Need help setting up DNS- dig almost works

tbsmith · 01-29-2008, 12:54 PM

I have Fedora 7. I have two domain names with godaddy.com and one dedicated machine with them. I have three IPs for that machine. For my domain settings for exampleproblems.com I have the two dns servers as ns1.exampleproblems.com and ns2.exampleproblems.com pointing to two of the IPs, 68.178.250.214 and 68.178.250.215. For the other domain culturalconnections.cc I have the two dns servers as ns1 and ns2.culturalconnections.cc with the same two IPs.

I have these IPs registered with my eth0 device and I can ping them from anywhere.

named is up and running.

Here is my named.conf (actually it uses named.caching-nameserver.conf)

//
// named.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
directory "/var/named";
allow-query {any;};
recursion no;
pid-file "/var/run/named.pid";
zone-statistics yes;
statistics-file "/var/named/data/named_stats.txt";
};

logging {
channel default_debug {
file "data/named.run";
severity warning;
};
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "exampleproblems.com" {
type master;
file "exampleproblems.com.db";
};

zone "culturalconnections.cc" {
type master;
file "culturalconnections.cc.db";
};

zone "." {
type hint;
file "named.ca";
};

//////////////////////////////////////////////////////

Here is exampleproblems.com.db

$TTL 1
@ IN SOA exampleproblems.com. elliptic1@gmail.com (
2007012901 ; serial
6H ; refresh after 6 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1H ) ; minimum TTL of 1 day

@ IN NS ns1.exampleproblems.com.
@ IN NS ns2.exampleproblems.com.
localhost IN A 127.0.0.1
ns1 IN A 68.178.250.214
ns2 IN A 68.178.250.215

///////////////////////////////////////////////////////

Here is culturalconnections.cc.db

$TTL 1
@ IN SOA culturalconnections.cc. edenoil@gmail.com (
2007012901 ; serial
6H ; refresh after 6 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1H ) ; minimum TTL of 1 day

@ IN NS ns1.culturalconnections.cc.
@ IN NS ns2.culturalconnections.cc.
localhost IN A 127.0.0.1
ns1 IN A 68.178.250.214
ns2 IN A 68.178.250.215

////////////////////////////////////////////////////////

I also have these virtual host directives in my httpd.conf file. Whichever one I put on top is the website that will come up if I type on of the IPs into a browser.

<VirtualHost *:80>
ServerAdmin exampleproblems@gmail.com
DocumentRoot /home/exampleproblems.com
ServerName www.exampleproblems.com
ErrorLog /home/exampleproblems.com/error_log
CustomLog /home/exampleproblems.com/access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin edenoil@gmail.com
DocumentRoot /home/culturalconnections.cc
ServerName www.culturalconnections.cc
ErrorLog /home/culturalconnections.cc/error_log
CustomLog /home/culturalconnections.cc/access_log common
</VirtualHost>

/////////////////////////////////////////////////////////////

Here is the output of some dig commands:

# dig yahoo.com

; <<>> DiG 9.4.2 <<>> yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13262
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 300 IN A 66.94.234.13
yahoo.com. 300 IN A 216.109.112.135

;; AUTHORITY SECTION:
yahoo.com. 128011 IN NS ns3.yahoo.com.
yahoo.com. 128011 IN NS ns5.yahoo.com.
yahoo.com. 128011 IN NS ns4.yahoo.com.
yahoo.com. 128011 IN NS ns1.yahoo.com.
yahoo.com. 128011 IN NS ns6.yahoo.com.
yahoo.com. 128011 IN NS ns8.yahoo.com.
yahoo.com. 128011 IN NS ns2.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 128011 IN A 202.43.223.170
ns8.yahoo.com. 128011 IN A 202.165.104.22

;; Query time: 163 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 29 05:03:50 2008
;; MSG SIZE rcvd: 217

# dig exampleproblems.com

; <<>> DiG 9.4.2 <<>> exampleproblems.com
;; global options: printcmd
;; connection timed out; no servers could be reached

# dig +tcp exampleproblems.com
;; Connection to 68.178.250.214#53(68.178.250.214) for exampleproblems.com failed: connection refused.
;; Connection to 68.178.250.215#53(68.178.250.215) for exampleproblems.com failed: connection refused.
;; Connection to 68.178.250.214#53(68.178.250.214) for exampleproblems.com failed: connection refused.
;; Connection to 68.178.250.215#53(68.178.250.215) for exampleproblems.com failed: connection refused.

# dig +norec exampleproblems.com

; <<>> DiG 9.4.2 <<>> +norec exampleproblems.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14772
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;exampleproblems.com. IN A

;; AUTHORITY SECTION:
exampleproblems.com. 127912 IN NS ns1.exampleproblems.com.
exampleproblems.com. 127912 IN NS ns2.exampleproblems.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 29 05:05:36 2008
;; MSG SIZE rcvd: 73

# dig culturalconnections.cc

; <<>> DiG 9.4.2 <<>> culturalconnections.cc
;; global options: printcmd
;; connection timed out; no servers could be reached

# dig +tcp culturalconnections.cc
;; Connection to 68.178.250.214#53(68.178.250.214) for culturalconnections.cc failed: connection refused.
;; Connection to 68.178.250.215#53(68.178.250.215) for culturalconnections.cc failed: connection refused.
;; Connection to 68.178.250.214#53(68.178.250.214) for culturalconnections.cc failed: connection refused.
;; Connection to 68.178.250.215#53(68.178.250.215) for culturalconnections.cc failed: connection refused.

# dig +norec culturalconnections.cc

; <<>> DiG 9.4.2 <<>> +norec culturalconnections.cc
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23917
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;culturalconnections.cc. IN A

;; AUTHORITY SECTION:
culturalconnections.cc. 142686 IN NS NS1.culturalconnections.cc.
culturalconnections.cc. 142686 IN NS NS2.culturalconnections.cc.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 29 05:07:06 2008
;; MSG SIZE rcvd: 76

////////////////////////////////////////////////////////////

Thanks for any help!!!

rupertwh · 01-29-2008, 01:53 PM

I assume that your problem/question is, that when looking up non-existant names, instead of an NXDOMAIN error, you get a timeout. (I'm not sure though why you included part of your apache conf.)

Anyway, I'm not sure if it is the cause, but: Your bind config is missing definitions for the "localhost" and "127.in-addr.arpa" zones, which can make dns break in all kinds of non-obvious ways.
So you should add those first (actullay they should have been there from a standard install) and see if your problem persists.

bskrakes · 01-29-2008, 02:27 PM

I would also try this at the command line/terminal:

Quote:

dig +trace DOMAIN_NAME

It gives you some extra info regarding the domain and its DNS settings.

This is what I got for one of your domains running the above command:

Quote:

; <<>> DiG 9.3.3rc2 <<>> +trace culturalconnections.cc
;; global options: printcmd
. 67700 IN NS m.root-servers.net.
. 67700 IN NS f.root-servers.net.
. 67700 IN NS e.root-servers.net.
. 67700 IN NS b.root-servers.net.
. 67700 IN NS j.root-servers.net.
. 67700 IN NS i.root-servers.net.
. 67700 IN NS h.root-servers.net.
. 67700 IN NS c.root-servers.net.
. 67700 IN NS d.root-servers.net.
. 67700 IN NS g.root-servers.net.
. 67700 IN NS a.root-servers.net.
. 67700 IN NS k.root-servers.net.
. 67700 IN NS l.root-servers.net.
;; Received 452 bytes from 192.168.0.1#53(192.168.0.1) in 13 ms

cc. 172800 IN NS D5.NSTLD.COM.
cc. 172800 IN NS C5.NSTLD.COM.
cc. 172800 IN NS G5.NSTLD.COM.
cc. 172800 IN NS A5.NSTLD.COM.
cc. 172800 IN NS H5.NSTLD.COM.
cc. 172800 IN NS L5.NSTLD.COM.
cc. 172800 IN NS F5.NSTLD.COM.
;; Received 280 bytes from 202.12.27.33#53(m.root-servers.net) in 47 ms

culturalconnections.cc. 172800 IN NS NS1.culturalconnections.cc.
culturalconnections.cc. 172800 IN NS NS2.culturalconnections.cc.
;; Received 108 bytes from 192.31.80.34#53(D5.NSTLD.COM) in 44 ms

;; connection timed out; no servers could be reached

It looks like your BIND config is messed up, as rupertwh said. You could try uninstalling your BIND services and re-installing. When your BIND/DNS is messed it can be a real pain, I am certainly not an expert on it but your BIND/DNS.conf file doesn't look like mine.... I cannot post my as I have information in it that I do not want to share - my clients info is private.

tbsmith · 01-29-2008, 02:46 PM

rupertwh - The localhost and the other definitions are included in another file and maybe I didn't copy the include line to the message I sent. My question is not about what should happen when I look up a non-existent domain- it's that I don't want my domain to be non-existent!

I included part of my apache conf because I didn't know if it was important and I decided to err on the side of too much information rather than too little.

rupertwh · 01-29-2008, 03:16 PM

Quote:

Originally Posted by tbsmith

My question is not about what should happen when I look up a non-existent domain- it's that I don't want my domain to be non-existent!

The only A records you have are for ns1 and n2. There is none for "exampleproblems.com". (but actually, on a working dns, dig seems to just return the SOA record when querying the domain name)

Your problem seems to come up whenever a lookup fails, as in

Code:

dig foo.exampleproblems.com

vs.

Code:

dig ns1.exampleproblems.com

Doesn't bind have any useful information in the log files?

tbsmith · 01-29-2008, 03:32 PM

When I do a dig, there's nothing in /var/log/messages, and nothing has ever been written to the specified log file in /var/named/data/named.run. Where else can I look?

rupertwh · 01-29-2008, 08:03 PM

Your SOA record is messed up, didn't notice that at first:

Quote:

Originally Posted by tbsmith

@ IN SOA exampleproblems.com. elliptic1@gmail.com (

"exampleproblems.com." doesn't resolve to anything, should be: "ns1.exampleproblems.com."
This has to be the name of your primary name server.

Also, you specified the email in an invalid format (@ and missing trailing dot).

So the whole line should read:

Code:

@     IN     SOA    ns1.exampleproblems.com.   elliptic1.gmail.com. (

But despite all that, I was able to get it working with your config copy/pasted to a Debian box (Bind 9.3.4). So the error has to be more subtle.

Did you increase the serial number when making changes? (It is the year 2008 now, yours seems to be a year old)