Linux, DNS, and Me: How do I configure a nameserver under Linux?

Derleth · March 26, 2003, 1:28am

This was a problem I thought I had licked, and I need some help solving it this second time.

I cannot get any domain name service at all under Red Hat Linux 7.1. I have created the file /etc/resolv/conf and I have filled it with lines and lines of IP addresses for machines I thought served domain names. The machines at the other end of the addresses I was using (4.1.1.1 and 4.1.1.2) apparently no longer want to provide me that service, so I located others.

Many others.

I got two from a place that says it offers an open DNS service, seven more from another page, and added them to /etc/resolv.conf like so:



# Dead addresses
#nameserver 4.1.1.1
#nameserver 4.1.1.2
# New addresses
nameserver 205.166.226.38
nameserver 65.102.83.46
... etc.

and I pinged google.com (everyone knows where google is, right? 216.239.35.100). ping told me that it couldn’t find the domain.

I can ping machines just fine if I replace the name with the IP address. I’m fairly sure it’s a DNS-related problem.

Okay, I’m not easily stymied. I went into Windows ME (I dual-boot my main machine) and googled up my ISP’s configuration page (onewest.net, if you must know) to see if they listed any nameserver addresses. Lo and behold, they did!

I commented out the seven old addresses and added the six I got from my ISP (Two for Montana, two for Wyoming, and two for Idaho. I’m nothing if not obsessive). Tried to ping google.com.

Nothing. Nada. “He’s dead, Jim.”

I’ve found more addresses to different nameservers. I haven’t tried them yet, but my hopes are not high. My ISP’s nameservers appear to be in existence (they respond to pings) and I can access the Internet just fine in Windows.

I’m about to go crazy. I just bought Red Hat 8.0 and I’m going to upgrade as soon as I buy more RAM (64 Megs isn’t cutting it), and I’d like to have functional connectivity under Linux when I do.

Derleth · March 26, 2003, 1:29am

should read “I have created the file /etc/resolv.conf”

Bill_H · March 26, 2003, 3:08am

Should work. A couple things to check:

First, use a system that does work with DNS, and find two DNS hosts that work from your linux box’s lan. Don’t try a hundred that may work, try two that you’re certain do work.

Try pinging the DNS machines from the linux box.

If that doesn’t work:

This shouldn’t be necessary, but try restarting network services by typing “service network restart”

If that doesn’t work:

This also shouldn’t be necessary, (but I do it anyway); make sure DNS is allowed through your ipchains/iptables firewall, assuming it’s enabled. add a line similar to:
-A input -p udp -m udp -s 64.105.72.26 --sport 53 -d 0/0 -j ACCEPT

to the /etc/sysconfig/ipchains or /etc/sysconfig/iptables file. By the way, this is particularly hairy thing to play with, so be sure you know what you’re doing, and back up the file before you modify it. after changing, you can type “service iptables restart” or “service ipchains restart”, depending on which you use.

and of course, you can try the very simple, but generally useful “setup” program, and use the “network configuration” option.

By the way, I’m not sure of the value of having more then 3 DNS hosts, but it doesn’t hurt, I suppose.

Joe_Cool · March 26, 2003, 4:19am

For starters, the DNSs that you listed are not active:

nslookup

> server 205.166.226.38
Default server: 205.166.226.38
Address: 205.166.226.38#53
> google.com
;; connection timed out; no servers could be reached
> server 65.102.83.46
Default server: 65.102.83.46
Address: 65.102.83.46#53
> google.com
;; connection timed out; no servers could be reached

Listing your servers in /etc/resolv.conf is the correct step, but make sure the servers you’re listing are active.

Also, 64mb is PLENTY of RAM for linux; unless you’re using X, of course…

Derleth · March 26, 2003, 5:04am

[hijack]Joe, I intend to use X and finally get a functional soundcard.

Hell, I’ll probably fire up Mozilla once or twice. Better go for 256 Megs of core. :D[hijill]

If my ISP’s nameservers aren’t functional, what do I do? Is there a way to find out what Windows is using?

[sub]I’m doing everything right and it’s still not working. I’m so frustrated I want to break heads.[/sub]

Etherman · March 26, 2003, 5:35am

Do an ipconfig /all in from a dos box in windows, it’ll list the dns servers and gateway, etc. And yes, second the checking your iptables for open outbound port 53 (both TCP and UDP).

Is this DHCP or static IP? Some DHCP configs require you to not have a gateway and DNS as they are assigned as part of the lease.

Also, on my networks I block access through the firewall for most machines inbound, so just finding a DNS server from somewhere may not work, as they may have it firewalled.

Can you get a packet capture, are you getting a response from any of the servers?

Derleth · March 26, 2003, 6:34am

Thank you all for your replies, but I solved the problem in a way so non-obvious and utterly simple I feel compelled to post it here, in case someone else needs the info:

Looking in /etc/sysconfig/ipchains, I noticed that it specifically said that the script ifup-post would ensure DNS information gets through despite whatever the firewall might be set to. It also said manually modifying ipchains isn’t terribly bright because, as has been said above, it’s hairy.

So I located ifup-post (in /etc/sysconfig/network-scripts) and it said that it would only look at the first two nameserver lines of /etc/resolv.conf.

:smack:

Apparently, I’d gotten a bit comment-happy in saving all of the known-dead nameservers’ IP addresses as comments to the file, such that my ISP’s nameservers’ addresses were way the fsck down there. The simpleminded (and, arguably, broken) script happily ignored the fact I’d commented them out and tried to use them with headache-inducing results.

So, kids, remember: When trying new nameservers, add the addresses you want to experiment with to the top of /etc/resolv.conf, not the bottom.

I hope this helps someone. It damned well would have helped me.

Bill_H · March 26, 2003, 7:24am

uh, yes and no.

ifup-post in RH 7.1 (I’m looking at it right now) doesn’t look at the first two lines. It looks at the first two lines beginning with “nameserver”. I.e. commented lines ("#nameserver 1.2.3.4") don’t get used.

Though I agree that the script is “arguably broken”, I’d be arguing on the other side.

Popup · March 26, 2003, 12:15pm

A reply that doesn’t really help you right now - But on the other hand, you have already solved the problem. Anyway, a usefull tool, when fiddling with these things:

Try using the host command, with two parameters, the first being the name you want to look up, and the second the IP of the DNS you want to use.

This will ask the specified DNS to resolve the name (or number) given as first parameter.

Derleth · March 26, 2003, 12:27pm

Bill, I specified the first two nameserver lines. As in, the first two lines to specify nameservers.

And I explicitly commented out those lines (prepending them with hashes), so I’d argue that it is broken if a *nix configuration file not only does not support comments, but the program processing it does not issue error messages when it hits a nonsense token such as `#nameserver’.

But that’s beyond the scope of this thread.

Popup, thanks, that would have been helpful to know.

Bill_H · March 26, 2003, 10:34pm

Hi Derleth; Perhaps I wasn’t clear. ifup-post in RH 7.1 does support hash comments. Only lines that begin with “nameserver” are used. lines that begin with “#nameserver” (or with "judy garland, or any other non-‘nameserver’ text) are not counted as nameservers.

So the only “broken” bit (and as you say, it’s only arguably broken; not assuredly so) is that it only supports the first two nameservers given.