When I ping "google.com" after forwarding my DNS Server, nothing happens?

September 8, 2014 5.3k views
JordanSimps
By:
JordanSimps

OS Info: LAMP on Ubuntu 14.04
Tutorial Followed: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-caching-or-forwarding-dns-server-on-ubuntu-14-04

When I ping google.com using "ping -c 1 google.com" I get no results. My apache website is live at simplyjordan.net. When I "dig simplyjordan.net" on my regular computer, the right information shows up.

It seems when I only dig my domain while SSH'd onto my server all outgoing commands are blocked. If I need to provide any more information, just let me know. Thanks!

Below is my "tail -f /var/log/syslog" log:

Sep  8 00:08:20 simplyjordan ntpdate[614]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
Sep  8 00:08:20 simplyjordan ntpdate[614]: no servers can be used, exiting
Sep  8 00:08:50 simplyjordan ntpdate[1416]: Can't find host ntp.ubuntu.com: Name or service not known (-2)
Sep  8 00:08:50 simplyjordan ntpdate[1416]: no servers can be used, exiting
Sep  8 00:08:56 simplyjordan kernel: [   60.531994] random: nonblocking pool is initialized
Sep  8 00:09:01 simplyjordan CRON[1423]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))

Below is my "/etc/network/interfaces" file (IPADDR = my servers actual IP address):

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address IPADDR
        netmask 255.255.255.0
        gateway 162.243.118.1
        dns-nameservers 192.0.2.1

Below is my "/etc/bin/named.conf.options" file info (IPADDR = my servers actual IP address):

acl goodclients {
    IPADDR;
    localhost;
    localnets;
};

options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

        forward only;

        dnssec-enable yes;
        dnssec-validation yes;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

I didn't have a folder or file named "/etc/sysconfig/network-scripts/ifcfg-eth0", so I just created one. Here is what it says:

DNS1=192.0.2.1
2 comments
Log In to Comment
1 Answer
rustx September 9, 2014

Hi Jordan

I could read the tutorial you followed quickly, and your configuration files and something appeared to me concerning ACLs and resolved.conf file.

In the tutorial, the author used Access Control List (ACL) to manage client access to the DNS server, and the DNS server itself will forward request to a list of extra DNS servers to have a reply, and deliver it to you.

So, in your configuration file, you used $IP_ADDR in your ACL (added to localhost and localnet), you should only be able to request your DNS server from those IPs only. When connecting via SSH, the requests you do becomes local.

On a local UNIX system, the first file to be read to solve DNS queries is the /etc/hosts file, or the /etc/resolv.conf file, accordingly to the /etc/nsswitch.conf file that give order of the files to use.

In your case, I believe the IP 192.0.2.1 that was added in your resolv.conf file (as said in the tutorial you followed) is not reachable by your VM. This is the reason why your ntp service running locally isn't able to resolve the address of any time server.

A simple traceroute 192.0.2.1 or ping 192.0.2.1 should confirm this to you.

If I am not wrong, and to solve your case, I would replace the IP 192.0.2.1 by $IP_ADDR in your /etc/resolv.conf, and the magic should work ;) Next, if you want to use your DNS server from outside your droplet, don't forget to add your WAN IP in your ACL !

Hope this could help. Feel free to tell me if it could solve your trouble,

Regards,

--
rustx

Reply
Have another answer? Share your knowledge.