I should have added that this is ML 2008.0.

Frank

On Tue, 04 Mar 2008 02:49:48 GMT, Frank Dreyfus wrote:
> Hi,
>
> I'm using bind to provide dns services to the LAN. However, not all
> hosts in my domain are inside the LAN.
>
> For example, webmail.mydomain.com is being handled by an outside service.
>
> The problem is I can't reach those hosts from the LAN because, I assume,
> bind/named doesn't look outside for any dns requests for my domain.
>
> How can I tell bind to look outside for some hosts.

Uncomment and add a DNS server(s) in forwarders line of
/var/lib/named/etc/named.conf, then
service named restart

and test again.

Bit Twister wrote in
news:slrnfspf1b.913.BitTwister@wm81.home.test:

> Uncomment and add a DNS server(s) in forwarders line of
> /var/lib/named/etc/named.conf, then
> service named restart
>

Hi Bit,

OK, Did that. Here's what I see from service named restart:

Stopping named: rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.
[FAILED]
named: already running


As to the four points,
1. I'm using ML 2008.0 so everything should be up to date
2. Not autorized? Don't know what that means.
3. Clock seems to be fine. I'm running ntpd.
4. Don't know what this means either.

Then it says named is already running but mcc/services says it's
stopped???

So I don't know which end is up.

Thanks for your help,

Frank

Bit Twister wrote in
news:slrnfspf1b.913.BitTwister@wm81.home.test:

> Uncomment and add a DNS server(s) in forwarders line of
> /var/lib/named/etc/named.conf,

Hi Bit,

I should add I used the two ip's for OpenDNS

forwarders { 208.67.222.222; 208.67.220.220; };

That has not helped. The original issue remains.

Maybe because of the problems cited in my prior post?

Thanks,


Frank

On Tue, 04 Mar 2008 13:15:55 GMT, Frank Dreyfus wrote:
> Bit Twister wrote in
> news:slrnfspf1b.913.BitTwister@wm81.home.test:
>
>> Uncomment and add a DNS server(s) in forwarders line of
>> /var/lib/named/etc/named.conf,
>
> Hi Bit,
>
> I should add I used the two ip's for OpenDNS
>
> forwarders { 208.67.222.222; 208.67.220.220; };

Ok, same as me

# grep forwarders /var/lib/named/etc/named.conf
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
forwarders { 208.67.222.222; 208.67.220.220; };


> That has not helped. The original issue remains.
>
> Maybe because of the problems cited in my prior post?

I think so also.

On Tue, 04 Mar 2008 13:05:17 GMT, Frank Dreyfus wrote:
> Bit Twister wrote in
> news:slrnfspf1b.913.BitTwister@wm81.home.test:
>
>> Uncomment and add a DNS server(s) in forwarders line of
>> /var/lib/named/etc/named.conf, then
>> service named restart
>>
>
> Hi Bit,
>
> OK, Did that. Here's what I see from service named restart:
>
> Stopping named: rndc: connection to remote host closed
> This may indicate that
> * the remote server is using an older version of the command protocol,
> * this host is not authorized to connect,
> * the clocks are not syncronized, or
> * the key is invalid.
> [FAILED]
> named: already running
>
>
> As to the four points,
> 1. I'm using ML 2008.0 so everything should be up to date

So was I as of yesterday. I will have to shut down 2008.1 RC1 and boot
2008.0 Official to see if it gets dinked up.

Using http://groups.google.com/advanced_group_search (hint, hint, hint,...)
with "rndc: connection to remote host closed" in the first box gave a hint of

"You probably didn't update rndc when you installed the 9.2.3 version
of named. Or else you have an older version of rndc somewhere earlier
in your search path."

So, I suggest checking your /etc/ named links and rndc contents. Example:

cd /etc
ls -al | grep named
lrwxrwxrwx 1 root root named.conf -> ../var/lib/named/etc/named.conf
lrwxrwxrwx 1 root root rndc.conf -> ../var/lib/named/etc/rndc.conf
lrwxrwxrwx 1 root root rndc.key -> ../var/lib/named/etc/rndc.key

Date/Time stamp will depend on your install date and I snipped them
so results do not wrap.

# cat /var/lib/named/etc/rndc.conf
// $Id: rndc.conf 80849 2007-09-06 11:56:48Z oden $
// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/rndc.conf $

key mykey {
algorithm hmac-md5;
secret "zxc_TOP_SECRET_SNIP_HERE_6GDbii";
};

options {
default-key mykey;
default-server 127.0.0.1;
default-port 953;
};

# cat rndc.key
// $Id: rndc.key 80849 2007-09-06 11:56:48Z oden $
// $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/rndc.key $

key mykey {
algorithm hmac-md5;
secret "zxc_TOP_SECRET_SNIP_HERE_ALSO_h6GDbii";
};


> 2. Not autorized? Don't know what that means.

result of rndc.key check failure.

> 3. Clock seems to be fine. I'm running ntpd.
> 4. Don't know what this means either.
>
> Then it says named is already running

Guessing, rndc.key problem probably prevented shutdown on restart so it was
still running.

> but mcc/services says it's stopped???

Odd, maybe lock file gone but named is running. Since I am a newbie at
this, no telling where to look if your rndc links/files are correct.


> So I don't know which end is up.

Well, if someone does not jump in with some help, you may want to
post over in comp.protocols.dns.bind
if checking posts from google search turn up nothing that works for you.

Do give bind version, and show rndc links/files. Do hide "secret" values
but indicate that they match, when you post.
Would be nice if you come back and post your solution and add
something like SOLUTION or SOLVED to subject.