Timeout while resolving nameservers

[cmelcher]

Ok, I'm sure I'm missing something simple, but here's the problem I'm having:

When I try to access my website, the nameservers timeout.

The following nameservers are glued to the following IPs
ns1.webtechia.com - 204.11.33.49
ns2.webtechia.com - 204.11.33.50

My domain is as follows
www.webtechia.com - 204.11.33.62

Of course, all of these machines are on the same computer.

Anyway, www.webtechia.com points to ns1.webtechia.com and ns2.webtechia
.com

named is running
iptables is also running

The changes in DNS were made about 60 hours ago. I cannot reach them where I am, but I can reach them from another computer (connected to a backbone) I use in Texas. That computer resolves the nameservers to their proper IPs. It can also successfully ping them. If I try to access www.webtechia.com, it times out, as it does on dnsreport.com

I'm wondering if iptables is blocking access? Should I open up a port for named? If so, which one?

Sorry, I'm not very familiar with DNS, as I only know enough to be dangerous (whether or not that's a good thing)

Thanks

 

[ju5t]

I ran nmap on .49 which gave the following

PORT    STATE SERVICE VERSION
21/tcp  open  ftp     ProFTPD 1.2.10
22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 1.99)
25/tcp  open  smtp    Exim smtpd 4.50
80/tcp  open  http    Apache httpd 1.3.33 ((Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.11 mod_perl/1.29 FrontPage/5.0.2.2510)
443/tcp open  http    Apache httpd 1.3.33 ((Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a PHP/4.3.11 mod_perl/1.29 FrontPage/5.0.2.2510)

DNS uses port 53 both TCP and UDP, so you should open both.

 

[cmelcher]

Thanks, for the advice, I got it running.

I opened both ports.

Also, named uses unprivilaged UDP ports by default, so I had to actually go into named.conf and uncomment a line to get it to use port 53

 

[nobaloney]

What OS distribution are you using?

I've never seen named being installed to use unprivileged ports; that's why I'm asking.

Jeff

 

[cmelcher]

Fedora Core 3

Well, I didn't actually check to see if it was using unprivilaged ports, but I found this in the named.conf file:

/*
If there is a firewall between you and nameservers you want to talk to, you might need to uncomment the query-source directive below. Previous versions of BIND always asked questions using port 53, but BIND 8.1 uses an unprivileged port by default
*/
// query-source address * port 53;

I uncommented the bottom line.

 

[nobaloney]

Okay, an unprivileged port for outgoing queries is reasonable.

I don't know what kind of firewall setup you have, though; we've never had to uncomment that line.

Jeff

 

[budihost]

I also have a problem with this

I also have the same problem..
I do nslookup, it timed out..

my domain name is farhanfaisal.com pointing to 202.190.197.134

Please help me

 

[jerry2005]

Same problem here on debian 3.1 and with a apf firewall

 

[nobaloney]

Re: I also have a problem with this

I also have the same problem..
I do nslookup, it timed out..

my domain name is farhanfaisal.com pointing to 202.190.197.134

budihost, it appears that your ns1.budihost.com and ns2.budihost nameservers don't have a records for their own ns1 and ns2 hosts.

DNS requires a complete chain of lookups to work.

Jeff

 

[nobaloney]

jerry2005 and others,

I'm not going to try to troubleshoot everyone's DNS problems; I just don't have the time.

Before you post a DNS problem you should try a lookup at DNS Report and post and explanation of the failures here.

Jeff

 

[budihost]

i have tried dnsreport.com

I have tried to use dns report, it says that I dont have a record in my own server.. The record is in /etc/namedb/ right?

This is the content of one of my domain seripantai.com

$TTL 14400
@ IN SOA ns1.budihost.com. root.seripantai.com. (
2005092800
7200
3600
1209600
86400 )

seripantai.com. 14400 IN NS ns1.budihost.com.
seripantai.com. 14400 IN NS ns2.budihost.com.

ftp 14400 IN A 202.190.197.134
localhost 14400 IN A 127.0.0.1
mail 14400 IN A 202.190.197.134
pop 14400 IN A 202.190.197.134
seripantai.com. 14400 IN A 202.190.197.134
www 14400 IN A 202.190.197.134

seripantai.com. 14400 IN MX 10 mail



seripantai.com. IN TXT "v=spf1 a mx ip4:202.190.197.134 ?all"

This is the record right? I wonder whether my provider did block port 53 for DNS.. Or did they provide me with the right nameserver in /etc/resolv.conf.

Any suggestion what can I do?

budihost.com i changed to my old server, need it up..

 

[budihost]

i have tried dnsreport.com

besides, i cannot ping the server (202.190.197.134).. is it make sense?

 

[nobaloney]

Often both pings and traceroutes are blocked by firewalls.

The server is there, and I can find it by checking the mailserver.

According to DNS Report there isn't any such nameserver as ns2.budihost.com. According to the budhihost.com zone file there isn't. Yet your domain calls on it.

According to DNS Report the real nameservers for the domain are:

ns1.budihost.com
BUDIHOST.DYNDNS.ORG

as registered at your registrar, but according to your zone file the nameservers are:

ns1.budihost.com
ns2.budihost.com

Before anything is going to work everything has to be in synchronization and has to be right.

Jeff