[H-GEN] In a bind over BIND
Rick Phillips
rick at greyheads.net
Tue Nov 6 06:00:07 EST 2012
I hate Bind!! It always causes me trouble and I yearn for the version 8
days when it was much simpler - less secure but much simpler.
I have just set up a new server (CentOS 6.3) and have created my zones
and conf file using webmin having had success before. Using webmin AND
the bind utilities, the config file and the zones get a clean bill of
health. The server in question has two domains.
My problem is that when I start named (I use the chroot version), it
starts cleanly and transfers data to the secondary server BUT when I try
to do a dig using the new server, I get the following:
rick at snape ~]$ dig @ns.nameserverurl.com anotherurl.net.au any
*** Other url is on the same server
; <<>> DiG 9.9.2-RedHat-9.9.2-2.fc17 <<>> @ns.nameserverurl.com
anotherurl.net.au any
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
I would be grateful if someone more expert than I and a colleague who
has also scratched his head can give me a clue. The router IS pointing
to the correct server and the port 53 is open tcp/upd. The chrooted
environment is structured as it should be and the zone files are in the
right place. I can post zone files if I must but their structure is
identical to every other server I maintain. I believe that the conf
file is the guilty party. The following is my conf file suitably
altered to hide the domains from public scrutiny:
If I telnet to port 53 connection is refused. If I do a dig (which
fails as above), nothing appears in /var/log/messages. It does suggest
that there is some firewalling in place but the basic firewall is
disabled, shorewall is stopped, fail2ban has no dns entries and is only
protecting ssh and vsftp and the iptables rule file is empty. If I do a
dig on the server using dig @localhost etc, I get the right answer so
Bind is working. Aaaaarrgghh.help anybody!
Regards,
Rick
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND
named(8) DNS
// server as a caching only nameserver (as a localhost DNS
resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named
configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file
"/var/named/data/named_mem_stats.txt";
allow-query {
localhost;
};
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
notify yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// zone "." IN {
// type hint;
// file "named.ca";
// };
// include "/etc/named.rfc1912.zones";
// include "/etc/named.root.key";
key rndc-key {
algorithm hmac-md5;
secret "oHuBKiKiKbbzg7tKdqafWA==";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys
{ rndc-key; };
};
view "External" {
match-clients { any; };
match-destinations { any; };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "nameserver.com" {
type master;
file
"/var/named/data/noosasunrise.com.External.hosts";
};
zone "pomona.net.au" {
type master;
file "/var/named/data/anotherurl.net.au.External.hosts";
};
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20121106/040a70e0/attachment.html>
More information about the General
mailing list