PDA

View Full Version : External DNS request BIND

jdhaig
13th July 2007, 10:53
Hi

I'm reasonably new to DNS, I have used it before but only for small internal jobs at companies.

I've set up a DNS server as part of my web hosting machine.

All the DNS appears to work fine on the machine (my resolv.conf has the machine's IP at the top of the list).

Unfortunately wherever else I am (outside this machine) I cannot resolve the domain. The ns0 and ns1 records both point to the machine in question (different ips, same machine) for now.

EG:

From the machine if I do nslookup mydomain.com the IP address of the machine is returned. However if I do it from anywhere else in the world it returns a non-existent domain error (see below).

Server: cache1.ntli.net
Address: 194.168.4.100

*** cache1.ntli.net can't find mydomain.com: Non-existent host/domain

If I add the server to the top of the list on remote machine's resolv.conf it returns the following error:

*** Can't find server name for address <MACHINES_IP>: No response from server
Server: cache1.ntli.net
Address: 194.168.4.100

*** cache1.ntli.net can't find mydomain.com: Non-existent host/domain

So it looks to me as if BIND is blocking external requests in some way or there is something else preventing external requests. I have tried telneting to port 53 on the machine (from outside) and a connection is established.

If any one knows what could be causing this I would appreciate the help!!

Thanks
James
falko
14th July 2007, 12:59
Can you post the real domain name so that I can do some tests?
jdhaig
15th July 2007, 11:18
the domain name is:

509hosting dot co dot uk

If you have any questions please let me know & thank you for trying to help!!

James
falko
16th July 2007, 14:02
There are no nameservers defined for the domain:

mh1:~# dig ns 509hosting.co.uk

; <<>> DiG 9.2.1 <<>> ns 509hosting.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2235
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;509hosting.co.uk. IN NS

;; Query time: 5009 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Mon Jul 16 13:48:25 2007
;; MSG SIZE rcvd: 34

mh1:~#Please go to your registrar's web interface and define two nameservers; on these nameservers you must create the zone for 509hosting.co.uk.

If your nameservers are in the same domain (e.g. ns1.509hosting.co.uk), you also need a glue record: http://en.wikipedia.org/wiki/Dns#Circular_dependencies_and_glue_records
jdhaig
16th July 2007, 16:14
OK, so I've changed things around. I've kept the NS records for 509hosting. co. uk with 123-reg.co. uk so now when you do a whois 509hosting. co. uk you get:

Name servers:
ns.123-reg.co .uk
ns2.123-reg.co. uk

And dig ns0.509hosting. co. uk:

;; ANSWER SECTION:
ns0.509hosting. co. uk. 86175 IN A 83.166. 161. 148


I've now set up an other domain (italaroma.co.uk) and pointed the ns0 and ns1 records to ns0.509hosting.co .uk and ns1.509hosting.co .uk

I now have exactly the same problem for italaroma.co .uk!!

Whois:

Name servers:
ns0.509hosting.co .uk
ns1.509hosting.co .uk

dig italaroma.co .uk

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6304
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;italaroma.co.uk. IN A

;; Query time: 5021 msec
;; SERVER: 158.152.1.58#53(158.152.1.58)
;; WHEN: Mon Jul 16 15:11:38 2007
;; MSG SIZE rcvd: 33


Bind is obviously aware of the fact that it is hosting both domains (from the confirm files) and lookups on the machine itself work fine. I'm presuming its something to do with external requests as I said before.
falko
17th July 2007, 17:46
Is port 53 (TCP and UDP) open on ns0.509hosting.co.uk and ns1.509hosting.co.uk? Because I can't connect:

server1:~# dig @ns1.509hosting.co.uk italaroma.co.uk

; <<>> DiG 9.3.4 <<>> @ns1.509hosting.co.uk italaroma.co.uk
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
server1:~#
jdhaig
17th July 2007, 20:32
Is port 53 (TCP and UDP) open on ns0.509hosting.co.uk and ns1.509hosting.co.uk? Because I can't connect:

server1:~# dig @ns1.509hosting.co.uk italaroma.co.uk

; <<>> DiG 9.3.4 <<>> @ns1.509hosting.co.uk italaroma.co.uk
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
server1:~#


OK! I'm the monkey here. I've just checked and the rule that I thought was correct was misspelt and therefore didn't active the UDP rule!!! I've updated it and all is fine now.

Thank you so much for your help, it's always better then you look at it from another person's perspective!!!!!

MANY MANY THANKS!
James