Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th April 2008, 03:21
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy bind possible network issue?

THE SETUP:

Baiscly what's happening is that I have a static ip address for my dsl. I'm using a cisco 877 adsl router as my router and my dsl modem all in one.
I do not at this time have any access list on there so everything is permit any any. I do have nat or better pat aka hide-nat setup on the router; meaning it looks like this:
ip nat inside source static tcp 172.30.115.75 53 76.225.177.54 53 extendable
ip nat inside source static udp 172.30.115.75 53 76.225.177.54 53 extendable

With regard to port 53 being for my dns. (i know this is setup correctly to forward all incoming request from my wan ip address to my internal server address because I have other statements doing this for other services and it works.
So all dns traffic should be forwarded to my dns server.

I also have apache2 setup and running 2 different web pages; which are correctly registered and pointing to my server for dns.

I have bind 9.4.2 chrooted running on my debian lenny box (i know lenny is testing, and there is a small chance that could be my problem, but continuing on...

Last edited by d0cipx; 27th April 2008 at 03:33.
Reply With Quote
Sponsored Links
  #2  
Old 27th April 2008, 03:31
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy The Problem:

The problem is that my dns server is not resolving ANY quarys or quaries however you want to spell it. (forgive me i'm horrible at spelling)

I've been using www.network-tools.com advanced dns search/quary to try and get a response back from my server and I get nothing but time out or failed.

When I run ngrep I watch as the server recieves the quary from my router which got it from the web site, then I watch my server send back a reply and somewhere it's dropped and never reaches the web site.

I ran wireshark once, and although I am not sure if this is still happening I did see something once in the capture file describing "BAD CHECKSUM" for both udp and tcp.

After searching online, tcp is required, udp is not required but reccommended for security.
I can sort of see how it could be a bad checksum but the nat translation should correct that shouldn't it?

I am not even sure if the checksum issue IS what's causing my dns server or my router to drop the packets on their way out. But that's the only potential error I have to go off of.

I have recently used ethtool and turned off checksum offloading on my NIC, but still no help.

The problem may be something completely different I'm just not sure what to do at this point.

I found this online and it may very well be exactly what is happening, but I do not have a packet.c anywhere that I can locate on my system therefore, I am unable to edit it and correct the source.
http://permalink.gmane.org/gmane.lin...general/375502

Please any help regarding this is greatly appreciated. I have been working on this for months now without being able to figure out the next step.

Regards,
-Shawn
Reply With Quote
  #3  
Old 28th April 2008, 21:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

What's the output of
Code:
netstat -tap
? Are there any errors in your logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 17th May 2008, 03:47
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

sorry it's taken so long for a response, we moved/bought a house and ip changed thus a lot of config stuff, you requested output of netstat -tap
here it is:

shinra:/# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:afpovertcp *:* LISTEN 4054/afpd
tcp 0 0 *:swat *:* LISTEN 4063/inetd
tcp 0 0 localhost:mysql *:* LISTEN 3798/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 4145/smbd
tcp 0 0 *:ircd *:* LISTEN 4020/dancer-ircd
tcp 0 0 *op3 *:* LISTEN 26753/dovecot
tcp 0 0 *:imap2 *:* LISTEN 26753/dovecot
tcp 0 0 shinra.x90its.co:domain *:* LISTEN 3684/named
tcp 0 0 localhost:domain *:* LISTEN 3684/named
tcp 0 0 *:smtp *:* LISTEN 4127/master
tcp 0 0 localhost:5433 *:* LISTEN 3906/postgres
tcp 0 0 localhost:953 *:* LISTEN 3684/named
tcp 0 0 *:microsoft-ds *:* LISTEN 4145/smbd
tcp 0 0 shinra.x90:microsoft-ds 172.30.115.99:3481 ESTABLISHED 3355/smbd
tcp6 0 0 [::]:6668 [::]:* LISTEN 4004/bitlbee
tcp6 0 0 [::]:www [::]:* LISTEN 4388/apache2
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 3684/named
tcp6 0 0 [::]:https [::]:* LISTEN 3715/sshd
tcp6 0 148 shinra.x90its.com:https XX.XX.XX.X%214484:11498 ESTABLISHED 27883/sshd: d0cipx
Reply With Quote
  #5  
Old 17th May 2008, 16:09
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by d0cipx
tcp 0 0 shinra.x90its.co:domain *:* LISTEN 3684/named
tcp 0 0 localhost:domain *:* LISTEN 3684/named
Ok, BIND is running. Can you post the contents of /etc/hosts and the output of
Code:
ifconfig
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 18th May 2008, 03:16
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

the following is my output from the commands you ask for:

d0cipx@shinra:~$ cat /etc/hosts
127.0.0.1 localhost
172.30.115.75 shinra.x90its.com shinra
172.30.115.65 navix.x90its.com navix
172.30.115.50 cloud.x90its.com cloud


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


d0cipx@shinra:~$ sudo ifconfig
eth1 Link encap:Ethernet HWaddr 00:17:31:37:9b:7d
inet addr:172.30.115.75 Bcast:172.30.115.255 Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fe37:9b7d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1136508 errors:0 dropped:0 overruns:0 frame:0
TX packets:887406 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:824963071 (786.7 MiB) TX bytes:106781983 (101.8 MiB)
Interrupt:16

eth2 Link encap:Ethernet HWaddr 00:1b:11:c0:7e:8d
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:29202 errors:0 dropped:0 overruns:0 frame:0
TX packets:29202 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11352687 (10.8 MiB) TX bytes:11352687 (10.8 MiB)
Reply With Quote
  #7  
Old 18th May 2008, 16:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Looks ok.

I'm getting a REFUSED when I try to query your BIND:

Code:
http2:~# dig @shinra.x90its.com google.com

; <<>> DiG 9.3.4 <<>> @shinra.x90its.com google.com
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11366
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 149 msec
;; SERVER: 99.173.163.70#53(99.173.163.70)
;; WHEN: Sun May 18 16:39:47 2008
;; MSG SIZE  rcvd: 28

http2:~#
What's in your named.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 19th May 2008, 00:18
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

this is may named.conf file:

shinra:/chroot/named/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

zone "x90its.com" {
type master;
file "/etc/bind/x90its.db";
forwarders {};
allow-query { any; };
};

zone "burrellfishing.com" {
type master;
file "/etc/bind/burrellfishing.db";
forwarders {};
allow-query { any; };
};

zone "swamphawglures.com" {
type master;
file "/etc/bind/swamphawglures.db";
forwarders {};
allow-query { any; };
};

include "/etc/bind/named.conf.local";
Reply With Quote
  #9  
Old 19th May 2008, 04:02
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i have changed my configs a little to roughly match how it's done on the below link:
http://www.debian-administration.org/articles/355


my new named.conf file looks like this:

shinra:/chroot/named/etc/bind# cat named.conf
include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";



my named.conf.local file:

shinra:/chroot/named/etc/bind# cat named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

acl internals {
127.0.0.0/8;
10.10.10.0/24;
172.30.115.0/24;
};

view "internal" {
match-clients { internals; };
match-destinations { internals; };
recursion yes;

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

zone "x90its.com" {
type master;
file "/etc/bind/internal/int.x90its.db";
};
};

view "external" {
match-clients { any; };
match-destinations { any; };
recursion no;

zone "." {
type hint;
file "/etc/bind/db.root";
};

zone "x90its.com" {
type master;
file "/etc/bind/external/ext.x90its.db";
forwarders {};
allow-query { any; };
};

zone "burrellfishing.com" {
type master;
file "/etc/bind/external/burrellfishing.db";
forwarders {};
allow-query { any; };
};

zone "swamphawglures.com" {
type master;
file "/etc/bind/external/swamphawglures.db";
forwarders {};
allow-query { any; };
};
};



my named.conf.options file:

shinra:/chroot/named/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

//forwarders {
// 68.94.156.1;
// 68.94.157.1;
//};

auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
listen-on port 53 { any; };
};
Reply With Quote
  #10  
Old 19th May 2008, 09:00
d0cipx d0cipx is offline
Junior Member
 
Join Date: Apr 2008
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

basicly i just had a buddy who works at redhat jump on my server, the files that i have posted on here have been modified very slightly and bind is up and running resolving local quaries on the lan, and there are absolutely no errors anywhere.

the problem is that i still havn't got anywhere, it's still pointing back to a network issue, i can run ngrep -d any 53 go to www.network-tools.com and do their advanced dns lookup on my server.

my server will show (by using ngrep) the request come into the server and the server send back the info
but the web site says "timed out" rather than the info that the server attempted to send back

it's looking more and more like either an issue with my router/config
and worse case is with isp. sbcglobal who uses at&t

if anyone can think of anything else or need any more information from me just ask.

thank you everyone for staying with me this far.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Network (bridge?) issue after following: Xen Cluster Management With Ganeti On Debian nux HOWTO-Related Questions 2 27th March 2008 17:14
Problem on restart bind9 satimis Server Operation 6 30th October 2007 02:01
Perfect Xen 3.0 setup for Debian gurneyzap HOWTO-Related Questions 4 26th March 2006 11:30
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 14:50
Network issue - newbie reddogg Installation/Configuration 1 22nd January 2006 08:03


All times are GMT +2. The time now is 07:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.