FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-26-2010, 01:17 PM
Miles Fidelman
 
Default bind9 problems

Panayiotis Karabassis wrote:
I have setup a local DNS server on my home network (bind9 on debian
lenny).


The DNS server seems to be working fine when accessed directly (i.e.
through nslookup or by setting it as the primary nameserver for the
computer manually throught /etc/resolv.conf).


So I tried setting it as the primary nameserver for the router (and
rebooting the router).


However this does not work. On querying the router with nslookup the
request times out.
Perhaps a silly thought, but home routers are usually configured to
access an external nameserver not one on the local network. Perhaps it
can't reach the nameserver.


Two thoughts come to mind:

1. see if you can traceroute the nameserver from somewhere off your
local network (make sure to traceroute to port 53)


2. look at your router config - see if its blocking port 53 - if so, try
unblocking it (note that this will open your nameserver to the world -
so you'd need to lock that down a bit)


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In<fnord> practice, there is. .... Yogi Berra



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4D8B05.9010408@meetinghouse.net">http://lists.debian.org/4C4D8B05.9010408@meetinghouse.net
 
Old 07-26-2010, 01:20 PM
Camaleón
 
Default bind9 problems

On Mon, 26 Jul 2010 14:56:53 +0300, Panayiotis Karabassis wrote:

> I have setup a local DNS server on my home network (bind9 on debian
> lenny).
>
> The DNS server seems to be working fine when accessed directly (i.e.
> through nslookup or by setting it as the primary nameserver for the
> computer manually throught /etc/resolv.conf).
>
> So I tried setting it as the primary nameserver for the router (and
> rebooting the router).

I'm not sure what are your goals with this step because the router hasn't
to resolve local dns queries, but bind9 :-?

> However this does not work. On querying the router with nslookup the
> request times out.

How are you exactly querying the router? Did you added the router's local
IP into the DNS zone?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.07.26.13.20.47@gmail.com">http://lists.debian.org/pan.2010.07.26.13.20.47@gmail.com
 
Old 07-26-2010, 01:35 PM
Panayiotis Karabassis
 
Default bind9 problems

Sorry but I am somewhat of a newbie.

Camaleón wrote:
I'm not sure what are your goals with this step because the router hasn't
to resolve local dns queries, but bind9 :-?

Don't connected computers resolve dns queries at the router? My goal is
to make all computers on the local network automatically use my bind9
server.
How are you exactly querying the router? Did you added the router's local
IP into the DNS zone?



With 'nslookup mylocaldomain.com 192.168.1.1'. I don't know much about
DNS. I attach my zone files.


$TTL 1h
@ IN SOA ns1.panayk.endofinternet.org. hostmaster.panayk.endofinternet.org. (
0000000001;
1h;
15m;
2w;
1h
)

IN NS ns1.panayk.endofinternet.org.
10 IN PTR panayk.endofinternet.org.
;
; SOA
;
$TTL 1h
@ IN SOA ns1.panayk.endofinternet.org. hostmaster.panayk.endofinternet.org. (
0000000001 ; Serial number
1h ; Slave refresh
15m ; Slave retry
2w ; Slave expire
1h ; Negative Cache TTL
)
;
; NS RECORDS
;
@ IN NS ns1.panayk.endofinternet.org.
@ IN NS ns2.panayk.endofinternet.org.
;
; MX RECORD
;
@ IN MX 10 mx.panayk.endofinternet.org.

;
; A RECORDS
;
@ IN A 192.168.1.10
www IN A 192.168.1.10
ns1 IN A 192.168.1.10
ns2 IN A 192.168.1.10
mx IN A 192.168.1.10
;desktop IN A 192.168.1.21
;laptop IN A 192.168.1.22
router IN A 192.168.1.1
 
Old 07-26-2010, 01:37 PM
Panayiotis Karabassis
 
Default bind9 problems

Miles Fidelman wrote:
Perhaps a silly thought, but home routers are usually configured to
access an external nameserver not one on the local network. Perhaps
it can't reach the nameserver.

I was thinking the same thing.


Two thoughts come to mind:

1. see if you can traceroute the nameserver from somewhere off your
local network (make sure to traceroute to port 53)
The nameserver is not visible to the external world. Should I forward
the port?


2. look at your router config - see if its blocking port 53 - if so,
try unblocking it (note that this will open your nameserver to the
world - so you'd need to lock that down a bit)



I don't think it is blocking it.

Regards


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4D8FA7.60601@gmail.com">http://lists.debian.org/4C4D8FA7.60601@gmail.com
 
Old 07-26-2010, 02:01 PM
Miles Fidelman
 
Default bind9 problems

Panayiotis Karabassis wrote:


Two thoughts come to mind:

1. see if you can traceroute the nameserver from somewhere off your
local network (make sure to traceroute to port 53)
The nameserver is not visible to the external world. Should I forward
the port?


2. look at your router config - see if its blocking port 53 - if so,
try unblocking it (note that this will open your nameserver to the
world - so you'd need to lock that down a bit)



I don't think it is blocking it.
These two statements are contradictory. If the nameserver is not
visible to the external world, then its precisely because your router is
blocking the port. Try forwarding the port and see what happens. If it
works, then you should immediately figure out how to lock things down so
only your local machines can access the port.


--
In theory, there is no difference between theory and practice.
In<fnord> practice, there is. .... Yogi Berra



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4D9555.8090504@meetinghouse.net">http://lists.debian.org/4C4D9555.8090504@meetinghouse.net
 
Old 07-26-2010, 02:16 PM
Camaleón
 
Default bind9 problems

On Mon, 26 Jul 2010 16:35:08 +0300, Panayiotis Karabassis wrote:

> Sorry but I am somewhat of a newbie.
>
> Camaleón wrote:
>> I'm not sure what are your goals with this step because the router
>> hasn't to resolve local dns queries, but bind9 :-?
>>
> Don't connected computers resolve dns queries at the router?

They resolve at bind9's side (local queries and remote queries) :-)

> My goal is
> to make all computers on the local network automatically use my bind9
> server.

Your computers, yes, but also the router? That was my doubt :-?

>> How are you exactly querying the router? Did you added the router's
>> local IP into the DNS zone?
>>
>>
> With 'nslookup mylocaldomain.com 192.168.1.1'.

Mmm, as per the zone settings you are using, you should just query "dig
router" or "nslookup router".

> I don't know much about
> DNS. I attach my zone files.
>
> $TTL 1h
> @ IN SOA ns1.panayk.endofinternet.org.
^^^^^^^^^^^^^^^^^

That domain name already exists in Internet (it's reachable). I suppose
it belongs to you, right? :-?

(...)

> router IN A 192.168.1.1

I think that should be enough.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.07.26.14.16.15@gmail.com">http://lists.debian.org/pan.2010.07.26.14.16.15@gmail.com
 
Old 07-26-2010, 03:41 PM
Hanspeter Spalinger
 
Default bind9 problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 26.07.10 15:17, schrieb Miles Fidelman:
> Panayiotis Karabassis wrote:
>> The DNS server seems to be working fine when accessed directly (i.e.
>> through nslookup or by setting it as the primary nameserver for the
>> computer manually throught /etc/resolv.conf).
>
> 1. see if you can traceroute the nameserver from somewhere off your
> local network (make sure to traceroute to port 53)
>
> 2. look at your router config - see if its blocking port 53 - if so, try
> unblocking it (note that this will open your nameserver to the world -
> so you'd need to lock that down a bit)
>
> Miles Fidelman
>
This only applies if he wants have a public DNS. And that only would
make sense if he wants manage his own domain. If he only wants resolv in
the local LAN, he should NOT open port 53 inbound.

as he stated in his first mail, his server CAN resolve things if asked
directly. Just chaining trough the router fails. Therefore, this is not
a router firewall problem (it may be a server firewall problem).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAkxNrJEACgkQpjmLjrU66/5dRAEAguowQNp5IXWagMHTPi/zYdiz
2oBtxU2Cwv4FzPsMy/MA/2N9COQkvuBRiJ9oH8+rtHdTBcfAUcbT+1pCoFnVzkP9
=ZTU4
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C4DAC91.4070706@spahan.ch">http://lists.debian.org/4C4DAC91.4070706@spahan.ch
 
Old 07-26-2010, 04:08 PM
Hanspeter Spalinger
 
Default bind9 problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Am 26.07.10 15:35, schrieb Panayiotis Karabassis:
> Sorry but I am somewhat of a newbie.
>
> Camaleón wrote:
>> I'm not sure what are your goals with this step because the router
>> hasn't to resolve local dns queries, but bind9 :-?
>>
> Don't connected computers resolve dns queries at the router? My goal is
> to make all computers on the local network automatically use my bind9
> server.
>> How are you exactly querying the router? Did you added the router's
>> local IP into the DNS zone?
>>
>>
> With 'nslookup mylocaldomain.com 192.168.1.1'. I don't know much about
> DNS. I attach my zone files.
>
Can you login to your router? Webinterface?
If the webinterface has a ping tool, try ping some name (google.com for
example). See if your router can resolve those names itself.
Try ping your servers IP too, can your router reach it?

if you can login, and have some sort of dig or nslookup, you should
check if it can reach your server (dig @serverIP somename). Check both,
with and without your servers ip as parameter.

During those checks, you maybe want enable your servers querylog and
check if anything arrives at your server. 'rndc querylog'
check var/log/daemon.log for messages (you should see something about
rndc, else you log somewhere else, check your bind config then)

What is the output if you use 'dig @192.168.1.1 mylocaldomain.com' at
your lenny server? Anything in the logfile?



Your ultimate goal is to give your server as dns during dhcp setup. This
can be a hard task depending on your router. Hosting dhcp server on the
server machine may be a easy and convient solution. You dont depend on
your router for lan setup anymore (and you can do fancy things with dhcp).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREIAAYFAkxNsuUACgkQpjmLjrU66/5BhgD/d4OU/m/Dw1yr4e8TWglmEmey
uxsYgObgGQrJo8MupC0BAJuje4wef03GLtTBSesmMle3Z3HsFb aEz18eQ0+mXLqw
=PC10
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C4DB2E5.6050308@spahan.ch">http://lists.debian.org/4C4DB2E5.6050308@spahan.ch
 
Old 07-27-2010, 11:17 AM
Panayiotis Karabassis
 
Default bind9 problems

Thanks to you all! I ended up using a local dhcp server.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C4EC04D.1060608@gmail.com">http://lists.debian.org/4C4EC04D.1060608@gmail.com
 

Thread Tools




All times are GMT. The time now is 07:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org