I missed the first part of the thread (new to the list) so I didn't
get exactly what you're trying to do. Is it just host a DNS server
as the authority for your domain? Where are your secondaries? You
don't need dnscache to host an authoritative DNS, you just need
tinydns for that.
The first thing I like to do when diagnosing a network service
problem is determine what process is listening on the port I'm
trying to troubleshoot.
"netstat -nlp" will show you this. On our DNS server, I look for the
UDP line on port 53 and get this:
> netstat -nlp | grep udp | grep 53
udp 0 0 (myIP):53 0.0.0.0:*
1666/
To confirm this is in fact tinydns listening, I do a ps for the pid
1666 and find this:
> ps -p 1666 -f
UID PID PPID C STIME TTY TIME CMD
tinydns 1666 1638 0 Oct04 ? 00:04:41 [tinydns]
Now I know that it's tinydns listening and that some other process
hasn't bound to that port. Then I can move forward to troubleshoot
the problem with tinydns.
I use dig to troubleshoot DNS problems. If you do:
> dig @ns.foo.com www.foo.com a
It will query the name server ns.foo.com for the "a" record
www.foo.com. What output does dig give on your system?
Also, knowing your actual domain name would be helpful. Then I could
try to query from here and see what the response is.
btw, your axfrdns is not working, as is shown by the "0 seconds"
uptime. You only need axfrdns if you have secondary DNS servers
using the BIND protocol to sync with your primary, so that may not
be an issue?
-Eric
Tom Caudron said:
> Well, a month later and I'm back to working on this dns problem.
>
> I tried to follow Mike's advice (found below), but I ran in to a
> problem. When I emerged djbdns, it never created anything called
> dnscache. It only created dnscachex, tinydns, and axfrdns. And
> unlike every other reference I've seen/read about, including
> Mike's below, it was put in the /var directory, not the /etc
> directory. I doubt the directory change is an issue, and since I
> don't really care about acting as a proxy dns to my internal
> network, I'm not sure I need dnscache, but I could be wrong on
> both counts.
>
> Anyway, it still won't work. :(
>
> I've added the domain and its aliases to the system using
> tinydns's "add-host" and "add-alias". For simplicity's sake,
> let's say my IP is 1.2.3.4 and my domain is foobar.com. Here is
> the output I get when I check on my setup:
>
>> tinydns-get a www.foobar.com 1.2.3.4
> 1 www.foobar.com:
> 89 bytes, 1+1+1+1 records, response, authoritative, noerror
> query: 1 www.foobar.com
> answer: www.foobar.com 86400 A 1.2.3.4
> authority: foobar.com 259200 NS a.ns.foobar.com
> additional: a.ns.foobar.com 259200 A 1.2.3.4
>
>> svstat /service/tinydns
> /service/tinydns: up (pid 932) 870016 seconds
>
>> svstat /service/axfrdns
> /service/axfrdns: up (pid 13218) 0 seconds
>
>> dnsq a www.foobar.com 1.2.3.4
> <at this point the system just sits there. No returned value!>
>
>> dnsqr a www.foobar.com
> <at this point the system just sits there. No returned value!>
>
>> cat /service/dnscachex/log/main/current
> @400000003fa61ab11f645e8c starting
> @400000003fadc55d20421074 starting
>
> Looking at tcpdump, If I call up a browser and try to reach
> www.foobar.com I get this:
>
>>tcpdump -i any | grep foobar
> 00:41:02.485868 lkhndnss02.rd.at.cox.net.58754 >
> wsip-my-ip.hr.hr.cox.net.domain: 42193 A? www.foobar.com. (38)
> (DF) 00:41:13.480699 nrfkdnss02.rd.hr.cox.net.56943 >
> wsip-my-ip.hr.hr.cox.net.domain: 25461 A? www.foobar.com. (38)
> (DF) 00:41:14.775501 192.168.0.9.32806 > ns1.hr.cox.net.domain:
> 38338+ A? www.foobar.com. (38) (DF)
>
> And that continues for a while, trying different permutations,
> like localhost.foobar.com or www.foobar.com.localdomain, etc....
>
>>tcpdump -i any | grep unreachable
> 01:35:49.816329 localhost.localdomain > localhost.localdomain:
> icmp: localhost.localdomain udp port domain unreachable [tos 0xc0]
>
>
> In the end, the browser just says foobar.com could not be found.
> :(
>
> I've registered my machine/ip as a valid dns (and I get dns
> requests all the time, but the above mentioned udp error suggests
> to me that they aren't be fulfilled) and I've got apache set up to
> give me a domain back (it works on another hosted domain that uses
> an external authoritative dns server for discovery).
>
> Does anyone have a clue as to what could be the problem? Any help
> would be appreciated. :)
>
> -Tom Caudron
>
>
>
>> From: Mike Williams <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Subject: Re: [gentoo-user] djbdns setup questions
>> Date: Sat, 18 Oct 2003 16:39:20 +0100
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Saturday 18 October 2003 14:58, Tom Caudron wrote:
>> > I've googled til my fingers bled and all I cna find are how-to
>> describing how I cna set up djbdns to serve a home network
>> (maybe I just didn't know what I was looking at?). Here's
>> what I'm doing.
>> >
>> > I have registered a domain (we'll call it foobar.com) and I
>> intend on hosting it publicly from my home server, which is
>> running on a cable
--
arctic bears - email and name services
25 email [EMAIL PROTECTED] CA$11.95/month
DNS starting at CA$3.49/month - domains from CA$25.95/year
for details contact [EMAIL PROTECTED] or visit
http://www.arcticbears.com
--
[EMAIL PROTECTED] mailing list
