Hello, I know I may be jumping the gun with a FC 10 install but it seems to have the only drivers that support my motherboard and SATA combination. We've tried a huge variety of distro's and this is the only one that works properly. So we went ahead and installed ispconfig based on the perfect setup from FC 9. We've got other servers already running so we've had success thus far in installing and running ispconfig. We are, however, running into problems getting DNS to work properly. It seems that that it may be firewalled but we can't find the firewall blocking port 53. It's running because when we run netstat -tap we get the following results: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1991/dovecot tcp 0 0 *op3s *:* LISTEN 1991/dovecot tcp 0 0 *:mysql *:* LISTEN 2242/mysqld tcp 0 0 *:55469 *:* LISTEN 1681/rpc.statd tcp 0 0 *op3 *:* LISTEN 1991/dovecot tcp 0 0 *:imap *:* LISTEN 1991/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind tcp 0 0 *:81 *:* LISTEN 2276/ispconfig_http tcp 0 0 localhost.localdomai:domain *:* LISTEN 2398/named tcp 0 0 *:ssh *:* LISTEN 1970/sshd tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2159/cupsd tcp 0 0 *:smtp *:* LISTEN 7887/master tcp 0 0 localhost.localdomain:rndc *:* LISTEN 2398/named tcp 0 2076 ns2.gbtel.ca:ssh bas1-hamilton:winpoplanmess ESTABLISHED 8783/0 tcp 0 0 *:imaps *:* LISTEN 1991/dovecot tcp 0 0 *op3s *:* LISTEN 1991/dovecot tcp 0 0 *op3 *:* LISTEN 1991/dovecot tcp 0 0 *:imap *:* LISTEN 1991/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1663/rpcbind tcp 0 0 *:http *:* LISTEN 2297/httpd tcp 0 0 *:ftp *:* LISTEN 2414/proftpd: (acce tcp 0 0 localhost6.localdoma:domain *:* LISTEN 2398/named tcp 0 0 *:ssh *:* LISTEN 1970/sshd tcp 0 0 *:smtp *:* LISTEN 7887/master tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 2398/named tcp 0 0 *:https *:* LISTEN 2297/httpd However, when we run nmap we get the following results: [root@ns2 ~]# nmap -sS -O -p 0-100 -PI -PT 216.185.252.131 Starting Nmap 4.68 ( http://nmap.org ) at 2008-11-27 01:42 EST Interesting ports on ns2.gbtel.ca (216.185.252.131): Not shown: 96 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 81/tcp open hosts2-ns Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.17 - 2.6.22 Uptime: 0.341 days (since Wed Nov 26 17:30:43 2008) Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.378 seconds We've disabled the firewall, disabled IPTABLES, SELINUX is disabled and we can't seem to get things running. We have not setup any domains to be hosted by this server yet as this will be part of a development server. Any help would be greatly appreciated.
[root@ns2 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
I just did a complete re-install to see if any bugs came up but nothing. Here's the named.conf file. I don't think it's setup properly as I compared it to an existing ISPCONFIG server that I have and its not even close to being the same (although different versions of FC): // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";
I also get an error when restarting Bind (using service named restart): shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory Hopefully this helps. It's very strange that the only thing that we've done differently is used new hardware and a new release of FC 10.
Updated it with no change. I'll post what I get now: [root@ns2 ~]# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 2204/dovecot tcp 0 0 *op3s *:* LISTEN 2204/dovecot tcp 0 0 *:mysql *:* LISTEN 6068/mysqld tcp 0 0 *op3 *:* LISTEN 2204/dovecot tcp 0 0 *:imap *:* LISTEN 2204/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind tcp 0 0 *:81 *:* LISTEN 9254/ispconfig_http tcp 0 0 *:ssh *:* LISTEN 2067/sshd tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2388/cupsd tcp 0 0 *:51256 *:* LISTEN 1722/rpc.statd tcp 0 0 localhost.localdomain:rndc *:* LISTEN 3317/named tcp 0 0 *:smtp *:* LISTEN 22819/master tcp 0 1040 ns2.gbtel.ca:ssh bas1-hamilton14-109cc-mfp ESTABLISHED 3239/1 tcp 0 0 *:imaps *:* LISTEN 2204/dovecot tcp 0 0 *op3s *:* LISTEN 2204/dovecot tcp 0 0 *op3 *:* LISTEN 2204/dovecot tcp 0 0 *:imap *:* LISTEN 2204/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind tcp 0 0 *:http *:* LISTEN 9276/httpd tcp 0 0 localhost6.localdoma:domain *:* LISTEN 3317/named tcp 0 0 *:ftp *:* LISTEN 9947/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 2067/sshd tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 3317/named tcp 0 0 *:smtp *:* LISTEN 22819/master tcp 0 0 *:https *:* LISTEN 9276/httpd [root@ns2 ~]# nmap -sS -O -p 0-100 -PI -PT 216.185.252.131 Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-05 12:58 EST Interesting ports on ns2.gbtel.ca (216.185.252.131): Not shown: 96 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 81/tcp open hosts2-ns Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.17 - 2.6.24 Uptime: 2.000 days (since Wed Dec 3 12:58:51 2008) Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.402 seconds I simply update the named.conf file (located at /var/named/chroot/ect/) with your suggestion. // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones";
Ok, so the plot thickens... I created a domain, gbtel.ca, which isn't live yet as this is a test box. I point my PC's DNS entry to this box to check if it's working properly. Anyways, the domain is created and then when I run netstat -tap I get that Bind is listening. However, I'm still not able to use this box to resolve sites. Here's the updated info: [root@ns2 ~]# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 2204/dovecot tcp 0 0 *op3s *:* LISTEN 2204/dovecot tcp 0 0 *:mysql *:* LISTEN 6068/mysqld tcp 0 0 *op3 *:* LISTEN 2204/dovecot tcp 0 0 *:imap *:* LISTEN 2204/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind tcp 0 0 *:81 *:* LISTEN 9254/ispconfig_http tcp 0 0 ns2.gbtel.ca:domain *:* LISTEN 7666/named tcp 0 0 localhost.localdomai:domain *:* LISTEN 7666/named tcp 0 0 *:ssh *:* LISTEN 2067/sshd tcp 0 0 localhost.localdomain:ipp *:* LISTEN 2388/cupsd tcp 0 0 *:51256 *:* LISTEN 1722/rpc.statd tcp 0 0 localhost.localdomain:rndc *:* LISTEN 7666/named tcp 0 0 *:smtp *:* LISTEN 22819/master tcp 0 0 localhost.localdomain:59905 localhost.localdomain:rndc TIME_WAIT - tcp 0 2040 ns2.gbtel.ca:ssh bas1-hamilton:netwatcher-db ESTABLISHED 5865/1 tcp 0 0 *:imaps *:* LISTEN 2204/dovecot tcp 0 0 *op3s *:* LISTEN 2204/dovecot tcp 0 0 *op3 *:* LISTEN 2204/dovecot tcp 0 0 *:imap *:* LISTEN 2204/dovecot tcp 0 0 *:sunrpc *:* LISTEN 1709/rpcbind tcp 0 0 *:http *:* LISTEN 9276/httpd tcp 0 0 *:ftp *:* LISTEN 9947/proftpd: (acce tcp 0 0 *:ssh *:* LISTEN 2067/sshd tcp 0 0 localhost6.localdomain:rndc *:* LISTEN 7666/named tcp 0 0 *:smtp *:* LISTEN 22819/master tcp 0 0 *:https *:* LISTEN 9276/httpd Here's what I get when I run nmap -sS -O -p 0-100 -PI -PT 216.185.252.131 Starting Nmap 4.68 ( http://nmap.org ) at 2008-12-05 16:32 EST Interesting ports on ns2.gbtel.ca (216.185.252.131): Not shown: 95 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 81/tcp open hosts2-ns Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.17 - 2.6.24 Uptime: 2.148 days (since Wed Dec 3 12:58:50 2008) Network Distance: 0 hops and the contents of my named.conf options { pid-file "/var/named/chroot/var/run/named/named.pid"; directory "/var/named/chroot/var/named"; auth-nxdomain no; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; }; zone "gbtel.ca" { type master; file "pri.gbtel.ca"; };
[root@ns2 ~]# dig @localhost gbtel.ca ; <<>> DiG 9.5.1b2-RedHat-9.5.1-0.8.b2.fc10 <<>> @localhost gbtel.ca ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63908 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;gbtel.ca. IN A ;; ANSWER SECTION: gbtel.ca. 86400 IN A 216.185.252.131 ;; AUTHORITY SECTION: gbtel.ca. 86400 IN NS ns2.gbtel.ca. ;; Query time: 20 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Dec 6 11:03:04 2008 ;; MSG SIZE rcvd: 60
This might give you some clues: http://www.intodns.com/gbtel.ca Are ns1.highspeedfx.net and ns2.highspeedfx.net the correct name servers? Is there maybe a firewall that is blocking port 53 (TCP and UDP)?
This information is accurate as we've set things up as such for our primary web server. However, we're trying to setup a secondary server to run as a test/development server for the gbtel.ca domain without forwarding any traffic to it. We were successful in doing this on an old server that is running ISPConfig, however, that server only has a limited degree of hard drive space and did not have RAID controllers, so we decided to build a completely new server that would eventually take over that domain when everything was working and configured (for over 500 email users). I only assumed that this would work since we tested it on the old server.
