[SOLVED] CentOS Bind Problems

MartinPrestovic · 11-11-2010, 06:07 AM

I am having a couple of issues with my Bind installation on my CentOS server.

1) Everynow and then the following command won't work. It can literally be working one minute and not the next and I cannot figure out why.

host www.domain.com
> www.domain.com is an alias for domain.com.
> domain.com has address xx.xxx.xxx.xx

host www.domain.com
> Host www.domain.com not found: 2(SERVFAIL)

2) I have some contact forms on my web site powered with PHP. These should get sent to addressATdomain.com but everynow and then I find them stuck in my sendmail queue trying to be delivered to addressATphx1-ss-2-lb.cnet.com and I can't for the life of me figure out why.

I have been searching through this forum and others for quite a while and I have not been able to find a solution to either problem. I have checked through the maillog and messages log and cannot find any indication as to what might be causing the problems. I have included some conf files below but if you need any others let me know.

Thanks for any help
Martin

named.conf

options {
directory "/var/named";
recursion no;
};
include "/etc/rndc.key";

logging {
channel query_log {
severity info;
print-time yes;
file "/var/named/data/query.log" versions 3 size 100M;
};
channel activity_log {
severity info;
print-time yes;
print-category yes;
print-severity yes;
file "/var/named/data/activity.log" versions 3 size 100M;
};
category queries { query_log; };
category default { activity_log; };
category xfer-in { activity_log; };
category xfer-out { activity_log; };
category notify { activity_log; };
category security { activity_log; };
category update { activity_log; };
category network { null; };
category lame-servers { null; };
};

###############################################################################
# Zone Configuration
###############################################################################
# Specify the root name servers
zone "." IN {
type hint;
file "/etc/named.root";
};

zone "domain.com" {
type master;
file "/var/named/zones/domain.com.zone";
notify yes;
allow-update { none; };
};

domain.com.zone

$TTL 60H
domain.com. IN SOA ns1.domain.com. postmaster.domain.com. (
2008042702 ;
10800 ;
3600 ;
604800 ;
3600 );

domain.com. IN NS ns1.domain.com.
domain.com. IN NS ns2.domain.com.
domain.com. IN A xx.xxx.xxx.xx
www IN CNAME domain.com.
domain.com. IN MX 10 domain.com.
domain.com. IN TXT "v=spf1 a mx -all"

host.conf

order hosts,bind

hosts

127.0.0.1 localhost.localdomain localhost
xx.xxx.xxx.xx domain.com primary

resolv.conf

nameserver 66.118.170.2
nameserver 66.118.170.3

nsswitch.conf

hosts: files dns

bathory · 11-11-2010, 06:46 AM

Hi,

Is the name server in question one of the 2 listed in /etc/resolv.conf?

Also change:

Quote:

recursion no;

to

Code:

allow-recursion {
                       127.0.0.1;
                       xx.xx.xx.xx/yy;
                       };

(replace xx.xx.xx.xx/yy with your subnet)

Btw you can use dig to perform queries to your dns, as it gives more detailed output compared to the host command.

Regards

MartinPrestovic · 11-11-2010, 06:59 AM

Quote:

Originally Posted by bathory

Hi,
Is the name server in question one of the 2 listed in /etc/resolv.conf?

No. They are both from the hosting company.

I tried adding 'nameserver 127.0.0.1' and also tried 'nameserver myserverip' and both attempts just appeared to make the problems worse. So I reverted everything back before coming here for help.

I have updated my named.conf, it now looks like this:

options {
directory "/var/named";
allow-recursion {
127.0.0.1;
xx.xx.xx.xx/yy;
};
};

I have added my IP in place of the xx. but I am not sure what should be used in place of the /yy

Thanks
Martin

bathory · 11-11-2010, 07:18 AM

So you are not using your dns, but those of the hosting company. That means that the SERVFAIL could be from their side.
Is your name server authoritative for your domain, or it's your registrar?

Anyway, try to use dig using different name servers and see what you get:

Code:

dig domain.com @127.0.0.1
dig domain.com @66.118.170.2
dig domain.com @66.118.170.3

Quote:

I have added my IP in place of the xx. but I am not sure what should be used in place of the /yy

If you're on a private LAN and you have an IP like 192.168.1.x, then the subnet is 192.168.1.0/24)

MartinPrestovic · 11-11-2010, 07:37 AM

Quote:

Originally Posted by bathory

So you are not using your dns, but those of the hosting company. That means that the SERVFAIL could be from their side.
Is your name server authoritative for your domain, or it's your registrar?

Anyway, try to use dig using different name servers and see what you get:

Code:

dig domain.com @127.0.0.1
dig domain.com @66.118.170.2
dig domain.com @66.118.170.3

If you're on a private LAN and you have an IP like 192.168.1.x, then the subnet is 192.168.1.0/24)

I am trying to use my own DNS it just wasn't working properly.

I have made the change to named.conf and I have added nameserver 127.0.0.1 back into the resolv.conf and things now seem to be working fine.

I ran the dig commands and they all came back with the correct information for the domain. I have also sent a couple of test mails so far they have all gone through correctly.

Sorry forgot the Authority question. If I understand it correctly I am. I have no other DNS records anywhere for this domain.

bathory · 11-11-2010, 07:59 AM

Authoritative are the name servers you have defined when you registered your domain. You can find the information here, along with any potential problems that may exist.

If you thing that your problem is solved, use the "Thread Tools" on top of the page to mark the thread Solved

Regards

MartinPrestovic · 11-11-2010, 08:06 AM

Yep everything looks good according to that tool.

Thank you very much for your help, rep added and I will mark the thread solved after I have sent this message.

Martin