How to make DNS master server?? Problems!!!

kayasaman · 09-21-2008, 10:36 PM

Quote:

What do you mean by totally down? You aren't running it as a service are you? What does it say when you try a command like the one above?

I don't know maybe I worded it wrong adn I'm really tired aswell now since I've been at this all day plus studying too so sorry if I miss lead you, but it isn't working as bind fails to stop or restart however if I issue the command /etc/init.d/bind9 start it works fine???

When I issue command above output is posted above but for clarity; output of rndc status gives:

Code:

rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

with -V option is above in post!

billymayday · 09-21-2008, 10:48 PM

Dumb question, but you have been restarting the named service whne you change named.conf haven't you?

Also, can you post rndc.conf?

billymayday · 09-21-2008, 10:51 PM

Quote:

Originally Posted by kayasaman

I don't know maybe I worded it wrong adn I'm really tired aswell now since I've been at this all day plus studying too so sorry if I miss lead you, but it isn't working as bind fails to stop or restart however if I issue the command /etc/init.d/bind9 start it works fine???

When I issue command above output is posted above but for clarity; output of rndc status gives:

Code:

rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

with -V option is above in post!

I don't follow the bit about bind fails to stop or restart but then you say /etc/init.d/bind9 start works. Are you trying to stop it with rndc (which obviously won't work with the error you are getting). Note my manpage says rndc restart isn't implemented yet in any case.

kayasaman · 09-21-2008, 10:51 PM

Yeh, but however more to the point 'trying' to restart it! As I keep getting the blasted error.

Also rndc.conf is:

Code:

key "rndckey" {
        algorithm hmac-md5;
        secret "vL+4wnHLyR+o40KoB/uBug==";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};

named.conf key part:

Code:

 key "rndckey" {
       algorithm hmac-md5;
       secret "vL+4wnHLyR+o40KoB/uBug==";
 };

 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndckey"; };
 };

adn rndc.key has been deleted what feels like an eternaty of posts ago.

billymayday · 09-21-2008, 10:58 PM

But you should only get that error from rndc. Remember, rndc is just a control app for bind - you don't actiually need it (so to speak)

What does

/etc/init.d/bind9 restart (or stop and start)

produce?

kayasaman · 09-21-2008, 11:00 PM

Code:

Stopping domain name service...: bindrndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
 failed!

Is it just me or does rndc seem tied into bind??

Maybe Debian did it this way I don't know but these are meant to be two seperate things no?

billymayday · 09-21-2008, 11:16 PM

See what other control scripts you have in /etc/init.d

kayasaman · 09-21-2008, 11:22 PM

This is output of ls /etc/init.d:

Code:

acpid               halt                   ntop
alsa                hddtemp                ntp
alsa-utils          hibernate              openbsd-inetd
amavis              hostname.sh            portmap
anacron             hotkey-setup           procps.sh
apache2             hplip                  rc
atd                 hwclock.sh             rc.local
avahi-daemon        ifupdown               rcS
backuppc            ifupdown-clean         README
bind9               initrd-tools.sh        reboot
bittorrent          iwatch                 rmnologin
bootclean           keymap.sh              rsync
bootlogd            killprocs              samba
bootmisc.sh         klogd                  sendmail
checkfs.sh          libdevmapper1.02       sendsigs
checkroot.sh        lm-sensors             single
citadel             makedev                skeleton
clamav-daemon       mbmon                  snmpd
clamav-freshclam    module-init-tools      spamassassin
console-screen.sh   monit                  ssh
courier-authdaemon  mountall-bootclean.sh  stop-bootlogd
couriergraph        mountall.sh            stop-bootlogd-single
courier-imap        mountdevsubfs.sh       sudo
courier-imap-ssl    mountkernfs.sh         sysklogd
courier-pop         mountnfs-bootclean.sh  udev
cpufrequtils        mountnfs.sh            udev-mtab
cron                mtab.sh                umountfs
cupsys              munin-node             umountnfs.sh
dbus                mysql                  umountroot
discover            mysql-ndb              urandom
exim4               mysql-ndb-mgm          vsftpd
fail2ban            nessusd                webcit
fetchmail           netatalk               winbind
gdm                 networking             wpa-ifupdown
glibc.sh            nfs-common             x11-common
greylist            nfs-kernel-server

also netstat -tap gives:

Code:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State PID/Program name
tcp        0      0 localhost.localdom:2784 *:*                     LISTEN     2 603/python
tcp        0      0 localhost.localdom:2208 *:*                     LISTEN     2 598/hpiod
tcp        0      0 *:imaps                 *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:nfs                   *:*                     LISTEN     - 
tcp        0      0 *:pop3s                 *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:2020                  *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:afpovertcp            *:*                     LISTEN     3 242/afpd
tcp        0      0 *:swat                  *:*                     LISTEN     3 294/inetd
tcp        0      0 *:xmpp-client           *:*                     LISTEN     1 4515/citserver
tcp        0      0 localhost.localdo:10024 *:*                     LISTEN     2 592/amavisd (maste
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     2 688/mysqld
tcp        0      0 *:submission            *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:netbios-ssn           *:*                     LISTEN     3 304/smbd
tcp        0      0 *:908                   *:*                     LISTEN     3 273/rpc.mountd
tcp        0      0 *:pop3                  *:*                     LISTEN     1 4515/citserver
tcp        0      0 localhost.localdom:3310 *:*                     LISTEN     2 909/clamd
tcp        0      0 *:imap2                 *:*                     LISTEN     1 4515/citserver
tcp        0      0 localhost.localdo:spamd *:*                     LISTEN     2 742/spamd.pid
tcp        0      0 *:sunrpc                *:*                     LISTEN     2 275/portmap
tcp        0      0 *:ssmtp                 *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:auth                  *:*                     LISTEN     3 294/inetd
tcp        0      0 localhost.localdom:7634 *:*                     LISTEN     3 201/hddtemp
tcp        0      0 *:1394                  *:*                     LISTEN     - 
tcp        0      0 gx110.optiplex-n:domain *:*                     LISTEN     2 7413/named
tcp        0      0 localhost.locald:domain *:*                     LISTEN     2 7413/named
tcp        0      0 *:munin                 *:*                     LISTEN     3 565/munin-node
tcp        0      0 *:ftp                   *:*                     LISTEN     3 323/vsftpd
tcp        0      0 *:ipp                   *:*                     LISTEN     3 071/cupsd
tcp        0      0 *:citadel               *:*                     LISTEN     1 4515/citserver
tcp        0      0 localhost.localdom:8504 *:*                     LISTEN     1 5610/webcit
tcp        0      0 *:smtp                  *:*                     LISTEN     1 4515/citserver
tcp        0      0 *:nessus                *:*                     LISTEN     1 2471/nessusd: wait
tcp        0      0 localhost.localdoma:953 *:*                     LISTEN     2 7413/named
tcp        0      0 localhost.localdom:2812 *:*                     LISTEN     3 709/monit
tcp        0      0 localhost.localdom:4700 *:*                     LISTEN     3 244/cnid_metad
tcp        0      0 *:microsoft-ds          *:*                     LISTEN     3 304/smbd
tcp        0      0 *:1887                  *:*                     LISTEN     3 427/rpc.statd
tcp        0      0 gx110.optiplex-net:3680 opal.spod.org:www       ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:2194 clamav.mirror.anlx.:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optip:netbios-ssn notinoc2200:1030        ESTABLISHED2 1888/smbd
tcp        0      0 gx110.optiplex-net:4662 clamav.oucs.ox.ac.u:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-netw:694 gx270t:nfs              ESTABLISHED- 
tcp        0      0 gx110.optiplex-netw:nfs vaio:1018               ESTABLISHED- 
tcp        0      0 gx110.optiplex-netw:nfs vaio:kerberos-adm       ESTABLISHED- 
tcp        0      0 gx110.optiplex-net:1090 clamav.oucs.ox.ac.u:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:3140 ftp.heanet.ie:www       ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:3918 clamav.mirror.anlx.:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:2465 opal.spod.org:www       ESTABLISHED3 045/freshclam
tcp      912      0 gx110.optiplex-net:4735 ftp.heanet.ie:www       CLOSE_WAIT 3 045/freshclam
tcp        0      0 gx110.optiplex-net:2545 pop.dsl.pipex.com:pop3  TIME_WAIT  - 
tcp        0      0 gx110.optiplex-net:4914 ftp.heanet.ie:www       ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:2762 clamav.oucs.ox.ac.u:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:2627 clamav.oucs.ox.ac.u:www ESTABLISHED3 045/freshclam
tcp        0      0 gx110.optiplex-net:4752 clamav.mirror.anlx.:www ESTABLISHED3 045/freshclam
tcp        0      0 localhost.localdo:munin localhost.localdom:2207 ESTABLISHED1 387/munin-node
tcp        0      0 gx110.optiplex-net:2504 vaio:munin              TIME_WAIT  - 
tcp        0      0 localhost.localdom:2207 localhost.localdo:munin ESTABLISHED1 382/munin-update [
tcp        0      0 gx110.optiplex-net:2732 gx270t:munin            TIME_WAIT  - 
tcp        0      0 gx110.optiplex-net:4528 opal.spod.org:www       ESTABLISHED3 045/freshclam
tcp6       0      0 *:www                   *:*                     LISTEN     1 1832/apache2
tcp6       0      0 *:domain                *:*                     LISTEN     2 7413/named
tcp6       0      0 *:ssh                   *:*                     LISTEN     1 4431/sshd
tcp6       0      0 *:ipp                   *:*                     LISTEN     3 071/cupsd
tcp6       0      0 *:3000                  *:*                     LISTEN     2 3245/ntop
tcp6       0      0 ip6-localhost:953       *:*                     LISTEN     2 020/named
tcp6       0      0 *:3001                  *:*                     LISTEN     2 3245/ntop
tcp6       0      0 gx110.optiplex-netw:ssh vaio:33729              ESTABLISHED2 9471/sshd: kayasam
tcp6       0      0 gx110.optiplex-netw:ssh vaio:47749              ESTABLISHED1 0205/sshd: kayasam

kayasaman · 09-21-2008, 11:24 PM

I don't know if named is actually active on port 953 but it seems to be listening to IPv4 and IPv6 addresses on the same port??

Is this whats causing the issue?

kayasaman · 09-21-2008, 11:36 PM

Ok now I'm falling asleep at my console so am off to bed, shucks 5:30 in the morning wow ok.

Thanks again for everyones help and I hope that tomorow or well... later will bring better results but please if anyone has any ideas to post and I will try them out with a fresh head!

billymayday · 09-21-2008, 11:50 PM

I just loaded bind9 on a debian install I have. Looks like the init script uses rndc for everything, which pretty much sucks if you havea problem like yours.

I would think that you are going to have to force restart, so kill the running named daemon (using kill) and then /etc/init.d/bind9 start

Have a good sleep.

kayasaman · 09-22-2008, 11:03 AM

Damn was I whacked this morning; working on DNS all day going round in circles and studying for a Cisco CCNA course all at the same time. My brain cells got fried in the end TTL down to 0 and neural processing time out. hehe

Thanks so much billymayday, maybe a little Debian bug I presume as after running killall -KILL named then restarting its ok now!!!!

)

rndc reload works!

So now I just need to make my DNS server authoritive and I guess I will be alright.

Now I guess we can work on the next stage: Authority?

kayasaman · 09-22-2008, 12:54 PM

Right, current situation:

I can ping my internal domain no problem, as I guess since I loaded the domain and corresponding IP addresses into /etc/hosts.

I cannot however ping google or any remote site from the main server??

My workstation however is connected to one DNS server which is the main server and it works fine!

So this I'm finding difficult to understand, unless again it's the authority.

My /etc/network/interfaces file is setup with a statement:

Code:

dns 192.168.1.51

the internal IP of the server so all should be ok no?

I'm missing a few things here I know it!

billymayday · 09-22-2008, 04:05 PM

What is in /etc/resolv.conf (sorry - don't have debian fired ap at the moment)

kayasaman · 09-22-2008, 04:32 PM

I just changed the config earlier:

Code:

domain optiplex-networks.com
search ns1.optiplex-networks.com
nameserver 192.168.1.51

domain gx110.optiplex-networks.com
search gx110.optiplex-networks.com
nameserver 192.168.1.51
nameserver 127.0.0.1

domain ftp.optiplex-networks.com
search ns1.optiplex-networks.com
nameserver 192.168.1.51

domain www.optiplex-networks.com
search ns1.optiplex-networks.com
nameserver 192.168.1.51

I also added an IP subnet to my named.conf file:

Code:

 key "rndckey" {
       algorithm hmac-md5;
       secret "vL+4wnHLyR+o40KoB/uBug==";
 };

 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; 192.168.1.0/24; } keys { "rndckey"; };

 };

hopeing that it would help!