Topic: Please I need help with public DNS

[arth]

I have one e-smith 5.1 box and I try to setup this server for provide public DNS ... I maked all from "Public DNS Server HOWTO for E-SMITH4.1.x" and this server still not working..
pls help me!!!

[arth]

My domain for this box is "2x1midiashipyard.ro" if  I tryed from from internet "ping ns.2x1midiashipyard.ro" DNS???? resolve this name..... but all www,ftp etc not can be resolved.....

[Julian Luton]

Hi,

When I do the following...

nslookup ns.2x1midiashipyard.ro ns.2x1midiashipyard.ro
Server:         ns.2x1midiashipyard.ro
Address:        217.156.120.153#53

Non-authoritative answer:
Name:   ns.2x1midiashipyard.ro
Address: 217.156.120.153

So this means that your name server can answer queries about itself.
However when I do this...

nslookup www.2x1midiashipyard.ro ns.2x1midiashipyard.ro
Server:         ns.2x1midiashipyard.ro
Address:        217.156.120.153#53

** server can't find www.2x1midiashipyard.ro.: SERVFAIL

This means that your name server is not carrying information about the host www

You should check out the following file
/home/dns/var/named/db.2x1midiashipyard.ro


All the best,
Julian Luton

[Julio Del Valle]

Y have the same problem , How do you do to resolv this ?

[Luis A. Navas]

I don't sure that works but I tried to do the same but does not work.

But I try to create an account at www.zoneedit.com it's free for 5 domains zone, and this works, in my box I have two domains www.asalatam.com and www.camsa.com and the works fine www, ftp, etc.

I hope that this help works for you.

[Luis A. Navas]

This is an extract from:
http://www.e-smith.org/docs/papers/smeserver-security.html

11. DNS
As with most Linux systems, we use the industry standard BIND server to provide Domain Name Service (DNS) access to the local network. Because of recent security exploits related to BIND, we are constantly monitoring BIND security mailing lists and regularly update our system to have the most current and secure version of the BIND program.

We take additional steps, too, to ensure that the system is safe. For instance, the BIND daemon (called named) is set to run as the local user dns instead of the normal configuration of having named run as the root user. In addition to running named as an unprivileged user, named is further restricted by being forced to run in a "chrooted jail". Essentially, this means that the program has an extremely restricted view of the system, which it thinks is in fact the entire system. In the event that somehow the named daemon was compromised, the attacker would not be able to see anything outside of the limited area in which the named daemon is confined.

Further, DNS access is only allowed from the internal local network. Users on the external Internet are not able to connect to the DNS server because it is configured to listen only on the internal network.