d/named file and there is a
> file called /var/lock/subsys/named that it refers to and i looked at
> that and its empty. Is this normal or should I see something?

Not knowing about RH's init scripts, probably. It's normal to create a
lock file or PID file so the system can see if a particular server had
been started.

> I looked at my rndc.key file and i can see this huge algorithm that
> looks as it should.  

But you don't know if it's working.

In /etc/bind/rndc.conf:

# rndc.conf

include "/etc/bind/rndc.key";

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953; };

In /etc/bind/rndc.key:

# rndc.key

key "rndc-key" {
        algorithm hmac-md5;
        secret "tkjhKJhHkjhKhKhKhKHkjH=="; };

In named.conf:

include "/etc/bind/rndc.key";

controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };


> I still get the rndc "connnection failed; connection refused" line and
> I am going to beat this computer to death..  So if anyone could help
> that would be great.

It doesn't matter. It only effects shutdown. (`killall bind` run as root
will do the same, or bind9 or named or whatever name RH installs bind
as.) It isn't affecting your lack of name resolution. rndc is only a
server control program that works locally or from other computers.

Did you read the Administrator's Reference Manual?

http://www.nominum.com/content/documents/bind9arm.pdf

Or "HOWTO become a totally small time DNS admin", which is for BIND v8
but most of it translates into v9. It's the simplest explanation of DNS
and BIND you'll find:

http://www.ibiblio.org/pub/Linux/docs/howto/DNS-HOWTO

-- 
You can fill my head with Gummi Bears,
but I won't talk! -- Tom Servo, K13.