Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th May 2008, 19:54
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default stupid semi-newbie question #3 DNS/named problem?

I've just noticed that on my new server (ns5.cdbsystems.com) though named is running and I followed the install-chroot-bind howto, I cant get to it from outside world.

when I do

dig @ns5.cdbsystems.com cdbsystems.com

I get REFUSED form dig.
my other nameserver
dig @ns4.cdbsystems.com cdbsystems.com

reponds normally.

how can I tell what named is up to?

one complicating factor is I have it behind a xincom dual-wan router.
The centos 5.1 server has a static ip of 192.168.2.50 and I have
the router passing through all dns / port 53 request (tcp and udp) to this static ip.
the router ip is 71.163.161.26 which is of course what ns5.cdbsystems.com is saved as at godaddy (the registrar) and ns4.cdbsystems.com.

doing /etc/rc.d/rc3.d/S13named restart messages contains:
May 14 13:50:29 ns5 named[1999]: shutting down: flushing changes
May 14 13:50:29 ns5 named[1999]: stopping command channel on 127.0.0.1#953
May 14 13:50:29 ns5 named[1999]: stopping command channel on ::1#953
May 14 13:50:29 ns5 named[1999]: no longer listening on 127.0.0.1#53
May 14 13:50:29 ns5 named[1999]: no longer listening on 192.168.2.50#53
May 14 13:50:29 ns5 named[1999]: exiting
May 14 13:50:31 ns5 named[3456]: starting BIND 9.3.3rc2 -u named -t /var/named/chroot
May 14 13:50:31 ns5 named[3456]: found 2 CPUs, using 2 worker threads
May 14 13:50:31 ns5 named[3456]: loading configuration from '/etc/named.conf'
May 14 13:50:31 ns5 named[3456]: listening on IPv4 interface lo, 127.0.0.1#53
May 14 13:50:31 ns5 named[3456]: listening on IPv4 interface eth0, 192.168.2.50#53
May 14 13:50:31 ns5 named[3456]: command channel listening on 127.0.0.1#953
May 14 13:50:31 ns5 named[3456]: command channel listening on ::1#953
May 14 13:50:31 ns5 named[3456]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
May 14 13:50:31 ns5 named[3456]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
May 14 13:50:31 ns5 named[3456]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
May 14 13:50:31 ns5 named[3456]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
May 14 13:50:31 ns5 named[3456]: zone localdomain/IN/localhost_resolver: loaded serial 42
May 14 13:50:31 ns5 named[3456]: zone localhost/IN/localhost_resolver: loaded serial 1
May 14 13:50:31 ns5 named[3456]: zone cdbsystems.com/IN/external: loaded serial 1997022735
May 14 13:50:31 ns5 named[3456]: zone cdbsystems.com/IN/external: sending notifies (serial 1997022735)
May 14 13:50:31 ns5 named[3456]: running
May 14 13:50:31 ns5 named[3456]: client 192.168.2.1#1345: view internal: received notify for zone 'cdbsystems.com': not authoritative

on ns4.cdbsystems.com (and ns5) the cdbsystems.hosts file contains:
-------------------------------------
$TTL 84600
@ IN SOA cdbsystems.com. root.cdbsystems.com. (
1997022735 ; Serial
3600 ; Refresh
14400 ; Retry
1209600 ; Expire
86400 ) ; TTL
IN NS ns4.cdbsystems.com.
IN NS ns5.cdbsystems.com.


admin IN A 65.254.36.202
ns6 IN A 65.254.36.202
newbrutha IN A 65.254.36.202
cdbtest IN A 65.254.36.202
inthezoneonline IN A 65.254.36.202
ns5 IN A 71.163.161.26
ns4 IN A 65.254.36.202
www IN A 71.163.161.26
ns3 IN A 65.254.36.202
ns2 IN A 65.254.36.202
www2 IN A 65.254.36.202
ns1 IN CNAME admin
wwwns5 IN CNAME admin
ftp IN CNAME admin
pop3 IN CNAME admin
smtp IN CNAME admin
mail IN CNAME admin
cdbsystems.com. MX 50 ns4.cdbsystems.com.

-----------------
any ideas as to how to diagnose the problem?
I notice in messages reference to ports 953 and 1345 as far as I know the firewall is NOT passing those through - do I need to allow them?
(most firewall setup howtos only mention 53 and making sure TCP and UDP are both allowed for DNS passthrough)

any help is most welcome

cdb.

Last edited by craig baker; 14th May 2008 at 19:57.
Reply With Quote
Sponsored Links
  #2  
Old 15th May 2008, 19:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Seems to respond for me:

Code:
mh1:~# dig @ns5.cdbsystems.com cdbsystems.com

; <<>> DiG 9.3.4 <<>> @ns5.cdbsystems.com cdbsystems.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46414
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;cdbsystems.com.                        IN      A

;; Query time: 107 msec
;; SERVER: 71.163.161.26#53(71.163.161.26)
;; WHEN: Thu May 15 19:44:20 2008
;; MSG SIZE  rcvd: 32

mh1:~#
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 15th May 2008, 21:46
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default really

it gives status REFUSED - and provides no information.
ns4.cdbsystems.com gives good status and provides all we need
cdb.
Reply With Quote
  #4  
Old 15th May 2008, 22:04
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default possible information on stupid semi-question #3

I just realized (its been a LONG week) that I've got my centos server on
static ip 192.168.2.50
now the router is forwarding traffic (including dns traffic hopefully) to 192.168.2.50.
but maybe the REFUSED means that bind is not listening for requests to the external static ip? (71.163.161.26)
if so, how to get bind to respond to both address properly?

thanks
cdb.
Reply With Quote
  #5  
Old 16th May 2008, 15:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Sorry, I've overlooked the REFUSED...

What's the output of
Code:
netstat -tap
? What's in named.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 16th May 2008, 16:35
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default netstat -tap

here's from NS5:
[root@ns5 rc5.d]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdomain:2208 *:* LISTEN 2243/hpiod
tcp 0 0 *:mysql *:* LISTEN 2399/mysqld
tcp 0 0 *:sunrpc *:* LISTEN 2020/portmap
tcp 0 0 ns5.cdbsystems.com:domain *:* LISTEN 16468/named
tcp 0 0 localhost.localdomai:domain *:* LISTEN 16468/named
tcp 0 0 *:ftp *:* LISTEN 2424/proftpd: (acce
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2274/cupsd
tcp 0 0 *:squid *:* LISTEN 3982/(squid)
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 16468/named
tcp 0 0 localhost.localdomain:smtp *:* LISTEN 30379/sendmail: acc
tcp 0 0 localhost.localdomain:2207 *:* LISTEN 2248/python
tcp 0 0 *:959 *:* LISTEN 2049/rpc.statd
tcp 0 0 ns5.cdbsystems.com:domain ns4.cdbsystems.com:55609 TIME_WAIT -
tcp 1 0 ns5.cdbsystems.com:43767 192.150.18.46:http CLOSE_WAIT 2969/python
tcp 1 0 ns5.cdbsystems.com:45051 hpc-mirror.usc.edu:http CLOSE_WAIT 2969/python
tcp 1 0 ns5.cdbsystems.com:49617 hilbert.unl.edu:http CLOSE_WAIT 2969/python
tcp 1 0 ns5.cdbsystems.com:49611 hilbert.unl.edu:http CLOSE_WAIT 2969/python
tcp 1 0 ns5.cdbsystems.com:40206 ns1.centos.org:http CLOSE_WAIT 2969/python
tcp 1 0 ns5.cdbsystems.com:40212 ns1.centos.org:http CLOSE_WAIT 2969/python
tcp 0 0 *:http *:* LISTEN 2447/httpd
tcp 0 0 *:ssh *:* LISTEN 2263/sshd
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 16468/named
tcp 0 0 *:https *:* LISTEN 2447/httpd
tcp 0 0 ns5.cdbsystems.com:ssh ::ffff:192.168.2.1:dbstar ESTABLISHED 16207/1
tcp 0 0 ns5.cdbsystems.com:http crawl-66-249-67-10.go:35485 TIME_WAIT -
[root@ns5 rc5.d]#

as I noted before the eth0 is static 192.168.2.50 but ns5 in my cdbsystems.hosts is defined as 71.163.161.26. maybe the problem?
do I need to have my 'external' address someplace special?

I have port 53 t&u passed through to 192.168.2.50 from the router that is at 71.163.161.26.

in named.conf: I have
query-source port 53.

in the external view i have:
view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
include "/etc/named.root.hints";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

include "/etc/named.myzones";

};

my file 'named.myzones' contains all the zone statements.

/etc/hosts contains:
[root@ns5 etc]# cat hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
71.163.161.26 ns5.cdbsystems.com ns5
192.168.2.50 ns5.cdbsystems.com ns5

I'm thinking this is maybe a router issue? also, I notice than sendmail is not responding on port 25 when I
telnet from ns4 - just get connection refused.
maybe the two are linked?


anything else you need? any ideas?
thanks again. love your site!

cdb.

Last edited by craig baker; 16th May 2008 at 16:38.
Reply With Quote
  #7  
Old 16th May 2008, 17:11
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default Further info - no matching class error

I turned on bind logging to debug 3 and when I do a query

dig @ns5.cdbsystems.com from ns4, I'm getting:
lient @0x555566eaf460: udprecv
client 65.254.36.202#39458: UDP request
client 65.254.36.202#39458: no matching view in class 'IN'
client 65.254.36.202#39458: error
client 65.254.36.202#39458: send
client 65.254.36.202#39458: sendto
client 65.254.36.202#39458: senddone
client 65.254.36.202#39458: next
client 65.254.36.202#39458: endrequest

I'm googling to see what the problem is but obviously its a bind misconfiguration.
my file named.myzones should be included in the EXTERNAL view, so not sure why its unhappy!
cdb.
Reply With Quote
  #8  
Old 17th May 2008, 15:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by craig baker
as I noted before the eth0 is static 192.168.2.50 but ns5 in my cdbsystems.hosts is defined as 71.163.161.26. maybe the problem?
do I need to have my 'external' address someplace special?
What's the output of
Code:
ifconfig
, and what's in /etc/hosts?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 17th May 2008, 17:04
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
Default ifconfig, hosts

Last login: Fri May 16 20:51:17 2008 from ip72-192-192-225.dc.dc.cox.net
[root@ns5 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:17:08:51:90:FC
inet addr:192.168.2.50 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::217:8ff:fe51:90fc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:520273 errors:0 dropped:0 overruns:0 frame:0
TX packets:394473 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:122350600 (116.6 MiB) TX bytes:93703061 (89.3 MiB)
Interrupt:193

[root@ns5 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
71.163.161.26 ns5.cdbsystems.com ns5
192.168.2.50 ns5.cdbsystems.com ns5
[root@ns5 ~]#

I added the second ns5 line in hosts thinking that might help
cdb.
Reply With Quote
  #10  
Old 17th May 2008, 21:12
craig baker craig baker is offline
Senior Member
 
Join Date: Mar 2008
Posts: 145
Thanks: 0
Thanked 5 Times in 5 Posts
 
Default problem solved

turns out I needed to have in the named.conf view 'external'

match-clients { any; };
match-destinations { any; };

now dig @ns5.cdbsystems.com whatever seems to respond ok!

now back to the sendmail issue
cdb.
Reply With Quote
The Following User Says Thank You to craig baker For This Useful Post:
falko (18th May 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
stupid question? complete neewbie. Kev King HOWTO-Related Questions 12 7th May 2008 11:35
Newbie DNS question Upyr Server Operation 12 17th October 2007 05:29
Question from a newbie: can't login on proftpd Chris_elmp Installation/Configuration 2 24th August 2007 21:36
Newbie question thedude General 2 15th August 2005 14:38


All times are GMT +2. The time now is 06:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.