We are moving from RedHat 8 to Enterprise Server 3. We are trying to get DNS zones set up using the interface within x-windows. The zone files are correct as far as we can tell. However, if I do an nslookup, set my server to this new server, I get back "ns1.xxx.com can't find yyy.com: Server failed". We have disabled the firewall on this name server, but we still cannot get through. Any ideas?

Can you perform name lookups locally?

no, we get the same server fail response back.

What do you get if you run "dig @server somehostname"? (Full output please)

I can resolve things from the server. And I can resolve things that would go through a forwarder (i.e. www.microsoft.com). I can telnet to it, and it seems to respond--I don't get anything on the screen, but it doesn't blow the command line away.

; <<>> DiG 9.2.2 <<>> 66.43.159.60 www.redhat.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4643
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;66.43.159.60. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISI GN-GRS.COM. 2005083100 1800 900 604800 86400

;; Query time: 25 msec
;; SERVER: 66.43.159.60#53(66.43.159.60)
;; WHEN: Wed Aug 31 21:13:12 2005
;; MSG SIZE rcvd: 105

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47613
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;www.redhat.com. IN A

;; ANSWER SECTION:
www.redhat.com. 60 IN A 209.132.177.50

;; AUTHORITY SECTION:
redhat.com. 600 IN NS ns3.redhat.com.
redhat.com. 600 IN NS ns1.redhat.com.
redhat.com. 600 IN NS ns2.redhat.com.

;; Query time: 239 msec
;; SERVER: 66.43.159.60#53(66.43.159.60)
;; WHEN: Wed Aug 31 21:13:13 2005
;; MSG SIZE rcvd: 102



If I dig to one of the records we are hosting, here's what I get:

; <<>> DiG 9.2.2 <<>> www.healthyoptionsbelair.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8294
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.healthyoptionsbelair.com. IN A

;; Query time: 0 msec
;; SERVER: 66.43.159.60#53(66.43.159.60)
;; WHEN: Wed Aug 31 21:19:04 2005
;; MSG SIZE rcvd: 46

Interesting, the server gives no results at all. Has Bind been restarted since configuring the zone file?

many, many times. server has been rebooted 2 or 3 times as well.

Are the bind logs showing any errors in reading the zone files or similar? Can you be sure it is seeing the zones?

I think that's the only place we hadn't looked. The log names the zone file, then says it can't find it. We were just coming to the conclusion that there are a few lines in the named.conf from the old (now dead) server that mention file locations. As the named.conf has built itself on this new server, such lines have not appeared. In all the research we're doing, we keep reading big warnings about not directly editing the named.conf file. We did find some of this file location information in named.custom, but not as much as we had in the old.

beginning of named.conf from old server:
include "/etc/named.custom";

include "/etc/rndc.key";

options {
directory "/var/named/";
};


none of those lines appear in the new named.conf
but, in named.custom, we have:
zone "." { zone "." { zone "." { zone "." {
type hint;
file "named.ca";
};

options {
directory "/var/named/";
};

type hint;
file "named.ca";
};

options {
directory "/var/named/";
};

type hint;
file "named.ca";
};

options {
directory "/var/named/";
};

type hint;
file "named.ca";
};

options {
directory "/var/named/";
};


Indeed, the zone files for our hosted records live in /var/named--I did confirm that. I guess the question is, do those lines from the old named.conf need to make their way into the new, and if so, what's the "proper" way to add, since we're not supposed to directly edit.


We greatly appreciate the help you are providing!

What does named.conf on the new server show? And that named.custom is very odd with the identical zone-in-zone-in-zone-in-zone deal.

named.conf on the new server only has the two zones for the DNS records we had created--nothing more. I asked about that zone-in-zone thing and was told it is for reverse lookup purposes.