# How do you Test DNS BIND w/o Internet IP Address

## phillosophy

i just installed and compiled bind witih a single domain name and local ip address (192.168.x.x) Until I get the internet ips to replace the local ip addresses, is there a way to test BIND locally to see if it works before you put it out live on the internet?

----------

## overkll

Yep, install bind-tools if you haven't already.

It includes "dig".  You can do "dig yourdomain.com" and it should return info on your domain.

Conversely, "dig -x IP.AD.RE.SSS" should give you back a host name.

You got to make sure that /etc/resolv.conf is set up to use your nameservers.

----------

## phillosophy

when I run dig, it looks like its not resolving the domain name.  I'm assuming this means my named isn't working correctly? 

```

getz etc # dig streamingforjesus.com

; <<>> DiG 9.2.5 <<>> streamingforjesus.com

;; global options:  printcmd

;; connection timed out; no servers could be reached

```

however if i change the name server entries in my resolv.conf file from the local machine ip (192.168.1.102) to another name server's ip, it looks up the domain and pulls another name server.  below is my resolv.conf file 

```
domain streamingforjesus.com

nameserver 192.168.1.102

nameserver 192.168.1.102

```

----------

## overkll

Try dig hostname.domain.name

Try dig @127.0.0.1 hostname.domain.name

----------

## phillosophy

i guess it doesn't look like its working right ?  

```

getz etc # dig getz.streamingforjesus.com

; <<>> DiG 9.2.5 <<>> getz.streamingforjesus.com

;; global options:  printcmd

;; connection timed out; no servers could be reached

getz etc # dig @127.0.0.1 getz.streamingforjesus.com

; <<>> DiG 9.2.5 <<>> @127.0.0.1 getz.streamingforjesus.com

; (1 server found)

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39606

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;getz.streamingforjesus.com.    IN      A

;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon May 30 06:48:51 2005

;; MSG SIZE  rcvd: 44

```

----------

## adaptr

```
;; connection timed out; no servers could be reached

getz etc # dig @127.0.0.1 getz.streamingforjesus.com
```

BIND isn't listening on your real ethernet interface.

```
netstat -lp | grep named
```

will most likely return 127.0.0.1:53 instead of 0.0.0.0:53 like it should.

The second test shows that your zone isn't configured correctly either, but first things first.

----------

## phillosophy

ok, here is the output from the netstat 

```
getz etc # netstat -lp | grep named

tcp        0      0 localhost:domain        *:*                     LISTEN      32609/named

tcp        0      0 localhost:953           *:*                     LISTEN      32609/named

udp        0      0 *:32782                 *:*                                 32609/named

udp        0      0 localhost:domain        *:*                                 32609/named

```

I guess this means its not even listining on the right port?

----------

## overkll

No, it's listening on the right port - domain = 53.  It's only listening on localhost - 127.0.0.1

netstat -anA inet | grep 53 will give you numeric output (n)

----------

## phillosophy

oh ok...  

```
getz bind # netstat -anA inet | grep 53

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN

udp        0      0 127.0.0.1:53            0.0.0.0:*

```

I think i might have fixed it.  I added the local machine ip address to the line "Listen-on ( 192.168.1.102; 127.0.0.1 ) in the named.conf file .  Does this mean my name server is working correctly? 

now it says: 

```

getz bind # netstat -anA inet | grep 53

tcp        0      0 192.168.1.102:53        0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN

udp        0      0 192.168.1.102:53        0.0.0.0:*

udp        0      0 127.0.0.1:53            0.0.0.0:*

```

and then when I run dig again: 

```

getz bind # dig streamingforjesus.com

; <<>> DiG 9.2.5 <<>> streamingforjesus.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29460

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Mon May 30 09:05:16 2005

;; MSG SIZE  rcvd: 39

```

----------

## phillosophy

Shouldn't I get an Authority section with the NS records when I dig the local domain name streamingforjesus.com?

----------

## overkll

You must be on a mission.  Did you sleep last night?

Yep, you should.  You want me to take a peek at your zone files?

BTW, if this is your first go-round with BIND don't get discourage, it's not that easy.

----------

## phillosophy

nope, no sleep yet. 

here is my named.conf file 

```
options {

        directory "/var/bind";

        statistics-file "/var/bind/named.stats";

        dump-file "/var/log/named.dump";

        zone-statistics yes;

        allow-recursion { 127.0.0.1; 192.168.1.102; };

        allow-transfer { 192.168.1.102; };

        notify yes;

        also-notify { 192.168.1.102; };

        pid-file "/var/run/named/named.pid";

        recursive-clients 10000; // default 1000 is too low for us

        serial-query-rate 10; // default 20

        max-transfer-time-in 60; // kills transfers after 60 minutes

        transfer-format many-answers; // Generates more efficient zone transfers

        interface-interval 0; // we have no dynamic interfaces

        listen-on-v6 { none; };

        listen-on { 192.168.1.102; 127.0.0.1; };

); 

zone "." IN {

        type hint;

        file "named.ca";

};

zone "streamingforjesus.com" IN {

        type master;

        file "jesus/streamingforjesus.com";

        notify no;

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "jesus/db.192.168.1";

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

```

and here is my streamingforjesus.com zone file : 

```

$TTL 3D

streamingforjesus.com.       IN      SOA     ns1.streamingforjesus.com.

webmaster.streamingforjesus.com.  (

                                      2005052801 ; Serial

                                      8H         ; Refresh

                                      2H         ; Retry

                                      1W         ; Expire - 1 week

                                      1H    )    ; Minimum

                TXT     "Streaming For Jesus"

localhost.streamingforjesus.com. IN     A       127.0.0.1

streamingforjesus.com.          IN      A      192.168.1.102

www.streamingforjesus.com.      IN      CNAME   streamginforjesus.com.

ns.streamingforjesus.com.       IN      A      192.168.1.102

ns2.streamingforjesus.com.      IN      A       192.168.1.102

streamingforjesus.com.          IN      NS      ns.streamingforjesus.com.

streamingforjesus.com.          IN      NS      ns2.streamingforjesus.com.

mail.streamingforjesus.         IN      MX      102 streamingforjesus.com.

ftp.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

mail.streamingforjesus.com.     IN      CNAME   streamingforjesus.com.

```

----------

## overkll

Let's start with the zone file:

```
ns.streamingforjesus.com.  IN  A  ....

..... IN A ns.streamingforjesus.com.

```

Don't you want this to be ns1?  I assume that since it's in the SOA record.

The rest with A records that are all "192.168.1.102" should be converted to CNAME for now, until you get your IP ADDRESSES

102 is a bit high for an MX record.  Switch it to 10

New file:

```
$TTL 3D

streamingforjesus.com. IN SOA ns1 webmaster (

                                      2005052801 ; Serial

                                      8H         ; Refresh

                                      2H         ; Retry

                                      1W         ; Expire - 1 week

                                      1H    )    ; Minimum

                                TXT     "Streaming For Jesus"

streamingforjesus.com.          IN      NS      ns1.streamingforjesus.com.

streamingforjesus.com.          IN      NS      ns2.streamingforjesus.com.

mail.streamingforjesus.com.     IN      MX      10 streamingforjesus.com.

localhost.streamingforjesus.com. IN     A       127.0.0.1

streamingforjesus.com.          IN      A       192.168.1.102

www.streamingforjesus.com.      IN      CNAME   streamginforjesus.com.

ns1.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

ns2.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

ftp.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.
```

You may notice that I've shortened the SOA line.  Anything not ending with a "." will automatically have the domainname appended to it.  Just makes it easier to read.  The same can be done will all the host names.  For example, www.streamingforjesus.com. can become just www - Get the picture?  It's up to you.  Now let me comb thru your named.conf.

----------

## overkll

```
options {

        directory "/var/bind";

        statistics-file "/var/bind/named.stats";

        dump-file "/var/log/named.dump";

        zone-statistics yes;

        allow-recursion { 127.0.0.1; 192.168.1.102; };

        # allow-transfer { 192.168.1.102; };

        # not-running a secondary so you don't need this yet

        #notify yes;

        # ditto

        #also-notify { 192.168.1.102; };

        # ditto

        pid-file "/var/run/named/named.pid";

        recursive-clients 10000; // default 1000 is too low for us

        serial-query-rate 10; // default 20

        max-transfer-time-in 60; // kills transfers after 60 minutes

        transfer-format many-answers; // Generates more efficient zone transfers

        interface-interval 0; // we have no dynamic interfaces

        listen-on-v6 { none; };

        listen-on { 192.168.1.102; 127.0.0.1; };

);

zone "." IN {

        type hint;

        file "named.ca";

};

zone "streamingforjesus.com" IN {

        type master;

        file "jesus/streamingforjesus.com"; # Standard dir is pri/ for primary servers, sec/ for secondary

        notify no; # fine for now, not running secondary.  See BIND ADMIN MANUAL re notiify and no notify in 

                       # options and zone sections

};

zone "1.168.192.in-addr.arpa" IN {

        type master;

        file "jesus/db.192.168.1"; # Standard dir is pri/ for primary servers, sec/ for secondary

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

```

Except for my comments in the file, it looks good.  The directories for you zone files is up to you.  Just thought I'd throw that in there.  You should also take a look at the BIND 9 ADMINISTRATORS MANUAL.  

THIS SECTION is regarding notify.  Don't worry it's short.

Let 'er rip

----------

## phillosophy

Cool, I made the changes and ran dig streamingforjesus.com again and the authority section doesn't list just as when I dig yahoo.com.  am i not supposed to have an authority section because i'm not running more than one name server? 

```

getz bind # dig streamingforjesus.com

; <<>> DiG 9.2.5 <<>> streamingforjesus.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43580

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; Query time: 1 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Mon May 30 11:36:05 2005

;; MSG SIZE  rcvd: 39

```

----------

## overkll

what command did you issue?

----------

## overkll

ARG, I missed something in your zone file.

```
   TXT "Streaming for Jesus"
```

Should be

```
   IN TXT "Streaming for Jesus"
```

You don't really need it.  Change or delete that, restart BIND and what do you get?

----------

## phillosophy

Is this all i'm supposed to get? 

```
getz jesus # dig streamingforjesus.com

; <<>> DiG 9.2.5 <<>> streamingforjesus.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25023

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; Query time: 22 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Mon May 30 20:07:06 2005

;; MSG SIZE  rcvd: 39

```

----------

## overkll

Change the section under the SOA from

```
                                TXT     "Streaming For Jesus"

streamingforjesus.com.          IN      NS      ns1.streamingforjesus.com.

streamingforjesus.com.          IN      NS      ns2.streamingforjesus.com.

mail.streamingforjesus.com.     IN      MX      10 streamingforjesus.com. 
```

To

```
 IN     TXT     "Streaming For Jesus"

          IN      A        192.168.1.102

          IN      NS      ns1.streamingforjesus.com.

          IN      NS      ns2.streamingforjesus.com.

          IN      MX      10 mail.streamingforjesus.com. 
```

"dig streamingforjesus.com"  will show an ip address for streamingforjesus.com, but no SOA

"dig streamingforjesus.com -t SOA" will show the SOA.

Basically the line "IN A 192.168.1.102"  assigns an ip address to the domain itself (no hostname).  If you comment that line out "dig streamingforjesus" will show just the SOA, and not an ip address for the domain.

Give it a shot.  I think we got it this time.

----------

## phillosophy

i think it worked.. 

```
getz jesus # dig streamingforjesus.com

; <<>> DiG 9.2.5 <<>> streamingforjesus.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54752

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Tue May 31 01:28:27 2005

;; MSG SIZE  rcvd: 39

getz jesus # dig streamingforjesus.com -t soa

; <<>> DiG 9.2.5 <<>> streamingforjesus.com -t soa

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61695

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      SOA

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Tue May 31 01:30:25 2005

;; MSG SIZE  rcvd: 39

```

----------

## overkll

The firt dig failed.  Post the zone file again please.

----------

## phillosophy

```
$TTL 3D

streamingforjesus.com.       IN      SOA     ns1 webmaster  (

                                      2005052801 ; Serial

                                      8H         ; Refresh

                                      2H         ; Retry

                                      1W         ; Expire - 1 week

                                      1H    )    ; Minimum

              IN  TXT     "Streaming For Jesus"

streamingforjesus.com.          IN      A       192.168.1.102

streamingforjesus.com.          IN      NS

ns1.streamingforjesus.com.

streamingforjesus.com           IN      NS

ns2.streamingforjesus.com.

mail.streamingforjesus.com.     IN      MX      10

streamingforjesus.com.

localhost.streamingforjesus.com. IN     A       127.0.0.1

www.streamingforjesus.com.      IN      CNAME   streamginforjesus.com.

ns1.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

ns2.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

ftp.streamingforjesus.com.      IN      CNAME   streamingforjesus.com.

```

----------

## adaptr

 *Quote:*   

> i think it worked.. 

 

No it didn't - neither query returns an answer.

From now on, run

```
dig streamingforjesus.com any
```

to get any info there is on the domain, including nameservers, mail exchangers and text records.

A few more comments (also for overkill)

```
          IN      MX      10 mail.streamingforjesus.com.
```

This is only valid if mail.sfj.com is an A record - it may not be a CNAME!

Your best options here are:

```
$TTL 3D

@        IN SOA ns1 webmaster (

                           2005053002 ; Serial

                           8H         ; Refresh

                           2H         ; Retry

                           1W         ; Expire - 1 week

                           1H    )    ; Minimum

         IN TXT     "Streaming For Jesus"

         IN NS      ns1

         IN MX      10 mail

         IN A       192.168.1.102

ns1      IN A       192.168.1.102

mail     IN A       192.168.1.102

www      IN CNAME   mail

ftp      IN CNAME   mail

```

Neither the MX record nor the NS ones should be CNAMEs.

If you change this and reload the database:

```
rndc reload
```

an "any" query against your domain should return the SOA, TXT, NS and MX records.

Also, if you

```
dig streamingforjesus.com www
```

it should return both the CNAME and the A record it points to.

----------

## overkll

Thanks for the tips adaptr!  I'm always willing to learn.

I thought if the right side of the RR was an IP, it needed to be unique i.e. no multiple A records with the same IP address.

Glad a veteren jumped in to help!  Maybe you can check this one too?

https://forums.gentoo.org/viewtopic-t-343373-highlight-.html

----------

## phillosophy

I made the changes above and came up with the following when I dig streamingforjesus.com www.  I don't see the cname entries for mail or ftp, i just see one for the www which is an A record.  Does this mean its still not working? Also, why do you only use an "@" instead of the domain name? 

```
getz jesus # rndc reload

getz jesus # dig streamingforjesus.com any

; <<>> DiG 9.2.5 <<>> streamingforjesus.com any

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31943

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      ANY

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Tue May 31 07:38:08 2005

;; MSG SIZE  rcvd: 39

getz jesus # dig streamingforjesus.com www

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14457

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Tue May 31 07:38:19 2005

;; MSG SIZE  rcvd: 39

; <<>> DiG 9.2.5 <<>> streamingforjesus.com www

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64647

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;www.                           IN      A

;; AUTHORITY SECTION:

.                       10740   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2005053000 1800 900 604800 86400

;; Query time: 0 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Tue May 31 07:38:19 2005

;; MSG SIZE  rcvd: 96

```

----------

## overkll

Yes this means it's still not working  :Sad: 

From O'Reily DNS and BIND, 4th Edition:

 *Quote:*   

> The @ Notation:
> 
> If a domain name is the same as the origin, the name can be specified as "@".  This is most often seen in the SOA record in the zone data files.

 

I copied the zone file that adaptr provided, removed the .com and change the ip address to my network to test it.

dig streamingforjesus

```
; <<>> DiG 9.2.5 <<>> streamingforjesus

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4326

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;streamingforjesus.             IN      A

;; ANSWER SECTION:

streamingforjesus.      259200  IN      A       10.0.0.10

;; AUTHORITY SECTION:

streamingforjesus.      259200  IN      NS      ns1.streamingforjesus.

;; ADDITIONAL SECTION:

ns1.streamingforjesus.  259200  IN      A       10.0.0.10

;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon May 30 19:16:59 2005

;; MSG SIZE  rcvd: 85
```

dig streamingforjesus any

```
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18876

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:

;streamingforjesus.             IN      ANY

;; ANSWER SECTION:

streamingforjesus.      259200  IN      SOA     ns1.streamingforjesus. webmaster.streamingforjesus. 2005053002 28800 7200 604800 3600

streamingforjesus.      259200  IN      TXT     "Streaming For Jesus"

streamingforjesus.      259200  IN      NS      ns1.streamingforjesus.

streamingforjesus.      259200  IN      MX      10 mail.streamingforjesus.

streamingforjesus.      259200  IN      A       10.0.0.10

;; ADDITIONAL SECTION:

ns1.streamingforjesus.  259200  IN      A       10.0.0.10

mail.streamingforjesus. 259200  IN      A       10.0.0.10

;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Mon May 30 19:18:12 2005

;; MSG SIZE  rcvd: 200
```

So the zone file seems to be fine.  Must be something else.  Do you have any errors in your log files?

----------

## phillosophy

are there any other logs which named.conf might put other than /var/log/messages when you restart the service using /etc/init.d/named restart ?

----------

## overkll

Sorry for the delay....

/var/log/daemon.log and /var/log/syslog.

----------

## phillosophy

i don't have those 2 files.  is there another logger i need to emerge?

----------

## overkll

What logger do you use? Syslog-ng?

----------

## phillosophy

yes, should I emerge another?

----------

## overkll

No, syslog-ng is fine.  I think it logs pretty much everything to messages.  I don't use it though - reason being a have some perl scripts to monitor my logs and syslog-ng's output/format doesn't work with them.

Anyway, I think your named.conf file is the issue.   Let's enable debuging output.  Edit /etc/conf.d/named.  There is a line with options="".  If you put "-d 5" that should be sufficient.  The logfile will be /var/bind/named.run.  This file can get huge if you forget to turn this off.  It got up to 1.7 gb on me once!!!

Run named, dig a few times and check the log for errors.  You can run the log in an open window if you've got X, or gnome, etc running.  At a terminal window type "tail -f /var/bind/named.run".  It'll scroll as it's updated.  To exit, control-c

You may want to also check out the progs named-checkconf and named-checkzone.  Both are included in the BIND package so you should already have them on your system.

----------

## phillosophy

I didn't see a /var/bind/named.run file for tailing.  Is this a file I need to create or set as a log file somewhere in named.conf?  

here's what i got in the messages file: 

```
Jun  1 10:13:52 getz rc-scripts: ERROR:  "named" has not yet been started.

Jun  1 10:13:52 getz named[2394]: starting BIND 9.2.5 -u named -n 1 -d 5

Jun  1 10:13:52 getz named[2394]: using 1 CPU

Jun  1 10:13:52 getz named[2394]: loading configuration from '/etc/bind/named.co

nf'

Jun  1 10:13:52 getz named[2394]: no IPv6 interfaces found

Jun  1 10:13:52 getz named[2394]: listening on IPv4 interface lo, 127.0.0.1#53

Jun  1 10:13:52 getz named[2394]: listening on IPv4 interface eth0, 192.168.1.10

2#53

Jun  1 10:13:52 getz named[2394]: command channel listening on 127.0.0.1#953

```

----------

## overkll

No, you don't need to create it.

How did you start/restart BIND? Did you do "rndc reload" or "/etc/init.d/named restart"?  You need to do the later to load the new settings.  Probably a good idea to always use the init script.  rndc will work, but I don't think it takes all the Gentoo customization into mind.

You should have the file then so you can tail it.

----------

## phillosophy

i restarted bind by running  " /etc/init.d/named restart " 

only files i have in /var/bind/ are 

jesus 

named.ca 

pri / 

sec / 

root.cache 

conf /

----------

## overkll

Bizaar!  What's the conf/ dir doing there.  Back to that later.

Do you have slocate installed? If not, emerge slocate.

Then "updatedb" 

Then "locate */named.run"

It's gotta be there somewhere!

----------

## phillosophy

i ran updatedb and 'locate */named.run' and it turned out: 

```
getz conf # updatedb

getz conf # locate */named.run

/usr/share/doc/bind-9.2.5-r4/dhcp-dynamic-dns-examples/bind/var/named/named.run

getz conf # cd /usr/share/doc/bind-9.2.5-r4/dhcp-dynamic-dns-examples/bind/var/named/

```

should i emerge unemerge bind and re-emerge it?

----------

## overkll

Your call.  It wouldn't hurt.

----------

## phillosophy

i tried emerge unmerge and then emerging bind again and got the same files installled. 

I think i'm stumped at this point.

----------

## overkll

Well, I thought that'd be easy enough.  Let's just run it from a terminal with debugging enabled.  We'll use two terminals, one for the logging and one for dig.

In the first terminal:

```
named -c /etc/bind/named.conf -d 5 -g -n 1 -u named
```

Explanation of options:

-c /path/to/config-file

-d 5 = debugging level 5

-g = run in forground and force all logging to stderr

-n 1 = number of processors = 1

-u named = run as user named

Check for errors

In the second:

```
dig stj.com

dig stj.com any

dig www.stj.com
```

(stj=streamingforjesus.com)

Check for errors

EDIT

To stop named, Ctrl-c at the debugging terminal

----------

## phillosophy

I ran the lines that you suggested.  Here is my output: 

```
getz conf.d # named -c /etc/bind/named.conf -d 5 -g -n 1 -u named

Jun 02 00:49:31.377 starting BIND 9.2.5 -c /etc/bind/named.conf -d 5 -g -n 1 -u named

Jun 02 00:49:31.377 using 1 CPU

Jun 02 00:49:31.379 loading configuration from '/etc/bind/named.conf'

Jun 02 00:49:31.380 set maximum stack size to 4294967295: success

Jun 02 00:49:31.381 set maximum data size to 4294967295: success

Jun 02 00:49:31.381 set maximum core size to 4294967295: success

Jun 02 00:49:31.381 set maximum open files to 1024: success

Jun 02 00:49:31.384 no IPv6 interfaces found

Jun 02 00:49:31.385 listening on IPv4 interface lo, 127.0.0.1#53

Jun 02 00:49:31.385 clientmgr @0x8097938: create

Jun 02 00:49:31.385 clientmgr @0x8097938: createclients

Jun 02 00:49:31.385 clientmgr @0x8097938: create new

Jun 02 00:49:31.385 client @0x80caf60: create

Jun 02 00:49:31.385 binding TCP socket: address in use

Jun 02 00:49:31.385 listening on IPv4 interface eth0, 192.168.1.102#53

Jun 02 00:49:31.386 clientmgr @0x80ccd28: create

Jun 02 00:49:31.386 clientmgr @0x80ccd28: createclients

Jun 02 00:49:31.386 clientmgr @0x80ccd28: create new

Jun 02 00:49:31.386 client @0x80cd118: create

Jun 02 00:49:31.386 binding TCP socket: address in use

Jun 02 00:49:31.387 res 0x80d32e8: create

Jun 02 00:49:31.388 Cleaning interval for adb:  8 buckets every 30 seconds, 1009 buckets in system, 3600 cl.interval

Jun 02 00:49:31.388 dns_requestmgr_create

Jun 02 00:49:31.388 dns_requestmgr_create: 0x80d43a0

Jun 02 00:49:31.388 dns_requestmgr_whenshutdown

Jun 02 00:49:31.388 replacing zone database

Jun 02 00:49:31.388 replacing zone database

Jun 02 00:49:31.389 couldn't add command channel 127.0.0.1#953: address in use

Jun 02 00:49:31.389 ignoring config file logging statement due to -g option

Jun 02 00:49:31.389 load_configuration: success

Jun 02 00:49:31.389 zone 127.in-addr.arpa/IN: starting load

Jun 02 00:49:31.390 zone 127.in-addr.arpa/IN: number of nodes in database: 2

Jun 02 00:49:31.390 zone 127.in-addr.arpa/IN: loaded

Jun 02 00:49:31.390 no journal file, but that's OK

Jun 02 00:49:31.390 zone 127.in-addr.arpa/IN: journal rollforward completed successfully: no journal

Jun 02 00:49:31.391 zone 127.in-addr.arpa/IN: loaded serial 2002081601

Jun 02 00:49:31.391 zone 1.168.192.in-addr.arpa/IN: starting load

Jun 02 00:49:31.391 zone 1.168.192.in-addr.arpa/IN: loading master file jesus/db.192.168.1: invalid file

Jun 02 00:49:31.391 calling free_rbtdb(1.168.192.in-addr.arpa)

Jun 02 00:49:31.391 done free_rbtdb(1.168.192.in-addr.arpa)

Jun 02 00:49:31.391 zone streamingforjesus.com/IN: starting load

Jun 02 00:49:31.391 zone streamingforjesus.com/IN: loading master file jesus/streamingforjesus.com: invalid file

Jun 02 00:49:31.391 calling free_rbtdb(streamingforjesus.com)

Jun 02 00:49:31.392 done free_rbtdb(streamingforjesus.com)

Jun 02 00:49:31.392 zone localhost/IN: starting load

Jun 02 00:49:31.392 zone localhost/IN: number of nodes in database: 1

Jun 02 00:49:31.392 zone localhost/IN: loaded

Jun 02 00:49:31.393 no journal file, but that's OK

Jun 02 00:49:31.393 zone localhost/IN: journal rollforward completed successfully: no journal

Jun 02 00:49:31.393 zone localhost/IN: loaded serial 2002081601

Jun 02 00:49:31.393 dns_zone_maintenance: zone streamingforjesus.com/IN: enter

Jun 02 00:49:31.393 dns_zone_maintenance: zone 1.168.192.in-addr.arpa/IN: enter

Jun 02 00:49:31.393 dns_zone_maintenance: zone localhost/IN: enter

Jun 02 00:49:31.393 dns_zone_maintenance: zone 127.in-addr.arpa/IN: enter

Jun 02 00:49:31.393 dns_zone_maintenance: zone version.bind/CH: enter

Jun 02 00:49:31.393 dns_zone_maintenance: zone authors.bind/CH: enter

Jun 02 00:49:31.394 running

Jun 02 00:49:31.394 client @0x80caf60: udprecv

Jun 02 00:49:31.394 client @0x80cd118: udprecv

Jun 02 00:49:31.394 zone_timer: zone localhost/IN: enter

Jun 02 00:49:31.394 zone_maintenance: zone localhost/IN: enter

Jun 02 00:49:31.394 zone_timer: zone 127.in-addr.arpa/IN: enter

Jun 02 00:49:31.394 zone_maintenance: zone 127.in-addr.arpa/IN: enter

Jun 02 00:49:31.394 zone_timer: zone version.bind/CH: enter

Jun 02 00:49:31.394 zone_maintenance: zone version.bind/CH: enter

Jun 02 00:49:31.395 zone_timer: zone authors.bind/CH: enter

Jun 02 00:49:31.395 zone_maintenance: zone authors.bind/CH: enter

Jun 02 00:50:13.798 client 192.168.1.102#32771: UDP request

Jun 02 00:50:13.798 client 192.168.1.102#32771: using view '_default'

Jun 02 00:50:13.798 client 192.168.1.102#32771: request is not signed

Jun 02 00:50:13.798 client 192.168.1.102#32771: recursion available: approved

Jun 02 00:50:13.798 client 192.168.1.102#32771: query

Jun 02 00:50:13.798 client 192.168.1.102#32771: query: streamingforjesus.com IN A

Jun 02 00:50:13.798 client 192.168.1.102#32771: error

Jun 02 00:50:13.798 client 192.168.1.102#32771: send

Jun 02 00:50:13.799 client 192.168.1.102#32771: sendto

Jun 02 00:50:13.799 client 192.168.1.102#32771: senddone

Jun 02 00:50:13.799 client 192.168.1.102#32771: next

Jun 02 00:50:13.799 client 192.168.1.102#32771: endrequest

Jun 02 00:50:13.799 client @0x80cd118: udprecv

Jun 02 00:50:28.799 client 192.168.1.102#32771: UDP request

Jun 02 00:50:28.799 client 192.168.1.102#32771: using view '_default'

Jun 02 00:50:28.799 client 192.168.1.102#32771: request is not signed

Jun 02 00:50:28.799 client 192.168.1.102#32771: recursion available: approved

Jun 02 00:50:28.799 client 192.168.1.102#32771: query

Jun 02 00:50:28.800 client 192.168.1.102#32771: query: streamingforjesus.com IN ANY

Jun 02 00:50:28.800 client 192.168.1.102#32771: error

Jun 02 00:50:28.800 client 192.168.1.102#32771: send

Jun 02 00:50:28.800 client 192.168.1.102#32771: sendto

Jun 02 00:50:28.800 client 192.168.1.102#32771: senddone

Jun 02 00:50:28.800 client 192.168.1.102#32771: next

Jun 02 00:50:28.800 client 192.168.1.102#32771: endrequest

Jun 02 00:50:28.800 client @0x80cd118: udprecv

Jun 02 00:50:40.998 client 192.168.1.102#32771: UDP request

Jun 02 00:50:40.998 client 192.168.1.102#32771: using view '_default'

Jun 02 00:50:40.998 client 192.168.1.102#32771: request is not signed

Jun 02 00:50:40.998 client 192.168.1.102#32771: recursion available: approved

Jun 02 00:50:40.999 client 192.168.1.102#32771: query

Jun 02 00:50:40.999 client 192.168.1.102#32771: query: www.streamingforjesus.com IN A

Jun 02 00:50:40.999 client 192.168.1.102#32771: error

Jun 02 00:50:40.999 client 192.168.1.102#32771: send

Jun 02 00:50:40.999 client 192.168.1.102#32771: sendto

Jun 02 00:50:40.999 client 192.168.1.102#32771: senddone

Jun 02 00:50:40.999 client 192.168.1.102#32771: next

Jun 02 00:50:40.999 client 192.168.1.102#32771: endrequest

Jun 02 00:50:40.999 client @0x80cd118: udprecv

Jun 02 00:51:29.843 shutting down

Jun 02 00:51:29.844 res 0x80d32e8: shutdown

Jun 02 00:51:29.844 res 0x80d32e8: exiting

Jun 02 00:51:29.844 dns_requestmgr_shutdown: 0x80d43a0

Jun 02 00:51:29.844 send_shutdown_events: 0x80d43a0

Jun 02 00:51:29.844 no longer listening on 127.0.0.1#53

Jun 02 00:51:29.844 clientmgr @0x8097938: destroy

Jun 02 00:51:29.844 no longer listening on 192.168.1.102#53

Jun 02 00:51:29.844 clientmgr @0x80ccd28: destroy

Jun 02 00:51:29.844 calling free_rbtdb(.)

Jun 02 00:51:29.844 done free_rbtdb(.)

Jun 02 00:51:29.844 zone_shutdown: zone 127.in-addr.arpa/IN: shutting down

Jun 02 00:51:29.844 calling free_rbtdb(127.in-addr.arpa)

Jun 02 00:51:29.844 done free_rbtdb(127.in-addr.arpa)

Jun 02 00:51:29.844 zone_shutdown: zone localhost/IN: shutting down

Jun 02 00:51:29.844 calling free_rbtdb(localhost)

Jun 02 00:51:29.844 done free_rbtdb(localhost)

Jun 02 00:51:29.845 zone_shutdown: zone 1.168.192.in-addr.arpa/IN: shutting down

Jun 02 00:51:29.845 zone_shutdown: zone streamingforjesus.com/IN: shutting down

Jun 02 00:51:29.845 zone_shutdown: zone authors.bind/CH: shutting down

Jun 02 00:51:29.845 calling free_rbtdb(authors.bind)

Jun 02 00:51:29.845 done free_rbtdb(authors.bind)

Jun 02 00:51:29.845 zone_shutdown: zone version.bind/CH: shutting down

Jun 02 00:51:29.845 calling free_rbtdb(version.bind)

Jun 02 00:51:29.845 done free_rbtdb(version.bind)

Jun 02 00:51:29.845 client @0x80caf60: shutdown

Jun 02 00:51:29.845 client @0x80caf60: free

Jun 02 00:51:29.845 clientmgr @0x8097938: clientmgr_destroy

Jun 02 00:51:29.845 client @0x80cd118: shutdown

Jun 02 00:51:29.845 client @0x80cd118: free

Jun 02 00:51:29.845 clientmgr @0x80ccd28: clientmgr_destroy

Jun 02 00:51:29.845 res 0x80d32e8: detach

Jun 02 00:51:29.845 res 0x80d32e8: destroy

Jun 02 00:51:29.845 dns_requestmgr_detach: 0x80d43a0: eref 0 iref 0

Jun 02 00:51:29.845 mgr_destroy

Jun 02 00:51:29.845 calling free_rbtdb(.)

Jun 02 00:51:29.846 done free_rbtdb(.)

Jun 02 00:51:29.846 calling free_rbtdb(.)

Jun 02 00:51:29.846 done free_rbtdb(.)

Jun 02 00:51:29.846 exiting

```

----------

## overkll

Did you notice this line?

```
Jun 02 00:49:31.391 zone 1.168.192.in-addr.arpa/IN: loading master file jesus/db.192.168.1: invalid file
```

----------

## phillosophy

yes, I saw that and then changed it to the full system path name. Once I did that, it says it has an unexpected eol.  

here is my db.192.168.1 file 

```
$TTL 3h

1.168.192.in-addr.arpa. IN SOA getz.streamingforjesus.com.

webmaster.streamingforjesus.com. (

                              1                  ; serial

                              3h                 ; refresh after 3 hrs

                              1h                 ; retry in 1 hr

                              1w                 ; expire in 1 wk

                              1h )               ; negative caching ttl of 1 hr

;name server

1.168.192.in-addr.arpa. IN NS getz.streamingforjesus.com.

;address point to canonical name

102.1.168.192.in-addr.arpa. IN PTR getz.streamingforjesus.com.

```

Here is the output 

```
Jun 02 01:34:19.033 zone 1.168.192.in-addr.arpa/IN: starting load

Jun 02 01:34:19.034 dns_rdata_fromtext: /etc/bind/jesus/db.192.168.1:2: near eol: unexpected end of input

Jun 02 01:34:19.034 zone 1.168.192.in-addr.arpa/IN: loading master file /etc/bind/jesus/db.192.168.1: unexpected end of input

Jun 02 01:34:19.034 calling free_rbtdb(1.168.192.in-addr.arpa)

Jun 02 01:34:19.034 done free_rbtdb(1.168.192.in-addr.arpa)

Jun 02 01:34:19.034 zone streamingforjesus.com/IN: starting load

Jun 02 01:34:19.035 dns_rdata_fromtext: /etc/bind/jesus/streamingforjesus.com:21: near eol: unexpected end of input

Jun 02 01:34:19.035 zone streamingforjesus.com/IN: loading master file /etc/bind/jesus/streamingforjesus.com: unexpected end of input

```

----------

## kashani

If you're using the bind config I posted from our other thread all you logs are going to be in /var/log/named/ That might be why you aren't seeing them in /var/log/messages. Assuming this is the case /var/log/named/general.log is probably going to be the most informative.

kashani

----------

## overkll

Good catch!

```
dns_rdata_fromtext: /etc/bind/jesus/db.192.168.1:2: near eol: unexpected end of input
```

That roughly translates:

db.192.168.1 = file name (but you knew that already)

:2 = line number

expected end of input = something funky - that line isn't ending correctly

```
1.168.192.in-addr.arpa. IN SOA getz.streamingforjesus.com.

webmaster.streamingforjesus.com. ( 
```

Should be one line.  Many use the abbrieviated text to make this shorter and easier and less error prone.  If you accidently wrap a line, BIND won't like it.  Try this and run your test again.

```
$TTL 3h

1.168.192.in-addr.arpa. IN SOA getz webmaster (

            1   ; serial

            3h   ; refresh after 3 hrs

            1h   ; retry in 1 hr

            1w   ; expire in 1 wk

            1h )   ; negative caching ttl of 1 hr

;name server

        IN   NS getz.streamingforjesus.com.

;address point to canonical name

102      PTR getz.streamingforjesus.com. 
```

Last edited by overkll on Wed Jun 01, 2005 6:02 pm; edited 1 time in total

----------

## phillosophy

I think there might be something wrong with my named process.  It looks like I'm unable to stop it when I restart it because it shows the  [!!!]   next to it and then it says warning named has already been started.  

```
getz pri # /etc/init.d/named restart

 * Stopping named...                                                      [ !! ]

 * WARNING:  "named" has already been started.

```

Before I go in and kill it, with 'ps -ax', would the debugging command : 

```

named -c /etc/bind/named.conf -d 5 -g -n 1 -u named 
```

have anything to do with this?

----------

## overkll

Yes it would.

As I mentioned before (it was an EDIT) stop the debugging terminal with Ctrl-c - that is press & hold the control and press c.

Kill the process however you see fit.  FYI, if you ever get [!!] stopping an init script, you can reset it with /etc/init.d/xxxxx zap.

----------

## overkll

 *kashani wrote:*   

> If you're using the bind config I posted from our other thread all you logs are going to be in /var/log/named/ That might be why you aren't seeing them in /var/log/messages. Assuming this is the case /var/log/named/general.log is probably going to be the most informative.

 

Thanks Kashani!  BTW, That was one monster of a file!

You have any idea why setting OPTIONS="-d 5" in /etc/conf.d/named DOES NOT produce the /var/bind/named.run file?Last edited by overkll on Wed Jun 01, 2005 6:13 pm; edited 1 time in total

----------

## phillosophy

Even though my named doesn't seem to want to stop, I think it might be working now: 

Here is what happens when I run dig : 

```
getz bind # dig streamingforjesus.com www

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16600

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;streamingforjesus.com.         IN      A

;; ANSWER SECTION:

streamingforjesus.com.  259200  IN      A       192.168.1.102

;; AUTHORITY SECTION:

streamingforjesus.com.  259200  IN      NS      ns1.streamingforjesus.com.

;; ADDITIONAL SECTION:

ns1.streamingforjesus.com. 259200 IN    A       192.168.1.102

;; Query time: 1 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Thu Jun  2 02:06:34 2005

;; MSG SIZE  rcvd: 89

; <<>> DiG 9.2.5 <<>> streamingforjesus.com www

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1628

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;www.                           IN      A

;; AUTHORITY SECTION:

.                       10800   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2005053101 1800 900 604800 86400

;; Query time: 65 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Thu Jun  2 02:06:34 2005

;; MSG SIZE  rcvd: 96

getz bind # dig www.streamingforjesus.com

; <<>> DiG 9.2.5 <<>> www.streamingforjesus.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12001

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;www.streamingforjesus.com.     IN      A

;; ANSWER SECTION:

www.streamingforjesus.com. 259200 IN    CNAME   mail.streamingforjesus.com.

mail.streamingforjesus.com. 259200 IN   A       192.168.1.102

;; AUTHORITY SECTION:

streamingforjesus.com.  259200  IN      NS      ns1.streamingforjesus.com.

;; ADDITIONAL SECTION:

ns1.streamingforjesus.com. 259200 IN    A       192.168.1.102

;; Query time: 1 msec

;; SERVER: 192.168.1.102#53(192.168.1.102)

;; WHEN: Thu Jun  2 02:06:50 2005

;; MSG SIZE  rcvd: 112

```

Here is the debug messages: 

 *Quote:*   

> getz pri # named -c /etc/bind/named.conf -d 5 -g -n 1 -u named
> 
> Jun 02 02:05:45.138 starting BIND 9.2.5 -c /etc/bind/named.conf -d 5 -g -n 1 -u named
> 
> Jun 02 02:05:45.138 using 1 CPU
> ...

 

----------

## phillosophy

cool, the zap stopped the process and it allowed me to restart it.  

So I guess its safe to assume my name server is up and running correctly?

----------

## overkll

Looks good to me......but I'm no expert. 

You may want to consider running named chrooted if your going to be on the internet with this puppy.

----------

## kashani

 *overkll wrote:*   

> 
> 
> You have any idea why setting OPTIONS="-d 5" in /etc/conf.d/named DOES NOT produce the /var/bind/named.run file?

 

Setting all the log facilities might have overridden the default /usr/tmp/named.run or it may have ended up in /tmp or /var/tmp which updatedb ignores. 

kashani

----------

## phillosophy

how come when I run ' telnet mail.streamingforjesus.com 25'  it says connection refused?  Shouldn't the port be open?  or do I actually need a process to be watching that port?  

I do have postfix running.

----------

## overkll

Are you running any security programs on your system that may be refusing the connection?  Iptables firewall, inetd, etc?

----------

## phillosophy

not that i know of.  From a bare installation, i just emerged bind and postfix along with some tools.

----------

## overkll

Is your name server just for testing on your local machine?  I did a dig on mail.streamingforjesus.com and there is a live one on the internet.  Are you trying to connect to the live one or the one on your local system?

If you're just trying to test if your postfix is up and answering, just telnet to the ip address instead of the name.  You can also use netstat to show what ports are up and listening.

```
netstat -anA inet
```

will list all listing ports/connetions

```
netstat -anpA inet
```

will be the same but with attached processes listed

```
netstat -anA inet|grep 25
```

will filter the list to show anything with "25" in it, namely an instance of postfix.

HTH

----------

## phillosophy

The name server is just for the local lan for now.  I am tryng to connect to the one on my local system. 

it looks like port 25 isn't running 

```
getz root # netstat -anA inet

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN

tcp        0      0 192.168.1.102:53        0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

tcp        0    396 192.168.1.102:22        192.168.1.100:4964      ESTABLISHED

udp        0      0 0.0.0.0:32768           0.0.0.0:*

udp        0      0 192.168.1.102:53        0.0.0.0:*

udp        0      0 127.0.0.1:53            0.0.0.0:*

getz root # netstat -anpA inet

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      2166/mysqld

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2173/apache2

tcp        0      0 192.168.1.102:53        0.0.0.0:*               LISTEN      2052/named

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2052/named

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1728/sshd

tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2052/named

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2173/apache2

tcp        0    248 192.168.1.102:22        192.168.1.100:4964      ESTABLISHED 2500/0

udp        0      0 0.0.0.0:32768           0.0.0.0:*                           2052/named

udp        0      0 192.168.1.102:53        0.0.0.0:*                           2052/named

udp        0      0 127.0.0.1:53            0.0.0.0:*                           2052/named

getz root # netstat -anA inet | grep 25

getz root #

```

----------

## overkll

Nope it's not running.  Did you get it going since your last post?

----------

## phillosophy

I can telnet 192.168.1.102 25 and it connects however i don't get any response from postfix..

----------

## overkll

Check you logs for errors.  Sounds like postfix isn't working correctly.  You may need to revisit you main.cf postfix file.  Have you tried the command "postfix check" ?

----------

## phillosophy

I don't see any errors in my logs.  Howver, when I run /usr/sbin/posftix check 

the following turns up in my messages file: 

```
Jun  9 08:33:23 getz rc-scripts: ERROR:  wrong args. (  check / check )

Jun  9 08:33:23 getz rc-scripts: Usage: postfix { start|stop|restart|reload }

Jun  9 08:33:23 getz rc-scripts:        postfix without arguments for full help

```

----------

## phillosophy

when i run postfix check 

I get the following in the messages file: 

```
Jun  9 12:31:09 getz postfix/qmgr[2351]: AC2EF46C4B: from=<>, size=2598, nrcpt=1 (queue active)

Jun  9 12:31:39 getz postfix/smtp[2373]: connect to test.com[208.48.34.132]: Connection timed out (port 25)

Jun  9 12:31:39 getz postfix/smtp[2373]: AC2EF46C4B: to=<test@test.com>, relay=none, delay=186007, status=deferred (connect to test.com[208.48.34.132]: Connection timed out)

```

----------

## kashani

The usual mistake on a new install is forgetting to run newaliases before starting up Postfix. Try that and then restart it. If it's still failing you'll want to start looking at your logs. POstfix is usually pretty good about bitching loudly and succintly about its issues. 

kashani

----------

## phillosophy

I ran newaliases and restarted postfix and still don't see any errors. 

```
Jun 10 09:36:58 getz postfix/postfix-script: stopping the Postfix mail system

Jun 10 09:36:58 getz postfix/master[2330]: terminating on signal 15

Jun 10 09:36:59 getz postfix/postfix-script: starting the Postfix mail system

Jun 10 09:36:59 getz postfix/master[2482]: daemon started -- version 2.1.5

```

----------

## adaptr

 *phillosophy wrote:*   

> I can telnet 192.168.1.102 25 and it connects however i don't get any response from postfix.

 

What do you mean by "it connects"?

Exact output please.

 *phillosophy wrote:*   

> .I don't see any errors in my logs.

 

That's pretty much impossible - you say you start postfix and  it succeeds in starting, yet you have no SMTP and there are no errors in the postfix log ?

Not a chance.

Wait - did you verify that postfix is actually running after starting it ?

 *phillosophy wrote:*   

>  Howver, when I run /usr/sbin/posftix check the following turns up in my messages file: 

 

Please post the output of

```
postconf -v
```

----------

## phillosophy

here is the output for my postconf -v : 

```

getz root # postconf -v | less

2bounce_notice_recipient = postmaster

access_map_reject_code = 554

address_verify_default_transport = $default_transport

address_verify_local_transport = $local_transport

address_verify_map =

address_verify_negative_cache = yes

address_verify_negative_expire_time = 3d

address_verify_negative_refresh_time = 3h

address_verify_poll_count = 3

address_verify_poll_delay = 3s

address_verify_positive_expire_time = 31d

address_verify_positive_refresh_time = 7d

address_verify_relay_transport = $relay_transport

address_verify_relayhost = $relayhost

address_verify_sender = postmaster

address_verify_service_name = verify

address_verify_transport_maps = $transport_maps

address_verify_virtual_transport = $virtual_transport

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

allow_mail_to_commands = alias, forward

allow_mail_to_files = alias, forward

allow_min_user = no

allow_percent_hack = yes

allow_untrusted_routing = no

alternate_config_directories =

always_bcc =

append_at_myorigin = yes

append_dot_mydomain = yes

application_event_drain_time = 100s

backwards_bounce_logfile_compatibility = yes

berkeley_db_create_buffer_size = 16777216

berkeley_db_read_buffer_size = 131072

best_mx_transport =

biff = yes

body_checks =

body_checks_size_limit = 51200

bounce_notice_recipient = postmaster

bounce_queue_lifetime = 5d

bounce_service_name = bounce

bounce_size_limit = 50000

broken_sasl_auth_clients = no

canonical_maps =

cleanup_service_name = cleanup

command_directory = /usr/sbin

command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEF

GHIJKLMNOPQRSTUVWXYZ

command_time_limit = 1000s

config_directory = /etc/postfix

content_filter =

daemon_directory = /usr/lib/postfix

daemon_timeout = 18000s

debug_peer_level = 2

debug_peer_list =

default_database_type = hash

default_delivery_slot_cost = 5

default_delivery_slot_discount = 50

default_delivery_slot_loan = 3

default_destination_concurrency_limit = 2

default_destination_recipient_limit = 50

default_extra_recipient_limit = 1000

default_minimum_delivery_slots = 3

default_privs = nobody

default_process_limit = 100

default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocke

d using $rbl_domain${rbl_reason?; $rbl_reason}

default_recipient_limit = 10000

default_transport = smtp

default_verp_delimiters = +=

defer_code = 450

defer_service_name = defer

defer_transports =

delay_notice_recipient = postmaster

delay_warning_time = 0h

deliver_lock_attempts = 20

deliver_lock_delay = 1s

disable_dns_lookups = no

disable_mime_input_processing = no

disable_mime_output_conversion = no

disable_verp_bounces = no

disable_vrfy_command = no

dont_remove = 0

double_bounce_sender = double-bounce

duplicate_filter_limit = 1000

empty_address_recipient = MAILER-DAEMON

enable_errors_to = no

enable_original_recipient = yes

error_notice_recipient = postmaster

error_service_name = error

expand_owner_alias = no

export_environment = TZ MAIL_CONFIG

fallback_relay =

fallback_transport =

fast_flush_domains = $relay_domains

fast_flush_purge_time = 7d

fast_flush_refresh_time = 12h

fault_injection_code = 0

flush_service_name = flush

fork_attempts = 5

fork_delay = 1s

forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEF

GHIJKLMNOPQRSTUVWXYZ

forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward

hash_queue_depth = 1

hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace

header_address_token_limit = 10240

header_checks =

header_size_limit = 102400

helpful_warnings = yes

home_mailbox = .maildir/

hopcount_limit = 50

html_directory = no

ignore_mx_lookup_error = no

import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY

in_flow_delay = 1s

inet_interfaces = all

initial_destination_concurrency = 5

invalid_hostname_reject_code = 501

ipc_idle = 100s

ipc_timeout = 3600s

ipc_ttl = 1000s

line_length_limit = 2048

lmtp_bind_address =

lmtp_bind_address6 =

lmtp_cache_connection = yes

lmtp_connect_timeout = 0s

lmtp_data_done_timeout = 600s

lmtp_data_init_timeout = 120s

lmtp_data_xfer_timeout = 180s

lmtp_destination_concurrency_limit = $default_destination_concurrency_limit

lmtp_destination_recipient_limit = $default_destination_recipient_limit

lmtp_lhlo_timeout = 300s

lmtp_mail_timeout = 300s

lmtp_quit_timeout = 300s

lmtp_rcpt_timeout = 300s

lmtp_rset_timeout = 120s

lmtp_sasl_auth_enable = no

lmtp_sasl_password_maps =

lmtp_sasl_security_options = noplaintext, noanonymous

lmtp_send_xforward_command = no

lmtp_skip_quit_response = no

lmtp_tcp_port = 24

lmtp_xforward_timeout = 300s

local_command_shell =

local_destination_concurrency_limit = 2

local_destination_recipient_limit = 1

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

local_transport = local:$myhostname

luser_relay =

mail_name = Postfix

mail_owner = postfix

mail_release_date = 20040915

mail_spool_directory = /var/mail

mail_version = 2.1.5

mailbox_command =

mailbox_command_maps =

mailbox_delivery_lock = fcntl, dotlock

mailbox_size_limit = 51200000

mailbox_transport =

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

maps_rbl_domains =

maps_rbl_reject_code = 554

masquerade_classes = envelope_sender, header_sender, header_recipient

masquerade_domains =

masquerade_exceptions =

max_idle = 100s

max_use = 100

maximal_backoff_time = 4000s

maximal_queue_lifetime = 5d

message_size_limit = 10240000

mime_boundary_length_limit = 2048

mime_header_checks = $header_checks

mime_nesting_limit = 100

minimal_backoff_time = 1000s

multi_recipient_bounce_reject_code = 550

mydestination = $myhostname, localhost.$mydomain, $mydomain

mydomain = mail.streamingforjesus.com

myhostname = mail.streamingforjesus.com

mynetworks = 192.168.1.0/24, 127.0.0.0/8

mynetworks_style = subnet

myorigin = $myhostname

nested_header_checks = $header_checks

newaliases_path = /usr/bin/newaliases

non_fqdn_reject_code = 504

notify_classes = resource, software

owner_request_special = yes

parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks

,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_m

aps

permit_mx_backup_networks =

pickup_service_name = pickup

prepend_delivered_header = command, file, forward

process_id_directory = pid

propagate_unmatched_extensions = canonical, virtual

proxy_interfaces =

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virt

ual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipien

t_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonica

l_maps $relocated_maps $transport_maps $mynetworks

qmgr_clog_warn_time = 300s

qmgr_fudge_factor = 100

qmgr_message_active_limit = 20000

qmgr_message_recipient_limit = 20000

qmgr_message_recipient_minimum = 10

qmqpd_authorized_clients =

qmqpd_error_delay = 1s

qmqpd_timeout = 300s

queue_directory = /var/spool/postfix

queue_file_attribute_count_limit = 100

queue_minfree = 0

queue_run_delay = 1000s

queue_service_name = qmgr

rbl_reply_maps =

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

receive_override_options =

recipient_bcc_maps =

recipient_canonical_maps =

recipient_delimiter =

reject_code = 554

relay_clientcerts =

relay_destination_concurrency_limit = $default_destination_concurrency_limit

relay_destination_recipient_limit = $default_destination_recipient_limit

relay_domains = $mydestination

relay_domains_reject_code = 554

relay_recipient_maps =

relay_transport = relay

relayhost =

relocated_maps =

require_home_directory = no

resolve_dequoted_address = yes

resolve_null_domain = no

rewrite_service_name = rewrite

sample_directory = /etc/postfix

sender_based_routing = no

sender_bcc_maps =

sender_canonical_maps =

sendmail_path = /usr/sbin/sendmail

service_throttle_time = 60s

setgid_group = postdrop

show_user_unknown_table_name = yes

showq_service_name = showq

smtp_always_send_ehlo = yes

smtp_bind_address =

smtp_bind_address6 =

smtp_connect_timeout = 30s

smtp_data_done_timeout = 600s

smtp_data_init_timeout = 120s

smtp_data_xfer_timeout = 180s

smtp_defer_if_no_mx_address_found = no

smtp_destination_concurrency_limit = $default_destination_concurrency_limit

smtp_destination_recipient_limit = $default_destination_recipient_limit

smtp_enforce_tls = no

smtp_helo_name = $myhostname

smtp_helo_timeout = 300s

smtp_host_lookup = dns

smtp_line_length_limit = 990

smtp_mail_timeout = 300s

smtp_mx_address_limit = 0

smtp_mx_session_limit = 2

smtp_never_send_ehlo = no

smtp_pix_workaround_delay_time = 10s

smtp_pix_workaround_threshold_time = 500s

smtp_quit_timeout = 300s

smtp_quote_rfc821_envelope = yes

smtp_randomize_addresses = yes

smtp_rcpt_timeout = 300s

smtp_rset_timeout = 120s

smtp_sasl_auth_enable = no

smtp_sasl_password_maps =

smtp_sasl_security_options = noplaintext, noanonymous

smtp_sasl_tls_security_options = $var_smtp_sasl_opts

smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts

smtp_send_xforward_command = no

smtp_skip_5xx_greeting = yes

smtp_skip_quit_response = yes

smtp_starttls_timeout = 300s

smtp_tls_CAfile =

smtp_tls_CApath =

smtp_tls_cert_file =

smtp_tls_cipherlist =

smtp_tls_dcert_file =

smtp_tls_dkey_file = $smtp_tls_dcert_file

smtp_tls_enforce_peername = yes

smtp_tls_key_file = $smtp_tls_cert_file

smtp_tls_loglevel = 0

smtp_tls_note_starttls_offer = no

smtp_tls_per_site =

smtp_tls_scert_verifydepth = 5

smtp_tls_session_cache_database =

smtp_tls_session_cache_timeout = 3600s

smtp_use_tls = no

smtp_xforward_timeout = 300s

smtpd_authorized_verp_clients = $authorized_verp_clients

smtpd_authorized_xclient_hosts =

smtpd_authorized_xforward_hosts =

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_client_connection_count_limit = 50

smtpd_client_connection_limit_exceptions = $mynetworks

smtpd_client_connection_rate_limit = 0

smtpd_client_restrictions =

smtpd_data_restrictions =

smtpd_delay_reject = yes

smtpd_enforce_tls = no

smtpd_error_sleep_time = 1s

smtpd_etrn_restrictions =

smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR

STUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~

smtpd_hard_error_limit = 20

smtpd_helo_required = no

smtpd_helo_restrictions =

smtpd_history_flush_threshold = 100

smtpd_junk_command_limit = 100

smtpd_noop_commands =

smtpd_null_access_lookup_key = <>

smtpd_policy_service_max_idle = 300s

smtpd_policy_service_max_ttl = 1000s

smtpd_policy_service_timeout = 100s

smtpd_proxy_ehlo = $myhostname

smtpd_proxy_filter =

smtpd_proxy_timeout = 100s

smtpd_recipient_limit = 1000

smtpd_recipient_overshoot_limit = 1000

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

smtpd_reject_unlisted_recipient = yes

smtpd_reject_unlisted_sender = no

smtpd_restriction_classes =

smtpd_sasl_application_name = smtpd

smtpd_sasl_auth_enable = no

smtpd_sasl_exceptions_networks =

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

smtpd_sender_login_maps =

smtpd_sender_restrictions =

smtpd_soft_error_limit = 10

smtpd_starttls_timeout = 300s

smtpd_timeout = 300s

smtpd_tls_CAfile =

smtpd_tls_CApath =

smtpd_tls_ask_ccert = no

smtpd_tls_auth_only = no

smtpd_tls_ccert_verifydepth = 5

smtpd_tls_cert_file =

smtpd_tls_cipherlist =

smtpd_tls_dcert_file =

smtpd_tls_dh1024_param_file =

smtpd_tls_dh512_param_file =

smtpd_tls_dkey_file = $smtpd_tls_dcert_file

smtpd_tls_key_file = $smtpd_tls_cert_file

smtpd_tls_loglevel = 0

smtpd_tls_received_header = no

smtpd_tls_req_ccert = no

smtpd_tls_session_cache_database =

smtpd_tls_session_cache_timeout = 3600s

smtpd_tls_wrappermode = no

smtpd_use_tls = no

soft_bounce = no

stale_lock_time = 500s

strict_7bit_headers = no

strict_8bitmime = no

strict_8bitmime_body = no

strict_mime_encoding_domain = no

strict_rfc821_envelopes = no

sun_mailtool_compatibility = no

swap_bangpath = yes

syslog_facility = mail

syslog_name = postfix

tls_daemon_random_bytes = 32

tls_daemon_random_source =

tls_ipv6_version = 1.26

tls_random_bytes = 32

tls_random_exchange_name = ${config_directory}/prng_exch

tls_random_prng_update_period = 60s

tls_random_reseed_period = 3600s

tls_random_source =

trace_service_name = trace

transport_maps =

transport_retry_time = 60s

trigger_timeout = 10s

undisclosed_recipients_header = To: undisclosed-recipients:;

unknown_address_reject_code = 450

unknown_client_reject_code = 450

unknown_hostname_reject_code = 450

unknown_local_recipient_reject_code = 550

unknown_relay_recipient_reject_code = 550

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

unverified_recipient_reject_code = 450

unverified_sender_reject_code = 450

verp_delimiter_filter = -=+

virtual_alias_domains = $virtual_alias_maps

virtual_alias_expansion_limit = 1000

virtual_alias_maps = $virtual_maps

virtual_alias_recursion_limit = 1000

virtual_destination_concurrency_limit = $default_destination_concurrency_limit

virtual_destination_recipient_limit = $default_destination_recipient_limit

virtual_gid_maps =

virtual_mailbox_base =

virtual_mailbox_domains = $virtual_mailbox_maps

virtual_mailbox_limit = 51200000

virtual_mailbox_lock = fcntl

virtual_mailbox_maps =

virtual_minimum_uid = 100

virtual_transport = virtual

virtual_uid_maps =

```

----------

