CentOS - Mar 2013 - BIND Setup Issue

Dear All
I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in that
machine. It is having a static global IP. I have done lot of reading ,
google search and tried all possible option, but still not able to resolve
the issue.

My named.conf looks as below.

*
*
*
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 10.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        query-source address * port 53;
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};zone "netcloudjobs.com" {
        type master;
        file "netcloudjobs.com.fwd";
        allow-update { none; };
};

zone "189.201.173.in-addr.arpa"  {
        type master;
        file "netcloudjobs.com.rev";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
*
Next my forward zone file looks as below
*
$TTL 86400
@       IN      SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
        2021071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

@       IN      NS      ns1.netcloudjobs.com.
@       IN      NS      ns2.netcloudjobs.com.

ns1     IN      A       173.201.189.43
ns2     IN      A       173.201.189.43
*
And my reverse zone file looks as


*$TTL 86400
@  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
        2021071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

@       IN      NS      ns1.netcloudjobs.com.
@       IN      NS      ns2.netcloudjobs.com.
ns1     IN  A   173.201.189.43
ns2     IN  A   173.201.189.43
43      IN      PTR     ns1.netcloudjobs.com.
44      IN      PTR     ns2.netcloudjobs.com.
*
I hope I am doing something wrong with configuration. I have done this
since more than 60 hours. Still I am not able to resolve
ns1.netcloudjobs.com.

Can somebody help here.

Best Regards
Austin

On Sun, 2013-03-10 at 17:27 +0530, Austin Einter wrote:
> Dear All
> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in that
> machine. It is having a static global IP. I have done lot of reading ,
> google search and tried all possible option, but still not able to resolve
> the issue.
> 
> My named.conf looks as below.
> 
> *
> *
> *
> // named.conf
> //
> // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
> // server as a caching only nameserver (as a localhost DNS resolver only).
> //
> // See /usr/share/doc/bind*/sample/ for example named configuration files.
> //
> 
> options {
>         listen-on port 53 { 127.0.0.1; 10.0.0.1; };
>         listen-on-v6 port 53 { ::1; };
>         directory       "/var/named";
>         dump-file       "/var/named/data/cache_dump.db";
>         query-source address * port 53;
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };
>         recursion yes;
>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside auto;
> 
>         /* Path to ISC DLV key */
>         bindkeys-file "/etc/named.iscdlv.key";
> 
>         managed-keys-directory "/var/named/dynamic";
> };
> 
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
> 
> zone "." IN {
>         type hint;
>         file "named.ca";
> };zone "netcloudjobs.com" {
>         type master;
>         file "netcloudjobs.com.fwd";
>         allow-update { none; };
> };
> 
> zone "189.201.173.in-addr.arpa"  {
>         type master;
>         file "netcloudjobs.com.rev";
>         allow-update { none; };
> };
> 
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> *
> Next my forward zone file looks as below
> *
> $TTL 86400
> @       IN      SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>         2021071001  ;Serial
>         3600        ;Refresh
>         1800        ;Retry
>         604800      ;Expire
>         86400       ;Minimum TTL
> )
> 
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> 
> ns1     IN      A       173.201.189.43
> ns2     IN      A       173.201.189.43
> *
> And my reverse zone file looks as
> 
> 
> *$TTL 86400
> @  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>         2021071001  ;Serial
>         3600        ;Refresh
>         1800        ;Retry
>         604800      ;Expire
>         86400       ;Minimum TTL
> )
> 
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> ns1     IN  A   173.201.189.43
> ns2     IN  A   173.201.189.43
> 43      IN      PTR     ns1.netcloudjobs.com.
> 44      IN      PTR     ns2.netcloudjobs.com.
> *
> I hope I am doing something wrong with configuration. I have done this
> since more than 60 hours. Still I am not able to resolve
> ns1.netcloudjobs.com.
> 
> Can somebody help here.
> 
> Best Regards
> Austin
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Austin,

What is the DNS server that you are pointing to in /etc/resolv.conf
-- 


Kind Regards
Earl Ramirez
GPG Key: http://trinipino.com/PublicKey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130310/981d1c31/attachment-0002.sig>

Dear All
My resolv.conf looks as below

search netcloudjobs.com
nameserver 10.0.0.1
nameserver 8.8.8.8
nameserver 127.0.0.1

I do not have any error logs.

I just did one modification in named.conf.

*allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };

*
*Line I modified to

*
*allow-query     { any; };*


With this change, now I am able to ping to ns1.netcloudjobs.com . Problem
is 50% resolved.

Kindly guide me if allow-query any is right thing to do or not.

Next, how do I make sure www.netcloudjobs.com should resolve to my IP.

In my BIND server the, the command "dig www.netcloudjobs.com" gives
below
output.

[root at ip-173-201-189-43 named]#
[root at ip-173-201-189-43 named]#
[root at ip-173-201-189-43 named]# dig www.netcloudjobs.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 <<>>
www.netcloudjobs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16461
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.netcloudjobs.com.          IN      A

;; ANSWER SECTION:
www.netcloudjobs.com.   86400   IN      A       173.201.189.43

;; AUTHORITY SECTION:
netcloudjobs.com.       86400   IN      NS      ns2.netcloudjobs.com.
netcloudjobs.com.       86400   IN      NS      ns1.netcloudjobs.com.

;; ADDITIONAL SECTION:
ns1.netcloudjobs.com.   86400   IN      A       173.201.189.43
ns2.netcloudjobs.com.   86400   IN      A       173.201.189.43

;; Query time: 0 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Sun Mar 10 06:04:00 2013
;; MSG SIZE  rcvd: 122

[root at ip-173-201-189-43 named]#

Can I assume that my configuration is proper? As just now I am able to ping
ns1.netcloudjobs.com from remote machines, so pinging to
www.netcloudjobs.com will take some more time.

Please guide me...

Austin




On Sun, Mar 10, 2013 at 5:36 PM, Reindl Harald <h.reindl at
thelounge.net>wrote:
>
>
> Am 10.03.2013 12:57, schrieb Austin Einter:
>
> first why do you not post you error-messages
> inputs, outputs or whatever instead only your config?
>
>
> > And my reverse zone file looks as
> >
> > *$TTL 86400
> > @  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
> >         2021071001  ;Serial
> >         3600        ;Refresh
> >         1800        ;Retry
> >         604800      ;Expire
> >         86400       ;Minimum TTL
> > )
> >
> > @       IN      NS      ns1.netcloudjobs.com.
> > @       IN      NS      ns2.netcloudjobs.com.
> > ns1     IN  A   173.201.189.43
> > ns2     IN  A   173.201.189.43
> > 43      IN      PTR     ns1.netcloudjobs.com.
> > 44      IN      PTR     ns2.netcloudjobs.com.
>
> why does you PTR-file contain A-records?
>
>

On 03/10/2013 07:57 AM, Austin Einter wrote:
> Dear All
> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in that
> machine. It is having a static global IP. I have done lot of reading ,
> google search and tried all possible option, but still not able to resolve
> the issue.
>
> My named.conf looks as below.
>
> *
> *
> *
> // named.conf
> //
> // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
> // server as a caching only nameserver (as a localhost DNS resolver only).
> //
> // See /usr/share/doc/bind*/sample/ for example named configuration files.
> //
>
> options {
>          listen-on port 53 { 127.0.0.1; 10.0.0.1; };
>          listen-on-v6 port 53 { ::1; };
>          directory       "/var/named";
>          dump-file       "/var/named/data/cache_dump.db";
>          query-source address * port 53;
>          statistics-file "/var/named/data/named_stats.txt";
>          memstatistics-file
"/var/named/data/named_mem_stats.txt";
>          allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };
>          recursion yes;
>          dnssec-enable yes;
>          dnssec-validation yes;
>          dnssec-lookaside auto;
>
>          /* Path to ISC DLV key */
>          bindkeys-file "/etc/named.iscdlv.key";
>
>          managed-keys-directory "/var/named/dynamic";
> };
>
> logging {
>          channel default_debug {
>                  file "data/named.run";
>                  severity dynamic;
>          };
> };
>
> zone "." IN {
>          type hint;
>          file "named.ca";
> };zone "netcloudjobs.com" {
>          type master;
>          file "netcloudjobs.com.fwd";
>          allow-update { none; };
> };
Who is your registrar for netcloudjobs.com and have they listed your two 
servers and their IP addresses?
> zone "189.201.173.in-addr.arpa"  {
>          type master;
>          file "netcloudjobs.com.rev";
>          allow-update { none; };
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> *
> Next my forward zone file looks as below
> *
> $TTL 86400
> @       IN      SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>          2021071001  ;Serial
>          3600        ;Refresh
>          1800        ;Retry
>          604800      ;Expire
>          86400       ;Minimum TTL
> )
>
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
>
> ns1     IN      A       173.201.189.43
> ns2     IN      A       173.201.189.43
.44?
> *
> And my reverse zone file looks as
>
>
> *$TTL 86400
> @  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>          2021071001  ;Serial
>          3600        ;Refresh
>          1800        ;Retry
>          604800      ;Expire
>          86400       ;Minimum TTL
> )
>
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> ns1     IN  A   173.201.189.43
> ns2     IN  A   173.201.189.43
.44?
> 43      IN      PTR     ns1.netcloudjobs.com.
> 44      IN      PTR     ns2.netcloudjobs.com.
> *
> I hope I am doing something wrong with configuration. I have done this
> since more than 60 hours. Still I am not able to resolve
> ns1.netcloudjobs.com.

My registrar is Godad.com, looks they have registered nameservers
ns1.netcloudjobs.com and ns2.netcloudjobs.com
Now I am able to resolve to ns1.netcloudjobs.com
I have only 1 IP address that x.x.x.43 , so I can not use x.x.x.44
>From my dedicated server, if I ping to www.netcloudjobs.com , it says
*[root at ip-173-201-189-43 named]# ping www.netcloudjobs.com
PING www.netcloudjobs.com (173.201.189.43) 56(84) bytes of data.
^C
--- www.netcloudjobs.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2217ms*

But if ping to netcloudjobs.com, it says

[root at ip-173-201-189-43 named]#

*[root at ip-173-201-189-43 named]# ping netcloudjobs.com
ping: unknown host netcloudjobs.com
[root at ip-173-201-189-43 named]#
*
My corresponding zone file looks as below
*
*
*[root at ip-173-201-189-43 named]# vi netcloudjobs.com.fwd
$TTL 86400
@       IN      SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
        2041071002  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

@       IN      NS      ns1.netcloudjobs.com.
@       IN      NS      ns2.netcloudjobs.com.
@       IN      MX   0  mail.netcloudjobs.com.

ns1     IN      A       173.201.189.43
ns2     IN      A       173.201.189.43
www     IN      A       173.201.189.43
mail    IN      A       173.201.189.43
~
*
 Can somebody kindly tell me what I need to do so that, from my dedicated
server I can ping to netcloudjobs.com

Best regards
Austin





On Sun, Mar 10, 2013 at 6:47 PM, Robert Moskowitz <rgm at
htt-consult.com>wrote:
>
> On 03/10/2013 07:57 AM, Austin Einter wrote:
>
>> Dear All
>> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in
that
>> machine. It is having a static global IP. I have done lot of reading ,
>> google search and tried all possible option, but still not able to
resolve
>> the issue.
>>
>> My named.conf looks as below.
>>
>> *
>> *
>>
>> *
>> // named.conf
>> //
>> // Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
>> // server as a caching only nameserver (as a localhost DNS resolver
only).
>> //
>> // See /usr/share/doc/bind*/sample/ for example named configuration
files.
>> //
>>
>> options {
>>          listen-on port 53 { 127.0.0.1; 10.0.0.1; };
>>          listen-on-v6 port 53 { ::1; };
>>          directory       "/var/named";
>>          dump-file       "/var/named/data/cache_dump.**db";
>>          query-source address * port 53;
>>          statistics-file "/var/named/data/named_stats.**txt";
>>          memstatistics-file
"/var/named/data/named_mem_**stats.txt";
>>          allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };
>>          recursion yes;
>>          dnssec-enable yes;
>>          dnssec-validation yes;
>>          dnssec-lookaside auto;
>>
>>          /* Path to ISC DLV key */
>>          bindkeys-file "/etc/named.iscdlv.key";
>>
>>          managed-keys-directory "/var/named/dynamic";
>> };
>>
>> logging {
>>          channel default_debug {
>>                  file "data/named.run";
>>                  severity dynamic;
>>          };
>> };
>>
>> zone "." IN {
>>          type hint;
>>          file "named.ca";
>> };zone "netcloudjobs.com" {
>>          type master;
>>          file "netcloudjobs.com.fwd";
>>          allow-update { none; };
>> };
>>
>
> Who is your registrar for netcloudjobs.com and have they listed your two
> servers and their IP addresses?
>
>
>  zone "189.201.173.in-addr.arpa"  {
>>          type master;
>>          file "netcloudjobs.com.rev";
>>          allow-update { none; };
>> };
>>
>> include "/etc/named.rfc1912.zones";
>> include "/etc/named.root.key";
>> *
>> Next my forward zone file looks as below
>> *
>> $TTL 86400
>> @       IN      SOA     ns1.netcloudjobs.com.    
root.netcloudjobs.com.
>> (
>>          2021071001  ;Serial
>>          3600        ;Refresh
>>          1800        ;Retry
>>          604800      ;Expire
>>          86400       ;Minimum TTL
>> )
>>
>> @       IN      NS      ns1.netcloudjobs.com.
>> @       IN      NS      ns2.netcloudjobs.com.
>>
>> ns1     IN      A       173.201.189.43
>> ns2     IN      A       173.201.189.43
>>
>
> .44?
>
>  *
>> And my reverse zone file looks as
>>
>>
>> *$TTL 86400
>>
>> @  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>>          2021071001  ;Serial
>>          3600        ;Refresh
>>          1800        ;Retry
>>          604800      ;Expire
>>          86400       ;Minimum TTL
>> )
>>
>> @       IN      NS      ns1.netcloudjobs.com.
>> @       IN      NS      ns2.netcloudjobs.com.
>> ns1     IN  A   173.201.189.43
>> ns2     IN  A   173.201.189.43
>>
>
> .44?
>
>
>  43      IN      PTR     ns1.netcloudjobs.com.
>> 44      IN      PTR     ns2.netcloudjobs.com.
>> *
>> I hope I am doing something wrong with configuration. I have done this
>> since more than 60 hours. Still I am not able to resolve
>> ns1.netcloudjobs.com.
>>
>
>
>

Hi Austin, 

since your A record is fine and can be resolved, the issue is obviously not BIND
related but lies somewhere in your network/firewall configuration.

The last address that is visible in the tracereoute output from here is 
> 15  ip-208-109-113-174.ip.secureserver.net (208.109.113.174)  163.811 ms 
163.984 ms  164.166 ms
so the issue must be somewhere between 208.109.113.174 and 173.201.189.43.
Another IP (probably another customer of GoDaddy) in your /24 range is directly
connected to 208.109.113.174 which makes it likely to be your next hop as well:
> 15  ip-208-109-113-174.ip.secureserver.net (208.109.113.174)  178.314 ms 
165.344 ms  165.293 ms
> 16  ip-173-201-189-1.ip.secureserver.net (173.201.189.1)  164.007 ms 
163.767 ms  163.820 ms

So probably the issue is in your router setup (packet filters and/or NAT, if
applicable) or in the configuration of your own machine (iptables?).

Regards, 

  Peter.

Put this in a zone file:
netcloudjob.com. IN A 173.201.189.43

Just after a MX line
10 mar 2013 14:51, "Austin Einter" <austin.einter at gmail.com>
napisa?(a):
> My registrar is Godad.com, looks they have registered nameservers
> ns1.netcloudjobs.com and ns2.netcloudjobs.com
> Now I am able to resolve to ns1.netcloudjobs.com
> I have only 1 IP address that x.x.x.43 , so I can not use x.x.x.44
>
> >From my dedicated server, if I ping to www.netcloudjobs.com , it says
>
> *[root at ip-173-201-189-43 named]# ping www.netcloudjobs.com
> PING www.netcloudjobs.com (173.201.189.43) 56(84) bytes of data.
> ^C
> --- www.netcloudjobs.com ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 2217ms*
>
> But if ping to netcloudjobs.com, it says
>
> [root at ip-173-201-189-43 named]#
>
> *[root at ip-173-201-189-43 named]# ping netcloudjobs.com
> ping: unknown host netcloudjobs.com
> [root at ip-173-201-189-43 named]#
> *
> My corresponding zone file looks as below
> *
> *
> *[root at ip-173-201-189-43 named]# vi netcloudjobs.com.fwd
> $TTL 86400
> @       IN      SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com. (
>         2041071002  ;Serial
>         3600        ;Refresh
>         1800        ;Retry
>         604800      ;Expire
>         86400       ;Minimum TTL
> )
>
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> @       IN      MX   0  mail.netcloudjobs.com.
>
> ns1     IN      A       173.201.189.43
> ns2     IN      A       173.201.189.43
> www     IN      A       173.201.189.43
> mail    IN      A       173.201.189.43
> ~
> *
>  Can somebody kindly tell me what I need to do so that, from my dedicated
> server I can ping to netcloudjobs.com
>
> Best regards
> Austin
>
>
>
>
>
> On Sun, Mar 10, 2013 at 6:47 PM, Robert Moskowitz <rgm at
htt-consult.com
> >wrote:
>
> >
> > On 03/10/2013 07:57 AM, Austin Einter wrote:
> >
> >> Dear All
> >> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup
in that
> >> machine. It is having a static global IP. I have done lot of
reading ,
> >> google search and tried all possible option, but still not able to
> resolve
> >> the issue.
> >>
> >> My named.conf looks as below.
> >>
> >> *
> >> *
> >>
> >> *
> >> // named.conf
> >> //
> >> // Provided by Red Hat bind package to configure the ISC BIND
named(8)
> DNS
> >> // server as a caching only nameserver (as a localhost DNS
resolver
> only).
> >> //
> >> // See /usr/share/doc/bind*/sample/ for example named
configuration
> files.
> >> //
> >>
> >> options {
> >>          listen-on port 53 { 127.0.0.1; 10.0.0.1; };
> >>          listen-on-v6 port 53 { ::1; };
> >>          directory       "/var/named";
> >>          dump-file      
"/var/named/data/cache_dump.**db";
> >>          query-source address * port 53;
> >>          statistics-file
"/var/named/data/named_stats.**txt";
> >>          memstatistics-file
"/var/named/data/named_mem_**stats.txt";
> >>          allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24;
};
> >>          recursion yes;
> >>          dnssec-enable yes;
> >>          dnssec-validation yes;
> >>          dnssec-lookaside auto;
> >>
> >>          /* Path to ISC DLV key */
> >>          bindkeys-file "/etc/named.iscdlv.key";
> >>
> >>          managed-keys-directory "/var/named/dynamic";
> >> };
> >>
> >> logging {
> >>          channel default_debug {
> >>                  file "data/named.run";
> >>                  severity dynamic;
> >>          };
> >> };
> >>
> >> zone "." IN {
> >>          type hint;
> >>          file "named.ca";
> >> };zone "netcloudjobs.com" {
> >>          type master;
> >>          file "netcloudjobs.com.fwd";
> >>          allow-update { none; };
> >> };
> >>
> >
> > Who is your registrar for netcloudjobs.com and have they listed your
two
> > servers and their IP addresses?
> >
> >
> >  zone "189.201.173.in-addr.arpa"  {
> >>          type master;
> >>          file "netcloudjobs.com.rev";
> >>          allow-update { none; };
> >> };
> >>
> >> include "/etc/named.rfc1912.zones";
> >> include "/etc/named.root.key";
> >> *
> >> Next my forward zone file looks as below
> >> *
> >> $TTL 86400
> >> @       IN      SOA     ns1.netcloudjobs.com.    
root.netcloudjobs.com
> .
> >> (
> >>          2021071001  ;Serial
> >>          3600        ;Refresh
> >>          1800        ;Retry
> >>          604800      ;Expire
> >>          86400       ;Minimum TTL
> >> )
> >>
> >> @       IN      NS      ns1.netcloudjobs.com.
> >> @       IN      NS      ns2.netcloudjobs.com.
> >>
> >> ns1     IN      A       173.201.189.43
> >> ns2     IN      A       173.201.189.43
> >>
> >
> > .44?
> >
> >  *
> >> And my reverse zone file looks as
> >>
> >>
> >> *$TTL 86400
> >>
> >> @  IN     SOA     ns1.netcloudjobs.com.     root.netcloudjobs.com.
(
> >>          2021071001  ;Serial
> >>          3600        ;Refresh
> >>          1800        ;Retry
> >>          604800      ;Expire
> >>          86400       ;Minimum TTL
> >> )
> >>
> >> @       IN      NS      ns1.netcloudjobs.com.
> >> @       IN      NS      ns2.netcloudjobs.com.
> >> ns1     IN  A   173.201.189.43
> >> ns2     IN  A   173.201.189.43
> >>
> >
> > .44?
> >
> >
> >  43      IN      PTR     ns1.netcloudjobs.com.
> >> 44      IN      PTR     ns2.netcloudjobs.com.
> >> *
> >> I hope I am doing something wrong with configuration. I have done
this
> >> since more than 60 hours. Still I am not able to resolve
> >> ns1.netcloudjobs.com.
> >>
> >
> >
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

On 03/10/2013 10:19 AM, Peter Eckel wrote:
> Hi Austin,
>
> since your A record is fine and can be resolved, the issue is obviously not
BIND related but lies somewhere in your network/firewall configuration.
>
> The last address that is visible in the tracereoute output from here is
>
>> 15  ip-208-109-113-174.ip.secureserver.net (208.109.113.174)  163.811
ms  163.984 ms  164.166 ms
> so the issue must be somewhere between 208.109.113.174 and 173.201.189.43.
Another IP (probably another customer of GoDaddy) in your /24 range is directly
connected to 208.109.113.174 which makes it likely to be your next hop as well:
>
>> 15  ip-208-109-113-174.ip.secureserver.net (208.109.113.174)  178.314
ms  165.344 ms  165.293 ms
>> 16  ip-173-201-189-1.ip.secureserver.net (173.201.189.1)  164.007 ms 
163.767 ms  163.820 ms
>
> So probably the issue is in your router setup (packet filters and/or NAT,
if applicable) or in the configuration of your own machine (iptables?).
And along with this, you have DNSSEC enabled, so your firewall and 
router have to support EDNS.  I am fighting that for my domain right now....

Am 10.03.2013 12:57, schrieb Austin Einter:
> I have a CentOS 6.3 machine. I am trying to setup DNS BIND setup in that
> machine. It is having a static global IP. I have done lot of reading ,
> google search and tried all possible option, but still not able to resolve
> the issue.
After reading the entire thread I am still not sure what your actual
issue is. I can only guess some name resolution is not working as expected.

Please state:
- From which machine are you trying to resolve?
- Which name are you trying to resolve?
- Which result are you expecting?
- Which result do you get?

In the meantime, a few comments on your config.
> options {
>         listen-on port 53 { 127.0.0.1; 10.0.0.1; };
That doesn't look right. You said your machine has a public IP address
but you make it listen on a private IP address and localhost only.
>         listen-on-v6 port 53 { ::1; };
That doesn't look right either. If your machine does IPv6, why have it
listen only on localhost? If it doesn't, why have it listen on IPv6 at all?
>         allow-query     { localhost; 10.0.0.1/24; 10.0.0.254/24; };
This doesn't look right at all. Neither 10.0.0.1 nor 10.0.0.254 are
compatible with a /24 netmask.
>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside auto;
I don't think it's a good idea to activate DNSSEC before you have the
basics running.
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> 
> ns1     IN      A       173.201.189.43
> ns2     IN      A       173.201.189.43
It's very strange to declare two nameservers with the same address. Why
put in ns2 in the first place if it's actually the same machine as ns1?
That doesn't make sense.
> And my reverse zone file looks as
> @       IN      NS      ns1.netcloudjobs.com.
> @       IN      NS      ns2.netcloudjobs.com.
> ns1     IN  A   173.201.189.43
> ns2     IN  A   173.201.189.43
These entries are wrong here.
Simple explanation: A RRs belong in the forward zone, not the reverse zone.
Complex explanation: The RRs you actually create by this look like this:

ns1.189.201.173.in-addr.arpa. IN A 173.201.189.43
ns2.189.201.173.in-addr.arpa. IN A 173.201.189.43
> 43      IN      PTR     ns1.netcloudjobs.com.
> 44      IN      PTR     ns2.netcloudjobs.com.
You have a forward/reverse mismatch here. Your reverse zone resolves
173.201.189.44 to ns2.netcloudjobs.com but your forward zone resolves
that to 173.201.189.43 instead of 173.201.189.44.
> I hope I am doing something wrong with configuration. I have done this
> since more than 60 hours. Still I am not able to resolve
> ns1.netcloudjobs.com.
I am:

[ts at dns01 ~]$ host ns1.netcloudjobs.com
ns1.netcloudjobs.com has address 173.201.189.43
[ts at dns01 ~]$

Looks fine to me. So again, please state from where you are trying the
resolution, which result you expect and which result you get.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130311/e088f0b7/attachment-0002.sig>