|
Click to See Complete Forum and Search --> : DNS Name Resolution bsnlerd 10-16-2003, 11:41 PM We have installed DNS in the Redhat Linux 9.0 server. But DNS is not available for resolving name. when we try to restart named service, the following message appears. #service named restart stopping named : rndc : connect failed : connection refused Solutions for this problem are welcomed. Satanic Atheist 10-17-2003, 06:44 AM Are you root? Also, in the named.conf file, do you have "allow query" and the relevant subnet/mask pair to allow queries? James bwkaz 10-17-2003, 07:12 PM In order for rndc to be able to talk to named (your problem is that it can't), you have to already have set up a couple things. First, in rndc.conf (wherever RedHat puts that...), you need to set up a crypto key. Then, in named.conf, you have to tell named to use that same crypto key. These keys are PRIVATE keys that you should not reveal to anyone, and you should make SURE that no users have read permission on those files. My rndc.conf looks like: key "thekey" { algorithm hmac-md5; secret "<bunch of random alphanumeric characters here>=="; }; options { default-key "thekey"; default-server 127.0.0.1; default-port 953; }; The section of my named.conf that deals with this key looks like this: key "thekey" { algorithm hmac-md5; secret "<same bunch of random alphanumeric characters here>=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "thekey"; }; }; I was able to create rndc.conf by running rndc-confgen -b 512 -k \"thekey\" -p 953 -r /dev/i810_rng -s 127.0.0.1 >/etc/rndc.conf You will probably want to change /dev/i810_rng out for /dev/random, unless you have an Intel chipset and support for the hardware random-number generator included on those chipsets. This command creates an /etc/rndc.conf file. It has comments in it (near the end) showing what to copy into named.conf. Make sure you don't overwrite your current rndc.conf (try using >~/rndc.conf first, instead of >/etc/rndc.conf) bsnlerd 10-21-2003, 11:49 PM As such the error message for DNS could be eliminated, but still the DNS is not working. When 'dig' command is given it is not finding the Server. Suggestion may please be given to solve the problem. bwkaz 10-28-2003, 09:01 PM Post the command you're running, and the exact text of the error that you get. bsnlerd 11-10-2003, 07:37 AM We are able to get rid of the message 'rndc connect fail' message by your valuable guideliness and we have succesfully generated the files rndc.conf & named.conf. We convey our heartful thanks for your kind help. However we could not install DNS and make use of it. The details of respective files are furnished here under for your reference and valuable suggestions. Kindly bear with us for disturbing you. Thank You, Sub Divisional Engineer(Computer) BSNL, Erode, India ----------------------------------------------------------------------------------------------------------- The hostname is lsm The domain name is itcerd.com The FQDN is lsm.itcerd.com The IP address of the linux machine is 192.200.200.202 Only one linux machine is used for DNS, Mail, Web etc The output of 'service named status' is :- number of zones: 5 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running The result of dig command is:- # dig lsm.itcerd.com ; <<>> DiG 9.2.1 <<>> lsm.itcerd.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47374 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;lsm.itcerd.com. IN A ;; Query time: 0 msec ;; SERVER: 192.200.200.202#53(192.200.200.202) ;; WHEN: Mon Nov 10 15:44:01 2003 ;; MSG SIZE rcvd: 32 ----------------------------------------- # dig 192.200.200.202 ; <<>> DiG 9.2.1 <<>> 192.200.200.202 ;; global options: printcmd ;; connection timed out; no servers could be reached ------------------------------------------------ # ping xyz ping: unknown host xyz --------------------------------------------------- ----------------------------------------------------------------------------- /etc/hosts file contents:- 192.200.200.202 lsm.itcerd.com lsm 127.0.0.1 localhost.localdomain localhost 192.200.200.202 www.itcerd.com www 192.200.200.202 itcerd.com ---------------------------------------------------------------------------- /etc/host.conf file contents:- order hosts,bind -------------------------------------------------------------------------- # rndc.conf Code # Start of rndc.conf key "skey" { algorithm hmac-md5; secret "----------------------------------------------------------------"; }; options { default-key "skey"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf ----------------------------------------------------------------------------- # named.conf Code # Start of named.conf key "skey" { algorithm hmac-md5; secret "---------------------------------------------"; }; # controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "skey"; }; }; # zone "200.200.192.in-addr.arpa" { type master; file "200.200.192.in-addr.arpa.zone"; }; zone "localhost" { type master; file "localhost.zone"; }; zone "itcerd.com" { type master; file "itcerd.com.zone"; }; # # End of named.conf ---------------------------------------------------------------------------- Contents of file /var/named/200.200.192.in-addr.arpa.zone :- $TTL 86400 @ IN SOA lsm.itcerd.com. root.localhost ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttk ) @ IN NS 192.200.200.202. 202 IN PTR lsm.itcerd.com. ----------------------------------------------------------------------------- Contents of file /var/named/localhost.zone :- $TTL 86400 @ IN SOA @ root.localhost ( 1 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS localhost. @ IN A 127.0.0.1 ----------------------------------------------------------------------------- Contents of file /var/named/itcerd.com.zone :- $TTL 86400 @ IN SOA lsm.itcerd.com. root.itcerd.com. ( 2 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; ttl ) IN NS 192.200.200.202 xyz IN CNAME lsm ================================================== ============================= bathory 11-10-2003, 08:05 AM Do you have resolv.conf?. Look at /etc to find it. If you don't have it, just write one with the following lines: domain itcerd.com nameserver 127.0.0.1 nameserver 192.200.200.202 nameserver xxx.xxx.xxx.xxx (this one must be a DNS of your ISP) Satanic Atheist 11-10-2003, 12:37 PM I managed to allow rndc to connect by including "allow-update" from the loopback device and the local IP address of the machine. Before then, all I had was "connection refused". Strangely enough, enabling the loopback device for querying seems to stop the resolving working and it'll only function over the local IP. DNS is a weird cookie. James justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|