Another Bind problem thread

I'm running RHEL 5, with the BIND server that comes with it.

I used the same settings as I was using on a previous server, but now since changing the DNS servers on the root servers, I can't resolve my hostnames anymore.

It works fine if I look up the name from the server (using nslookup; server localhost; www.keupon.ca) but not if I set the query type to NS, so I guess my server doesn't recognize itself as the SOA.

Also, if I try it from another box, it fails.

Relevant lines from dig +trace:

Code:

keupon.ca.              86400   IN      NS      ns2.keupon.ca.
keupon.ca.              86400   IN      NS      ns1.keupon.ca.
;; Received 99 bytes from 192.228.27.11#53(ca01.cira.ca) in 74 ms

dig: couldn't get address for 'ns2.keupon.ca': failure

I would really appreciate any help I can get. Thanks
Pat

Edit: errr... I dunno why I said that, because a query of type NS gives me the right name servers if I use the localhost.


Edit 2: Here's some clarification about my setup.
I'm using an IPTables firewall managed by APF. Port 53 is open in TCP and UDP. NMAP sees it as open as well.

BIND is chrooted, here is my /etc/named.conf (minus the logging settings):

Code:

 options {
     directory "/etc/namedb";
     pid-file "/var/run/named.pid";
     statistics-file "/var/run/named.stats";
     allow-query { any; };              // This is the default
 };


 controls {
     inet 127.0.0.1 allow { localhost; } keys { rndckey; };
 };



include "/etc/rndc.key";

 zone "." {
     type hint;
     file "root.hints";
 };

 zone "0.0.127.in-addr.arpa" {
     type master;
     file "pz/127.0.0";
 };

zone "keupon.ca" in {
        type master;
        file "pz/keupon.ca";
};

zone "cellsoft-international.com" in {
        type master;
        file "pz/cellsoft-international.com";
};

Yet for some reason all outside queries fail. Very odd.

never mind all that....

turns out that my firewall (IPTables/apf) filters out all my secondary IP addresses, but follows the rules for the primary one.

That makes very little sense. Why would your firewall filter out secondary addresses? Are you actually assigning secondary addresses for a given domain name (the only purpose for which would be to do round robin)?

Do you actually have an A record for ns2.keupon.ca in your zone file (/var/named/chroot/var/named/pz/keupon.ca)? It has to have an actual IP address there. It should look something like this:

Code:

ns2.keupon.ca.   IN   A   123.123.123.123

yes... actually traceroute answered my question

my secondary addresses aren't properly setup, so traceroute doesn't even get to the data center... it just gets lost in cyberspace

I guess I wasn't looking in the right place.

Anywho, I contacted my host so hopefully they will fix that issue. Nothing much I can do about it for now... except changing everything to my primary ip, which actually works, but I don't really wanna have to go through all that.

Edit: secondary IP addresses, not DNS... I basically got a primary address, and a range of aliased IP's which differs completely. I can access the server fine through the main one but the rest fails

Quote:

Originally Posted by riotpunk Edit: secondary IP addresses, not DNS... I basically got a primary address, and a range of aliased IP's which differs completely. I can access the server fine through the main one but the rest fails

Ahh, well that makes quite a bit more sense then