need a bind guru to look this over
I seem to have hit a bit of a problem with dns and nameservers, I have registered ns1.mydomain.com and ns2.mydomain.com with enom. I can reach my webpages fine and ssh to the domain name etc but when I use dnsreport.com to check on my domain I get
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are: xxx.xxx.xxx.xxx
heres my bind configuration files
named.conf
Code:
#
# /jail/bind/etc/named.conf
#
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};
key "rndckey" {
algorithm "hmac-md5";
secret "xxxxxxxxxxxxxxxxxxxxx";
};
options {
directory "/conf";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
dump-file "/var/run/named.db";
version "[secured]";
query-source address * port 53;
};
# The root nameservers
zone "." {
type hint;
file "db.rootcache";
};
# localhost - forward zone
zone "localhost" {
type master;
file "db.localhost";
notify no;
};
# localhost - inverse zone
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
notify no;
};
# mydomain.com - forward zone
zone "mydomain.com" {
type master;
file "db.mydomain.com";
};
Code:
#
# /jail/bind/etc/rndc.conf
#
options {
default-server 127.0.0.1;
default-key "rndckey";
};
server 127.0.0.1 {
key "rndckey";
};
key "rndckey" {
algorithm "hmac-md5";
secret "xxxxxxxxxxxxxxxxxxxxx";
};
Code:
;
; db.mydomain.com
;
$TTL 10800
@ IN SOA ns1.mydomain.com. admin.mydomain.com. (
2004102203 ; Serial
2h ; Refresh
15M ; Retry
3W ; Expire
3h ) ; Minimum TTL
; main domain name server
mydomain.com. IN NS ns1.mydomain.com.
mydomain.com. IN NS ns2.mydomain.com.
ns1.mydomain.com. IN A xxx.xxx.xxx.xxx
ns2.mydomain.com. IN A xxx.xxx.xxx.xxx
mydomain.com. IN A xxx.xxx.xxx.xxx
; mail server for main domain
mydomain.com. IN MX 10 mail.mydomain.com.
; A record for mail server above
mail.mydomain.com. IN A xxx.xxx.xxx.xxx
; Aliases
www IN CNAME mydomain.com.
ftp IN CNAME mydomain.com.
Code:
mydomain.com search mydomain.com nameserver xxx.xxx.xxx.xxx nameserver xxx.xxx.xxx.xxx
Code:
; <<>> DiG 9.3.0 <<>> mydomain.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18779 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;mydomain.com. IN A ;; ANSWER SECTION: mydomain.com. 10800 IN A xxx.xxx.xxx.xxx ;; AUTHORITY SECTION: mydomain.com. 10800 IN NS ns2.mydomain.com. mydomain.com. 10800 IN NS ns1.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 10800 IN A xxx.xxx.xxx.xxx ns2.mydomain.com. 10800 IN A xxx.xxx.xxx.xxx ;; Query time: 2 msec ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) ;; WHEN: Fri Oct 22 18:17:25 2004 ;; MSG SIZE rcvd: 119
Code:
starting BIND 9.3.0 -t /jail/bind -u named -c /etc/named.conf loading configuration from '/etc/named.conf' listening on IPv4 interface lo, 127.0.0.1#53 listening on IPv4 interface eth0, xxx.xxx.xxx.xxx#53 -> ns.1 ip command channel listening on 127.0.0.1#953 zone 0.0.127.in-addr.arpa/IN: loaded serial 1 zone mydomain.com/IN: loaded serial 2004102203 zone localhost/IN: loaded serial 42 running zone mydomain.com/IN: sending notifies (serial 2004102203)
# Port 53 - DNS
DNS_IPS="xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx"
for ip in $DNS_IPS; do
$IPTABLES -A INPUT -p tcp -i eth0 -d $ip -m state --state NEW --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -i eth0 -d $ip -m state --state NEW --dport 53 -j ACCEPT
done
I took the firewall down for a few and tried dnsreport.com again but same deal.
when I do nslookup on mydomain.com ns1 ip it returns the proper info but nslookup mydomain.com ns2 ip times out.
I'm missing something here, probably should be listening on the ns2 ip as well but not entirely sure how thats done, I just started with bind two days ago.
Any help you could offer would be greatly appreciated.
