I have setup DNS with a domain such as test.com.

I can ping test.com from any machine that I have put the server dns entry on.

I can not print test.com from any machine that I have not put the server dns entry on.

I do not receive any errors when I do tail -f /var/log/messages.

Running Redhat 7.3 with Bind 9.2.1

I have restarted the named service, rndc and incremented the serial number.

What am I doing wrong? I belive that my tables are right since I do not get any errrors in the log and named runs fine. I done a dig and the dig give me all the information.

Also ns.test.com is registered with the domain, I can ping ns.test.com from machines that does not have my dns entry.

I can ping the IP address fine.



/var/named/test.com

$TTL 86400

test.com. IN SOA ns.test.com. rcrisco.test.com. (
2002121102 ; serial, todays date + todays
21600 ; refresh, seconds
3600 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

TXT "test.com"
;
NS ns.test.com.
MX 10 test.com.
A 100.0.0.1
localhost A 127.0.0.1
test.com. A 100.0.0.1
ns A 100.0.0.1

mail A 100.0.0.1

ftp A 100.0.0.1

www A 100.0.0.1


/var/100.0.0

$TTL 86400

@ IN SOA ns.test .com. root.test.com. (
2002121101 ; Serial
21600 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
;
NS ns.test.com.
1 PTR dustpuppy.test.com.

/etc/named.conf

zone "." {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
//notify no;
type master;
file "named.local";
};


zone "testcom" {
type master;
file "test.com";
allow-transfer { any; };
notify yes;
};

zone "100.0.0.in-addr.arpa" {
//notify no;
type master;
file "10.0.0";
allow-update { none; };
};

rcrisco,
You are setting up the DNS server for the public internet, right? The machines in the private network have the DNS server in resolv.conf and it works, but machines outside use there own DNS server. What does dig say on those? (Especially the Authority section.) Look at the serial number, is it updated? If not, you'll have to wait until the foreign DNS server updates. Also try "dig @100.0.0.1 test.com" to see if that has the newest entry.

Hope that helps,
chris

This is from my machines and yes I am doing public addressing.

I type dig @100.0.0.1 test.com

and I get is


; <<>> DiG 9.2.1 <<>> @100.0.0.1 test.com
;; global options: printcmd
;; connection timed out; no servers could be reached

When I do dig 100.0.0.1 test.com

I get


; <<>> DiG 9.2.1 <<>> 100.0.0.1 test.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26888
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;100.0.0.1. IN A

;; AUTHORITY SECTION:
. 8492 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISI
GN-GRS.COM. 2002121200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 12 12:27:22 2002
;; MSG SIZE rcvd: 106

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42853
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;test.com. IN A

;; ANSWER SECTION:
test.com. 86400 IN A 100.0.0.1

;; AUTHORITY SECTION:
test.com. 86400 IN NS ns.test.com.

;; ADDITIONAL SECTION:
ns.test. 86400 IN A 100.0.0.1

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Dec 12 12:27:22 2002
;; MSG SIZE rcvd: 85

It does update serial number locally but I am unsure if it is updating outside. I do not have any machines outside to set dig with.

rcrisco,

"dig @100.0.0.1 test.com" should work, since it is the DNS server right? Are you running this locally (100.0.0.1)? Is this the IP addres given to you by you ISP? Or is it the local private IP address (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16)? (I'm assuming the 100 is a fake address, and it is a little confusing). If dig @<your public IP address> test.com doesn't work, then no one else will see your DNS entries. Can any other machine use 100.0.0.1 as a dns server? Are there firewall issues?

Hope that helps,
chris

P.S. you can send me the IP addresses and domain name privately if you'd like. I can tell you what I see.

100.0.0.1 is my dns server and yes I am running it locally. This ip address is NOT local private IP address. I do not have any firewalls and my other machines can use the dns.

100.0.0.1 is a fake address, I just do not want to get hack attacked since I do not have a firewall yet.

rcrisco,
OK, I can talk to your machine now. When I do a "dig @ip domain.name", I get a "status: REFUSED", which means either DNS doesn't know anything about the domain name in question, or you have configured it not to respond to "me" (or the general internet.) From here I would turn up the debugging level (-d n on the command line) or debug-level option in named.conf. You need to setup logging. Do a man named.conf to look at the logging section. (I probably should have told you to do this first.)

Good Luck,
chris

Can you please send me an example on how you would do the debuging and logging?

I only have this in named.conf

logging {
category "default" { "default_syslog"; "default_debug"; };
};

I GOT IT TO WORK!!!!

After turning on my logging I notice that I was getting any access denied.

so I change:

controls {
inet 127.0.0.1 allow { localhost; } keys { "key"; };
};


to
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
and it works!!

Thanks for ya help!!!