[SOLVED] nslookup error - ;; connection timed out; no servers could be reached

gauravgoel1989 · 07-05-2013, 04:40 AM

I have a RHEL6 server configured. I have configured DNS server on this but unable to nslookup/dig itself. Getting the following error. Could anyone help me out with the solution and reason?

Below attached is the files output from the server.

[root@RHEL6VM ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=RHEL6VM.gaurav.com
NISDOMAIN=gaurav.com
GATEWAY=20.198.242.1
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
BROADCAST=20.198.242.255
IPADDR=20.198.242.116
NETMASK=255.255.255.0
NETWORK=20.198.242.0
ONBOOT=yes
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# cat /etc/hosts
127.0.0.1 RHEL6VM.localdomain localhost.localdomain localhost
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
20.198.242.178 Gaurav.gaurav.com Gaurav
20.198.242.116 RHEL6VM.gaurav.com RHEL6VM
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search gaurav.com
nameserver 20.198.242.116
[root@RHEL6VM ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1; 20.198.242.116; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 20.198.242.0/24; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "gaurav.com" IN {
type master;
file "forward.zone";
};

zone "242.198.20.in-addr.arpa" IN {
type master;
file "reverse.zone";
};
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# cat /var/named/forward.zone
$TTL 86400
@ IN SOA RHEL6VM.gaurav.com root.RHEL6VM.gaurav.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS RHEL6VM.gaurav.com
RHEL6VM A 20.198.242.116
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# cat /var/named/reverse.zone
$TTL 86400
@ IN SOA RHEL6VM.gaurav.com root.RHEL6VM.gaurav.com (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS RHEL6VM.gaurav.com
RHEL6VM A 20.198.242.116
116 PTR 20.198.242.
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# service named status
version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6
CPUs found: 1
worker threads: 1
number of zones: 15
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 2809) is running...
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# ping RHEL6VM
PING RHEL6VM.gaurav.com (20.198.242.116) 56(84) bytes of data.
64 bytes from RHEL6VM.gaurav.com (20.198.242.116): icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from RHEL6VM.gaurav.com (20.198.242.116): icmp_seq=2 ttl=64 time=0.050 ms
^C
--- RHEL6VM.gaurav.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1970ms
rtt min/avg/max/mdev = 0.050/0.062/0.075/0.014 ms
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# nslookup RHEL6VM
;; connection timed out; no servers could be reached

[root@RHEL6VM ~]# dig RHEL6VM

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@RHEL6VM ~]#

bathory · 07-05-2013, 07:37 AM

Hi,

Quote:

[root@RHEL6VM ~]# dig RHEL6VM

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM
;; global options: +cmd
;; connection timed out; no servers could be reached

Check if there is a firewall blocking port 53 udp/tcp.
Also note that

Quote:

dig RHEL6VM

is not going to work. You need to use

Code:

dig RHEL6VM +search

gauravgoel1989 · 07-05-2013, 07:41 AM

Firewall is not in action. I have disabled it already. And as you said , I tried dig RHEL6VM +search too but still getting the same result.

[root@RHEL6VM ~]# dig RHEL6VM +search

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM +search
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@RHEL6VM ~]#

And could u pls also elaborate why i need to add +search to my command.

bathory · 07-05-2013, 08:00 AM

If there is not a firewall problem, then make sure that bind is running and listening on the correct IPs

Code:

netstat -tanpl|grep named

Quote:

And could u pls also elaborate why i need to add +search to my command.

If you're trying to resolve a non-FQDN, then you have to add the search option, so dig uses the search/domain line of /erc/resolv.conf: Here is the relevant snippet from the dig manpage:

Quote:

+[no]search
Use [do not use] the search list defined by the searchlist or domain directive in resolv.conf (if any). The search list is not used
by default.

gauravgoel1989 · 07-05-2013, 09:47 AM

It isn't listening on the correct IP.

[root@RHEL6VM ~]# netstat -tanpl|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2809/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2809/named
tcp 0 0 ::1:53 :::* LISTEN 2809/named
tcp 0 0 ::1:953 :::* LISTEN 2809/named
[root@RHEL6VM ~]#

How to make it listen on correct ip?

bathory · 07-05-2013, 03:13 PM

Quote:

Originally Posted by gauravgoel1989

It isn't listening on the correct IP.

[root@RHEL6VM ~]# netstat -tanpl|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2809/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2809/named
tcp 0 0 ::1:53 :::* LISTEN 2809/named
tcp 0 0 ::1:953 :::* LISTEN 2809/named
[root@RHEL6VM ~]#

How to make it listen on correct ip?

I guess you are restarting the service after making changes in the configuration. If it still doesn;t work, delete or comment out the 2 lines:

Quote:

listen-on port 53 { 127.0.0.1; 20.198.242.116; };
listen-on-v6 port 53 { ::1; };

so it will listen on all available interfaces (the default).

gauravgoel1989 · 07-06-2013, 03:51 AM

I have done as you said but still getting the same result.

[root@RHEL6VM ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
# listen-on port 53 { 127.0.0.1; 20.198.242.116; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 20.198.242.0/24; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "gaurav.com" IN {
type master;
file "forward.zone";
};

zone "242.198.20.in-addr.arpa" IN {
type master;
file "reverse.zone";
};
[root@RHEL6VM ~]#

[root@RHEL6VM ~]# netstat -tanpl|grep named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 8186/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 8186/named
tcp 0 0 ::1:53 :::* LISTEN 8186/named
tcp 0 0 ::1:953 :::* LISTEN 8186/named
[root@RHEL6VM ~]# dig RHEL6VM

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@RHEL6VM ~]# dig RHEL6VM +search

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM +search
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@RHEL6VM ~]#

bathory · 07-06-2013, 08:09 AM

Quote:

I have done as you said but still getting the same result.

Most likely you're editing the wrong named.conf
I guess you're running bind chrooted, in which case the correct config file is /var/named/chroot/etc/named.conf

gauravgoel1989 · 07-09-2013, 02:48 AM

[root@RHEL6VM ~]# cp /etc/named.conf /var/named/chroot/etc/named.conf
cp: overwrite `/var/named/chroot/etc/named.conf'? y
[root@RHEL6VM ~]# cp /var/named/forward.zone /var/named/chroot/var/named/forward.zone
cp: overwrite `/var/named/chroot/var/named/forward.zone'? y
[root@RHEL6VM ~]# cp /var/named/reverse.zone /var/named/chroot/var/named/reverse.zone
cp: overwrite `/var/named/chroot/var/named/reverse.zone'? y
[root@RHEL6VM ~]# service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone gaurav.com/IN: has no NS records
zone gaurav.com/IN: not loaded due to errors.
_default/gaurav.com/IN: bad zone
zone 242.198.20.in-addr.arpa/IN: NS 'RHEL6VM.gaurav.com.242.198.20.in-addr.arpa' has no address records (A or AAAA)
zone 242.198.20.in-addr.arpa/IN: not loaded due to errors.
_default/242.198.20.in-addr.arpa/IN: bad zone
[FAILED]
[root@RHEL6VM ~]#

bathory · 07-09-2013, 03:31 AM

So bind is running chrooted.

Quote:

Error in named configuration:
zone gaurav.com/IN: has no NS records
zone gaurav.com/IN: not loaded due to errors.
_default/gaurav.com/IN: bad zone
zone 242.198.20.in-addr.arpa/IN: NS 'RHEL6VM.gaurav.com.242.198.20.in-addr.arpa' has no address records (A or AAAA)
zone 242.198.20.in-addr.arpa/IN: not loaded due to errors.
_default/242.198.20.in-addr.arpa/IN: bad zone
[FAILED]

To get rid of these errors try the following zone files:

Code:

; /var/named/chroot/var/named/forward.zone
$TTL 86400
@ IN SOA RHEL6VM.gaurav.com. root.RHEL6VM.gaurav.com. (
     0 ; serial
     1D ; refresh
     1H ; retry
     1W ; expire
     3H ) ; minimum
     IN NS RHEL6VM.gaurav.com.
RHEL6VM A 20.198.242.116

Code:

;  /var/named/chroot/var/named/reverse.zone
$TTL 86400
@ IN SOA RHEL6VM.gaurav.com. root.RHEL6VM.gaurav.com. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
    NS RHEL6VM.gaurav.com.
116 PTR RHEL6VM.gaurav.com.

Attn: Copy/paste the above in order to keep the blank spaces and the trailing dots as they are really important

gauravgoel1989 · 07-09-2013, 07:11 AM

It worked now.

[root@RHEL6VM named]# vi reverse.zone
[root@RHEL6VM named]# vi forward.zone
[root@RHEL6VM named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@RHEL6VM named]# dig RHEL6VM

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@RHEL6VM named]# dig RHEL6VM +search

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> RHEL6VM +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22835
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;RHEL6VM.gaurav.com. IN A

;; ANSWER SECTION:
RHEL6VM.gaurav.com. 86400 IN A 20.198.242.116

;; AUTHORITY SECTION:
gaurav.com. 86400 IN NS RHEL6VM.gaurav.com.

;; Query time: 2 msec
;; SERVER: 20.198.242.116#53(20.198.242.116)
;; WHEN: Tue Jul 9 17:38:22 2013
;; MSG SIZE rcvd: 66

[root@RHEL6VM named]# nslookup RHEL6VM
Server: 20.198.242.116
Address: 20.198.242.116#53

Name: RHEL6VM.gaurav.com
Address: 20.198.242.116

[root@RHEL6VM named]#

THANKS A LOT bro for your help and time.

gauravgoel1989 · 08-26-2014, 07:30 AM

@Bathory

Quote:
Attn: Copy/paste the above in order to keep the blank spaces and the trailing dots as they are really important.

Can you please help me with the number of spaces to be used in zone configuration files.

bathory · 08-26-2014, 11:59 AM

Quote:

Originally Posted by gauravgoel1989

@Bathory

Quote:
Attn: Copy/paste the above in order to keep the blank spaces and the trailing dots as they are really important.

Can you please help me with the number of spaces to be used in zone configuration files.

The number is not important. But there should be at least one blank space.

Regards