DNS problem

Forum Moderators: bakedjake

Message Too Old, No Replies

DNS problem

rh 9.2

DrDoc

5:37 pm on Sep 14, 2004 (gmt 0)

Ok, here's the scoop:
I have a brand new RH 9.2 installation. The server is meant to be a pure DNS server, nothing else. So, during setup I made sure to remove all sorts of "fluff" to make it as barebone as possible. Everything seems to work fine, except that it does not respond to DNS requests. :(

During setup, the screen that asks for firewall configuration, I set the fw to medium, and I did not select any of the eth# (there are two) as trusted devices. In the little help section it mentioned something about DNS requests being let through, regardless of fw settings (?).

It's not responding to pings or ssh requests from outside the LAN (which is what I want)... But how can I get it to respond to DNS lookups? I checked iptables, and even added both eth0 and eth1 -- but that made no difference. (Shouldn't that also have made it respond to pings and ssh from outside the network?)

What am I missing?

drbrain

9:09 pm on Sep 14, 2004 (gmt 0)

Its good to have your DNS servers respond to pings. Other people will get confused if the server responds to DNS queries, but not to a ping.

DNS uses UDP port 53 to communicate, so you'll need to allow this port through the firewall. You can run tcpdump on the DNS server, then use dig, nslookup, or even nmap to try to access the server. tcpdump should show you the communication between the DNS server and the client if you've got everything right.

upside

6:12 am on Sep 15, 2004 (gmt 0)

I disagree with drbrain, there is no reason to answer pings on a DNS server. A ping is not suitable to determine whether a given service is running because of the low priority that pings are given.

As for your problem, try disabling the firewall while you troubleshoot the dns server. That way there are less variables to consider.

bakedjake

6:14 am on Sep 15, 2004 (gmt 0)

Second upside, DrDoc, kill the firewall while you configure DNS.

Then, if you can, get a hardware firewall and forget iptables. :)

DrDoc

6:33 am on Sep 15, 2004 (gmt 0)

Appears that something got the network config messed up... Fixed that and things started working :)

Still, very good suggestions all of you. Thank you

drbrain

2:52 pm on Sep 15, 2004 (gmt 0)

How do you know if the service is down or if the machine is down without allowing ICMP ping? ICMP ping provides a simple reachability test/is-it-up test that can be invaluable when things go wrong. (Is it up? ping ns.example.com, ... oh yeah! it doesn't respond to ping! ... Is it up?)

py9jmas

3:02 pm on Sep 15, 2004 (gmt 0)

ICMP is a required part of the IP specification. Several registrars (particularly some of the ccTLDs) require your DNS server to comply with the IP spec before they will delegate a domain to that server.

DrDoc

3:03 pm on Sep 15, 2004 (gmt 0)

I never rely on ping to check whether a machine is up... I always open a socket to the appropriate port, or simply perform a test query (whether it be HTTP, DNS, FTP, SSH). Simply pinging the machine doesn't tell me whether the service is running or not.

DNS problem

rh 9.2

DrDoc

drbrain

upside

bakedjake

DrDoc

drbrain

py9jmas

DrDoc

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week