Problem with Fedora 10 and DNS

[sligbot]

Hello,
I know I may be jumping the gun with a FC 10 install but it seems to have the only drivers that support my motherboard and SATA combination. We've tried a huge variety of distro's and this is the only one that works properly.

So we went ahead and installed ispconfig based on the perfect setup from FC 9. We've got other servers already running so we've had success thus far in installing and running ispconfig.

We are, however, running into problems getting DNS to work properly. It seems that that it may be firewalled but we can't find the firewall blocking port 53. It's running because when we run netstat -tap we get the following results:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 1991/dovecot
tcp 0 0 *op3s *:* LISTEN 1991/dovecot
tcp 0 0 *:mysql *:* LISTEN 2242/mysqld
tcp 0 0 *:55469 *:* LISTEN 1681/rpc.statd
tcp 0 0 *op3 *:* LISTEN 1991/dovecot
tcp 0 0 *:imap *:* LISTEN 1991/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind
tcp 0 0 *:81 *:* LISTEN 2276/ispconfig_http
tcp 0 0 localhost.localdomai:domain *:* LISTEN 2398/named
tcp 0 0 *:ssh *:* LISTEN 1970/sshd
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2159/cupsd
tcp 0 0 *:smtp *:* LISTEN 7887/master
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 2398/named
tcp 0 2076 ns2.gbtel.ca:ssh bas1-hamilton:winpoplanmess ESTABLISHED 8783/0
tcp 0 0 *:imaps *:* LISTEN 1991/dovecot
tcp 0 0 *op3s *:* LISTEN 1991/dovecot
tcp 0 0 *op3 *:* LISTEN 1991/dovecot
tcp 0 0 *:imap *:* LISTEN 1991/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind
tcp 0 0 *:http *:* LISTEN 2297/httpd
tcp 0 0 *:ftp *:* LISTEN 2414/proftpd: (acce
tcp 0 0 localhost6.localdoma:domain *:* LISTEN 2398/named
tcp 0 0 *:ssh *:* LISTEN 1970/sshd
tcp 0 0 *:smtp *:* LISTEN 7887/master
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 2398/named
tcp 0 0 *:https *:* LISTEN 2297/httpd


However, when we run nmap we get the following results:

[root@ns2 ~]# nmap -sS -O -p 0-100 -PI -PT 216.185.252.131

Starting Nmap 4.68 ( http://nmap.org ) at 2008-11-27 01:42 EST
Interesting ports on ns2.gbtel.ca (216.185.252.131):
Not shown: 96 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.22
Uptime: 0.341 days (since Wed Nov 26 17:30:43 2008)
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.378 seconds

We've disabled the firewall, disabled IPTABLES, SELINUX is disabled and we can't seem to get things running.

We have not setup any domains to be hosted by this server yet as this will be part of a development server.

Any help would be greatly appreciated.

[till]

Please post the output of:

iptables -L

[sligbot]

[root@ns2 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[falko]

Quote:

Originally Posted by sligbot

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 1991/dovecot
tcp 0 0 *op3s *:* LISTEN 1991/dovecot
tcp 0 0 *:mysql *:* LISTEN 2242/mysqld
tcp 0 0 *:55469 *:* LISTEN 1681/rpc.statd
tcp 0 0 *op3 *:* LISTEN 1991/dovecot
tcp 0 0 *:imap *:* LISTEN 1991/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind
tcp 0 0 *:81 *:* LISTEN 2276/ispconfig_http
tcp 0 0 localhost.localdomai:domain *:* LISTEN 2398/named
tcp 0 0 *:ssh *:* LISTEN 1970/sshd
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2159/cupsd
tcp 0 0 *:smtp *:* LISTEN 7887/master
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 2398/named
tcp 0 2076 ns2.gbtel.ca:ssh bas1-hamilton:winpoplanmess ESTABLISHED 8783/0
tcp 0 0 *:imaps *:* LISTEN 1991/dovecot
tcp 0 0 *op3s *:* LISTEN 1991/dovecot
tcp 0 0 *op3 *:* LISTEN 1991/dovecot
tcp 0 0 *:imap *:* LISTEN 1991/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind
tcp 0 0 *:http *:* LISTEN 2297/httpd
tcp 0 0 *:ftp *:* LISTEN 2414/proftpd: (acce
tcp 0 0 localhost6.localdoma:domain *:* LISTEN 2398/named
tcp 0 0 *:ssh *:* LISTEN 1970/sshd
tcp 0 0 *:smtp *:* LISTEN 7887/master
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 2398/named
tcp 0 0 *:https *:* LISTEN 2297/httpd

named seems to listen on localhost only, not on all interfaces. What's in your named.conf?

[sligbot]

I just did a complete re-install to see if any bugs came up but nothing. Here's the named.conf file. I don't think it's setup properly as I compared it to an existing ISPCONFIG server that I have and its not even close to being the same (although different versions of FC):

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";

[sligbot]

I also get an error when restarting Bind (using service named restart):


shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

Hopefully this helps. It's very strange that the only thing that we've done differently is used new hardware and a new release of FC 10.

[falko]

Change

Code:

listen-on port 53 { 127.0.0.1; };

to

Code:

listen-on port 53 { };

and restart named.

[sligbot]

Updated it with no change. I'll post what I get now:

[root@ns2 ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 2204/dovecot
tcp 0 0 *:pop3s *:* LISTEN 2204/dovecot
tcp 0 0 *:mysql *:* LISTEN 6068/mysqld
tcp 0 0 *:pop3 *:* LISTEN 2204/dovecot
tcp 0 0 *:imap *:* LISTEN 2204/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind
tcp 0 0 *:81 *:* LISTEN 9254/ispconfig_http
tcp 0 0 *:ssh *:* LISTEN 2067/sshd
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2388/cupsd
tcp 0 0 *:51256 *:* LISTEN 1722/rpc.statd
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 3317/named
tcp 0 0 *:smtp *:* LISTEN 22819/master
tcp 0 1040 ns2.gbtel.ca:ssh bas1-hamilton14-109:pcc-mfp ESTABLISHED 3239/1
tcp 0 0 *:imaps *:* LISTEN 2204/dovecot
tcp 0 0 *:pop3s *:* LISTEN 2204/dovecot
tcp 0 0 *:pop3 *:* LISTEN 2204/dovecot
tcp 0 0 *:imap *:* LISTEN 2204/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind
tcp 0 0 *:http *:* LISTEN 9276/httpd
tcp 0 0 localhost6.localdoma:domain *:* LISTEN 3317/named
tcp 0 0 *:ftp *:* LISTEN 9947/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 2067/sshd
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 3317/named
tcp 0 0 *:smtp *:* LISTEN 22819/master
tcp 0 0 *:https *:* LISTEN 9276/httpd



[root@ns2 ~]# nmap -sS -O -p 0-100 -PI -PT 216.185.252.131

Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-05 12:58 EST
Interesting ports on ns2.gbtel.ca (216.185.252.131):
Not shown: 96 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.24
Uptime: 2.000 days (since Wed Dec 3 12:58:51 2008)
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.402 seconds

I simply update the named.conf file (located at /var/named/chroot/ect/) with your suggestion.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";

[sligbot]

Ok, so the plot thickens...
I created a domain, gbtel.ca, which isn't live yet as this is a test box. I point my PC's DNS entry to this box to check if it's working properly.

Anyways, the domain is created and then when I run netstat -tap I get that Bind is listening. However, I'm still not able to use this box to resolve sites. Here's the updated info:

[root@ns2 ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 2204/dovecot
tcp 0 0 *op3s *:* LISTEN 2204/dovecot
tcp 0 0 *:mysql *:* LISTEN 6068/mysqld
tcp 0 0 *op3 *:* LISTEN 2204/dovecot
tcp 0 0 *:imap *:* LISTEN 2204/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind
tcp 0 0 *:81 *:* LISTEN 9254/ispconfig_http
tcp 0 0 ns2.gbtel.ca:domain *:* LISTEN 7666/named
tcp 0 0 localhost.localdomai:domain *:* LISTEN 7666/named
tcp 0 0 *:ssh *:* LISTEN 2067/sshd
tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2388/cupsd
tcp 0 0 *:51256 *:* LISTEN 1722/rpc.statd
tcp 0 0 localhost.localdomain:rndc *:* LISTEN 7666/named
tcp 0 0 *:smtp *:* LISTEN 22819/master
tcp 0 0 localhost.localdomain:59905 localhost.localdomain:rndc TIME_WAIT -
tcp 0 2040 ns2.gbtel.ca:ssh bas1-hamilton:netwatcher-db ESTABLISHED 5865/1
tcp 0 0 *:imaps *:* LISTEN 2204/dovecot
tcp 0 0 *op3s *:* LISTEN 2204/dovecot
tcp 0 0 *op3 *:* LISTEN 2204/dovecot
tcp 0 0 *:imap *:* LISTEN 2204/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind
tcp 0 0 *:http *:* LISTEN 9276/httpd
tcp 0 0 *:ftp *:* LISTEN 9947/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 2067/sshd
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 7666/named
tcp 0 0 *:smtp *:* LISTEN 22819/master
tcp 0 0 *:https *:* LISTEN 9276/httpd

Here's what I get when I run nmap -sS -O -p 0-100 -PI -PT 216.185.252.131
Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-05 16:32 EST
Interesting ports on ns2.gbtel.ca (216.185.252.131):
Not shown: 95 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
81/tcp open hosts2-ns
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.24
Uptime: 2.148 days (since Wed Dec 3 12:58:50 2008)
Network Distance: 0 hops

and the contents of my named.conf
options {
pid-file "/var/named/chroot/var/run/named/named.pid";
directory "/var/named/chroot/var/named";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};


zone "gbtel.ca" {
type master;
file "pri.gbtel.ca";
};

[falko]

What's the output of

Code:

dig @localhost gbtel.ca

?