bind9 problems
in [Debian]
|
Prev: best way to backup a full encrypted LUKS system
Next: lighttpd: howto move php error messages from error.log to the browser again?
From: Panayiotis Karabassis on 26 Jul 2010 09:40 Sorry but I am somewhat of a newbie. Camaleón wrote: > I'm not sure what are your goals with this step because the router hasn't > to resolve local dns queries, but bind9 :-? > Don't connected computers resolve dns queries at the router? My goal is to make all computers on the local network automatically use my bind9 server. > How are you exactly querying the router? Did you added the router's local > IP into the DNS zone? > > With 'nslookup mylocaldomain.com 192.168.1.1'. I don't know much about DNS. I attach my zone files.
From: Panayiotis Karabassis on 26 Jul 2010 09:40 Miles Fidelman wrote: > Perhaps a silly thought, but home routers are usually configured to > access an external nameserver not one on the local network. Perhaps > it can't reach the nameserver. I was thinking the same thing. > > Two thoughts come to mind: > > 1. see if you can traceroute the nameserver from somewhere off your > local network (make sure to traceroute to port 53) The nameserver is not visible to the external world. Should I forward the port? > > 2. look at your router config - see if its blocking port 53 - if so, > try unblocking it (note that this will open your nameserver to the > world - so you'd need to lock that down a bit) > I don't think it is blocking it. Regards -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C4D8FA7.60601(a)gmail.com
From: Miles Fidelman on 26 Jul 2010 10:10 Panayiotis Karabassis wrote: >> >> Two thoughts come to mind: >> >> 1. see if you can traceroute the nameserver from somewhere off your >> local network (make sure to traceroute to port 53) > The nameserver is not visible to the external world. Should I forward > the port? >> >> 2. look at your router config - see if its blocking port 53 - if so, >> try unblocking it (note that this will open your nameserver to the >> world - so you'd need to lock that down a bit) >> > I don't think it is blocking it. These two statements are contradictory. If the nameserver is not visible to the external world, then its precisely because your router is blocking the port. Try forwarding the port and see what happens. If it works, then you should immediately figure out how to lock things down so only your local machines can access the port. -- In theory, there is no difference between theory and practice. In<fnord> practice, there is. .... Yogi Berra -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C4D9555.8090504(a)meetinghouse.net
From: Camaleón on 26 Jul 2010 10:20 On Mon, 26 Jul 2010 16:35:08 +0300, Panayiotis Karabassis wrote: > Sorry but I am somewhat of a newbie. > > Camaleón wrote: >> I'm not sure what are your goals with this step because the router >> hasn't to resolve local dns queries, but bind9 :-? >> > Don't connected computers resolve dns queries at the router? They resolve at bind9's side (local queries and remote queries) :-) > My goal is > to make all computers on the local network automatically use my bind9 > server. Your computers, yes, but also the router? That was my doubt :-? >> How are you exactly querying the router? Did you added the router's >> local IP into the DNS zone? >> >> > With 'nslookup mylocaldomain.com 192.168.1.1'. Mmm, as per the zone settings you are using, you should just query "dig router" or "nslookup router". > I don't know much about > DNS. I attach my zone files. > > $TTL 1h > @ IN SOA ns1.panayk.endofinternet.org. ^^^^^^^^^^^^^^^^^ That domain name already exists in Internet (it's reachable). I suppose it belongs to you, right? :-? (...) > router IN A 192.168.1.1 I think that should be enough. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/pan.2010.07.26.14.16.15(a)gmail.com
From: Hanspeter Spalinger on 26 Jul 2010 12:00
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Am 26.07.10 15:17, schrieb Miles Fidelman: > Panayiotis Karabassis wrote: >> The DNS server seems to be working fine when accessed directly (i.e. >> through nslookup or by setting it as the primary nameserver for the >> computer manually throught /etc/resolv.conf). > > 1. see if you can traceroute the nameserver from somewhere off your > local network (make sure to traceroute to port 53) > > 2. look at your router config - see if its blocking port 53 - if so, try > unblocking it (note that this will open your nameserver to the world - > so you'd need to lock that down a bit) > > Miles Fidelman > This only applies if he wants have a public DNS. And that only would make sense if he wants manage his own domain. If he only wants resolv in the local LAN, he should NOT open port 53 inbound. as he stated in his first mail, his server CAN resolve things if asked directly. Just chaining trough the router fails. Therefore, this is not a router firewall problem (it may be a server firewall problem). -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAkxNrJEACgkQpjmLjrU66/5dRAEAguowQNp5IXWagMHTPi/zYdiz 2oBtxU2Cwv4FzPsMy/MA/2N9COQkvuBRiJ9oH8+rtHdTBcfAUcbT+1pCoFnVzkP9 =ZTU4 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/4C4DAC91.4070706(a)spahan.ch |