Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th June 2008, 14:59
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default Bind query denied after update

Ok. I'm in a picle now.
I recently update my ISPConfig server because of the certificate hassle in Ubuntu/Debian. Now I realise that my ISPConfig server log is full of this message...

Quote:
client 38.104.58.118 query (cache) 'www.konsultoi.com/A/IN' denied: 1 Time(s)
In short after updating to the Bind 9.4 the "allow-query-cache" seems to be screwed up pretty tightly.


What configuration changes would I need to do to allow any clinet to access the 9.4 DNS cache and make queries of the sites on my server?

Edit-> Found this... I will try this now.

Edit-> That did not help. Seems only local networks can make queries to the Bind.
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent


Last edited by SamTzu; 18th June 2008 at 10:24. Reason: Did not help
Reply With Quote
Sponsored Links
  #2  
Old 18th June 2008, 18:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

What's in your named.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th June 2008, 02:04
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

Havent changed any of it. (No manual changes seem to stay there anyway.)
I chrooted the user bind for ISPConfig.
(Also I noticed that bind does not log to /var/log/bind9/ but I still see in "logwatch" mail report what happens with bind.)

Quote:
options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};

zone "108.134.79.in-addr.arpa" {
type master;
file "pri.108.134.79.in-addr.arpa";
};
zone "35.119.217.in-addr.arpa" {
type master;
file "pri.35.119.217.in-addr.arpa";
};
zone "105.25.217.in-addr.arpa" {
type master;
file "pri.105.25.217.in-addr.arpa";

etc... etc...
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #4  
Old 19th June 2008, 16:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

And
Code:
 options {
     allow-recursion { any; };
     allow-query { any; };
     allow-query-cache { any; };
 };
did not work?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 19th June 2008, 20:11
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default

It doesnt seem to want to stay there. All changes seem to dissappear after a while. I think that...

options {
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
};
worked but it wont stay. Maybe ISPConfig overwrites the configuration?
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
  #6  
Old 20th June 2008, 13:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by SamTzu View Post
Maybe ISPConfig overwrites the configuration?
Yes, but you can change the named.conf template in /root/ispconfig/isp/conf. Save the modified template in the /root/ispconfig/isp/conf/customized_templates directory.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 30th June 2008, 16:02
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
 
Default

Ok. I'm now officially unbind
The problem was not it the servers DNS/Bind settings.

I could not belive what my tests showed me so I took Wireshark and looked at the traffic between my Vista & 2 different DNS servers.

Apparantly ALL the name queries to the ns1 work from my Vista but NO query for ns2 (different network) so I assumed that the problem was with the newer ns2 that had been upgraded.

The REASON why no query worked for the ns2 was that no query LEFT my wonderfull Vista. Yes its true. All the queries to ns2 NEVER leave my PC. All other traffic to ns2 works just fine.

Apparently this has something to do with the fact that ns2 address was changed recently to other network for security and loadbalance reasons.


Sam

"You can start laughing now."
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rejected e-mail (unknown user) w/Postfix doronkeller HOWTO-Related Questions 9 27th January 2008 20:09
ISPConfig and BIND on Debian sarge (rfc1912 : failed on zonecheck) arnaud Installation/Configuration 13 6th March 2007 12:40
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 05:19
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 18:26
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 14:50


All times are GMT +2. The time now is 11:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.