Linode Forum :: BIND setup log

Linode Forum https://forum.linode.com/

BIND setup log https://forum.linode.com/viewtopic.php?f=19&t=9948	Page 1 of 1

Author:	superfastcars [ Sat Apr 06, 2013 12:03 am ]
Post subject:	BIND setup log
I'm a total newbie to BINDS, and I'm trying to understand this thing. I want to push two "name servers" on one ip address: cat /etc/named.conf cat sr2.co.zone Part 1 complete, issues; Apparently parts of BIND require spaces to work properly (seriously?), "insecure" symbols enabled (like @), and some settings to enable the usage of subdomains with "_". Also added reverse ip so there is less complications.

Author:	sednet [ Sat Apr 06, 2013 1:41 am ]
Post subject:	Re: BINDS Questions
Start comments in zone files with a semicolon ';' not double slash.

Author:

superfastcars [ Sat Apr 06, 2013 2:00 am ]

Post subject:

Re: BINDS Questions

sednet wrote:

Start comments in zone files with a semicolon ';' not double slash.

That was fixed awhile ago, I ran a export from my old DNS Server. But DIG is not working when I explicitly try to query the dns server.

Code:

dig @37.247.53.215 sr2.co

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @37.247.53.215 sr2.co
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Not sure what I did wrong. So I double checked my iptables firewall?

Code:

iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 308 packets, 24802 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     6115  399K fail2ban-SSH  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 dpts:1024:65535 state ESTABLISHED
3        1   474 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 dpts:1024:65535 state ESTABLISHED

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 243 packets, 26061 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:53 state NEW,ESTABLISHED
2        9   461 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:53 state NEW,ESTABLISHED

Chain fail2ban-SSH (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1     6115  399K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Update 2: Yes, it's being blocked: (remote test)

Code:

telnet 37.247.53.215 53
Connecting To 37.247.53.215...Could not open connection to the host, on port 53: Connect failed

I think my server is listening on the wrong port...

Code:

netstat -tulpn | grep :53
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      23714/named
tcp        0      0 ::1:53                      :::*                        LISTEN      23714/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               23714/named
udp        0      0 ::1:53                      :::*                                    23714/named

Fixed by changing listening ipv4 address. It looks like it's working flawlessly locally, and remotely the port seems open. The next issue I'm running into is when I query dns remotely, it gives a error.

Code:

dig @37.247.53.215 sr2.co
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @37.247.53.215 sr2.co
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62154
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sr2.co.                                IN      A

;; Query time: 167 msec
;; SERVER: 37.247.53.215#53(37.247.53.215)
;; WHEN: Sat Apr  6 01:10:58 2013
;; MSG SIZE  rcvd: 24

Update 3: Added/Modified the following in named.conf: (Server was set up to only accept queries from localhost for anything, changed it now to accept only for domain's managed by the name server.)

Code:

        allow-recursion { localhost; };
        allow-query     { any; };
        allow-query-cache { localhost; };

Seems to be working just fine. I did have to rewrite the name server whois entries.

Author:	hoopycat [ Sat Apr 06, 2013 6:53 am ]
Post subject:	Re: BIND setup log
Seems like it is answering for me... but since you're posting here and thus obviously have a Linode, in addition to whatever 37.247.53.215 is, why not set it up as a slave? Having only one nameserver for a zone is not a valid configuration. You can also use Linode's DNS Manager instead/in addition to your own nameserver(s).

Author:	sednet [ Sat Apr 06, 2013 2:29 pm ]
Post subject:	Re: BIND setup log
hoopycat wrote: Seems like it is answering for me... but since you're posting here and thus obviously have a Linode, in addition to whatever 37.247.53.215 is, why not set it up as a slave? Having only one nameserver for a zone is not a valid configuration. You can also use Linode's DNS Manager instead/in addition to your own nameserver(s). It looks like a virtual server from prometeus.net. They have some pretty good deals actually.

Author:	superfastcars [ Sat Apr 06, 2013 2:49 pm ]
Post subject:	Re: BIND setup log
Your correct, prometheus doesnt offer name servers like linode does. So I had to learn BIND (nsd, or that other one, I forget). I have several domains to transfer. But things seem to be transitioning just fine. I did want to keep some of the info public in case anyone else has to go through the process of setting up their own name server with the latest version of bind. I might use bluevm for slave dns servers. (They have a deal for 12 usd yearly for 128mb of ram vm's between three locations; texas, illnois, and california)

Author:	sednet [ Sat Apr 06, 2013 5:11 pm ]
Post subject:	Re: BIND setup log
superfastcars wrote: Your correct, prometheus doesnt offer name servers like linode does. So I had to learn BIND (nsd, or that other one, I forget). I have several domains to transfer. But things seem to be transitioning just fine. I did want to keep some of the info public in case anyone else has to go through the process of setting up their own name server with the latest version of bind. I might use bluevm for slave dns servers. (They have a deal for 12 usd yearly for 128mb of ram vm's between three locations; texas, illnois, and california) I've always run bind myself. I used to use everydns as a free slave before they got sold to dyn. There are deals for $2.50 a month on bluevm's site but I don't see $12 a year. I'm not sure I'd trust anywhere that cheap, they can't be doing it right on that budget.

Author:	superfastcars [ Sun Apr 07, 2013 2:30 am ]
Post subject:	Re: BIND setup log
sednet wrote: I've always run bind myself. I used to use everydns as a free slave before they got sold to dyn. There are deals for $2.50 a month on bluevm's site but I don't see $12 a year. I'm not sure I'd trust anywhere that cheap, they can't be doing it right on that budget. At $12 yearly you could scarcely complain if it didnt work properly. The deals are from a link on their BlueVM chat page; https://www.bluevm.com/cart.php?gid=42 The "catch" is that they refill it over time. (In this case you can't buy any of the plans right now because they are all used up.)

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/