Need advice on DNS

Fri Nov 7 19:17:45 UTC 2003

In article <bogpno$217m$1 at sf1.isc.org>,
Darren Poh <darpohsh at hotmail.com> wrote:
>I have registered for a domain. Let take it to be 'mydomain.com'. The

Please tell us the real domain.  Your description of what you've done is
not complete, and we can't tell exactly what's going wrong without seeing
the true registration.

>registrar do not help me to host my new domain. I use the DNS service
>by DNS-Made-Easy whereby I indicated 2 'A' records.
>
>mydomain.com. with the address 111.222.333.444
>ns0 with the same address

What nameservers did you list when you registered the domain?  Just
DNS-Made-Easy's servers, or their servers and your dedicated server?

Are DNS-Made-Easy's servers configured as master or slave for your domain?
If they're slaves, you need to allow their addresses in your
"allow-transfer" statements.

>I want to run my own DNS (BIND 9 on Redhat 7.3) on my dedicated
>server. Below is the content of my 'named.conf' file, follow by
>content of the file 'db.mydomain.com'
>
>*********************
>
>// Authorized source addresses
>acl "trusted" {
>        localhost;
>        111.222.333.444;
>};
>
>// Known fake source addresses shouldn't be replied to
>acl "bogon" {
>        0.0.0.0/8;
>        1.0.0.0/8;
>        2.0.0.0/8;
>        192.0.2.0/24;
>        224.0.0.0/3;
>        169.254.0.0/16;
>        // Enterprise networks may or may not be bogus
>        10.0.0.0/8;
>        172.16.0.0/12;
>        192.168.0.0/16;
>};
>
>options {
>        directory "/var/named";
>        query-source address * port 953;
>        allow-transfer { none; };
>        allow-query { trusted; };
>        allow-recursion { trusted; };
>        blackhole { bogon; };
>        version "OpenNA Linux";
>};
>
>logging {
>        category lame-servers { null; };
>};
>
>controls {
>        inet 127.0.0.1 allow { localhost; } keys { "mydomain.com"; };
>};
>
>zone "." IN {
>        type hint;
>        file "db.cache";
>};
>
>zone "mydomain.com" IN {
>        type master;
>        file "db.mydomain.com";
>        allow-update { none; };
>        notify no;
>};
>
>zone "0.0.127.in-addr.arpa" IN {
>        type master;
>        file "db.127.0.0";
>        allow-update { none; };
>        notify no;
>};
>
>zone "333.222.111.in-addr.arpa" IN {
>        type master;
>        file "db.111.222.333";
>        allow-update { none; };
>        notify no;
>};
>
>include "/etc/rndc.key";
>
>****************
>
>$TTL 10800
>@               IN    SOA ns0.mydomain.com. webmaster.mydomain.com. (
>                      2003110600    ; Serial No - yyyymmdd[0-9][0-9]
>                      10800         ; Refresh after 3 hrs
>                      3600          ; Retry after 1 hr
>                      604800        ; Expires after 1 wk
>                      10800         ; Negative caching TTL of 3 hrs
>                      )
>;
>; Name Server(s)
>;
>                IN NS      ns0.mydomain.com.
>                IN NS      ns0.dnsmadeeasy.com.
>                IN A       111.222.333.444
>                IN MX 10   mail.mydomain.com.
>;
>; Addresses for the canonical names
>;
>localhost       IN A       127.0.0.1
>ns0             IN A       111.222.333.444
>;
>; Aliases
>;
>www             IN CNAME   ns0
>mail            IN CNAME   ns0
>ftp             IN CNAME   ns0
>
>*************
>
>Remotely, I am able to ping to 'mydomain.com' and also
>'ns0.mydomain.com'. However, I am not able to ping to
>'www.mydomain.com'. It seems like the content in my DNS configuration
>is not been recognised by the 'outsie' world. I am not sure where went
>wrong. I hope someone can provide me with some advice.

The "allow-query { trusted; };" statement in your named.conf doesn't allow
the outside world to get information from your server.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.