Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BIND for public DNS server

Status
Not open for further replies.

filston

Technical User
Sep 14, 2006
5
CA
Good morning guys,

We are trying to setup a public DNS setup for our domain which is working well when we need to query him but for an unknown reason cannot resolve anything else then all he got on him like per exemple.

He seem to have hes root hint configure and named.conf is pointing on the good file.

Bind Ver. 9.4 on FC6

Thanks a lot in advance and dont hesitate if you need more information.

Fred
 
Look to see if you allow port 53 outbound. On that server, you should be able to:
nslookup - 127.0.0.1
> set type=ns
> apple.com
Server: 140.172.10.9
Address: 140.172.10.9#53

Non-authoritative answer:
apple.com nameserver = nserver3.apple.com.
apple.com nameserver = nserver4.apple.com.
apple.com nameserver = nserver.asia.apple.com.
apple.com nameserver = nserver.euro.apple.com.
apple.com nameserver = nserver.apple.com.
apple.com nameserver = nserver2.apple.com.

Authoritative answers can be found from:
nserver.apple.com internet address = 17.254.0.50
nserver2.apple.com internet address = 17.254.0.59
nserver3.apple.com internet address = 17.112.144.50
nserver4.apple.com internet address = 17.112.144.59
>
[eugene@superior living_room]$ nslookup - 17.254.0.50
> Server: 17.254.0.50
Address: 17.254.0.50#53

canonical name = >

that would show that port 53 works. Also, to be able to serve things up (if this server is auth to a domain on the internet) you must allow 53 inbound.

Another way to test:
nslookup - IPADDRESSOFNAMESERVER
>set debug
>
and look at the output.

eugene
 
Thanks for the answer,

We made some testing and our firewall was bloquing some outgoiing traffic so that was causing the problem of not beeing able to resolve anything but himself.

Thanks for your help
 
Good to hear it.

If this is a Internet serving (primary or secondary) name server, you must allow port 53 inbound and restrict access on the server side. Generally, you want to allow queries to the domains you are authoritive only.

There are gobs of internet sites that will allow you to query and check the functioning of your domain via a cgi, a great way to test how the Internet perceives your DNS server.

eugene
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top