I'm trying to set up a home network and have been following the steps outlined in
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS
along with whatever other resources I could find.

The network is as such, I have a cable modem, connected to the cable modem is a router, connected to the router is a wireless router and an irrelevant machine (long story why there are two routers chained together but I don't believe it's an issue), connected to the wireless router is a desktop connected via an ethernet cable and a laptop connected via wireless (both with dhcp), these two machines (both running FC5), are the ones I am trying to network.

The desktop, with an IP of 192.168.1.4, is running named. For both the desktop and the laptop I have
$ cat /etc/resolv.conf
nameserver 192.168.1.4
nameserver 192.168.1.254
search luchko.homelinux.org

For the desktop name resolution works fine, but for the laptop I can't seem to connect to the desktop as a DNS server, according to ethereal whenever I make a DNS query the desktop is returning a packet

ICMP Destination Unreachable (Host administratively prohibited)

The firewall appears to be fine, I can telnet to 192.168.1.4 53 just fine, and from what I can tell my named.conf and all the zone files are correct.

Also I'm getting an odd message

# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

yet,

# ll /etc/rndc.*
lrwxrwxrwx 1 root named 32 May 6 18:42 /etc/rndc.conf -> /var/named/chroot//etc/rndc.conf
lrwxrwxrwx 1 root named 31 May 6 18:42 /etc/rndc.key -> /var/named/chroot//etc/rndc.key

# ll /var/named/chroot/etc/rndc.*
-rw-r----- 1 named named 1116 May 10 16:45 /var/named/chroot/etc/rndc.conf
-rw-r----- 1 named named 132 Apr 30 07:13 /var/named/chroot/etc/rndc.key

I was hoping that someone could would have some idea of what is going wrong here.

thanks

For the desktop name resolution works fine, but for the laptop I can't seem to connect to the desktop as a DNS server, according to ethereal whenever I make a DNS query the desktop is returning a packet

ICMP Destination Unreachable (Host administratively prohibited)

That's a firewall response. You are explicitly prohibited from making that connection.

The firewall appears to be fine

OK, time for some digging.

Run up Ethereal on both boxes, and do a DNS query. Tell us what each side of the link reports...

Vic.

That's a firewall response. You are explicitly prohibited from making that connection.

Ack! I can't believe I didn't test it with the firewall turned off!

Turns out I set up the firewall to allow tcp packets on port 53 (which is why telnet worked fine) but not udp which the machines were trying to use. I've set up the firewall to allow both tcp and udp on port 53 and everything seems to be working fine.

thanks

Oh yeah, I'm still getting the message

# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Any idea why that's happening or if it's an issue?

thanks

Oh yeah, I'm still getting the message

# service named status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Any idea why that's happening or if it's an issue?

thanks

rndc is a system to control your nameserver daemon.

The error you're getting is because it's not configured. This means that certain controls won't work - the first one you've ment is the inability to query the state of the daemon.

If things like that don't worry you, then don't worry about that error - it won't kill you.

Vic.

Okay, the rndc error went away but I'm having trouble with the external zone

I'm using a dyndns url at luchko.homelinux.org and having it resolve at my IP of 68.150.76.182

the section in named.conf is

view "external" {

match-clients { any; };
recursion no;

zone "luchko.homelinux.org" {
type master;
notify no;
file "luchko.homelinux.zone";
allow-query { any; };
};
};

(I've disabled the internal zone I use for my internal network for the moment to test this)

and the luchko.homelinux.zone is

$TTL 1M
@ IN SOA ns1.luchko.homelinux.org. aluchko.luchko.homelinux.org.(
20060512 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

NS www ; Inet Address of nameserver
luchko.homelinux.org. MX 10 mail ; Primary Mail Exchanger

localhost A 127.0.0.1
www A 68.150.76.182
mail CNAME www
ns1 CNAME www

Yet when I try

$ host www.luchko.homelinux.org

I get

Host www.luchko.homelinux.org not found: 3(NXDOMAIN)

Whether I try from inside or outside the network.

Interestingly when I try from inside the network with the nameserver for the machine set as 192.168.1.4 or 68.150.76.182, I do pick up the query using ethereal on the nameserver and the response is a "No such name" packet (the traffic always stays internal even when I use the external IP for the nameserver). But when I try using a nameserver other than 192.168.1.4/ 68.150.76.182 no traffic shows up on ethereal despite the fact that the router is supposed to forward all traffic (UDP+TCP this time ; ) on port 53 to that machine.

My only conclusion is that either the request isn't being delegated to my nameserver properly, but from all the examples I've seen my zone file seems to be correct, or the firewall on the router isn't working properly. I was hoping someone would have some idea what's going wrong.

thanks

$ host www.luchko.homelinux.org

I get

Host www.luchko.homelinux.org not found: 3(NXDOMAIN)

Yes, you will.

I don't know how you're trying to update the nameservers at dyndns.org, but it isn't working. The delegation chain takes you to dyndns, and their NS is responding withg NXDOMAIN.

I don't use dyndns mysefl - you'll have to read up on how to get it to talk o your NS.

But when I try using a nameserver other than 192.168.1.4/ 68.150.76.182 no traffic shows up on ethereal despite the fact that the router is supposed to forward all traffic (UDP+TCP this time ; ) on port 53 to that machine.

How are you trying to do this lookup? Remember that DNS is *heavily* cached...

My only conclusion is that either the request isn't being delegated to my nameserver properly, but from all the examples I've seen my zone file seems to be correct, or the firewall on the router isn't working properly.

No, your router is set correctly. If I query your box directly, [vic@goliath /]# dig @68.150.76.182 www.luchko.homelinux.org

; <<>> DiG 9.2.4 <<>> @68.150.76.182 www.luchko.homelinux.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36865
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.luchko.homelinux.org. IN A

;; ANSWER SECTION:
www.luchko.homelinux.org. 60 IN CNAME gondor.luchko.homelinux.org.
gondor.luchko.homelinux.org. 60 IN A 68.150.76.182

;; AUTHORITY SECTION:
luchko.homelinux.org. 60 IN NS www.luchko.homelinux.org.

;; Query time: 256 msec
;; SERVER: 68.150.76.182#53(68.150.76.182)
;; WHEN: Sun May 14 19:11:42 2006
;; MSG SIZE rcvd: 93


So your NS is working just fine - but it isn't delegated for that domain, and the NSes that are don't know about your NS...

It's RTFM time, I'm afraid. You're using dyndns incorrectly.

Vic.

I couldn't figure out the dyndns problem, though I suspect forwarding to you own nameserver may be a service I need to buy (I got it to resolve * for now).

I've set up a mail server for my local network but when I try to send mail over smtp I get the following error

"Relaying denied. IP name possibly forged [192.168.1.3]"

From here it seems like something may be wrong with my DNS (reverse lookup?)

http://www.sendmail.org/~ca/email/relayingdenied.html#RELDENFORGED

In my named.conf for internal I have
zone "1.168.192.in-addr.arpa" {

type master;
notify no;
file "192-168-1.zone";

};

and 192-168-1.zone is
;
; Zone file for 192.168.1.x
;
$TTL 3D
@ IN SOA www.luchko.homelinux.org. aluchko.luchko.homelinux.org. (
20060510 ; serial number
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds

NS www ; Nameserver Address

4 PTR gondor.luchko.homelinux.org.
3 PTR aldarion.luchko.homelinux.org.


while luchko.homelinux-home.zone is
$TTL 1M
@ IN SOA www.luchko.homelinux.org. aluchko.luchko.homelinux.org.(
20060512 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;
IN NS www ; Name Server for the domain
IN MX 10 mail ; Primary Mail Exchanger
;
localhost A 127.0.0.1
gondor A 192.168.1.4
aldarion A 192.168.1.3
mac A 192.168.1.1
;
mail IN CNAME gondor
ns1 IN CNAME gondor
www IN CNAME gondor


and /etc/hosts on the machine that is getting rejected is
127.0.0.1 localhost.localdomain localhost
192.168.1.3 aldarion.luchko.homelinux.org aldarion

This is all stuff used by the internal network, any idea what I'm doing wrong?

thanks