I just want to setup DNS, Please Help - One IP & Debian Etch

Hi,

I have set up a development machine at home with Debian Etch and everything works fine, I am able to SSH and see sites on my server from outside of my network via my public IP (can't view via public ip inside network) ... anyhow everything works fine, but I'm kind of confused as to how to set up my DNS so I can simply access (SSH, view, and etc.) my server via my domain instead of alternating between the public and private ip depending on whether I'm with in my network.

I have a domain that is registered with GoDaddy and only one public IP address, can someone please help me set this up. I don't quite understand the DNS process when it comes to registering nameservers at GoDaddy and then waiting for who knows how long ... just confused

I have tried some tutorials so I have edited these files so please tell me if these are right, and I have port-forwarded port 53 for DNS:

/etc/resolv.conf

Code:

domain  mydomain.com
nameserver 68.345.96.12
nameserver 192.168.1.1

/etc/hostname

Code:

mydomain.com

/etc/hosts

Code:

127.0.0.1 localhost.localdomain localhost
192.168.1.101   mydomain.com  dev1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

^ I think I really messed up the hosts file

 

-You can't use your external IP-address within your LAN, because it is a public IP-address.

-Make sure that the domainname, registered at GoDaddy, is pointing to the public IP-address of your server.

- Make sure that the ports you need are forwarded form your router to the Internal IP-address of your server.

Have aslo a look here: http://www.howtoforge.com/forums/showthread.php?t=18201

 

I can't seem to start bind, rndc is not working or something

Code:

dev1:/etc/bind# /etc/init.d/bind9 restart
Stopping domain name service...: bindrndc: connect failed: 127.0.0.1#953: connection refused
 failed!
Starting domain name service...: bind failed!

my named.conf

Code:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "hgZYs9niWbwXXXXcUrQ==";
};

my rndc.key file

Code:

key "rndc-key" {
        algorithm hmac-md5;
        secret "hgZYs9niWbwXXXXcUrQ==";
};

Should I do some portforwarding of port #953? If so what kind, UDP/TCP?

The nameservers at godaddy are pointing at my server but in that thread it said I need to do something else because I only have one IP, what should I do...

 

DNS uses port 53 UDP/TCP.
Do not forget that if you change something within DNS-records, it can take some hours when you see the result of your modification.

 

Setting DNS

Hi Emil
please, can you give me bit more information what you want to achieve?

You see there are two entirely different things: setting access to your domains with domain name and/or setting nameserver on your own computer.

While you need set and run BIND or djbdns (TinyDNS) on your server for the later you need nothing like this for the former.

To set your own domain nameservers you will need following:
2 external static IP addresses
2 computers on your LAN with domain server software (BIND, DJBDNS...)
Ethernet hub connection allowing your computers to be seen from outside.
There are lots of "tricks" how to go around these requirements but first I need to know what it is really what you want to achieve.

To simply set your domain to point to your external IP address the only thing what you really need is to set your A, CNAME and MX records in your account on Go Daddy. (This should bit help http://www.howtoforge.com/ispconfig_dns_godaddy but this is not exactly about merely set records)

One more question. Do you use ISPconfig? This can make a huge difference in required settings.

 

I simply wanted to acccess my server via domain instead of IPs, public when away from home and private when at home.
How would I do that in GoDaddy with the new interface?

But I do want to know how to set up nameservers for the practice and knowledge of DNS, but I do only have one public IP at the house.

I don't use ISPConfig because I'm trying to get used to configuring a server and I believe I should work directly with the base files to learn.

 

I found the total dns control on godaddy and pointed it to my ip...

I tested with IPTools.com dig and it seems to have worked but when I do a dig from my machine it doesn't find it, it seems to be using the local 192.168.1.1 as the nameserver to resolv it with what should I do cause this is the main issue I was trying to solve?

 

DNS setup

Emil
First please make sure that you have static external IP address. If you have dynamic IP you have to use entirely different approach! This what follow is for static IP.
You have to set following DNS records in GoDaddy (look here how to do that):

A records for
yourdomainname.tld
www.yourdomainname.tld
mail.yourdomainname.tld

and MX records for:

mail IN MX 10 yourdomainname.tld

SPF records are advisable too (SPF records will lock your domain from spamers trying to use your domain as their spaming base)

Bellow you can find how your records should look in your zone file (to find where is your zone file located look into your named.conf file. Named.conf file should be located in /var/lib/named/ if your BIND is chroted - which is advisable. If your BIND is not chroted your named.conf file will probably be in /etc/named/ - in this case you should change it as described here)

yourdomainname.tld IN A your.external.IP.address
www.yourdomainname.tld IN A your.external.IP.address
mail.yourdomainname.tld IN A your.external.IP.address

(this 3 records should be A records, here is why:
1. yourdomainname.tld need A record as this is first point of queries for domain name
2. www.yourdomainname.tld can be CNAME record. However I sugest to use A record instead as www. is used prety often. It will speed up queries for your domain and lessen domain queries traffic.
3. For your email to be delivered to your server you will need MX records and MX records can NOT point to CNAME records so mail. have to be A record
Any other subdomains can be CNAME records
One more thing: you should use your external IP in A records because if you will use your internal IP you will not know when something will go wrong with your settings on the Internet. Wit internal IP you will be always able to reach your domain even when external IP will not work. If you will use external IP and something will be broken you will find immediately)

MX record

mail IN MX 10 yourdomainname.tld. (easer way)

or

mail.yourdomainname.tld. IN MX 10 yourdomainname.tld.

(note so calling trailing dot on the end of yourdomainname.tld. - this dot is telling that this domainname is "fully qualified" - no appendix will be inserted. If you do not use trailing dot your ".yourdomainname.tld" will be automatically added on the end of your record.)

Hope this will help.
If something is not clear (I know it is lot of thing - it took me few weeks to figure all out) PM me.
Lubos

 

what is in /etc/network/interfaces ?

Code:

cat /etc/network/interfaces

 

the interfaces file:

Code:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.101
        gateway 192.168.1.1
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255

I'm now able to go to mydomain.com and see something, but when I visit from home (inside the network) mydomain.com delivers me to my router's browser interface - from outside it works correctly displaying my servers apache file root. Also I do have a static IP.

Also dig command now works from inside also.

 

WebMin may be able to help you out, it does grammer checking and might be able to point you to the problem.

Is your hosts file clean? (it might be in your /etc directory)

And if you have not done so yet,
what is the output of ifconfig ?

On the dig , what server is it using? (should be 3rd line from the bottom)

 

On dig it is using the ISPs nameserver, but I can't start restart bind it says

Code:

dev1:/etc/bind# /etc/init.d/bind9 restart
Stopping domain name service...: bindrndc: connect failed: 127.0.0.1#953: connection refused
 failed!
Starting domain name service...: bind failed!

 

What's in /etc/default/bind9 and /etc/bind/named.conf? What's the output of

Code:

ls -la /etc/bind/

?

 

/etc/default/bind9

Code:

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

/etc/bind/named.conf

Code:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";

controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

key "rndc-key" {
    algorithm hmac-md5;
    secret "hgZYs9nXXXXXNg7Z9cUrQ==";
};

Code:

[B]dev1:~# ls -la /etc/bind/[/B]
total 28
drwxr-sr-x 2 bind bind 4096 2007-12-11 06:41 .
drwxr-xr-x 3 root root 4096 2007-12-09 10:07 ..
-rw-r--r-- 1 bind bind 1761 2007-12-09 20:45 named.conf
-rw-r--r-- 1 bind bind  165 2007-07-24 17:13 named.conf.local
-rw-r--r-- 1 bind bind  692 2007-12-09 19:23 named.conf.options
-rw-r--r-- 1 bind bind  363 2007-12-09 19:26 named.davtyaninc.com
-rw-r----- 1 bind bind   78 2007-12-09 20:30 rndc.key

 

Hi Emil
it seems to me that this troubleshooting information should be what you need.

BTW: your interfaces look ok except I use my ISP nameservers as well as my ovn nameserver for domain resloving (see bellow extract from my interfaces).

Code:

     
# dns -* options are implemented by the resolvconf package, if installed
    dns-nameserver 194.168.4.100 194.168.8.100 192.168.1.103

So check your DNS nameservers in the /etc/resolv.conf file. (resolv.conf is a place where your domain query originated from computer on your LAN starts)

You can also look here at this info.

Good luck.

 

Thanks, everything is working perfectly now

The second link that you gave worked, but a note to other that may have trouble uninstalling bind9 because named can't connect, just remove the /etc/bind folder and then you can do the purge remove.

Here is the link again to getting Bind9 set up on Debian Etch...
http://www.linux-noob.com/forums/index.php?showtopic=2872

 

Hi Emil,
thank you for feedback. I am glad to be able to help you