dig and nameserver - where from dig should get anwser?

[tom]

I use dig to see which nameserver ist replying:
dig server-1.de

Quote:

;; QUESTION SECTION:
;server-1.de. IN A

;; ANSWER SECTION:
server-1.de. 1431 IN A 1.2.3.4

;; Query time: 2 msec
;; SERVER: 1.2.2.4#53(1.2.2.4)
;; WHEN: Wed Nov 8 14:03:19 2006
;; MSG SIZE rcvd: 51

And I see NOT bind managed by ISP ist replying. But that the local bind should answer even if I try:
dig gmx.de
the answer should come from the local bind. Right? But is does'nt.

resolf.conf has this entries:

Quote:

nameserver 1.2.3.4
nameserver 1.2.2.4
nameserver 1.2.2.1
search server-1.de

I should be able to remove the external nameserver:
nameserver 1.2.2.4
nameserver 1.2.2.1

but if I do that dig does find any answer :-(

Quote:

named.conf shows this:
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};

zone "1.0.10.in-addr.arpa" {
type master;
file "pri.1.0.10.in-addr.arpa";
};


zone " server-1.de" {
type master;
file "pri. server-1.de ";
};

What would be right to do? Do I have to add a new “pri. server-1.de” zone pointing to 1.2.3.4

pri. server-1.de contains this:

Quote:

$TTL 86400
@ IN SOA server-1.de.de. admin.server-1.de.de. (
2006110802 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;
NS server-1.de.de. ; Inet Address of name server 1
NS server01.server-1.de.de. ; Inet Address of name server 2
;

mail MX 10 server-1.de.de.

server-1.de.de. A 10.0.1.1

Even I get this error during bind is starting if I don't change the DefaultAddress 127.0.0.1 in /etc/proftpd_ispconfig.conf to

Quote:

DefaultAddress 10.0.1.1
<VirtualHost 10.0.1.1>

Quote:

named[31157]: starting BIND 9.2.4 -u bind -t /var/lib/named
named[31157]: using 1 CPU
named[31157]: loading configuration from '/etc/bind/named.conf'
named[31157]: listening on IPv4 interface lo, 127.0.0.1#53
named[31157]: binding TCP socket: address in use
named[31157]: listening on IPv4 interface eth0, 10.0.1.1#53
named[31157]: binding TCP socket: address in use
named[31157]: couldn't add command channel 127.0.0.1#953: address in use
named[31157]: couldn't add command channel ::1#953: address in use

I’m using xen: Dom0 ip 1.2.3.4 and domU with ispconig ip 10.0.1.1

[falko]

Quote:

Originally Posted by tom

I use dig to see which nameserver ist replying:
dig server-1.de
And I see NOT bind managed by ISP ist replying. But that the local bind should answer even if I try:
dig gmx.de
the answer should come from the local bind. Right? But is does'nt.

If you want to ask your local DNS server, you must run

Code:

dig @localhost gmx.de

What's the output of

Code:

netstat -tap

? What's in /etc/hosts? Which distribution do you use?

[tom]

Quote:

Originally Posted by falko

If you want to ask your local DNS server, you must run

Code:

dig @localhost gmx.de

should not answer the local nameserver by reading out its cache and would'nt this speedup the answersing by looking up an address of the nameserver?

What's the output of

Code:

netstat -tap

? What's in /etc/hosts? Which distribution do you use?

Code:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN     1186/mysqld
tcp        0      0 *:81                    *:*                     LISTEN     1522/ispconfig_http
tcp        0      0 *:ftp                   *:*                     LISTEN     2482/proftpd: (acce
tcp        0      0 server-1.d:domain *:*                     LISTEN     1052/named
tcp        0      0 localhost:domain        *:*                     LISTEN     1052/named
tcp        0      0 *:smtp                  *:*                     LISTEN     2624/master
tcp        0      0 localhost:953           *:*                     LISTEN     1052/named
tcp6       0      0 *:imaps                 *:*                     LISTEN     1095/couriertcpd
tcp6       0      0 *:pop3s                 *:*                     LISTEN     1116/couriertcpd
tcp6       0      0 *:pop3                  *:*                     LISTEN     1103/couriertcpd
tcp6       0      0 *:imap2                 *:*                     LISTEN     1077/couriertcpd
tcp6       0      0 *:ssh                   *:*                     LISTEN     1407/sshd
tcp6       0      0 *:smtp                  *:*                     LISTEN     2624/master
tcp6       0      0 ip6-localhost:953       *:*                     LISTEN     1052/named
tcp6       0     52 ::ffff:10.0.1.1:ssh     dslb-088-074-097-:25330 ESTABLISHED22396/14

Code:

x01:~# cat /etc/hosts
127.0.0.1 localhost
10.0.1.1 server-1.de server-1.de  x01

[falko]

named is running. Does

Code:

dig @localhost gmx.de

work?

[tom]

Quote:

Originally Posted by falko

named is running. Does

Code:

dig @localhost gmx.de

work?

yes
dig @localhost gmx.de

Quote:

; <<>> DiG 9.2.4 <<>> @localhost gmx.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14789
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;gmx.de. IN A

;; ANSWER SECTION:
gmx.de. 86400 IN A 213.165.65.50

;; AUTHORITY SECTION:
gmx.de. 86400 IN NS dns.gmx.net.
gmx.de. 86400 IN NS ns.schlund.de.

;; ADDITIONAL SECTION:
ns.schlund.de. 86400 IN A 195.20.224.97

;; Query time: 482 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Fri Nov 10 17:31:31 2006
;; MSG SIZE rcvd: 106

[falko]

Looks good. Do you still see errors in your log files?

BTW, I've just seen this in your named.conf:

Code:

zone " server-1.de" {
type master;
file "pri. server-1.de ";
};

Should be

Code:

zone "server-1.de" {
type master;
file "pri.server-1.de";
};

instead.

What's the output of

Code:

dig @localhost server-1.de

?

[tom]

Quote:

Originally Posted by falko

Looks good. Do you still see errors in your log files?

yes

Quote:

Originally Posted by falko

Code:

What's the output of

dig @localhost server-1.de

Quote:

; <<>> DiG 9.2.4 <<>> @localhost server-1.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28985
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;server-1.de. IN A

;; ANSWER SECTION:
server-1.de. 86400 IN A 10.0.1.1

;; AUTHORITY SECTION:
server-1.de. 86400 IN NS server-1.de.
server-1.de. 86400 IN NS server01.server-1.de.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Mon Nov 13 16:50:50 2006
;; MSG SIZE rcvd: 88

Even again I've got an other problem which I already had before: I can't recieve mail at localhost.

Quote:

Nov 13 14:30:53 server-1 postfix/smtp[11976]: 4FE9A1F67C: to=<admispconfig@localhost.localdomain>, relay=none, delay=0, status=bounced (mail for localhost.localdomain loops back to myself

In local-host-names I find already "localhost.localdomain":

Quote:

localhost
server01.de
localhost.server01.de
localhost.de
localhost.localdomain
www.server-1.de
server-1.de

[falko]

Quote:

Originally Posted by tom

Even again I've got an other problem which I already had before: I can't recieve mail at localhost.

In local-host-names I find already "localhost.localdomain":

What's in /etc/postfix/main.cf (please strip out the comments)?

The dig output looks ok (although you should check if you want the A record to point to a local IP address).
What errors do you see in your logs?

[tom]

Quote:

Originally Posted by falko

What's in /etc/postfix/main.cf (please strip out the comments)?

server01:/etc/postfix# grep ^[^#].* main.cf

Code:

smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
myhostname = server-1.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.server-1.de, server-1.de, localhost.de, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_maps = hash:/etc/postfix/virtusertable

Quote:

Originally Posted by falko

The dig output looks ok (although you should check if you want the A record to point to a local IP address).

I don't see another way than pointig to the local address because that's the address that belongs to the the server (It's a domU on an dom0)

Quote:

Originally Posted by falko

What errors do you see in your logs?

Code:

Nov 14 16:47:33 server-1 named[1052]: invalid command from 127.0.0.1#49873: bad auth
Nov 14 16:47:35 server-1 named[27487]: starting BIND 9.2.4 -u bind -t /var/lib/named
Nov 14 16:47:35 server-1 named[27487]: using 1 CPU
Nov 14 16:47:35 server-1 named[27487]: loading configuration from '/etc/bind/named.conf'
Nov 14 16:47:35 server-1 named[27487]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 14 16:47:35 server-1 named[27487]: binding TCP socket: address in use
Nov 14 16:47:35 server-1 named[27487]: listening on IPv4 interface eth0, 10.0.1.1#53
Nov 14 16:47:35 server-1 named[27487]: binding TCP socket: address in use

[falko]

Quote:

Originally Posted by tom

server01:/etc/postfix# grep ^[^#].* main.cf

Code:

smtpd_banner = $myhostname ESMTP
biff = no
append_dot_mydomain = no
myhostname = server-1.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.server-1.de, server-1.de, localhost.de, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_maps = hash:/etc/postfix/virtusertable

Please run

Code:

postconf -e 'mydestination = /etc/postfix/local-host-names'
/etc/init.d/postfix restart

Quote:

Originally Posted by tom

I don't see another way than pointig to the local address because that's the address that belongs to the the server (It's a domU on an dom0)

So I guess it's behind a router? Then point the domain to the router's public IP address becasue otherwise nobody can access your machine/web sites if he's outside your network.

Quote:

Originally Posted by tom

Code:

Nov 14 16:47:33 server-1 named[1052]: invalid command from 127.0.0.1#49873: bad auth
Nov 14 16:47:35 server-1 named[27487]: starting BIND 9.2.4 -u bind -t /var/lib/named
Nov 14 16:47:35 server-1 named[27487]: using 1 CPU
Nov 14 16:47:35 server-1 named[27487]: loading configuration from '/etc/bind/named.conf'
Nov 14 16:47:35 server-1 named[27487]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 14 16:47:35 server-1 named[27487]: binding TCP socket: address in use
Nov 14 16:47:35 server-1 named[27487]: listening on IPv4 interface eth0, 10.0.1.1#53
Nov 14 16:47:35 server-1 named[27487]: binding TCP socket: address in use

Have a look here: http://www.howtoforge.com/forums/showthread.php?t=6863