LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-24-2010, 05:15 PM   #1
craseal
LQ Newbie
 
Registered: Aug 2010
Posts: 12

Rep: Reputation: 0
Exclamation SOA for nameserver can't be retrieved, possible port or BIND misconfiguration


My configuration: CentOS in a VPS environment, I have 2 static IPs at my disposal.

I'm having trouble setting up my nameservers. I've registered the nameservers with my registrar and supplied the GLUE records, however my registrar has not yet applied this information into the DNS zone, because my nameservers fail to generate a response on port 53.

DNS check says the following about my nameserver address:

Checking SOA records for domain. Domain server is not answering to UDP requests on port 53. Possible problems: A firewall is blocking port 53, server is down, server is not running software for handling dns requests.

So the only two possibilities I see is that my port 53 is somehow blocked or not properly set to accept and send the correct traffic or that I've misconfigured BIND.

I've run netstat -anp and found out that named is listening on tcp port 53 on all IPs, and it has udp port 53 on all IPs listed among active connections, though I'm unsure if that also means the port is actually active?

Last edited by craseal; 08-24-2010 at 08:10 PM.
 
Old 08-24-2010, 06:37 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Your name servers appear to be working and can be accessed, but there appears to be something wrong with your zone configuration. I was able to connect to use your servers to do a look up (I realize using someone else's DNS is rude and I only did this to help troubleshoot your problem) for google and yahoo. However, when I attempted to look up your domain I got either unknown or servfail. The server fail is indicative of a problem in your configuration somewhere. Bind syntax can be both obscure and is very sensitive to syntax errors. I don't see anything obviously wrong with your zones, so I would suggest that you use the named-checkconf utility to see if anything gets reported.

Also, restart your DNS server and look at the output of syslog and possibly daemon log. Chances are you will see some message indicating what might be at fault.

See the following output
Code:
> server 77.235.60.14
Default server: 77.235.60.14
Address: 77.235.60.14#53
> google.com
Server:		77.235.60.14
Address:	77.235.60.14#53

Non-authoritative answer:
Name:	google.com
Address: 74.125.77.99
Name:	google.com
Address: 74.125.77.104
Name:	google.com
Address: 74.125.77.147
> server 77.235.60.108
Default server: 77.235.60.108
Address: 77.235.60.108#53
> yahoo.com
Server:		77.235.60.108
Address:	77.235.60.108#53

Non-authoritative answer:
Name:	yahoo.com
Address: 209.191.122.70
Name:	yahoo.com
Address: 67.195.160.76
Name:	yahoo.com
Address: 69.147.125.65
Name:	yahoo.com
Address: 72.30.2.43
Name:	yahoo.com
Address: 98.137.149.56
> drustvo-mmm.si
Server:		77.235.60.108
Address:	77.235.60.108#53

** server can't find drustvo-mmm.si: NXDOMAIN
> ns1.drustvo-mmm.si
Server:		77.235.60.108
Address:	77.235.60.108#53

** server can't find ns1.drustvo-mmm.si: NXDOMAIN
> ns1.drustvo-mmm.si.
Server:		77.235.60.108
Address:	77.235.60.108#53

** server can't find ns1.drustvo-mmm.si: SERVFAIL
>
 
Old 08-24-2010, 08:08 PM   #3
craseal
LQ Newbie
 
Registered: Aug 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Haha, oh, you won't believe what I found out! I feel so relieved! And to think I was looking at the wrong place for the whole day!

I checked the log after I restarted bind, and found an interesting line:
Code:
Aug 25 02:51:09 drustvo-mmm named[10094]: zone drustvo-mmm.si/IN: loading master file drustvo.zone: permission denied
Then I used ls -la, and guess what I saw? All zones had read permissions set only for root. That's what you get if you work as root.

It's working now. Thanks Noway2!
 
  


Reply

Tags
bind, centos, dns, iptables, nameservers


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] bind caching nameserver: views/firewalling (RHEL5/CentOS5) deadeyes Linux - Server 4 10-15-2009 10:52 AM
LXer: Recent SOA announcements and SOA developer resources LXer Syndicated Linux News 0 10-22-2006 08:03 PM
dig will not work external to the bind nameserver stevemarci Linux - Newbie 4 06-12-2006 03:31 PM
BIND - SOA record not at top of zone granny Linux - Networking 3 10-29-2004 10:28 AM
BIND: wildcard DNS and nameserver noisybastard Linux - Networking 0 10-05-2003 05:13 PM


All times are GMT -5. The time now is 07:58 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration