HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   DNS not working (http://www.howtoforge.com/forums/showthread.php?t=56444)

rrijken 5th March 2012 13:49

DNS not working
 
Was using ispconfig 2 for a long time but have made the switch to ispconfig 3. Can't get DNS working though and I have no idea why. Server uses Fedora 16 and I used the perfect server setup for Fedora 15. On ispconfig 2, the old server/pc, the sites were running without a problem behind my router so DNS was working, but now on intodns.com I keep getting:

Error Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records.
Error DNS servers responded ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
204.13.249.76 122.249.2.210


Below is needed output. Help is greatly appreciated.

Service named is running:

named.service - LSB: start|stop|status|restart|try-restart|reload|force-reload DNS server
Loaded: loaded (/etc/rc.d/init.d/named)
Active: active (running) since Mon, 05 Mar 2012 21:22:22 +0900; 16min ago
Process: 8451 ExecStop=/etc/rc.d/init.d/named stop (code=exited, status=0/SUCCESS)
Process: 7537 ExecReload=/etc/rc.d/init.d/named reload (code=exited, status=0/SUCCESS)
Process: 8500 ExecStart=/etc/rc.d/init.d/named start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/named.service
└ 8506 /usr/sbin/named -u named

Dig:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29806
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 6297 IN NS g.root-servers.net.
. 6297 IN NS b.root-servers.net.
. 6297 IN NS j.root-servers.net.
. 6297 IN NS i.root-servers.net.
. 6297 IN NS d.root-servers.net.
. 6297 IN NS h.root-servers.net.
. 6297 IN NS f.root-servers.net.
. 6297 IN NS m.root-servers.net.
. 6297 IN NS c.root-servers.net.
. 6297 IN NS k.root-servers.net.
. 6297 IN NS l.root-servers.net.
. 6297 IN NS e.root-servers.net.
. 6297 IN NS a.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 3554584 IN A 198.41.0.4
a.root-servers.net. 3554584 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3554584 IN A 192.228.79.201
c.root-servers.net. 3565869 IN A 192.33.4.12
d.root-servers.net. 3565869 IN A 128.8.10.90
d.root-servers.net. 3596535 IN AAAA 2001:500:2d::d
e.root-servers.net. 3596535 IN A 192.203.230.10
f.root-servers.net. 3594940 IN A 192.5.5.241
f.root-servers.net. 3554584 IN AAAA 2001:500:2f::f
g.root-servers.net. 3565869 IN A 192.112.36.4
h.root-servers.net. 3554584 IN A 128.63.2.53
h.root-servers.net. 3554584 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3554584 IN A 192.36.148.17
i.root-servers.net. 3584273 IN AAAA 2001:7fe::53

;; Query time: 17 msec
;; SERVER: 216.146.35.35#53(216.146.35.35)
;; WHEN: Mon Mar 5 21:39:28 2012
;; MSG SIZE rcvd: 512




dig @localhost mutoh-seikatsu.com
:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>> @localhost mutoh-seikatsu.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;mutoh-seikatsu.com. IN A

;; ANSWER SECTION:
mutoh-seikatsu.com. 86400 IN A 122.249.2.210

;; AUTHORITY SECTION:
mutoh-seikatsu.com. 0 IN NS ns2.mydyndns.com.
mutoh-seikatsu.com. 0 IN NS ns1.mutoh-seikatsu.com.

;; ADDITIONAL SECTION:
ns1.mutoh-seikatsu.com. 86400 IN A 122.249.2.210

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Mar 5 21:40:25 2012
;; MSG SIZE rcvd: 113




dig @122.249.2.210 mutoh-seikatsu.com:

;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53
;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53
;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>> @122.249.2.210 mutoh-seikatsu.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached






iptables -L:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- resolver1.dyndnsinternetguide.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver1.dyndnsinternetguide.com anywhere
ACCEPT tcp -- resolver2.dyndnsinternetguide.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver2.dyndnsinternetguide.com anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.24.255
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere server.mutoh-seikatsu.com
INBOUND all -- anywhere server.mutoh-seikatsu.com
INBOUND all -- anywhere 192.168.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- server.mutoh-seikatsu.com resolver1.dyndnsinternetguide.com tcp dpt:domain
ACCEPT udp -- server.mutoh-seikatsu.com resolver1.dyndnsinternetguide.com udp dpt:domain
ACCEPT tcp -- server.mutoh-seikatsu.com resolver2.dyndnsinternetguide.com tcp dpt:domain
ACCEPT udp -- server.mutoh-seikatsu.com resolver2.dyndnsinternetguide.com udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"

Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.0.104 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpts:bootps:bootpc
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpts:bootps:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT udp -- anywhere anywhere udp dpts:ftp-data:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT udp -- anywhere anywhere udp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT tcp -- server.mutoh-seikatsu.com anywhere tcp dpt:db-lsp
ACCEPT udp -- server.mutoh-seikatsu.com anywhere udp dpt:db-lsp-disc
ACCEPT tcp -- 192.168.0.104 anywhere tcp dpt:netbios-dgm
ACCEPT udp -- 192.168.0.104 anywhere udp dpt:netbios-dgm
ACCEPT tcp -- 192.168.0.125 anywhere tcp dpt:db-lsp
ACCEPT udp -- 192.168.0.125 anywhere udp dpt:db-lsp-disc
ACCEPT tcp -- 115.179.101.100.ap.gmobb-fix.jp anywhere tcp dpt:imaps
ACCEPT udp -- 115.179.101.100.ap.gmobb-fix.jp anywhere udp dpt:imaps
ACCEPT tcp -- 115.179.101.100.ap.gmobb-fix.jp anywhere tcp dpt:imaps
ACCEPT udp -- 115.179.101.100.ap.gmobb-fix.jp anywhere udp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:25012
ACCEPT udp -- anywhere anywhere udp dpt:25012
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
ACCEPT udp -- anywhere anywhere udp dpt:tproxy
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
LSI all -- anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
DROP all -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere


netstat -tap:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:50502 *:* LISTEN 1308/rpc.statd
tcp 0 0 localhost:10024 *:* LISTEN 1508/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 1612/master
tcp 0 0 *:mysql *:* LISTEN 1347/mysqld
tcp 0 0 *:sunrpc *:* LISTEN 1123/rpcbind
tcp 0 0 *:ndmp *:* LISTEN 1664/perl
tcp 0 0 server.mutoh-seikats:domain *:* LISTEN 8506/named
tcp 0 0 server.mutoh-seikats:domain *:* LISTEN 8506/named
tcp 0 0 localhost:domain *:* LISTEN 8506/named
tcp 0 0 *:ftp *:* LISTEN 1185/pure-ftpd (SER
tcp 0 0 localhost:ipp *:* LISTEN 2084/cupsd
tcp 0 0 localhost:rndc *:* LISTEN 8506/named
tcp 0 0 *:smtp *:* LISTEN 1612/master
tcp 0 0 *:db-lsp *:* LISTEN 2259/dropbox
tcp 0 0 server.mutoh-seikatsu:56565 nrt19s11-in-f21.1e100:https TIME_WAIT -
tcp 62 0 localhost:39435 localhost:10025 CLOSE_WAIT 1830/amavisd (ch1-a
tcp 0 0 localhost:mysql localhost:45047 ESTABLISHED 1347/mysqld
tcp 38 0 server.mutoh-seikatsu:37894 v-client-4b.sjc.dropb:https CLOSE_WAIT 2259/dropbox
tcp 0 0 localhost:45047 localhost:mysql ESTABLISHED 1830/amavisd (ch1-a
tcp 0 0 server.mutoh-seikatsu:56662 nrt19s11-in-f21.1e100:https ESTABLISHED 2371/firefox
tcp 0 0 server.mutoh-seikatsu:33801 sjc-not20.sjc.dropbox.:http ESTABLISHED 2259/dropbox
tcp 0 0 *:40429 *:* LISTEN 1308/rpc.statd
tcp 0 0 *:pop3 *:* LISTEN 1553/couriertcpd
tcp 0 0 *:imap *:* LISTEN 1521/couriertcpd
tcp 0 0 *:sunrpc *:* LISTEN 1123/rpcbind
tcp 0 0 *:webcache *:* LISTEN 1144/httpd
tcp 0 0 *:http *:* LISTEN 1144/httpd
tcp 0 0 *:tproxy *:* LISTEN 1144/httpd
tcp 0 0 *:domain *:* LISTEN 8506/named
tcp 0 0 *:ftp *:* LISTEN 1185/pure-ftpd (SER
tcp 0 0 *:ipp *:* LISTEN 1/init
tcp 0 0 localhost:rndc *:* LISTEN 8506/named
tcp 0 0 *:smtp *:* LISTEN 1612/master
tcp 0 0 *:https *:* LISTEN 1144/httpd
tcp 0 0 *:imaps *:* LISTEN 1543/couriertcpd
tcp 0 0 *:pop3s *:* LISTEN 1562/couriertcpd



netstat -uap
:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:ipp *:* 1/init
udp 0 0 localhost:ldaps *:* 1308/rpc.statd
udp 0 0 *:871 *:* 1123/rpcbind
udp 0 0 *:db-lsp-disc *:* 2259/dropbox
udp 0 0 *:mdns *:* 997/avahi-daemon
udp 0 0 *:ndmp *:* 1664/perl
udp 0 0 *:26734 *:* 3201/dhcpd
udp 0 0 *:39846 *:* 1308/rpc.statd
udp 0 0 *:60696 *:* 997/avahi-daemon
udp 0 0 server.mutoh-seikatsu:domain *:* 8506/named
udp 0 0 server.mutoh-seikatsu:domain *:* 8506/named
udp 0 0 localhost:domain *:* 8506/named
udp 0 0 *:bootps *:* 3201/dhcpd
udp 0 0 *:sunrpc *:* 1123/rpcbind
udp 0 0 *:ntp *:* 1020/chronyd
udp 0 0 *:323 *:* 1020/chronyd
udp 0 0 *:871 *:* 1123/rpcbind
udp 0 0 *:43515 *:* 3201/dhcpd
udp 0 0 *:60526 *:* 1308/rpc.statd
udp 0 0 *:domain *:* 8506/named
udp 0 0 *:sunrpc *:* 1123/rpcbind
udp 0 0 *:ntp *:* 1020/chronyd
udp 0 0 *:323 *:* 1020/chronyd

rrijken 5th March 2012 13:52

Am using firestarter for the firewall at the moment which setup a DHCP server that handles the internal network (wireless). If I need to get rid of firestarter, how to add the dhcp server and masquerading between internet - and local net?

rrijken 5th March 2012 14:14

Here is named.conf, note the allow-query line, when set to localhost the intodns reports that the server did not respond, when set to any, it responds but I get the error at recursive queries, anybody can use the dns server:

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/etc/named.conf.local";

falko 7th March 2012 17:19

Remove the recursion yes; line and add
Code:

allow-recursion { none; };
instead.


All times are GMT +2. The time now is 02:06.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.