i'm trying to setup a dns server for my company. I've basically entered it as a slave, and hand-entered each domain we host into Webmin (don't know a whole lot about dns)

i can access our sites with this dns server, but i can't access yahoo.com or something else through it.

I did a custom redhat 6.2 install, with the named server selected, then entered all the .hosts files, and it doesn't work...

I'm probably overlooking something dumb, but i've been reading about dns in "Special Edition: Using Linux, Fifth Edition" and i've gone through their steps, and it just doesn't work..

Any help would be appreciated..

does anyone have any solution for this?

maybe ask in the web serving/security forum?
i know there are some smart dudes that read that forum, maybe they don't look at general

http://www.linuxnewbie.org/ubb/frown.gif i don't know anything about setting up a dns server, sorry

seting up bind is alot of fun http://www.linuxnewbie.org/ubb/smile.gif
without knowing more details,do you have a root.hints file and something in named.conf to refer to it.

I would help if I had more details. Email me (mindwarp@ameritech.net) with every detail you can think of and I will do some tests.. like using dig on your server and see what it says etc.

Please post your bind.conf, named.conf, or whatever your distro calls the main bind configuration file.

If you have your server set up as a "standard" non-forwarding nameserver, you need to have a hints file defined for the . zone, as the previous post indicated.

You can also set up your server as a forward-first or forward-only server, which can be faster and easier if you're on a small network and have access to your ISP's DNS servers. A forwarding server, when it receives a request for something not in its zone, forwards the request to a specific other DNS server (generally your ISP's DNS server) rather than to one of the top-level nameservers.

well, about the isp's dns... http://www.linuxnewbie.org/ubb/smile.gif
i work for an isp, and this is gonna be our secondary dns server...

I had caching only, working, but we need it to do more... i was following the DNS-HOWTO at linuxdoc.org, but i kinda get stuck with a non-working dns server.

when i get to work today, i'll get all the config files i can, and post them here.

well, it seems to work, but i'm wondering if it's setup right. I am on a windows machine at work http://www.linuxnewbie.org/ubb/frown.gif so i fired up samspade to do a dig on the machine. I was wondering if it should say "Authoritative Answer" all the time? or if it should ever say "non-Authoritative Answer" ever. It's a slave dns server, but the master is an NT server. (I'm slowly talking my co-workers into using linux. we currently have 3 machines using it)

I think i have it up, but i'm not sure, can anyone tell me how to make sure it is?

try dig yahoo.com +any
and see if it you get a responce with it going through your slave

;; Total query time: 12 msec
;; FROM: main to SERVER: default -- 127.0.0.1
;; WHEN: Sat Jan 13 14:56:41 2001
;; MSG SIZE sent: 27 rcvd: 172

this would appear at the bottom and your server name would replace "main" as thats what mine is called.

also if dig -x IP# of slave +any
should show some output(formatting goes for a **** so I wont c & p )



[This message has been edited by sssadams (edited 13 January 2001).]

NOTE: I skimmed through O'Reilly's "DNS and BIND" for a few minutes one day when I was bored, so I am therefore a Grand Master DNS Expert.

Okay, here's how the "Authoritative" vs. "Non-Authoritative" stuff works.

When a DNS server answers a query from a client (which can either be any sort of networking program doing a DNS lookup, or it can be another DNS server), it returns an authoritative answer if it's an authoritative source for the record requested -- ie either a master or slave for the zone the record is in.

Let me use an example. You're running a networking program like Netscape that requests a DNS lookup (it doesn't do this directly, it most likely passes the request to the resolver library of your OS software). Your system sends the request to your DNS server (let's say that it's the DNS server you were talking about in your question).

Let's say that the DNS lookup is for "foo.example.com.". (Yes, there's intentionally a dot at the end of "foo.example.com.", you probably already know this if you've been working with DNS, but there's a dot at the end of EVERY domain name, symbolizing the "root" of the domain name hierarchy which just happens to be called ".", even though client software and users are blistfully ignorant of the final dot.

The DNS server it sends it to must be a RECURSIVE dns server. It checks to see if "foo.example.com." is in one of its authoritative zones. It's not. It checks to see if it has "foo.example.com." in its cache, but since nobody has requested it recently, it doesn't. So it's going to have to start a RECURSIVE LOOKUP look the domain. All DNS servers that are meant to be used by end-users are recursive. Things like the top-level nameservers are not.

The DNS server doesn't know the IP address of "foo.example.com.", but it DOES know the IP addresses of nameservers that handle lookups for the "." zone: the top-level nameservers. This is why you have to define a "." zone in your bind configuration file.

So the DNS server contacts a nameserver for the "." zone and asks it if it knows the IP address of "foo.example.com." If the top-level name servers were recurrsive, like your DNS server, it would go and hunt down the IP address itself, like your DNS server is in the process of doing. But it's not, so it just replies that it doesn't know the IP address of "foo.example.com.", but it does know the nameserver for the "com." zone.

Now, your DNS server contacts the nameserver for the "com." zone, just like it contacted the nameserver for the "." zone before. The "com." nameserver (run by InterNIC) has DNS records for every subdomain of .com. Whew. It's also a non-recurrsive nameserver, so it simply replies that it doesn't know the IP address of "foo.example.com.", but it DOES know the nameserver for the "example.com." zone, and returns that IP address to your DNS server.

SO your DNS server now knows the IP address to contact to do lookups in the "example.com." zone. So it contacts the IP address it was given as the nameserver for the "example.com." zone. At long last, that nameserver DOES know the IP address for "foo.example.com.", AND, since that name is in a zone that it's authoritative for (it's a master or slave server for that zone), it returns it as an AUTHORITATIVE ANSWER.

So, when you do that first DNS lookup for foo.example.com., you get an authoritative answer. Of course, your DNS server caches the answer, and any FUTURE lookups for that zone (until the TTL expires) will be "non-authoritative" because they're coming from your DNS server's cache rather than directly from an authoritative server for the zone.

Got it?

Of course, over time, the "foo.example.com." record will expire from your DNS server's cache, and the next time a client requests a lookup for it, it'll have to do the whole process over again. But for a while (depending on what the "example.com." domain's TTL is set to), it'll keep the information cached locally -- which is why it takes a while for IP address changes to "propogate" -- old cached records in DNS servers.

How's that?

------------------
http://users.ipa.net/~cmcpher/paminv.gif DEBIAN (http://www.debian.org/) http://users.ipa.net/~cmcpher/paminv.gif
It turns girls into statues!

[This message has been edited by Craig McPherson (edited 13 January 2001).]

ok, well here's the last part. thanks to everyone, i've almost got it perfect. I get resolves correctly and everything... except like if i do www.mydomain.com (http://www.mydomain.com) it doesn't go through, where mydomain.com does...

i probably have 1 letter wrong or something. I was wondering if anyone knew what would cause this?

*grins*

www.mydomain.com (http://www.mydomain.com) reqires an A record to point to the ip. mydomain.com is the domain and is a different critter in the dns scheme of things. Basically, you need a record for every name or element of name that you wish to resolve. Record types depend on what that name points to. Further, once configured with all domains/hosts for which you are authoritative you need to ensure that you forward all other requests to either the primary in your domain, or the dns servers of your upstream provider (if extant) or the root servers.

I'm not an expert, but my local caching/forwarding bind works around the exceedingly slow bellnexxia dns servers which sympatico uses.

what about when it's a website i don't know? let's say someone wants to go to *insert their favorite site here*'s website, and we don't have that in our dns... how do we resolve the "www"?

;
; dns record for mindwarp.net
;

@ IN SOA mindwarp.net. adn1.advdata.net. (
979669723 ; Serial Number
172800 ; Refresh every 2 days
3600 ; Retry every hour
1728000 ; Expire every 20 days
172800 ); Minimum 2 days
IN NS adn1.advdata.net.
IN NS adn2.advdata.net.
IN MX 10 mail.mindwarp.net.
IN MX 100 mail.advdata.net.
IN A 63.77.236.42
;
;
www IN A 63.77.236.42
mail IN A 63.77.232.8
ftp IN A 63.77.236.42

i don't think anyone realizes that this is for an isp... this server is for the users to use, to access their websites... like yahoo.com, or whatever they go to...

Maybe i'm just dense, but from what little i know about dns, this isn't working...

I just think it's odd that my dns server will resolve yahoo.com but not www.yahoo.com (http://www.yahoo.com)

I talked to a friend who does this and he sent me the following which he uses on his stuff.I edited out some stuff which doesn't matter.Save your /etc/named.conf to something before you try this http://www.linuxnewbie.org/ubb/smile.gif

named.conf

//slave for master server
zone "mandreko.slave" {
type slave;
file "mandreko.slave";
masters {xx.xx.xx.xx; };
};


mandreko.slave

@ IN SOA ns.mandreko.master email.somebody.somewhere (
1234567 ;serial #
8H ;refresh,seconds
2H ;retry,seconds
4W ;expire,seconds
1D ) ;minimum,seconds

of course edit all to your conditions.