Thank you very much bathory && scowles for such a kind response.

and finally it started now i can move furthre towards my way to learning DNS server.

# dig -x 127.0.0.1

; <<>> DiG 9.2.3rc2 <<>> -x 127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52363
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 24 17:39:59 2004
;; MSG SIZE rcvd: 40

when used dig command why not it gives me any ANSWER SECTION as it is given tldp.org docs below and even no AUTHORITY SECTION....


------------------------------------------
for reference through tldp.org

$ dig -x 127.0.0.1
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26669
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 259200 IN PTR localhost.

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. 259200 IN NS ns.linux.bogus.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Dec 23 02:26:17 2001
;; MSG SIZE rcvd: 91

Have you created the zone file for 0.0.127.in-addr.arpa? It's named/127.0.0 according to your named.conf. You can also check your logs to see what zones are loaded when bind starts.

thankx, dig -x 127.0.0.1 problem is solved, zone file is not correctly created now it is ok,

now docs says to dig some nearest system
it did,

# dig pat.uio.no

; <<>> DiG 9.2.3rc2 <<>> pat.uio.no
;; global options: printcmd
;; connection timed out; no servers could be reached


# dig www.yahoo.com

; <<>> DiG 9.2.3rc2 <<>> www.yahoo.com
;; global options: printcmd
;; connection timed out; no servers could be reached


why i am not able to dig any system by its name,

# dig www.yahoo.com

; <<>> DiG 9.2.3rc2 <<>> www.yahoo.com
;; global options: printcmd
;; connection timed out; no servers could be reached

Is named running?
What name server IP address is specifed in /etc/resolv.conf?
Have you tried: dig @127.0.0.1 www.yahoo.com ?

# ps aux|grep named
named 4083 0.0 2.0 10800 2408 ? S 18:11 0:00 named -u named
named 4084 0.0 2.0 10800 2408 ? S 18:11 0:00 named -u named
named 4085 0.0 2.0 10800 2408 ? S 18:11 0:00 named -u named
named 4086 0.0 2.0 10800 2408 ? S 18:11 0:00 named -u named
named 4087 0.0 2.0 10800 2408 ? S 18:11 0:00 named -u named
root 4209 0.0 0.6 1864 760 pts/1 S 18:25 0:00 man named.conf
root 4212 0.0 0.9 2420 1124 pts/1 S 18:25 0:00 sh -c (cd /usr/share/man && (echo ".pl 1100i"; /usr/bin/bzip2 -c -d '/usr/share/man/man5/named.conf.5.bz2'; echo; echo ".pl \n(nlu+10") | /usr/bin/gtbl | /usr/bin/nroff -mandoc -c | /usr/bin/less -isrR)
root 4213 0.0 0.9 2420 1164 pts/1 S 18:25 0:00 sh -c (cd /usr/share/man && (echo ".pl 1100i"; /usr/bin/bzip2 -c -d '/usr/share/man/man5/named.conf.5.bz2'; echo; echo ".pl \n(nlu+10") | /usr/bin/gtbl | /usr/bin/nroff -mandoc -c | /usr/bin/less -isrR)
root 4228 0.0 0.5 1828 604 pts/0 R 18:28 0:00 grep named

#/etc/resolv.conf
search mandrake
nameserver 127.0.0.1

That's because you don't have: forwarders {xx.xx.xx.xx ...}
so if your DNS does not know the answer (which is normal since it isn't authorized for other domains)
it does not have another DNS to ask. Use you ISP's name servers in the forwarders line of your named.conf and restart bind

how can i make it authorized for other domains




in the option switch in named.conf file i already added

forward first;
forwarders {
172.16.0.1;
};

where 172.16.0.1 is ip of my internet provider,

- i can't ping 172.16.0.1
- i am accessing internet on this system(on which i am configuing DNS is through proxy server in LAN)
- i have 3 system connected to a LAN (out of which 2 are sharing internet through 3rd system using proxy)

I think you need more reading
Your DNS is authorized only for your domain(s), not for the others like yahoo.com
Anyway when you make a query your DNS keeps the domain in it's cache so it's available next time you ask for it.
As for your ISP's DNS, are you sure that this is the correct IP, because it's a private IP and not a public one.

@bathory
As for your ISP's DNS, are you sure that this is the correct IP, because it's a private IP and not a public one


yes it is ISP ip(through which i had purchased internet connection-cable internet)

, becz the system through which i am sharing internet on this system (192.168.1.2 -onwhich iam trying to configure DNS) can ping this ip (172.16.0.1) and on the proxy server(192.168.1.1) the gateway, dns and authentication server is set to this ip , that is given by ISP

for referenece
================
172.16.0.1- ISP ip
192.168.1.2- on which i am trying to configure DNS
192.168.1.1- proxy server (on internet is directly coming through isp)

Does the above produce any output?

forward first;
forwarders {
172.16.0.1;
};

Why are you forwarding non-authorititive queries (yahoo.com) to your ISP's name server when you are loading the root (hint) zone? This should still work, but your name server should be able to do recursive queries for any domain name since the root (hint) zone is loaded. Well, just as long as your ISP or your firewall is not blocking those outbound requests.

output,

# dig yahoo.com @172.16.0.1

; <<>> DiG 9.2.3rc2 <<>> yahoo.com @172.16.0.1
;; global options: printcmd
;; connection timed out; no servers could be reached

i have made some changes in post 25,

as i said i can't ping 172.16.0.1 through 192.168.1.2 (on which i am sharing internet and configuring DNS)

@scowles
Why are you forwarding non-authorititive queries (yahoo.com) to your ISP's name server when you are loading the root (hint) zone? This should still work, but your name server should be able to do recursive queries for any domain name since the root (hint) zone is loaded. Well, just as long as your ISP or your firewall is not blocking those outbound requests.

could plz. explain above in more detail for a newbie.

no firewall is configured on my system right now.

I didn't understand which one from 172.16.0.1 and 192.168.1.1, is your ISP's name server.
Also as scowles said, perhaps your ISP blocks the traffic to some ports.