[solved] Bind problem - IP issue?

[DarkSide]

Hello all,

Bind is running, confirmed with:

Code:

ps waux | grep named
bind     16845  0.0  0.3  70468 13068 ?        Ssl  07:47   0:00 /usr/sbin/named -u bind

but the output of this confuses me:

Code:

netstat -tlnp | grep named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      16845/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      16845/named

Am I right in thinking that it should be showing my internet web IP and not localhost? Is this why even though bind is running that it shows as "bind down" in the server status page and that my nameservers do not work? Can someone please help me fix this, I dont want to break it heehee

Many thanks,
Paul.

[BeNe]

Quote:Am I right in thinking that it should be showing my internet web IP and not localhost?

Yes!

Quote:Is this why even though bind is running that it shows as "bind down" in the server status page and that my nameservers do not work?

Yes!
Please post the related config files for bind and the reslov.conf.

Greez BeNe

[DarkSide]

Resolv.conf is as follows:

Code:

nameserver 127.0.0.1
nameserver 213.186.33.99

I assume this part of the config is the problem:

Code:

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

What do I need to do to fix this, I dont know about bind at all lol Thanks BeNe.

[BeNe]

Is this all in your your named.conf ?
Did you add a domain to your ispCP ?
If you check your "/var/cache/bind/domain.tld.db" about "ns1" entry with your external IP.

Greez BeNe

[DarkSide]

I fixed it! I installed webmin from the .deb and used that to edit the ip address that bind was listening on from localhost to my external IP then restarted bind then removed webmin. Bind shows as running in ispCP now. I cant see what config file that changed though, I am curious

Thankyou BeNe for confirming that the problem was this, great product

[kurgans]

I think your DNS is only running on localhost (127.0.0.1), you can release that data in / etc / bind / named.conf.options.

I'm sorry my English

[DarkSide]

(11-23-2009 06:35 PM)kurgans Wrote:  I think your DNS is only running on localhost (127.0.0.1), you can release that data in / etc / bind / named.conf.options.

I'm sorry my English

Sure, here it is

Code:

options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //     0.0.0.0;
    // };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { ::1; };
    listen-on {
        **external IP is here**;
        };
    allow-recursion {
        127.0.0.1;
        };
};

[BeNe]

Here is mine named.conf.options - and bind9 is bind to my external IP´s

Code:

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Greez BeNe

[DarkSide]

Thanks BeNe.

I have now setup a domain using the nameservers I have created and registered them. When I check the DNS with checkdns.net it says the following:

Code:

Tried to fetch SOA record for domain, but DNS server ns1.mydomain.net [ip address here] returned error code Refused
Tried to fetch SOA record for domain, but DNS server ns2.mydomain.net [ip address here] returned error code Refused

Its like its not accepting connections from outside maybe?

[BeNe]

Is bind9 now listening on the external IP ?
Own IPTables that block Port 53 ?
Check you syslog

Greez BeNe