LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2014, 07:18 PM   #1
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Rep: Reputation: Disabled
DNS error


I had configure a small DNS Server

but it displays following error

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @172.16.107.120 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8653
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com. IN A

;; Query time: 0 msec
;; SERVER: 172.16.107.120#53(172.16.107.120)
;; WHEN: Sat Feb 22 16:06:58 2014
;; MSG SIZE rcvd: 29


following are the named.conf configuration
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;

# forwarders {172.16.104.41;};

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#####
/etc/named.rfc1912.zones configuration

zone "example.com" IN {
type master;
file "example.db";
};


zone "10.172.in-addr.arpa" IN {
type master;
file "example.db.rev";
allow-update { none; };
};

######Zone file example.db#####

$TTL 1D
@ IN SOA rhel6.example.com. host.example.com. (
2014022301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS rhel6
rhel6 IN A 172.16.107.120
www IN A 172.16.107.120
A 127.0.0.1
AAAA ::1

####Zone file example.db.rev#####

$TTL 3H
@ IN SOA rhel6.example.com. host.example.com (
2014022301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS rhel6
rhel6 IN A 172.16.107.120
120.107 IN PTR rhel6.example.com
A 127.0.0.1
AAAA ::1
~


kindly tell what to doo ???????
 
Old 02-24-2014, 04:23 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,403

Rep: Reputation: Disabled
You could start by putting the text from the config files inside [code] tags to make is readable.

There is nothing obviously wrong with your zone file or named.conf, but I can't be absolutely sure since the indentation is missing.

Did you restart named after you created/edited the zone file?

What does nslookup -q=soa example.com 127.0.0.1 return?
 
Old 02-25-2014, 09:41 AM   #3
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
hi output of command

#]nslookup -q=soa example.com 127.0.0.1

is

nslookup -q=soa example.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find example.com: SERVFAIL
 
Old 02-25-2014, 09:44 AM   #4
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Config file correct format

### named.conf#####
Code:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };
	recursion yes;
	
#	forwarders {172.16.104.41;};

	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;

	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";

	managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

zone "example.com" IN {
	type master;
	file "example.db";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
Old 02-25-2014, 09:45 AM   #5
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
My zone file example.db
Code:
$TTL 1D
@	IN SOA	rhel6.example.com. host.example.com. (
					2014022301	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	IN	NS	rhel6

rhel6 	IN	A	172.16.107.120
www	IN	A	172.16.107.120
	A	127.0.0.1
	AAAA	::1
 
Old 02-25-2014, 11:39 AM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,403

Rep: Reputation: Disabled
As I said, there's nothing obviously wrong with either file (the [code] tags helped make that clear), but the output from nslookup clearly shows that the server is unaware of the existence of the "example.com" zone/domain.

Did you restart named (BIND) after creating the zone? (Try killall -HUP named if you haven't; that should force the DNS server to reload its configuration.)

In which directory does example.db reside?

Have you tried starting named from the command line in foreground mode? Stop named and run the following command as root:
Code:
named -g 2>&1 | grep example.com
Press Ctrl-C once the server has finished loading and post the output here. (And remember to restart named, of course.)

By the way, which distribution are you using?
 
Old 02-26-2014, 03:40 AM   #7
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Code:
Did you restart named (BIND) after creating the zone? (Try killall -HUP named if you haven't; that should force the DNS server to reload its configuration.
Yes i have restarted the named service many times after creating the zone
i had used your killall command also but still the result is the same
Code:
In which directory does example.db reside?
example.db resides in "/var/named" directory

Output of the command : named -g 2>&1 | grep example.com

Code:
26-Feb-2014 00:35:13.028 zone example.com/IN: loaded serial 2014022301
I am using RHEL 6.4
 
Old 02-26-2014, 04:03 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Do the other hosts resolve correctly?
Code:
nslookup rhel6.example.com
Mind that if you want example.com to resolve as 127.0.0.1 (and ::1), you need to use @ in the zone file:
Code:
$TTL 1D
@	IN SOA	rhel6.example.com. host.example.com. (
					2014022302	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	IN	NS	rhel6

rhel6 	IN	A	172.16.107.120
www	IN	A	172.16.107.120
@	A	127.0.0.1
	AAAA	::1
 
Old 02-26-2014, 06:20 AM   #9
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
No the other hosts also display the same errors

i had corrected my zone file according to you
but still same error
 
Old 02-26-2014, 07:47 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Quote:
Originally Posted by vijaybhandari View Post
No the other hosts also display the same errors

i had corrected my zone file according to you
but still same error
Usually SERFAIL means some configuration error in the zone file. Since yours looks correct, I suspect it's because of a wrong dnssec implementation.
You may comment out the dnssec relative options and/or the managed-keys-directory, restart bind and see what happens.
 
Old 02-27-2014, 04:48 AM   #11
vijaybhandari
LQ Newbie
 
Registered: Jan 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
I had commented all dnsec entries

Code:
        recursion yes;
/*
        dnssec-enable yes;
        dnssec-validation no;
        dnssec-lookaside auto;
*/      
      # forwarders{172.16.104.51;};

        /* Path to ISC DLV key */
#       bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

but still the error is same
what i dont understand is when I am restarting the named service its display No error
thats means that configuration is correct but still its not working
I had reproduce the same configuration in another system still the same error ?????? why so????
 
Old 02-27-2014, 07:17 AM   #12
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,516

Rep: Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501Reputation: 1501
Quote:
what i dont understand is when I am restarting the named service its display No error
thats means that configuration is correct but still its not working
As I've told you, SERVFAIL is usually due to zone file errors, so there is no problem about starting named.
Anyway yours zone file looks correct, unless there are some strange characters that not show up here. Could you delete it and recreate it from scratch to see what happens. Don't forget to increase the serial too.
Also what gives:
Code:
nslookup example.com 172.16.107.120
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS ERROR resolving MX should to be configured error jsaravana87 Linux - Server 9 11-05-2011 05:42 AM
Claws email DNS error 451 Could not identify sender- DNS error 10060 sunny51 Linux - Newbie 2 08-13-2009 09:40 PM
dns error rohit_67066 Linux - Networking 2 03-02-2008 08:25 AM
Win2k3 DNS + PFsense DNS Forwarder = No internal DNS resolution Panopticon Linux - Networking 1 11-19-2007 10:59 PM
TEMP_FAILURE: DNS Error: Timeout while contacting DNS servers when receiving emails tonysutherland Linux - Networking 2 02-10-2006 10:04 AM


All times are GMT -5. The time now is 02:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration