Bind can't find external hosts... - Mandriva

This is a discussion on Bind can't find external hosts... - Mandriva ; Hi, I'm using bind to provide dns services to the LAN. However, not all hosts in my domain are inside the LAN. For example, webmail.mydomain.com is being handled by an outside service. The problem is I can't reach those hosts ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Bind can't find external hosts...

  1. Bind can't find external hosts...

    Hi,

    I'm using bind to provide dns services to the LAN. However, not all
    hosts in my domain are inside the LAN.

    For example, webmail.mydomain.com is being handled by an outside service.

    The problem is I can't reach those hosts from the LAN because, I assume,
    bind/named doesn't look outside for any dns requests for my domain.

    How can I tell bind to look outside for some hosts.

    Thanks,

    Frank



  2. Re: Bind can't find external hosts...

    I should have added that this is ML 2008.0.

    Frank


  3. Re: Bind can't find external hosts...

    On Tue, 04 Mar 2008 02:49:48 GMT, Frank Dreyfus wrote:
    > Hi,
    >
    > I'm using bind to provide dns services to the LAN. However, not all
    > hosts in my domain are inside the LAN.
    >
    > For example, webmail.mydomain.com is being handled by an outside service.
    >
    > The problem is I can't reach those hosts from the LAN because, I assume,
    > bind/named doesn't look outside for any dns requests for my domain.
    >
    > How can I tell bind to look outside for some hosts.


    Uncomment and add a DNS server(s) in forwarders line of
    /var/lib/named/etc/named.conf, then
    service named restart

    and test again.


  4. Re: Bind can't find external hosts...

    Bit Twister wrote in
    news:slrnfspf1b.913.BitTwister@wm81.home.test:

    > Uncomment and add a DNS server(s) in forwarders line of
    > /var/lib/named/etc/named.conf, then
    > service named restart
    >


    Hi Bit,

    OK, Did that. Here's what I see from service named restart:

    Stopping named: rndc: connection to remote host closed
    This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not syncronized, or
    * the key is invalid.
    [FAILED]
    named: already running


    As to the four points,
    1. I'm using ML 2008.0 so everything should be up to date
    2. Not autorized? Don't know what that means.
    3. Clock seems to be fine. I'm running ntpd.
    4. Don't know what this means either.

    Then it says named is already running but mcc/services says it's
    stopped???

    So I don't know which end is up.

    Thanks for your help,

    Frank

  5. Re: Bind can't find external hosts...

    Bit Twister wrote in
    news:slrnfspf1b.913.BitTwister@wm81.home.test:

    > Uncomment and add a DNS server(s) in forwarders line of
    > /var/lib/named/etc/named.conf,


    Hi Bit,

    I should add I used the two ip's for OpenDNS

    forwarders { 208.67.222.222; 208.67.220.220; };

    That has not helped. The original issue remains.

    Maybe because of the problems cited in my prior post?

    Thanks,


    Frank

  6. Re: Bind can't find external hosts...

    On Tue, 04 Mar 2008 13:15:55 GMT, Frank Dreyfus wrote:
    > Bit Twister wrote in
    > news:slrnfspf1b.913.BitTwister@wm81.home.test:
    >
    >> Uncomment and add a DNS server(s) in forwarders line of
    >> /var/lib/named/etc/named.conf,

    >
    > Hi Bit,
    >
    > I should add I used the two ip's for OpenDNS
    >
    > forwarders { 208.67.222.222; 208.67.220.220; };


    Ok, same as me

    # grep forwarders /var/lib/named/etc/named.conf
    // forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };
    forwarders { 208.67.222.222; 208.67.220.220; };


    > That has not helped. The original issue remains.
    >
    > Maybe because of the problems cited in my prior post?


    I think so also.

  7. Re: Bind can't find external hosts...

    On Tue, 04 Mar 2008 13:05:17 GMT, Frank Dreyfus wrote:
    > Bit Twister wrote in
    > news:slrnfspf1b.913.BitTwister@wm81.home.test:
    >
    >> Uncomment and add a DNS server(s) in forwarders line of
    >> /var/lib/named/etc/named.conf, then
    >> service named restart
    >>

    >
    > Hi Bit,
    >
    > OK, Did that. Here's what I see from service named restart:
    >
    > Stopping named: rndc: connection to remote host closed
    > This may indicate that
    > * the remote server is using an older version of the command protocol,
    > * this host is not authorized to connect,
    > * the clocks are not syncronized, or
    > * the key is invalid.
    > [FAILED]
    > named: already running
    >
    >
    > As to the four points,
    > 1. I'm using ML 2008.0 so everything should be up to date


    So was I as of yesterday. I will have to shut down 2008.1 RC1 and boot
    2008.0 Official to see if it gets dinked up.

    Using http://groups.google.com/advanced_group_search (hint, hint, hint,...)
    with "rndc: connection to remote host closed" in the first box gave a hint of

    "You probably didn't update rndc when you installed the 9.2.3 version
    of named. Or else you have an older version of rndc somewhere earlier
    in your search path."

    So, I suggest checking your /etc/ named links and rndc contents. Example:

    cd /etc
    ls -al | grep named
    lrwxrwxrwx 1 root root named.conf -> ../var/lib/named/etc/named.conf
    lrwxrwxrwx 1 root root rndc.conf -> ../var/lib/named/etc/rndc.conf
    lrwxrwxrwx 1 root root rndc.key -> ../var/lib/named/etc/rndc.key

    Date/Time stamp will depend on your install date and I snipped them
    so results do not wrap.

    # cat /var/lib/named/etc/rndc.conf
    // $Id: rndc.conf 80849 2007-09-06 11:56:48Z oden $
    // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/rndc.conf $

    key mykey {
    algorithm hmac-md5;
    secret "zxc_TOP_SECRET_SNIP_HERE_6GDbii";
    };

    options {
    default-key mykey;
    default-server 127.0.0.1;
    default-port 953;
    };

    # cat rndc.key
    // $Id: rndc.key 80849 2007-09-06 11:56:48Z oden $
    // $HeadURL: svn+ssh://svn.mandriva.com/svn/packages/cooker/bind/current/SOURCES/rndc.key $

    key mykey {
    algorithm hmac-md5;
    secret "zxc_TOP_SECRET_SNIP_HERE_ALSO_h6GDbii";
    };


    > 2. Not autorized? Don't know what that means.


    result of rndc.key check failure.

    > 3. Clock seems to be fine. I'm running ntpd.
    > 4. Don't know what this means either.
    >
    > Then it says named is already running


    Guessing, rndc.key problem probably prevented shutdown on restart so it was
    still running.

    > but mcc/services says it's stopped???


    Odd, maybe lock file gone but named is running. Since I am a newbie at
    this, no telling where to look if your rndc links/files are correct.


    > So I don't know which end is up.


    Well, if someone does not jump in with some help, you may want to
    post over in comp.protocols.dns.bind
    if checking posts from google search turn up nothing that works for you.

    Do give bind version, and show rndc links/files. Do hide "secret" values
    but indicate that they match, when you post.
    Would be nice if you come back and post your solution and add
    something like SOLUTION or SOLVED to subject.

+ Reply to Thread