Can't ping from a DNS server
Hi All,
Old Mandrake system here. "Linux my.my-domain.co.uk 2.6.8.1-12mdksmp #1 SMP Fri Oct 1 11:24:45 CEST 2004 i686 Intel(R) Xeon(TM) MP CPU 3.00GHz unknown GNU/Linux" This has been successfully acting as a DHCP, DNS, intranet and business systems server for years in a production environment (installed and configured by a separate third party software company before my time). It sits at 10.11.1.1 and serves a number of subnets ranging from 10.11.1.0 to 10.11.49.0. Very recently we started having many problems with DNS, which mainly began with DNS resolver requests to the server timing out. As I have been looking into it, it just seems to have gotten worse. I suddenly find myself in a situation where I can not even ping hostnames on my network from the DNS server itself, even with names which are specifically declared in '/var/named/pz/localdomain'. For instance, I have a samba server on the network with hostname 'samba1'. In my DNS server's '/var/named/pz/localdomain' file I have an entry: Code:
samba1 A 10.11.22.210 Code:
$ORIGIN 22.11.10.in-addr.arpa. Code:
[root@server pz]# ping samba1 Nslookup reveals: Code:
[root@hayley pz]# nslookup samba1 I must have added/maintained this server's localdomain/localnet files dozens and dozens of times when declaring static hosts (such as this samba1 host) and have never seen a problem like this. Can anyone help or push me in the right direction? I'd be extremely grateful. |
Hi there Elliot,
Firstly, can you check the servers /etc/resolv.conf ? Does it list itself as the nameserver, is the domain / search domain correct ? cheers |
Quote:
Truth be told I had just nosed into there before checking back to my post (but you still get full points for knowing where I needed to go!) and changed it from: Code:
search my-domain.co.uk Code:
search my-domain.co.uk Problem is that 10.11.2.2 will be shutdown permanently soon and 10.11.254.1 is an active directory/DNS server in a different domain (my-domain.local) which I just added in previously when I was 'tinkering', so don't know whether it's prudent to use this. Any additional comments and advice very much appreciated |
It looks like 10.11.1.1 is not serving dns requests, you're getting names resolved now by 10.11.2.2 .. the problem is still present.
Could you run : Code:
netstat -tunlp thanks |
It is normal to have at least 2 DNS servers in resolv.conf in case one dies.
You can use dig http://linux.die.net/man/1/dig to do dns lookup checks and specify which dns server to ask. Very handy for your situation. |
Thank you once again for everyone's input, I am sincerely very grateful.
'netstat -tunlp | grep named' produces (this server has 3 NICs): Code:
tcp 0 0 10.11.1.1:53 0.0.0.0:* LISTEN 9138/named However, this morning, it's not even timing out: Code:
[root@server etc]# nslookup samba1 10.11.1.1 Code:
[root@server etc]# nslookup samba1 The service restarts as it has always done: Code:
[root@server etc]# service named restart Any further assistance would be very well received. |
Hey Elliot,
Try running named-checkzone against your zonefile, if there's any corruption it should show up, then again I think named will tell you when it starts up if it has any issues with a zone. It may be worth posting your named.conf in case there's something syntactically correct but not functional... just had another thought, could you check whether iptables is running, if it is then turn it off and test again.. maybe something snuck into your rules cheers kbp |
Hi kbp,
Thanks for the additional info. I wasn't aware of the 'named-checkzone' command, which did highlight a problem where I'd used a hash to comment a line out. Didn't realise I couldn't use them in this file. Though to be honest, I did this since the problems began, so it would only be partially to blame. Now, with that tidied up and the resolv.conf corrected things appear to be stabilizing. At least the nslookups I have just tested are responding quickly and correctly. Which is great, so thank you once again! Regarding named.conf, I will still post it, on the possibility that a discerning eye may pickup on anything unusual! Code:
options { |
A few things that are worth checking:
1. Did you find something in the /var/log/named/named.log file. 2. And did you ever touched the tcp wrappers recently? 3. There might be a issue with the rndc? What is the Bind version on the server? 4. Are you able to resolve using your forwarders from this server? 5. You might run a tcpdump to see what exactly is happening to the dns traffics. That might give you some help to fix the issue. |
Hi Elliot,
Glad to hear things are improving, after looking at your config I have a couple of suggestions, please note that I have no idea what you environment looks like though - Code:
options { - restrict recursive lookups - use key based auth for transfer between master and slave - report bogus version ( old school but anyway... ) - restrict who's allowed to query if you wish ( could be a little excessive ) A good reference book is available online to brush up if you need to: http://www.zytrax.com/books/dns/ cheers, kbp |
All times are GMT -5. The time now is 06:14 AM. |