(Not) Successfully Setting up DNS - a long story

I have just started using Red Hat Fedora.
I have never used Linux before, but most of
what I have seen so far is encouraging.
I am trying to get up to speed and get
the most out of it, firstly for its server
capabilities.
It is running on a remote, dedicated machine
which I access using PuTTY.
It was setup with an "Everything" install.

The machine has two IP addresses,
67.22.3.101 and
67.22.3.102
I have an old domain name,
mydom123.com
The name-servers for this domain have been set,
by the registrar, to
ns1.mydom123.com (67.22.3.101 - primary)
ns2.mydom123.com (67.22.3.102 - secondary)

I have verified the above name-server settings
have been made correctly using whois for name-servers.

My goal is to host www.mydom123.com on this server
on 67.22.3.101 and the primary name-server
ns1.mydom123.com (at the same
IP address - 67.22.3.101).

My understanding was that this is quite ok to
do, and it all seemed straight-foward.
Having read all the DNS how-to's and as many
articles and whatever else I found on the subject
I thought I would have a go. So, I set about
the task in hand with some new knowledge (supposedly),
and bags of energy, optimism and enthusiasm.
That was several days (and nights) ago....

I first edited /etc/named.conf to:
=== /etc/named.conf starts below ===
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
//query-source address * port 53; // also tried uncommented
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "mydom123.com" IN {
type master;
notify no;
file "zones/mydom123.com";
};
include "/etc/rndc.key";
=== /etc/named.conf ends above ===

I ran
named-checkconf.
No complaints.

Then I created /var/named/zones/mydom123.com:
=== /var/named/zones/mydom123.com starts below ===
$TTL 86400
@ IN SOA mydom123.com. hostmaster.mydom123.com. (
200401188 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS ns1.mydom123.com.
www.mydom123.com. IN A 67.22.3.101
ns1.mydom123.com. IN A 67.22.3.101
=== /var/named/zones/mydom123.com ends above ===

I ran
named-checkzone mydom123.com /var/named/zones/mydom123.com
and got back
"loaded serial 200401188"
and no complaints.
At this point, I was pleased that it was going so well.
I then entered
/etc/init.d/named restart

To test just *my* settings, I entered
nslookup www.mydom123.com 67.22.3.101 -sil
When I got the following I realised that I haven't
cracked it just yet:
;; connection timed out; no servers could be reached

In /var/log/messages I can see
lame server resolving
'mydom123.com' (in 'mydom123.com'?): 67.22.3.101#53

For several days I have been reading whatever I can find
using google and in local bookshops, tweaking both the
files above then restarting named, and testing with
nslookup and dig.
I have not made no further progress.
I realise there are certain things that can be improved
(location of secondary DNS server, reverse lookups and
probably more), but I want to take one step at a time,
and hopefully understand the whats, whys and hows as
I go along.

If anyone has got as far the end of this long story,
and can suggest where I may have lost the plot, it would
be very helpful.


(The IP addresses and domain name are deliberately
ficticious in order to to protect the baffled).

NotSure2003 <(E-Mail Removed)> wrote:
> The machine has two IP addresses,
> 67.22.3.101 and
> 67.22.3.102
> I have an old domain name,
> mydom123.com

> The name-servers for this domain have been set,
> by the registrar, to
> ns1.mydom123.com (67.22.3.101 - primary)
> ns2.mydom123.com (67.22.3.102 - secondary)

> I first edited /etc/named.conf to:
> === /etc/named.conf starts below ===
> options {
> directory "/var/named";

OK.

> //
> // a caching only nameserver config
> //

Then who are you forwarding to? I didn't see you define any forwarders
to handle general requests. Anyway, it doesn't matter for a simple
test.

> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };

Way OTT. I'd get rid of it! Surely you just want

allow-query { localhost; };

??? No?

> zone "mydom123.com" IN {
> type master;
> notify no;

notify no? Surely that should be a list of servers to notify whenever
you change something here? I don't get that.

> file "zones/mydom123.com";
> };
> include "/etc/rndc.key";

What is this key thing? I'd get rid of nonbasic stuff like that for
starters.

> === /etc/named.conf ends above ===
>
> I ran
> named-checkconf.
> No complaints.
>
> Then I created /var/named/zones/mydom123.com:
> === /var/named/zones/mydom123.com starts below ===
> $TTL 86400
> @ IN SOA mydom123.com. hostmaster.mydom123.com. (

What? that's malformed. You want the address of the local machine, not
of the domain. "mydom123.com" does not resolve here.


> 200401188 ; Serial
> 28800 ; Refresh
> 14400 ; Retry
> 3600000 ; Expire
> 86400 ) ; Minimum
> NS ns1.mydom123.com.

If you expect the domain to resolve, you must provide an address record
for it in the domain ABOVE, which you do not own!

I suspect you meant

$ORIGIN com.
mydom123 IN SOA www.mydom123.com. root.www.mydom123.com. (
... )
$ORIGIN mydom123.com.

> www.mydom123.com. IN A 67.22.3.101
> ns1.mydom123.com. IN A 67.22.3.101

Looks OK otherwise. But what about the reverse domain? You are missing it!

> === /var/named/zones/mydom123.com ends above ===
>
> I ran
> named-checkzone mydom123.com /var/named/zones/mydom123.com
> and got back
> "loaded serial 200401188"
> and no complaints.

Well, look at your syslog. You want to see what the server thinks!


> At this point, I was pleased that it was going so well.
> I then entered
> /etc/init.d/named restart

Start the server by hand, please. Then we know what is hapening.
Check your logs to see what it says.

> To test just *my* settings, I entered
> nslookup www.mydom123.com 67.22.3.101 -sil


Eh? But you want to look it up on localhost, no? Oh well.


> When I got the following I realised that I haven't
> cracked it just yet:
> ;; connection timed out; no servers could be reached

Sure. Nothing running or it doesn't accept queries on that interface.
Try localhost (127.0.0.1) instead! You want in general

query-source address * port 53;

(should be default ?).

> In /var/log/messages I can see
> lame server resolving
> 'mydom123.com' (in 'mydom123.com'?): 67.22.3.101#53

Well, we need to see more than that. Show us the comlete log of its
startup. Anyway, it doesn't know who it is, so add that info to
/etc/hosts first of all.

I would estimate that your hosts file is incomplete and you are lacking
an inverse zone (and nobody can look up your domain, since you maybe
have some other problem with the domain above, but who cares - once
you fix /etc/hosts that will be OK).

> For several days I have been reading whatever I can find
> using google and in local bookshops, tweaking both the
> files above then restarting named, and testing with
> nslookup and dig.
> I have not made no further progress.

That's because you haven't done the obvious instead of the difficult!
Ask yourself where should it get the name of 65.22.3.101 from? Or
the IP address of mdom123.com!

> I realise there are certain things that can be improved
> (location of secondary DNS server, reverse lookups and
> probably more), but I want to take one step at a time,

Peter