Login or Register to Ask a Question and Join Our Community


Red Hat

Bind 9.9.2 not working

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Bind 9.9.2 not working
# 1  
Old 01-10-2013
Bind 9.9.2 not working
Hello friends

Internet query not working anymore with bind , i am not using forwarder dns server .

1.
resolv.conf file =>
Code:
search local.server
nameserver 127.0.0.1

2.
named.conf file =>
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { 127.0.0.1; 192.168.3.10; };
	listen-on-v6 port 53 { any; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { 127.0.0.1; 192.168.3.0/24; };
	recursion yes;
	allow-recursion {any;};
	auth-nxdomain yes;
	dnssec-enable yes;
	dnssec-validation auto;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";
	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
	channel my_query {
		file "/var/log/query.log";
		severity debug 3;
		print-time yes;
		print-severity yes;
		print-category yes;
	};
	category queries{
		my_query;		
	};
};

zone "." IN {
	type hint;
	file "db.cache";
};
zone "local.server" IN {
	type master;
	file "local.server";
};

zone "3.168.192.in-addr.arpa" IN {
		type master;
		file "reverse.local.server";
};

include "/etc/named.rfc1912.zones";
#include "/etc/named.root.key";

3.
Code:
i also update my root dns server file

4. Iptables are disabled and selinux also disabled

Main problem is internet queries are not working

query to local zone working but not to internet


5.
Code:
dig google.com @127.0.0.1

; <<>> DiG 9.9.2-P1-RedHat-9.9.2-2.P1.el5 <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45450
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 5001 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 10 11:34:05 2013
;; MSG SIZE  rcvd: 39

Any help
Thanks
# 2  
Old 01-10-2013
If BIND is successfully restarting, it's probably not a syntax error. Given there's no forwarders you should be getting a NXDOMAIN instead of a SERVFAIL error. What changes did you make to your root hints file?
# 3  
Old 01-11-2013
i only download new root hint file from ftp://ftp.rs.internic.net

but i think it is not the problem , i also used my old root hint file but nothing is working ,

bind only works if i use forwarders but i want to use it directly with root servers

Any help
Last edited by rink; 01-11-2013 at 05:00 AM..
# 4  
Old 01-11-2013
You can always increase the log level of bind, restart it, try a few queries and se if it prints anything more descriptive to /var/log/messages. More info on that process
# 5  
Old 01-11-2013
Quote:
Originally Posted by thmnetwork
You can always increase the log level of bind, restart it, try a few queries and se if it prints anything more descriptive to /var/log/messages. More info on that process
Hello thmnetwork i also tried every main logging option and run named daemon with different debug level but nothing working.

I took one root dns server for testing
=> ping 198.41.0.4(root server) is working
=> dig -t A google.com @198.41.0.4 is working
=> named daemon is running

but not working local
dig -t A google.com @127.0.0.1 +trace (not working)
error no server could be reached

Now i think forwarders is the last option to use bind

Any help
# 6  
Old 01-11-2013
Quote:
Originally Posted by rink
Hello thmnetwork i also tried every main logging option and run named daemon with different debug level but nothing working.
The purpose of changing the logging levels is to generate more information for you to go off of. It won't (by itself) fix your problem, just point you in the right direction.

Quote:
Originally Posted by rink
dig -t A google.com @127.0.0.1 +trace (not working)
error no server could be reached
This is actually a different error than you were getting before. This is stating that it's not able to connect to the DNS server at all, whereas before you were able to connect to the DNS server it was just giving you a "SERVFAIL" error message.

It sounds like when you did a restart it shut down but didn't start back up properly. Is "named" in the line for port 53 if you do a "netstat -tuapn" ?
# 7  
Old 01-12-2013
named is running properly

Code:
[root@squid ~]# netstat -antup | grep named
tcp        0      0 192.168.3.10:53             0.0.0.0:*                   LISTEN      1116/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      1116/named
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      1116/named
udp        0      0 192.168.3.10:53             0.0.0.0:*                               1116/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               1116/named

Some additional info via query-errors category log i.e set to debug
Code:
11-Jan-2013 23:57:40.773 query-errors: debug 1: client 192.168.3.10#44507 (google.com): query failed (SERVFAIL) for google.com/IN/A at query.c:6733
11-Jan-2013 23:57:40.824 query-errors: debug 2: fetch completed at resolver.c:3218 for google.com/A in 10.051159: timed out/success [domain:.,referral:0,restart:1,qrysent:13,timeout:12,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]

---------- Post updated 01-12-13 at 05:58 AM ---------- Previous update was 01-11-13 at 01:30 PM ----------

Hello thmnetwork

Now i understand the main problem

My ISP redirecting all 53 port traffic to thier dns server , they are forcing the user to use
thier dns server , it does not matter whether i use forwarders or not

What can i do in this case

Any help
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Bind

Hi All I need to do bind of exiting filesystem to new storage allocated mount --bind /prod/OpenCSS /var/lib/test echo "/prod/OpenCSS /var/lib/pgsql bind bind 0 0" >> /etc/fstab will this command just work ? (2 Replies)
Discussion started by: anil529
2 Replies

2. UNIX for Dummies Questions & Answers

Can't bind to IP

When you get the message can't bind to ip already in use. is there a command to search to see everything that is using that IP? I've already check the host and hostname files (2 Replies)
Discussion started by: mchelle_99
2 Replies

3. Programming

bind source

here is the bind source file for the client.c in bind9 logs are written in var/log/file name in the form 02-Aug-2012 15:43:12.713 client 192.168.2.4#47512: query: 209.236.125.74.in-addr.arpa IN PTR + (192.168.2.4) i am in a subnet of 10 systems through 192.168.2.1..10 i want to write logs based... (2 Replies)
Discussion started by: balvinder87
2 Replies

4. Red Hat

Split DNS not working with Bind-9.7

Hi All, Distros of machines : RHEL6 Bind Vesrion : Bind-9.7-3.2 I am trying to set up a test DNS for my home network. I have two rhel 6 machines A and B. Machine A has 2 NICs and is acting as a router also, one NIC is facing intranet and the otehr is facing intranet. On machine A i have... (0 Replies)
Discussion started by: Rohit Bhanot
0 Replies

5. Red Hat

BIND configuration

I have problems with a simple BIND configuration in CentOS. I have a static public IP 1.1.1.1 and I recently bought a domain name gigi.com. I just want that gigi.com points to 1.1.1.1 (Apache Web Server). This is how my named.conf file looks: options { directory "/var/named"; }; ... (0 Replies)
Discussion started by: pasadia
0 Replies

6. Red Hat

NFS - IP bind

Hello, Our production linux server have multiple network interface. Recently we installed and started NFS. Now the client server cannot mount to the server running NFS. Later it was discovered that the port being used for NFS is only bound to one IP address, which is not the IP address I... (0 Replies)
Discussion started by: hemangjani
0 Replies

7. Solaris

rpc bind not working

Hi all, Was hoping someone could shed some light on my problem, rpc bind is in maintenance mode on Solaris 10 and won't fire up. contents of the error log are: rpcbind failed with 1. bash-3.00# Because rpc-bind isn't working, it's stopping nfs and autofs from working too ... (6 Replies)
Discussion started by: callmebob
6 Replies

8. UNIX for Advanced & Expert Users

Bind Problem

Hi all, I've 2 Debian Etch (4) box used as ns1 and ns2 with BIND9. My domain name is something like this: subdomain.domain.com And I've 2 authorized DNS servers for the subdomain. I set this line in both of ns1 and ns2 (I.e. in ns1.subdomain.domain.com and ns2.subdomain.domain.com): cw ... (1 Reply)
Discussion started by: mjdousti
1 Replies

9. Cybersecurity

bind version

How do I find out my current version of BIND? Dhall1973:D (1 Reply)
Discussion started by: dhall1973
1 Replies
Login or Register to Ask a Question