DNS - Root servers problem

Nicolas_17 · ‎03-22-2005

Hi,

I'm presently configuring a DNS server with BIND 9.2.0 on an old D-class. I've manage to get everything set up and working except that my DNS clients can't resolve names outside of our network (i.e --> google.ca). So I assume that my problem is with the root servers; that I can't reach them or whatever. Both server and clients are behind a proxy/firewall, maybe there is a special config for such a setup?

My server's /etc/named.conf looks like this for the "." zone:

zone "."IN {
type hint;
file "db.cache";
};

My server's /etc/named.data/db.cache is internic's unmodified named.root file.

My server's /etc/resolv.conf states:

search mydomain
nameserver 192.168.1.100 (my own ip)

My server's /etc/nsswitch.conf goes like this:

passwd: files
group: files
hosts: files [NOTFOUND=continue] dns
networks: files
protocols: files
rpc: files
publickey: files
netgroup: files
automount: files
aliases: files
services: files

And while I'm at it, since named has been running on this machine, logging onto it is really slow. I get the login prompt, but the password prompt take a minute or two to appear. I've read previous posts on similar issues, but nothing seems to fix this.

Thanks to all who will take the time to read this.

Steven E. Protter · ‎03-22-2005

You need to get the root server information off the public Internet.

Your resolve.conf file needs to point to a valid external DNS server and be able to connect to it.

This procedure works on HP-UX.

It will solve the root issue.
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/DNS-HOWTO.html

Don't worry that its a Linux doc, the root section is exactly the same on hp-ux.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

harry d brown jr · ‎03-22-2005

Can you post your entire named.conf and any zone files you have?

You could be missing the forwarders directive in named.conf.

Second, resolv.conf should have:

domain mydomain
and possibly-->options ndots: 2

nothing else.

I'll try to find my post on setting up a DNS caching server which is similar to a DNS master server.

live free or die
harry d brown jr

Live Free or Die

Nicolas_17 · ‎03-22-2005

Steven said:

"Your resolve.conf file needs to point to a valid external DNS server and be able to connect to it."

Now that's something i don't have in my named.conf. I asked my network admin for the address of our ISP's DNS server. I don't want to use our existing windoze DNS server (as a forwarder) because the unix one, ultimatly, is supposed to be an alternative DNS.

Harry said:

"Second, resolv.conf should have:

domain mydomain
and possibly-->options ndots: 2"

This has been corrected.

Thanks to both of you, i'll post as soon as I get the address of my ISP's DNS.

Patrick Wallek · ‎03-22-2005

"Your resolve.conf file needs to point to a valid external DNS server and be able to connect to it."

I disagree. Our internal DNS server does NOT have our ISPs DNS server(s) in its resolv.conf file. The "forwarders directive in the options section of the named.conf file takes care of that issue.

If the query cannot be resolved locally it goes through the list of forwarders.

Nicolas_17 · ‎03-22-2005

Patrick,

Then the list of forwarders is what? The list of root servers?

Thanks.

Patrick Wallek · ‎03-22-2005

No. The forwarders are your ISP's DNS servers.

Say your ISP has 3 DNS servers: 1.2.3.4, 1.2.3.5, 1.2.3.6

The forwarders section of named.conf would look like:

options {
check-names response fail;
check-names slave warn;
directory "/etc/named.data";
forwarders { 1.2.3.4;
1.2.3.5;
1.2.3.6;
};
};

# man named.conf
for details

Nicolas_17 · ‎03-22-2005

Ok, that make more sense to me. So, basically, everything should work once I get my ISP's DNS server address...

harry d brown jr · ‎03-22-2005

Hopefully the ATTACHED tar can guide people to set up DNS caching servers. Nicolas, For you it will help show what a named.conf should look like.

The tar is relative, thus restore it to /tmp - IT's ONLY 30K.

root@vpart1 /tmp]# tar -tvf DNScache.tar
rwxrwxrwx 0/3 0 Mar 22 15:55 2005 ./DNSexplain/
rwxrwxrwx 0/3 0 Mar 22 16:28 2005 ./DNSexplain/etc/
rwxr-xr-x 0/3 0 Mar 22 16:14 2005 ./DNSexplain/etc/named.data/
r--r----- 0/3 261 Nov 5 13:58 2003 ./DNSexplain/etc/named.data/db.127.0.0
r--r----- 0/3 585 Mar 22 16:06 2005 ./DNSexplain/etc/named.data/db.cache
r--r----- 0/3 294 Mar 22 16:06 2005 ./DNSexplain/etc/named.data/db.loghost.YOURDOMAIN.com
rw-rw-rw- 0/3 2027 Mar 22 16:14 2005 ./DNSexplain/etc/named.data/README
r--r----- 0/3 302 Mar 22 16:06 2005 ./DNSexplain/etc/named.data/db.localhost.YOURDOMAIN.com
r--r----- 0/3 298 Mar 22 16:07 2005 ./DNSexplain/etc/named.data/db.loopback.YOURDOMAIN.com
r--r----- 0/3 1418 Mar 22 15:59 2005 ./DNSexplain/etc/named.conf
r--r----- 0/3 228 Mar 22 16:00 2005 ./DNSexplain/etc/rndc.conf
rw-rw-rw- 0/3 1820 Mar 22 16:28 2005 ./DNSexplain/etc/README
r--r--r-- 0/3 272 Mar 22 16:00 2005 ./DNSexplain/etc/nsswitch.conf
r--r--r-- 0/3 38 Mar 22 16:00 2005 ./DNSexplain/etc/resolv.conf
r--r----- 0/3 56 Mar 22 15:56 2005 ./DNSexplain/etc/KYOURDOMAIN.com.+157+43597.key
r--r----- 0/3 81 Nov 5 13:58 2003 ./DNSexplain/etc/KYOURDOMAIN.com.+157+43597.private
rwxrwxrwx 0/3 0 Oct 15 14:53 2004 ./DNSexplain/var/
rwxrwxrwx 0/3 0 Mar 22 16:01 2005 ./DNSexplain/var/run/
rw-rw-rw- 0/3 0 Mar 22 16:01 2005 ./DNSexplain/var/run/named.pid
[root@vpart1 /tmp]# ls -l DNScache.tar
-rw-rw-rw- 1 root sys 30720 Mar 22 16:29 DNScache.tar

good luck

live free or die
harry d brown jr

Live Free or Die

harry d brown jr · ‎03-22-2005

read the README (two of them) files!

live free or die
harry d brown jr

Live Free or Die

Nicolas_17 · ‎03-23-2005

Thanks Harry,

I'm not to sure what the .key and .private are for though...care to shed some light on that?

harry d brown jr · ‎03-23-2005

Actually you should generate your own rndc keys.

After installing bind 9.2 from software.hp.com, do a man on rndc-confgen

the "keys" are for "rndc" commands.

live free or die
harry d brown jr

Live Free or Die

Nicolas_17 · ‎03-23-2005

Alleluia! (not sure about the spelling)

I tried to put our ISP's DNS servers addresses as forwarders this morning and it didn't work. So the network admin suggested that I put our proxy's address, since the unix machine doesn't have direct connection to those DNS servers. It worked!

Thanks to all...

P.S. For that other thing, the one about the login being really slow on the DNS server...I delete the entry in my local host file (my desktop) for that server, and that seemed to fix it!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

DNS - Root servers problem

DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem

Re: DNS - Root servers problem