DNS na Fedori problem

[ Biker @ 14.04.2008. 01:06 ] @

Imam problem sledec vrste, podigao sam Bind 9.5 server na fedori 8.
Napravio sam zonu sa nekim domenom "domen.co.sr" i sa te masine kada radim nslookup
sve radi kako treba, evo ovako:

Code:

> domen.co.sr
Server:         127.0.0.1
Address:        127.0.0.1#53

domen.co.sr
        origin = domen.co.sr
        mail addr = root.domen.co.sr
        serial = 199802151
        refresh = 28800
        retry = 7200
        expire = 604800
        minimum = 86400
domen.co.sr     nameserver = ns.domen.co.sr.
domen.co.sr     mail exchanger = 20 mail.domen.co.sr.
domen.co.sr     mail exchanger = 10 mail.domen.co.sr.
Name:   domen.co.sr
Address: 80.93.248.102

sto znaci da server radi, pretpostavljam.

i sve ostalo resolvuje, mislim na www i mail poddomen.

E sad kad stavim na win masini koja je negde na drugom kraju srbije u dns
njegovu adresu i u cmd wina otkucam nslookup dobijem ovo:

Code:

*** Der Servername für die Adresse 80.93.248.100 konnte nicht gefunden werden:
No response from server
*** Die Standardserver sind nicht verfügbar.
Standardserver: UnKnown
Address: 80.93.248.100

sad dobro na nemackom je ali da se skontat sta kaze.
Jedino sto nisam probao da li radi u lokalnoj rezi sto i nemogu
jer serveru pristupam preko neta.
u firewall sam dopustio DNS i wDNS i jos naknadno port 53.
Mada i kad iskljucim skroz firewall nece da radi.

Toliko od mene!

[ Jbyn4e @ 14.04.2008. 08:31 ] @

Prvo, proveri u konfiguraciji dns-a da li si podesio da slusa na drugim adresama osim 127.0.0.1, a drugo, da li si dobro podesio uopste taj firewall, jer koliko vidim port 53 ti nije otvoren:

Citat:

nmap 80.93.248.100

Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-14 09:10 CEST
Interesting ports on 80.93.248.100:
Not shown: 1692 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
445/tcp filtered microsoft-ds
1720/tcp filtered H.323/Q.931
5190/tcp open aol

[ Biker @ 14.04.2008. 10:34 ] @

Uh ajde ako mozes da me samo navedes gde se podesava to koje ip adrese da slusa.
I otvaranje porta iz konzole, posto sam to uvek radio iz webmina a nebi to na ovoj masini
da instaliram.

Hvala.

[ Miroslav Strugarevic @ 14.04.2008. 10:44 ] @

Probaj ovu komandu i kopiraj nam output:

# netstat -natp | grep named

[ Biker @ 14.04.2008. 10:53 ] @

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2821/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2821/named
tcp 0 0 ::1:53 :::* LISTEN 2821/named
tcp 0 0 ::1:953 :::* LISTEN 2821/named

Evo ga odgovor!

I evo ga firewall!

[root@ns ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
5 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
7 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
10 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
16 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
17 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

_{[Ovu poruku je menjao Biker dana 14.04.2008. u 12:19 GMT+1]}

[ Miroslav Strugarevic @ 14.04.2008. 11:21 ] @

Moraš dodati u /etc/named.conf nešto tipa:

Code:

options {
listen-on port 53 { 127.0.0.1; externa.ip.adresa; };

Nakon toga:

# named-checkconf
# rndc reload

Ako sve prođe bez grešaka ponovi netstat komandu.

[ Biker @ 14.04.2008. 11:39 ] @

[root@ns ~]# netstat -natp | grep named
tcp 0 0 80.93.248.100:53 0.0.0.0:* LISTEN 7736/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 7736/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 7736/named
tcp 0 0 ::1:53 :::* LISTEN 7736/named
tcp 0 0 ::1:953 :::* LISTEN 7736/named

Ako sam dobro razume treba da ubacim javnu adresu tog racunara??
Mislim to sam uradio.

Pomak je dostignut.

Sad sa win masine nije vise ona greska u nslookup-u.

Nije vise "No response from server" nego "Query refused"!

[ Miroslav Strugarevic @ 14.04.2008. 11:48 ] @

Postavi ovde named.conf.

Ili potraži opciju allow-query i dopiši tvoju ip adresu ili opseg ip adresa koje imaju pravo pristupa tvom dns server-u.

[ Biker @ 14.04.2008. 11:53 ] @

options {
listen-on port 53 { 127.0.0.1; 80.93.248.100;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};

a ako hocu da svi mogu onda kucam 0.0.0.0/0 ili samo 0.0.0.0?

[ Miroslav Strugarevic @ 14.04.2008. 11:58 ] @

Nešto ovako:

Code:
options {
listen-on port 53 { 127.0.0.1; 80.93.248.100;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};

[ Biker @ 14.04.2008. 12:00 ] @

Proradilo je sa wina!

Radi sad domen koji sam postavio na tom serveru!

Hvala za sad idem da isprobam sta radi, a sta mozda i neradi.

Puno hvala!!!