Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Old Mandrake system here.
"Linux my.my-domain.co.uk 2.6.8.1-12mdksmp #1 SMP Fri Oct 1 11:24:45 CEST 2004 i686 Intel(R) Xeon(TM) MP CPU 3.00GHz unknown GNU/Linux"
This has been successfully acting as a DHCP, DNS, intranet and business systems server for years in a production environment (installed and configured by a separate third party software company before my time). It sits at 10.11.1.1 and serves a number of subnets ranging from 10.11.1.0 to 10.11.49.0.
Very recently we started having many problems with DNS, which mainly began with DNS resolver requests to the server timing out. As I have been looking into it, it just seems to have gotten worse.
I suddenly find myself in a situation where I can not even ping hostnames on my network from the DNS server itself, even with names which are specifically declared in '/var/named/pz/localdomain'.
For instance, I have a samba server on the network with hostname 'samba1'. In my DNS server's '/var/named/pz/localdomain' file I have an entry:
I can't fathom how it's failing to resolve 'samba1' against the DNS server (itself) which I know for a fact is listed in the relevant domain files.
I must have added/maintained this server's localdomain/localnet files dozens and dozens of times when declaring static hosts (such as this samba1 host) and have never seen a problem like this.
Can anyone help or push me in the right direction? I'd be extremely grateful.
Firstly, can you check the servers /etc/resolv.conf ? Does it list itself as the nameserver, is the domain / search domain correct ?
cheers
kbp, you are awesome!
Truth be told I had just nosed into there before checking back to my post (but you still get full points for knowing where I needed to go!) and changed it from:
This indeed worked, but I am confused. Does this mean that 10.11.1.1 (itself) shouldn't be listed in the resolv.conf, or is it a rule that you must have two servers active in here or the service breaks down?
Problem is that 10.11.2.2 will be shutdown permanently soon and 10.11.254.1 is an active directory/DNS server in a different domain (my-domain.local) which I just added in previously when I was 'tinkering', so don't know whether it's prudent to use this.
Any additional comments and advice very much appreciated
It is normal to have at least 2 DNS servers in resolv.conf in case one dies.
You can use dig http://linux.die.net/man/1/dig to do dns lookup checks and specify which dns server to ask.
Very handy for your situation.
A little out of my depth here, but 10.11.1.1 should be listening (I assume the above results confirm this), but when I have indeed done manual nslookups against it recently (while troubleshooting the whole DNS problem), it was timing out.
As you have advised though, my other server appears to be working:
Code:
[root@server etc]# nslookup samba1
;; Got SERVFAIL reply from 10.11.1.1, trying next server
Server: 10.11.2.2
Address: 10.11.2.2#53
Name: samba1.my-domain.co.uk
Address: 10.11.22.210
So I guess my next question would be, how can I troubleshoot the DNS service on 10.11.1.1? It seems to me that something must be corrupted? I've manually scanned through the localdomain, localnet, named.conf and resolv.conf files and can't see anything obvious (the former two are quite large though).
The service restarts as it has always done:
Code:
[root@server etc]# service named restart
Stopping named: rndc: connect failed: connection refused
[ OK ]
Starting named: [ OK ]
The apparent error above has always appeared. As I remember, when I researched (read: 'googled') it last year it turned out to be harmless.
Any further assistance would be very well received.
Try running named-checkzone against your zonefile, if there's any corruption it should show up, then again I think named will tell you when it starts up if it has any issues with a zone. It may be worth posting your named.conf in case there's something syntactically correct but not functional... just had another thought, could you check whether iptables is running, if it is then turn it off and test again.. maybe something snuck into your rules
Thanks for the additional info. I wasn't aware of the 'named-checkzone' command, which did highlight a problem where I'd used a hash to comment a line out. Didn't realise I couldn't use them in this file. Though to be honest, I did this since the problems began, so it would only be partially to blame.
Now, with that tidied up and the resolv.conf corrected things appear to be stabilizing. At least the nslookups I have just tested are responding quickly and correctly. Which is great, so thank you once again!
Regarding named.conf, I will still post it, on the possibility that a discerning eye may pickup on anything unusual!
1. Did you find something in the /var/log/named/named.log file.
2. And did you ever touched the tcp wrappers recently?
3. There might be a issue with the rndc? What is the Bind version on the server?
4. Are you able to resolve using your forwarders from this server?
5. You might run a tcpdump to see what exactly is happening to the dns traffics. That might give you some help to fix the issue.
Glad to hear things are improving, after looking at your config I have a couple of suggestions, please note that I have no idea what you environment looks like though -
- take out the 'forward first' option, may slow down local resolution a tad
- restrict recursive lookups
- use key based auth for transfer between master and slave
- report bogus version ( old school but anyway... )
- restrict who's allowed to query if you wish ( could be a little excessive )
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.