[gentoo-user] OT - Need help correcting my DNS configuration

[gentoo-user] OT - Need help correcting my DNS configuration

[Michael Sullivan]

I need help setting up my network's DNS configuration.  I tried to
subscribe myself to the bind-user mailing list (using the address at the
bottom of the bind docs README file, but I saw this in the log: 

Dec 15 17:51:15 bullet sm-mta[29432]: jBFNpCvf029430:
to=<bind-users-request@isc.org>, ctladdr=<michael@espersunited.com>
(1000/100), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120297,
relay=mx.sth1.isc.org. [192.228.89.21], dsn=4.2.0, stat=Deferred: 450
<bind-users-request@isc.org>: Recipient address rejected: Greylisted for
180 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)


I went to the website and the only useful information I could glean from
it was that my mail server might not be set up correctly.  This
information doesn't help me as I'd be lying if I said I understood how
my mail server works.  Intra/Extra-network mail comes in,
intra/extra-mail goes out; I can block spam with my /etc/mail/access
file; I don't mess with it (I'd probably mess it up.)  Anyway, I set up
my BIND configuration using "DNS and BIND, 4th Edition" from O'Reilly.
I was following the examples in Chapter 4, substituting my domain for
the example one.  However, when I use my new DNS server the only thing
that works correctly is digging 0.0.127.in-addr.arpa.  Every other query
gets me either NXDOMAIN or SERVFAIL.  Here's the /etc/hosts file I want
my DNS config based off of:

127.0.0.1   localhost.localdomain localhost
192.168.1.4 catherine.espersunited.com catherine
192.168.1.3 camille.espersunited.com camille
192.168.1.2 bullet.espersunited.com bullet


Here's /etc/bind/named.conf:

options {
        directory "/etc/bind";
        pid-file "/var/run/named/named.pid";
        };

zone "espersunited.com" in {
        type master;
        file "db.espersunited.com";
        };

zone "2.1.168.192.in-addr.arpa." in {
        type master;
        file "db.2.1.168.192";
        };

zone "0.0.127.in-addr.arpa." in {
        type master;
        file "db.127.0.0";
        };

zone "." in {
        type hint;
        file "db.cache";
        };



Here's /etc/bind/db.espersunited.com:

$TTL 3h
espersunited.com.  IN SOA bullet.espersunited.com.
michael.bullet.espersunited.com. (

   1    ;Serial
   3h   ;Refresh after 3 hours
   1h   ;Retry after one hour
   1w   ;Expire after one week
   1h ) ;Negative caching TTL of 1 hour

;Name server(s)
espersunited.com. IN NS bullet.espersunited.com.

;Host addresses

localhost.espersunited.com.     IN A 127.0.0.1
bullet.espersunited.com.        IN A 192.168.1.2
camille.espersunited.com.       IN A 192.168.1.3
catherine.espersunited.com.     IN A 192.168.1.4

;Aliases

bullet.espersunited.com.        IN CNAME bullet.espersunited.com.
camille.espersunited.com.       IN CNAME camille.espersunited.com.
catherine.espersunited.com.     IN CNAME catherine.espersunited.com.


Here's db.127.0.0:

$TTL 3h
0.0.127.in-addr.arpa. IN SOA bullet.espersunited.com.
michael.bullet.espersunited.com. (

   1    ;Serial
   3h   ;Refresh after 3 hours
   1h   ;Retry after one hour
   1w   ;Expire after one week
   1h ) ;Negative caching TTL of 1 hour

;Name servers
0.0.127.in-addr.arpa.   IN NS bullet.espersunited.com.

;Host addresses

1.0.0.127.in-addr.arpa. IN PTR  localhost.


Here's db.db.2.1.168.192:

$TTL 3h
2.1.168.192.in-addr.arpa. IN SOA bullet.espersunited.com.
michael.bullet.espersunited.com. (

   1    ;Serial
   3h   ;Refresh after 3 hours
   1h   ;Retry after one hour
   1w   ;Expire after one week
   1h ) ;Negative caching TTL of 1 hour

;Name servers
2.1.168.192.in-addr.arpa.       IN NS bullet.espersunited.com.

;Host addresses

2.1.168.192.in-addr.arpa.       IN PTR  bullet.espersunited.com.
3.1.168.192.in-addr.arpa.       IN PTR  camille.espersunited.com.
4.1.168.192.in-addr.arpa.       IN PTR  catherine.espersunited.com.

;Aliases

bullet.espersunited.com.        IN CNAME bullet.espersunited.com.
camille.espersunited.com.       IN CNAME camille.espersunited.com.
catherine.espersunited.com.     IN CNAME catherine.espersunited.com.


And finally, here's db.cache:

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File


I hope the information I've provided will help you to assist me with
this problem...
-Michael Sullivan-



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Need help correcting my DNS configuration

[kashani]

Michael Sullivan wrote:
> I need help setting up my network's DNS configuration.  I tried to
> subscribe myself to the bind-user mailing list (using the address at the
> bottom of the bind docs README file, but I saw this in the log: 
> 
> Dec 15 17:51:15 bullet sm-mta[29432]: jBFNpCvf029430:
> to=<bind-users-request@isc.org>, ctladdr=<michael@espersunited.com>
> (1000/100), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120297,
> relay=mx.sth1.isc.org. [192.228.89.21], dsn=4.2.0, stat=Deferred: 450
> <bind-users-request@isc.org>: Recipient address rejected: Greylisted for
> 180 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)

This hasn't bounced, it's merely greylisted. It'll probably go through 
in the next 10 minutes or so.

	Once again I'll engage in some self promotion and point you to a very 
nice guide explaining exactly how to setup Bind on Gentoo.

http://gentoo-wiki.com/HOWTO_Setup_a_DNS_Server_with_BIND

	However I'd guess that 2.0.168.192.in-addr.arpa. should be 
0.168.192.in-addr.arpa in your zone. And put that serial in a normal 
format. And don't use that lame ass db.domain format. And you don't need 
to put the in-addr stuff in the reverse zone...

Personally I'd wipe it and follow my guide, but it might be quicker to 
get up and running if you look at your logs which are going to be in 
/var/log/messages and not in nicely split up log files like my config. 
I'd also run a named-checkconf and see if it says anything interesting.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Need help correcting my DNS configuration

[Jonathan Nichols]

Michael Sullivan wrote:
> I need help setting up my network's DNS configuration.  I tried to
> subscribe myself to the bind-user mailing list (using the address at the
> bottom of the bind docs README file, but I saw this in the log: 
> 
> Dec 15 17:51:15 bullet sm-mta[29432]: jBFNpCvf029430:
> to=<bind-users-request@isc.org>, ctladdr=<michael@espersunited.com>
> (1000/100), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120297,
> relay=mx.sth1.isc.org. [192.228.89.21], dsn=4.2.0, stat=Deferred: 450
> <bind-users-request@isc.org>: Recipient address rejected: Greylisted for
> 180 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)
> 


You're not even running your own public DNS! Not according to the root 
name servers anyway..

http://www.dnsreport.com/tools/dnsreport.ch?domain=espersunited.com

Your NS records at the parent servers are:

yns1.yahoo.com. [66.218.71.205] [TTL=172800] [US]
yns2.yahoo.com. [216.109.116.20] [TTL=172800] [US]

[These were obtained from m.gtld-servers.net]

So, yeah, that's going to be a big problem right there. :-)

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Need help correcting my DNS configuration

[Michael Sullivan]

On Fri, 2005-12-16 at 08:19 -0800, Jonathan Nichols wrote:
> Michael Sullivan wrote:
> > I need help setting up my network's DNS configuration.  I tried to
> > subscribe myself to the bind-user mailing list (using the address at the
> > bottom of the bind docs README file, but I saw this in the log: 
> > 
> > Dec 15 17:51:15 bullet sm-mta[29432]: jBFNpCvf029430:
> > to=<bind-users-request@isc.org>, ctladdr=<michael@espersunited.com>
> > (1000/100), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120297,
> > relay=mx.sth1.isc.org. [192.228.89.21], dsn=4.2.0, stat=Deferred: 450
> > <bind-users-request@isc.org>: Recipient address rejected: Greylisted for
> > 180 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)
> > 
> 
> 
> You're not even running your own public DNS! Not according to the root 
> name servers anyway..
> 
> http://www.dnsreport.com/tools/dnsreport.ch?domain=espersunited.com
> 
> Your NS records at the parent servers are:
> 
> yns1.yahoo.com. [66.218.71.205] [TTL=172800] [US]
> yns2.yahoo.com. [216.109.116.20] [TTL=172800] [US]
> 
> [These were obtained from m.gtld-servers.net]
> 
> So, yeah, that's going to be a big problem right there. :-)
> 

It's a local setup.  I don't even know if my ISP will allow me to run a
public DNS server.  My last ISP didn't.  This is purely
intra-espersunited.com so that when the cable Internet goes out (which
it frequently does) my applications which require knowing what host
they're running on.  They don't seem to be smart enough to look
at /etc/hosts.  Some people on one of my Linux lists suggested that if I
set up DNS for my network that shouldn't be a problem anymore...

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Need help correcting my DNS configuration

[Jonathan Nichols]

> It's a local setup.  I don't even know if my ISP will allow me to run a
> public DNS server.  My last ISP didn't.  This is purely
> intra-espersunited.com so that when the cable Internet goes out (which
> it frequently does) my applications which require knowing what host
> they're running on.  They don't seem to be smart enough to look
> at /etc/hosts.  Some people on one of my Linux lists suggested that if I
> set up DNS for my network that shouldn't be a problem anymore...
> 

Ah, ok. Yeah, split-horizon DNS does work quite well.. just a bit more 
to update.
I lost your original post, or I'd be more useful. Hrm, did you remember 
to make your local DNS server the authoritative DNS server for the 
domain? (in named.conf)


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - Need help correcting my DNS configuration

[Michael Kjorling]

[-- Attachment #1: Type: text/plain, Size: 658 bytes --]

On 2005-12-16 10:31 -0600, michael@espersunited.com wrote:
> it frequently does) my applications which require knowing what host
> they're running on.  They don't seem to be smart enough to look
> at /etc/hosts.  Some people on one of my Linux lists suggested that

Did you check to make sure /etc/nsswitch.conf is correctly set up for
files-based name resolution, and that you have *all* of the necessary
entries in /etc/hosts?
 
-- 
Michael Kjörling, michael@kjorling.com - http://michael.kjorling.com/
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* ..... No bird soars too high if he soars with his own wings ..... *

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]