DNS Master Server Configuration in CentOS5.2
I have One CentOS 5.2 Installed server having two public IP .
I want to configure this server as a DNS server as well as Webserver. I have installed DirectAdmin control panel to manage all the my web clients. Regarding DNS I want to configure my server as Master DNS server as well as I want to forward all the DNS records created in my server to the my ISP DNS sever. Now I have few questions. 1. To make my server as DNS Master Server, How I have to configure IP address of my LAN ? IP address of my LAN:221.243.X.X/29 Primary DNS Address of my Sever: 221. 243. X.X/ 29(Am I right here) Secondary DNS address of My server: ISPs DNS address given by ISP(am I right?) Gateway:221.243.X.X 2. DNS configuration Files, How many the major DNS configuration Files that I need to create? 3. I want to resolve 3 websites, In this case what will be the contents in all the DNS configuration related files? www.linuxguru.com-- 221.243.X.X/29 www.mylinuxbox.com-- 221.243.X.x/29 (Same IP) www.lovelinux.com-- 221..243.X.X/29 (Same IP) (note: each website will have www, ftp, mail, smtp, pop3 etc) 4. NameSever, My hostname is "web08.linuxdad.com" In this case what will be the Nameserver? 5. resolv.conf (what should be the setting of my reslov.conf, do I need to put ISPs DNS address in my reslove.conf?) Hopping to get answers from all gurus. |
Quote:
Quote:
Quote:
Code:
include "/etc/rndc.key"; Code:
; Zone file for linuxguru.com Quote:
In the example above, I have assumed that you are using ns1.linuxdad.com as the primary and dns.yourisp.net as the secondary name servers for the domain linuxguru.com. If that is the case, you will want to make sure that you have registered ns1.linuxdad.com as a host with the registrar for the domain linuxdad.com, and that the zone file for linuxdad.com has an A record point ns1.linuxdad.com to 221.243.x.x. Quote:
You will want to make sure that your ISP is really going to act as a secondary to host your zone file, and that they have not simply agreed to provide you with resolvers. It's not unheard of for an ISP to do the former...you'll just want to make sure. |
Thanks zaichik !!now I am working on it. After the result I will again write you!
|
I have tried as follows still I could not solve my problem.
When I do ping www.saraadhikari.com it does not reply nor saraadhikari.com also. All the my configuration files are given below. ------------------- //file /etc/resolv.conf- configuration is as follows search linuxdad.com namserver 221.243.63.180 nameservr 61.122.127.74 /*This is one of the IP address provided by My *ISP as primary DNS server address*/ ----------------------- I have put two ip address in my 2 seperate Ethernet port. eth0- 221.243.63.179- I am using this address for webserver control pannel eth1- 221.243.63.180- I am using this address for DNS configuration propose ISP has provided me 2 DNS address Primary DNS server- 61.122.127.74 Secondary DNs server- 61.122.116.174 --------- //file /etc/sysconfig/network-scripts/ifcfg-eth1- configuration is as follows # Broadcom Corporation NetXtreme BCM5703 Gigabit Ethernet search linuxdad.com nameserver 221.243.63.180 nameserver 61.122.127.74 DEVICE=eth1 BOOTPROTO=static BROADCAST=221.243.63.183 HWADDR=00:11:0A:86:1E:74 IPADDR=221.243.63.180 IPV6INIT=yes IPV6_AUTOCONF=yes NETMASK=255.255.255.248 NETWORK=221.243.63.176 ONBOOT=yes ------------------- //file /var/named/179.63.243.221.in-addr.arpa.db- Configuration of file as follows --------- Pratically what is the role of this file. Is this file is important? What type of content do I have to write in this file? ----- $TTL 14400 @ IN SOA 221.243.63.180. root.linuxdad.com. ( 2008090600 14400 3600 1209600 86400 ) 180.63.243.221.in-addr.arpa. 14400 IN NS 221.243.63.180. 180.63.243.221.in-addr.arpa. 14400 IN PTR saraadhikari.com. -------------------- //file /etc/named.conf- Configuration as follows ------ inet 127.0.0.1 allow { localhost; } keys {"rndckey"; }; }; options { directory "/var/named"; //dump-file "/var/named/data/cache_dump.db"; //statistics-file "/var/named/data/named_stats.txt"; //query-source address * port 53; // // also-notify { ip.address.of.secondary }; // what is mean by this? // Which IP do I need to write here. // }; zone "." IN { type hint; file "/var/named/named.ca"; }; zone "saraadhikari.com" { type master; file "/var/named/saraadhikari.com.db"; }; Few my questions- 1- Where is my mistakes? 2- Do I need to register my DNS server as Name Server for ex. ns1.linuxdad.com (if yes from where I need to register this one?) 3. I have already register www.saraadhikari.com and redirected name server as 221.243.63.180 Still there is other process that I have to do to view my website www.saraadhikari.com 4. To properly run my DNS server Do I need to tell any things to my ISPs, who have provided my Internet b/w in my room. If yes what i have to request them? Except internet b/w and 1 set of /29 Public IP address I have not taken any other services from my ISP Please suggest me what I have to do for properlly running my DNS sever and to view my webcontent of my webserver. |
|
Hi Billymayday here is the dig report of www.saraadhikari.com
[root@web08 ~]# dig www.saraadhikari.com ; <<>> DiG 9.3.4-P1 <<>> www.saraadhikari.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31217 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.saraadhikari.com. IN A ;; Query time: 0 msec ;; SERVER: 221.243.63.180#53(221.243.63.180) ;; WHEN: Sun Sep 7 13:39:28 2008 ;; MSG SIZE rcvd: 38 |
Is 221.243.63.180 the correct IP for your DNS? If it is the correct exptenal IP, what's internal IP?
What's in /etc/resolv.conf? Edit - just saw your resolv.conf further up. Can you explain your network setup a bit more? Can you telnet 221.243.63.180 53 |
Is your firewall open for port 53?
|
Here is the content in side /etc/resolv.conf
search linuxdad.com nameserver 221.243.63.179 nameserver 61.122.127.74 I can not do telnet 221.243.63.180 53 but remotely I can do ssh. Also I can ping my both IP My network setup is following I have taken Internet service from the ISP which has provided me Public IP 221.243.63.176/29 The ISp'S Fiber cable is in my room connected with the router setup by ISP in my room. I have not used any firewall. The router is working as my gateway. It's IP is 221.243.63.177 I have installed 2 Lan cards etho and eth1 following are the setting of these two node /etc/sysconfig/network-scripts/ifcfg-eth0 # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet DEVICE=eth0 BOOTPROTO=static BROADCAST=221.243.63.183 HWADDR=00:1A:4B:CD:9A:C8 IPADDR=221.243.63.179 IPV6INIT=yes IPV6_AUTOCONF=yes NETMASK=255.255.255.248 NETWORK=221.243.63.176 ONBOOT=yes /etc/sysconfig/network-scripts/ifcfg-eth1 # Broadcom Corporation NetXtreme BCM5703 Gigabit Ethernet DEVICE=eth1 BOOTPROTO=static BROADCAST=221.243.63.183 HWADDR=00:11:0A:86:1E:74 IPADDR=221.243.63.180 IPV6INIT=yes IPV6_AUTOCONF=yes NETMASK=255.255.255.248 NETWORK=221.243.63.176 ONBOOT=yes Also I have off the IPtables. |
ssh uses port 22, whereas DNS uses 53. You need to make sure that your firewall allows port 53 through and that your ISP allows port 53 through.
What does netstat -alnp | grep :53 show, and iptables -L |
Output of iptalbes -L
--------------------- Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n fs ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:n etbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:n etbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:m icrosoft-ds ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:t elnet ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited ------ Out put of netstat -alnp | grep :53 -- [root@web08 ~]# netstat -alnp | grep :53 tcp 0 0 221.243.63.179:53 0.0.0.0:* LISTEN 20208/na med tcp 0 0 221.243.63.180:53 0.0.0.0:* LISTEN 20208/na med tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 20208/na med udp 0 0 221.243.63.179:53 0.0.0.0:* 20208/na med udp 0 0 221.243.63.180:53 0.0.0.0:* 20208/na med udp 0 0 127.0.0.1:53 0.0.0.0:* 20208/na med udp 0 0 0.0.0.0:5353 0.0.0.0:* 7116/ava hi-daemon: udp 0 0 :::5353 :::* 7116/ava hi-daemon: |
So your firewall is blocking port 53. How do you control your firewall, is it through a script or do you use some graphical interface?
You should think carefully about what services you plan to run, for example you almost certainly don't want telnet open, and do you plan on running a web server, samba over the net, etc? You have all those ports open, plus IPP, etc. |
Thanks billymayday,
In my network there is not firewall. If it is in my own linux server linuxdad.com how I need to mange it I don't have idea. could you suggest me how I can do it? |
Well you are using iptables in some way (hence the output of iptables -L which lists the rules).
A simple pair of rules like /sbin/iptables -A -p TCP --dport dns -j ACCEPT /sbin/iptables -A -p UDP --dport dns -j ACCEPT should enable you to test things (just type those as root from command line). |
I'm pretty sure (I don't do it this way) that your firewall rules are stored in /etc/sysconfig/iptables. You should be able to add the lines:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT to make the previous change effective on reboot. Note thst you can't just stick them on the end, because order is important. Put them under a similar rule (there's probably something like -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT there already and you could insert these lines immediately after. |
All times are GMT -5. The time now is 08:26 PM. |