Re: [gentoo-user] djbdns setup questions
Tom Caudron said: > However, I'm still getting a domain not found error when I try to > ping www.kungfugamers.com Ping is probably going after the other DNS server... which we're going to fix now :-) > Eric said, "If I query hearsay.earthlink.net, it's never heard of > kungfugamers.com. You will have to fix that before others will be > able to reliably use your domain." > > Yeah. Not sure what to do about that. [snip] > Seems kinda dumb, but should I register the dns under two > different names pointing to the same IP, then use both those names > as authoritative? That seems sorta kludgy, but if that's how it > works, then so be it. What do you think? Yes, this is the workaround. Not all registrars will allow this, but I know of other domains (dubium.com is an example) that are registered with GoDaddy and they have done it this way. The original thinking was that DNS should be ultra-reliable so the registry required two unique servers and IPs. For your purposes, if you cable is down then your entire domain is down, so redundant external DNS is not terribly relevant. -Eric -- arctic bears - email and name services 25 email [EMAIL PROTECTED] CA$11.95/month DNS starting at CA$3.49/month - domains from CA$25.95/year for details contact [EMAIL PROTECTED] or visit http://www.arcticbears.com -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
OK, I stopped dnschachex and axfrdns with "svc -d". A dig command now shows me this: > dig @68.15.153.133 www.kungfugamers.com a ; <<>> DiG 9.2.2rc1 <<>> @68.15.153.133 www.kungfugamers.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25100 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.kungfugamers.com. IN A ;; ANSWER SECTION: www.kungfugamers.com. 86400 IN A 68.15.153.133 ;; AUTHORITY SECTION: kungfugamers.com. 259200 IN NS a.ns.kungfugamers.com. ;; ADDITIONAL SECTION: a.ns.kungfugamers.com. 259200 IN A 68.15.153.133 ;; Query time: 140 msec ;; SERVER: 68.15.153.133#53(68.15.153.133) ;; WHEN: Thu Nov 20 08:31:46 2003 ;; MSG SIZE rcvd: 89 However, I'm still getting a domain not found error when I try to ping www.kungfugamers.com When I do dnsq I get this: > dnsq a www.kungfugamers.com 68.15.153.133 1 www.kungfugamers.com: 89 bytes, 1+1+1+1 records, response, authoritative, noerror query: 1 www.kungfugamers.com answer: www.kungfugamers.com 86400 A 68.15.153.133 authority: kungfugamers.com 259200 NS a.ns.kungfugamers.com additional: a.ns.kungfugamers.com 259200 A 68.15.153.133 But when I do dnsqr, I get: > dnsqr a www.kungfugamers.com Mike said, "add your external IP to /var/tinydns/env/IP, and restart tiny." I rechecked it and a cat on the IP shows me the external ip address. I restarted the service like this: > svc -t /service/tinydns Which seemed to work (ie, didn't barf on me). If I do a tcpdump on the server when I try to connect with mybrowser on a different internal machine, the output suggests that it's still not getting what it needs from my dns. That is to say, it's doing just what it did before, where it's trying different permutations of the domain hoping to get an answer to one of them. Weird. Eric said, "If I query hearsay.earthlink.net, it's never heard of kungfugamers.com. You will have to fix that before others will be able to reliably use your domain." Yeah. Not sure what to do about that. The problem just that I registered with go-daddy.com and when they asked for an authortative dns for the domain, they insisted on two dns servers. Well, I only have one box, so I threw a bogus server out there (well, it's a real dns, just not authoritative for my domain) as a placeholder. Not sure what to do about that. I only have one box, but they seem to be expecting two dns's per domain. Frankly, I'm not hosting professionally, so if my one server box is down for some reason, I don't care that the domain is inaccessible. Seems kinda dumb, but should I register the dns under two different names pointing to the same IP, then use both those names as authoritative? That seems sorta kludgy, but if that's how it works, then so be it. What do you think? Mike said, "Steep learning curve, but an immense sense satisfaction when you are there :)" Like everything good in linux. :-) -Tom Caudron -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 20 November 2003 01:10, Tom Caudron wrote: > Eric and Mike both requested this output: > > netstat -nlp | grep udp | grep 53 > > udp 0 0 68.15.153.133:530.0.0.0:* 936/dnscache > udp 0 0 68.15.153.133:530.0.0.0:* 932/tinydns > > Three things of note here. > > First, unlike the example Eric gave, I didn't need to do a ps on the pid. > It was in the output. That's the 'p' doing it's job :) > Second, I'm no Doctor of Portology, but I'm guessing two services listening > on the same port is a bad thing? Yus, bad thing. > Third, it says dnscache is listening. Well, I can't find dnscache > anywhere. All I seem to have is dnscachex, which perhaps just calls itself > plain ol' "dnscache" in the pid? dnscachex is just dnscache with a slightly different configuration (it only knows about specific domains) > Some more output requested by Eric and Mike: > If I add the @ sign to the command as you have it: You need the @ sign, it tells dig to go at that server (get the records from it) > > dig @1.2.3.4 www.foobar.com a > > ; <<>> DiG 9.2.2rc1 <<>> @1.2.3.4 www.foobar.com a > ;; global options: printcmd > ;; connection timed out; no servers could be reached > > > host www.foobar.com 1.2.3.4 > > ;; connection timed out; no servers could be reached This would be because you have both dnscache and tinydns listening on the same port. Stop dnscache, add your external IP to /var/tinydns/env/IP, and restart tiny. Then see how things go. > Mike said, "Dan isn't exactly forgiving with configuration errors, or > helpful with diagnosing." > > Yeah, I get that. But the app is great from what I hear...and I love > QMail, so I can't say much bad about the guy. :-) Steep learning curve, but an immense sense satisfaction when you are there :) - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/vJ9aInuLMrk7bIwRAi0HAJ4xxpo7uMiD1sGYXSiwR28th3lWcgCcCWVf QZBnsL9xKfPX7EpEI6mGnko= =k04O -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
Tom Caudron said: > udp 0 0 68.15.153.133:530.0.0.0:* 936/dnscache > udp 0 0 68.15.153.133:530.0.0.0:* 932/tinydns Not good. Actually, I didn't think this was possible. I guess I just leaned something. Try stopping dnscache. Something like svc -d /service/dnscachex or whatever it's called for you... I'm wondering which of those services would respond to your port 53 request? Maybe causing a deadlock? I don't know, but I'd stop one of them. > It's http://www.kungfugamers.com which I'm trying to host on > 68.15.153.133. Why KungFuGamers? Well, that's a bit of a longer > story. sufficed to say, I AM a geek. :-) Nameservers for kungfugamers.com: kungfugamers.com. 172608 IN NS hearsay.earthlink.net. kungfugamers.com. 172608 IN NS mordor.kungfugamers.com. If I query hearsay.earthlink.net, it's never heard of kungfugamers.com. You will have to fix that before others will be able to reliably use your domain. But for now, let's focus on mordor.kungfugamers.com... The glue record says it is at 68.15.153.133, which confirms what you said, so that part is setup OK. Attempting to query mordor.kungfugamers.com times out: [EMAIL PROTECTED] eric $ dig @68.15.153.133 kungfugamers.com soa ; <<>> DiG 9.2.2 <<>> @68.15.153.133 kungfugamers.com soa ;; global options: printcmd ;; connection timed out; no servers could be reached [EMAIL PROTECTED] eric $ Additional querys for an a record from www.kungfugamers.com, etc, yield the same response. Let me know what happens when you've killed the dnscache. And also, you might as well "svc -d" the axfrdns just so it stops re-trying to start. -Eric -- arctic bears - email and name services 25 email [EMAIL PROTECTED] CA$11.95/month DNS starting at CA$3.49/month - domains from CA$25.95/year for details contact [EMAIL PROTECTED] or visit http://www.arcticbears.com -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
Eric said, "I didn't get exactly what you're trying to do. Is it just host a DNS server as the authority for your domain? Where are your secondaries?" I am trying to run a domain entirely from my cable modem. I have a business-class connection through Cox, so I'm allowed and the IP is mine to use, but they don't offer DNS services for free. I took this as a good opportunity to learn DNS, too. :-) Eric and Mike both requested this output: > netstat -nlp | grep udp | grep 53 udp 0 0 68.15.153.133:530.0.0.0:* 936/dnscache udp 0 0 68.15.153.133:530.0.0.0:* 932/tinydns Three things of note here. First, unlike the example Eric gave, I didn't need to do a ps on the pid. It was in the output. Second, I'm no Doctor of Portology, but I'm guessing two services listening on the same port is a bad thing? Third, it says dnscache is listening. Well, I can't find dnscache anywhere. All I seem to have is dnscachex, which perhaps just calls itself plain ol' "dnscache" in the pid? Some more output requested by Eric and Mike: > dig 1.2.3.4 www.foobar.com a ; <<>> DiG 9.2.2rc1 <<>> 1.2.3.4 www.foobar.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44670 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;1.2.3.4. IN A ;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET.NSTLD.VERISIGN-GRS.COM. 2003111900 1800 900 604800 86400 ;; Query time: 166 msec ;; SERVER: 68.10.16.30#53(68.10.16.30) ;; WHEN: Wed Nov 19 17:04:29 2003 ;; MSG SIZE rcvd: 106 ;; connection timed out; no servers could be reached Note that 68.10.16.30 is my isp's dns. I guess it found that on it's own. If I add the @ sign to the command as you have it: > dig @1.2.3.4 www.foobar.com a ; <<>> DiG 9.2.2rc1 <<>> @1.2.3.4 www.foobar.com a ;; global options: printcmd ;; connection timed out; no servers could be reached > host www.foobar.com 1.2.3.4 ;; connection timed out; no servers could be reached Eric said, "Also, knowing your actual domain name would be helpful. Then I could try to query from here and see what the response is." It's http://www.kungfugamers.com which I'm trying to host on 68.15.153.133. Why KungFuGamers? Well, that's a bit of a longer story. sufficed to say, I AM a geek. :-) Eric said, "btw, your axfrdns is not working, as is shown by the "0 seconds" uptime. You only need axfrdns if you have secondary DNS servers using the BIND protocol to sync with your primary, so that may not be an issue?" I had a feeling that wasn't right. I am not, however, running any other dns servers, BIND or otherwise. Mike said, "The /var vs /etc thing, that's weird. But so long as the links into /service are right, and the ...{tinydns,dnscache(x)}/env/ROOT are correct, it doesn't matter." They are linked into /service, yes. Mike said, "Dan isn't exactly forgiving with configuration errors, or helpful with diagnosing." Yeah, I get that. But the app is great from what I hear...and I love QMail, so I can't say much bad about the guy. :-) -Tom -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 19 November 2003 17:50, Tom Caudron wrote: > Well, a month later and I'm back to working on this dns problem. > > I tried to follow Mike's advice (found below), but I ran in to a > problem. When I emerged djbdns, it never created anything called > dnscache. It only created dnscachex, tinydns, and axfrdns. And unlike > every other reference I've seen/read about, including Mike's below, it > was put in the /var directory, not the /etc directory. I doubt the > directory change is an issue, and since I don't really care about acting > as a proxy dns to my internal network, I'm not sure I need dnscache, but > I could be wrong on both counts. I don't believe there is actually any difference between dnscache and dnscachex, really. It's just a naming convention. The /var vs /etc thing, that's weird. But so long as the links into /service are right, and the ...{tinydns,dnscache(x)}/env/ROOT are correct, it doesn't matter. If you are only serving your own DNS out to the world, you don't actually need dnscache. I've never had a need to do zone transfer with djbdns so can't help with axfrdns. > Anyway, it still won't work. :( Is listening on the network properly? 'netstat -nlp' > I've added the domain and its aliases to the system using tinydns's > "add-host" and "add-alias". For simplicity's sake, let's say my IP is > 1.2.3.4 and my domain is foobar.com. Here is the output I get when I [snip] > And that continues for a while, trying different permutations, like > localhost.foobar.com or www.foobar.com.localdomain, etc try 'dig @127.0.0.1 www.foobar.com', or 'host www.foobar.com 127.0.0.1' Replace 127.0.0.1 with the IP tiny is listening on. > I've registered my machine/ip as a valid dns (and I get dns requests all > the time, but the above mentioned udp error suggests to me that they > aren't be fulfilled) and I've got apache set up to give me a domain back > (it works on another hosted domain that uses an external authoritative > dns server for discovery). > > Does anyone have a clue as to what could be the problem? Any help would > be appreciated. :) Not really :) Dan isn't exactly forgiving with configuration errors, or helpful with diagnosing. - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/u75YInuLMrk7bIwRAs6aAKCQidX0gNKWNWkzngHmbHfj+MbTBQCdGbT3 MZv282nxMl98sW7owoivobg= =GzSv -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] djbdns setup questions
I missed the first part of the thread (new to the list) so I didn't get exactly what you're trying to do. Is it just host a DNS server as the authority for your domain? Where are your secondaries? You don't need dnscache to host an authoritative DNS, you just need tinydns for that. The first thing I like to do when diagnosing a network service problem is determine what process is listening on the port I'm trying to troubleshoot. "netstat -nlp" will show you this. On our DNS server, I look for the UDP line on port 53 and get this: > netstat -nlp | grep udp | grep 53 udp0 0 (myIP):53 0.0.0.0:* 1666/ To confirm this is in fact tinydns listening, I do a ps for the pid 1666 and find this: > ps -p 1666 -f UIDPID PPID C STIME TTY TIME CMD tinydns 1666 1638 0 Oct04 ?00:04:41 [tinydns] Now I know that it's tinydns listening and that some other process hasn't bound to that port. Then I can move forward to troubleshoot the problem with tinydns. I use dig to troubleshoot DNS problems. If you do: > dig @ns.foo.com www.foo.com a It will query the name server ns.foo.com for the "a" record www.foo.com. What output does dig give on your system? Also, knowing your actual domain name would be helpful. Then I could try to query from here and see what the response is. btw, your axfrdns is not working, as is shown by the "0 seconds" uptime. You only need axfrdns if you have secondary DNS servers using the BIND protocol to sync with your primary, so that may not be an issue? -Eric Tom Caudron said: > Well, a month later and I'm back to working on this dns problem. > > I tried to follow Mike's advice (found below), but I ran in to a > problem. When I emerged djbdns, it never created anything called > dnscache. It only created dnscachex, tinydns, and axfrdns. And > unlike every other reference I've seen/read about, including > Mike's below, it was put in the /var directory, not the /etc > directory. I doubt the directory change is an issue, and since I > don't really care about acting as a proxy dns to my internal > network, I'm not sure I need dnscache, but I could be wrong on > both counts. > > Anyway, it still won't work. :( > > I've added the domain and its aliases to the system using > tinydns's "add-host" and "add-alias". For simplicity's sake, > let's say my IP is 1.2.3.4 and my domain is foobar.com. Here is > the output I get when I check on my setup: > >> tinydns-get a www.foobar.com 1.2.3.4 > 1 www.foobar.com: > 89 bytes, 1+1+1+1 records, response, authoritative, noerror > query: 1 www.foobar.com > answer: www.foobar.com 86400 A 1.2.3.4 > authority: foobar.com 259200 NS a.ns.foobar.com > additional: a.ns.foobar.com 259200 A 1.2.3.4 > >> svstat /service/tinydns > /service/tinydns: up (pid 932) 870016 seconds > >> svstat /service/axfrdns > /service/axfrdns: up (pid 13218) 0 seconds > >> dnsq a www.foobar.com 1.2.3.4 > > >> dnsqr a www.foobar.com > > >> cat /service/dnscachex/log/main/current > @40003fa61ab11f645e8c starting > @40003fadc55d20421074 starting > > Looking at tcpdump, If I call up a browser and try to reach > www.foobar.com I get this: > >>tcpdump -i any | grep foobar > 00:41:02.485868 lkhndnss02.rd.at.cox.net.58754 > > wsip-my-ip.hr.hr.cox.net.domain: 42193 A? www.foobar.com. (38) > (DF) 00:41:13.480699 nrfkdnss02.rd.hr.cox.net.56943 > > wsip-my-ip.hr.hr.cox.net.domain: 25461 A? www.foobar.com. (38) > (DF) 00:41:14.775501 192.168.0.9.32806 > ns1.hr.cox.net.domain: > 38338+ A? www.foobar.com. (38) (DF) > > And that continues for a while, trying different permutations, > like localhost.foobar.com or www.foobar.com.localdomain, etc > >>tcpdump -i any | grep unreachable > 01:35:49.816329 localhost.localdomain > localhost.localdomain: > icmp: localhost.localdomain udp port domain unreachable [tos 0xc0] > > > In the end, the browser just says foobar.com could not be found. > :( > > I've registered my machine/ip as a valid dns (and I get dns > requests all the time, but the above mentioned udp error suggests > to me that they aren't be fulfilled) and I've got apache set up to > give me a domain back (it works on another hosted domain that uses > an external authoritative dns server for discovery). > > Does anyone have a clue as to what could be the problem? Any help > would be appreciated. :) > > -Tom Caudron > > > >> From: Mike Williams <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] >> Subject: Re: [gentoo-user] djbdns setup questions >> Date: Sat, 1
Re: [gentoo-user] djbdns setup questions
Well, a month later and I'm back to working on this dns problem. I tried to follow Mike's advice (found below), but I ran in to a problem. When I emerged djbdns, it never created anything called dnscache. It only created dnscachex, tinydns, and axfrdns. And unlike every other reference I've seen/read about, including Mike's below, it was put in the /var directory, not the /etc directory. I doubt the directory change is an issue, and since I don't really care about acting as a proxy dns to my internal network, I'm not sure I need dnscache, but I could be wrong on both counts. Anyway, it still won't work. :( I've added the domain and its aliases to the system using tinydns's "add-host" and "add-alias". For simplicity's sake, let's say my IP is 1.2.3.4 and my domain is foobar.com. Here is the output I get when I check on my setup: > tinydns-get a www.foobar.com 1.2.3.4 1 www.foobar.com: 89 bytes, 1+1+1+1 records, response, authoritative, noerror query: 1 www.foobar.com answer: www.foobar.com 86400 A 1.2.3.4 authority: foobar.com 259200 NS a.ns.foobar.com additional: a.ns.foobar.com 259200 A 1.2.3.4 > svstat /service/tinydns /service/tinydns: up (pid 932) 870016 seconds > svstat /service/axfrdns /service/axfrdns: up (pid 13218) 0 seconds > dnsq a www.foobar.com 1.2.3.4 > dnsqr a www.foobar.com > cat /service/dnscachex/log/main/current @40003fa61ab11f645e8c starting @40003fadc55d20421074 starting Looking at tcpdump, If I call up a browser and try to reach www.foobar.com I get this: >tcpdump -i any | grep foobar 00:41:02.485868 lkhndnss02.rd.at.cox.net.58754 > wsip-my-ip.hr.hr.cox.net.domain: 42193 A? www.foobar.com. (38) (DF) 00:41:13.480699 nrfkdnss02.rd.hr.cox.net.56943 > wsip-my-ip.hr.hr.cox.net.domain: 25461 A? www.foobar.com. (38) (DF) 00:41:14.775501 192.168.0.9.32806 > ns1.hr.cox.net.domain: 38338+ A? www.foobar.com. (38) (DF) And that continues for a while, trying different permutations, like localhost.foobar.com or www.foobar.com.localdomain, etc >tcpdump -i any | grep unreachable 01:35:49.816329 localhost.localdomain > localhost.localdomain: icmp: localhost.localdomain udp port domain unreachable [tos 0xc0] In the end, the browser just says foobar.com could not be found. :( I've registered my machine/ip as a valid dns (and I get dns requests all the time, but the above mentioned udp error suggests to me that they aren't be fulfilled) and I've got apache set up to give me a domain back (it works on another hosted domain that uses an external authoritative dns server for discovery). Does anyone have a clue as to what could be the problem? Any help would be appreciated. :) -Tom Caudron > From: Mike Williams <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [gentoo-user] djbdns setup questions > Date: Sat, 18 Oct 2003 16:39:20 +0100 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Saturday 18 October 2003 14:58, Tom Caudron wrote: > > I've googled til my fingers bled and all I cna find are how-to > > describing how I cna set up djbdns to serve a home network (maybe I just > > didn't know what I was looking at?). Here's what I'm doing. > > > > I have registered a domain (we'll call it foobar.com) and I intend on > > hosting it publicly from my home server, which is running on a cable > > [snip snippty] > > Right, basic setup. > Tinydns listens on 127.0.0.1, dnscache(x) listens on an/the external > interface(s). Tiny is the resolver, dnscache the (brainfart moment). > > My router has it's internal address in /etc/resolv.conf (it's 192 address). > > Lets do this backwards, starting with dnscache. > redshat root # cat /etc/dnscache/env/IP > 192.168.0.1 > You will need dnscache, and dnscachex. One on the internal that will resolve > anything, and one on the external that will only resolve your domain. > The files in /etc/dnscache/root/ip/ tell dnscache who is allowed access, in my > case > redshat root # ls -lh /etc/dnscache/root/ip/ > total 0 > - -rw---1 root root0 Jul 1 02:43 127.0.0.1 > - -rw-r--r--1 root root0 Jul 1 02:43 192.168 > I'm pretty sure an @ will allow anyone. > > To tell it what it is authorative for, and where it go for the resolver put > files in /etc/dnscache/root/servers > redshat root # ls -lh /etc/dnscache/root/servers/ > total 12K > - -rw-r--r--1 root root 10 Jul 1 02:43 0.168.192.in-addr.arpa > - -rw-r--r--1 root root 164 Jul 1 02:43 @ > - -rw-r--r--1 root root 10 Jul 1 02:43 home.gaima.co.uk > redshat root # cat /etc/dnscache/root/servers/0.168.192.in-addr.arpa > 127.0.0.1 > r
Re: [gentoo-user] djbdns setup questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 18 October 2003 14:58, Tom Caudron wrote: > I've googled til my fingers bled and all I cna find are how-to > describing how I cna set up djbdns to serve a home network (maybe I just > didn't know what I was looking at?). Here's what I'm doing. > > I have registered a domain (we'll call it foobar.com) and I intend on > hosting it publicly from my home server, which is running on a cable [snip snippty] Right, basic setup. Tinydns listens on 127.0.0.1, dnscache(x) listens on an/the external interface(s). Tiny is the resolver, dnscache the (brainfart moment). My router has it's internal address in /etc/resolv.conf (it's 192 address). Lets do this backwards, starting with dnscache. redshat root # cat /etc/dnscache/env/IP 192.168.0.1 You will need dnscache, and dnscachex. One on the internal that will resolve anything, and one on the external that will only resolve your domain. The files in /etc/dnscache/root/ip/ tell dnscache who is allowed access, in my case redshat root # ls -lh /etc/dnscache/root/ip/ total 0 - -rw---1 root root0 Jul 1 02:43 127.0.0.1 - -rw-r--r--1 root root0 Jul 1 02:43 192.168 I'm pretty sure an @ will allow anyone. To tell it what it is authorative for, and where it go for the resolver put files in /etc/dnscache/root/servers redshat root # ls -lh /etc/dnscache/root/servers/ total 12K - -rw-r--r--1 root root 10 Jul 1 02:43 0.168.192.in-addr.arpa - -rw-r--r--1 root root 164 Jul 1 02:43 @ - -rw-r--r--1 root root 10 Jul 1 02:43 home.gaima.co.uk redshat root # cat /etc/dnscache/root/servers/0.168.192.in-addr.arpa 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/home.gaima.co.uk 127.0.0.1 redshat root # cat /etc/dnscache/root/servers/\@ 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Reverse for 192.168., forward for home.gaima.co.uk, and for anything else pick a root server (default config I think). Now to tinydns. redshat root # cat /etc/tinydns/env/IP 127.0.0.1 It only listens on localhost. Now all you need is the data. A nameserver .home.gaima.co.uk:192.168.0.1:redshat.home.gaima.co.uk:259200 Another nameserver .0.168.192.in-addr.arpa:192.168.0.1:redshat.home.gaima.co.uk:259200 An A record, with PTR =redshat.home.gaima.co.uk:192.168.0.1 A CNAME Cmrtg.redshat.home.gaima.co.uk:redshat.home.gaima.co.uk:86400 An MX @home.gaima.co.uk:redshat.home.gaima.co.uk:redshat.home.gaima.co.uk You'll have to read Dans docs on the data format, I can never remember :) HTH - -- Mike Williams -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/kV6rInuLMrk7bIwRAnqEAJ4lQKee+8P6ROpq1INeFk1YxFWQqQCfWFBU urdoSJWz9me/akgKV1SC/8M= =ZalF -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
[gentoo-user] djbdns setup questions
I've googled til my fingers bled and all I cna find are how-to describing how I cna set up djbdns to serve a home network (maybe I just didn't know what I was looking at?). Here's what I'm doing. I have registered a domain (we'll call it foobar.com) and I intend on hosting it publicly from my home server, which is running on a cable modem that is fed a business-class service (ie, I pay a little more and they let me run servers from home [Cox Business Service, in case it matters to anyone]). Obviously, to run it from my home box I have to have a nameserver that is authoritative for the server. I asked Cox is they offered a nameserver to their customers just for this purpose. It was a long shot and didn't pan out. They don't. If I intend to run a website from home, I also have to run a dns server from home that will be authoritative for this domain. So I emerged djbdns (chosen because people said it was simpler and more secure than bind). I also ran dnscache-setup and tinydns-setup. This installed the apps to /var (/var/dnscachex and /var/tinydns/ and /var/axfrdns respectively). When I did this, all my home systems stopped being able to resolve names. They all use this one box as a router/gateway, so it stands to reason that when I hosed the dns settings in that one box, they'd all come tunmbling down. Looking in the /etc/resolv.conf file shows that it is pointing to itself as the nameserver (using the external IP, not 127.0.0.1). When I replaced that with the original resolv.conf that points to Cox's dns servers, everything started working again. I changed /etc/resolv.conf to point to 127.0.0.1 to see it that made a difference. It just made the name resolution error out faster (unknown host error when I ping a known domain). I put the nameserver back to the way djbdns set it (pointing to my external IP) and checked the /var/dnscachex/root/servers/@ file. That file contains the 2 Cox dns servers, like I beleive it's supposed to. Basically, I'm swinging in the wind here. I'm a newbie in the dns arena, but willing to read and learn. Still, the install didn't go as transparently as I'd have liked since afterward, I couldn't resolve anything. Note that I can't resolve anything on any box on the nertwork OR on the server itself, so this isn't a persmissions issue, I don't think. I need a how-to guide that talks about doing what I need done. I don't care to use the proxy dns (dnscachex) and only need the content dns (tinydns) to feed the rest of the world my external domain ip. And of course, in the process, I'd like to retain the ability to resolve other domain names. ;-) Any help whatsoever would be appreciated. -Tom Caudron -- [EMAIL PROTECTED] mailing list