setting up a dns server with fedora

By default, dig will use the root servers, and work it's way down to the "correct" host. You can use dig with the +trace option to see exactly what path it's taking to get the results you are seeing. Applications such as "host" will use the system resolvers, but even if your current environment, that won't likely work the way you are expecting it to. Linux goes through the nameservers in order, so unless your router fails to respond to a request, it will always be the source for DNS traffic on this machine. The second entry will only be tried if the application gets a "non-fatal" error, like a time out. If it gets a fatal error like "NXDOMAIN", which means there is no entry in the DNS for the host you are looking up, it will consider that request as complete, and not move on to the next source.

That's one of my guess too.
so i tried to removed the 192.168.1.1 and leave ONLY "nameserver 192.168.1.7" in the resolv.conf

dig timed out... it couldn't find it. this box can definitely ping to the nameserver.

any idea? thanks for the reply

dig will always time out if it can't hit the root servers, since the root servers are "names" they still need a valid resolver to work. What may be happening is that your fedora server doesn't allow for recursion, which is preventing dig from being able to connect to the root servers. Would you mind posting your named.conf off of the fedora box?

I read something last night and checked my named.conf, I see only a file specified there "name.ca" I guess this is my forward lookup, but I don't see anything about the SOA in the zone. I guess fedora by default doesn't give you a fully specified named.conf. if i am wrong and it is almost ready to be used, please point it out. If it is completely off, I'll just read more to understand things first. Thanks.

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside . trust-anchor dlv.isc.org.;
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

include "/etc/pki/dnssec-keys//named.dnssec.keys";
include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
~

allow-query { localhost; };

This means that it doesn't allow access to *anything* except the local machine, you should probably do it like this

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.7; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; };
        recursion yes;
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside . trust-anchor dlv.isc.org.;
};

This will allow connections on the 192.168.1.x interface, so machines on that subnet can do DNS queries.

wooo, thanks very much again a simple dns server is up and running!

now I have a couple more questions..
1. I added the dns client machines to the "/var/named/named.ca" , is this necessary?

M.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:dc3::35
esxsolaris              3600000 IN      A       192.168.1.6  ### dns client
;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE  rcvd: 615

2. on my dns client machine when I nslookup a machine which is specified on my dns server's /etc/hosts as follow,,, it returned
** server can't find jerryPC: NXDOMAIN

anything missing?

[root@ esxfedora  named]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
#127.0.0.1      localhost.localdomain   localhost 
#127.0.0.1      localhost.localdomain   localhost
127.0.0.1        esxfedora      localhost.localdomain   localhost
127.0.0.1       esxfedora
::1             localhost6.localdomain6 localhost6
#64.95.64.198           fedora.henryhome.com fedora
192.168.1.6     esxsolaris
192.168.1.3     jerryPC

making big progress, thanks a ton.

if you just try to 'ping' or 'host' the domain in the hosts file, do you get a response, I think nslookup is like dig, in that it doesn't follow hosts, it goes directly to your caching servers (vs. dig that goes directly to the authoritative root servers)

i forgot to mention, no, I can't ping to any of the machines in the dns server hosts file by name.

if i do "ping jerryPC" ---> which is one of the machine in the dns server hosts file
i got "ping: unknow host jerryPC"

I Love You. I really do.