Cluster DNS

Submitted by ITCiao on Mon, 03/18/2013 - 10:55

Hello,

I've setup a new cluster DNS server and everything it's up and running ok, but i have this error in intoDNS.

http://www.intodns.com/revista-spy.ro

I tryed recursive no; in /etc/named.conf but without success.

What am I doing wrong?

Status: 
Active

Comments

Submitted by andreychek on Mon, 03/18/2013 - 12:06

Well, there's two issues I see in there; it mentions the recursive queries issue (which just means that outside clients can perform DNS lookups), and another issue with the server "ns3.revista-spy.ro".

I'd suggest starting with ns3.revista-spy.ro, as that'll cause intermittent DNS failures.

Is BIND running on that server? And is there any sort of firewall that may be preventing access?

Submitted by ITCiao on Mon, 03/18/2013 - 12:15

BIND is running

netstat -lnp | grep 53
tcp        0      0 0.0.0.0:53                  0.0.0.0:*                   LISTEN      8796/dnsmasq
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      20682/named
tcp        0      0 :::53                       :::*                        LISTEN      8796/dnsmasq
udp        0      0 127.0.0.1:53                0.0.0.0:*                               20682/named
udp        0      0 0.0.0.0:53                  0.0.0.0:*                               8796/dnsmasq
udp        0      0 :::53                       :::*                                    8796/dnsmasq
unix  2      [ ACC ]     STREAM     LISTENING     14531  1767/master         private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     14535  1767/master         private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     14539  1767/master         private/smtp

Firewall is opened on port 53 according to http://www.yougetsignal.com/tools/open-ports/ I opened both protocols UDP and TCP.

Thank you for your reply!

Submitted by andreychek on Mon, 03/18/2013 - 16:13

Hmm, it looks like it's dnsmasq that's listening on UDP port 53 of ns3, rather than BIND. Is that intentional?

As I test all of your nameservers, it's only ns3 that allows recursion... if you're trying to use dnsmasq, rather than BIND, you may need to disable recursion in dnsmasq.

Submitted by andreychek on Mon, 03/18/2013 - 16:16

Oh, I forgot to mention that in spite of what intodns.com says, I do seem to be able to see your DNS service running on ns3, so it's just the recursion issue remaining.

Submitted by ITCiao on Tue, 03/19/2013 - 05:44

I was getting intermitent DNS failures so i dropped it.

I had no intention of running dnsmask on 53. I just wanted a clustered DNS server on that server.