Bind isn't resolving new name

brgsousa · 01-21-2010, 12:11 PM

Hi,
After adding a new name to bind, and it just can't resolve it.
Trying to restart, this happens:
# /etc/init.d/bind9 restart
Stopping domain name service...: bind9rndc: neither /etc/bind/rndc.conf nor /etc/bind/rndc.key was found
.
Starting domain name service...: bind9.

And the server it self still cannot resolve it.

What can be happenning?

bathory · 01-21-2010, 12:26 PM

Did you remember to increase the serial number, before restarting bind?
Regarding:

Quote:

Stopping domain name service...: bind9rndc: neither /etc/bind/rndc.conf nor /etc/bind/rndc.key was found

you need to configure rndc. Use google to search for a howto for your distro

Regards

brgsousa · 01-21-2010, 12:43 PM

I changed serial.
It's 2010012103 now.

bathory · 01-21-2010, 01:00 PM

When you restart bind, take a look at the logs and see if the zone is loading with the new serial?
Could you post the output of the following commands:

Code:

named-checkzone -D domain.com /path/to/zone/domain.com

(maybe you have to add "-t /var/named" before the path to the zone file if you're running named chrooted to /var/named)

Code:

dig soa domain.com

Code:

dig soa domain.com @dns.domain.com

brgsousa · 01-22-2010, 06:40 AM

Trying to enable BIND logs:

Code:

# rndc querylog
rndc: connect failed: 127.0.0.1#953: connection refused

(All the information is fictious, but the structure is intact)
www.techweek.myplace.edu.br is the malfunction one.

Results:

Code:

# named-checkzone -D myplace.edu.br /etc/bind/db.myplace.edu.br
zone myplace.edu.br/IN: loaded serial 2010012103
myplace.edu.br.                                  86400 IN SOA      myproblematicserver.myplace.edu.br. root.myplace.edu.br. 2010012103 28800 7200 604800 86400
myplace.edu.br.                                  86400 IN NS       mygatewayserver.myplace.edu.br.
myplace.edu.br.                                  86400 IN NS       myproblematicserver.myplace.edu.br.
myplace.edu.br.                                  86400 IN NS       seconddnsserver.myplace.edu.br.
myplace.edu.br.                                  86400 IN MX       1 seconddnsserver.myplace.edu.br.
myplace.edu.br.                                  86400 IN TXT      "v=spf1 mx a:mygatewayserver a:seconddnsserver a:robusto a:poeta a:apaixonado ~all"
_sip._tcp.myplace.edu.br.                        86400 IN SRV      0 0 5060 apaixonado.myplace.edu.br.
_sip._udp.myplace.edu.br.                        86400 IN SRV      0 0 5060 apaixonado.myplace.edu.br.
myproblematicserver.myplace.edu.br.                         86400 IN A        201.101.3.13
www.techweek.myplace.edu.br.           86400 IN CNAME    myproblematicserver.myplace.edu.br.
OK

Code:

# dig soa www.techweek.myplace.edu.br

; <<>> DiG 9.6.0-P1 <<>> soa www.techweek.myplace.edu.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48201
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.techweek.myplace.edu.br. IN SOA

;; AUTHORITY SECTION:
myplace.edu.br.            0       IN      SOA     myproblematicserver.myplace.edu.br. root.myplace.edu.br. 2009120101 28800 7200 604800 86400

;; Query time: 81 msec
;; SERVER: 201.101.3.13#53(201.101.3.13)
;; WHEN: Fri Jan 22 09:28:57 2010
;; MSG SIZE  rcvd: 102

Code:

# dig soa www.techweek.myplace.edu.br @dns.www.techweek.myplace.edu.br
dig: couldn't get address for 'dns.www.techweek.myplace.edu.br': not found

Thanks

bathory · 01-22-2010, 06:59 AM

Quote:

# named-checkzone -D myplace.edu.br /etc/bind/db.myplace.edu.br
zone myplace.edu.br/IN: loaded serial 2010012103
myplace.edu.br. 86400 IN SOA myproblematicserver.myplace.edu.br. root.myplace.edu.br. 2010012103 28800 7200 604800 86400
...

# dig soa www.techweek.myplace.edu.br
...
;; AUTHORITY SECTION:
myplace.edu.br. 0 IN SOA myproblematicserver.myplace.edu.br. root.myplace.edu.br. 2009120101 28800 7200 604800 86400
...

You see that you have 2 different serial numbers. That means that you edit the wrong zone file. I guess you're running named chrooted to some directory and /etc/bind/db.myplace.edu.br is relative to that directory. To find the chroot run

Code:

ps -ef|grep named

The chroot is the path after the "-t" option.

Quote:

# rndc querylog
rndc: connect failed: 127.0.0.1#953: connection refused

rndc does not work, because you have to configure it first.

brgsousa · 01-22-2010, 12:12 PM

Quote:

Originally Posted by bathory

You see that you have 2 different serial numbers. That means that you edit the wrong zone file. I guess you're running named chrooted to some directory and /etc/bind/db.myplace.edu.br is relative to that directory. To find the chroot run

Code:

ps -ef|grep named

The chroot is the path after the "-t" option.

bathory, theres is no "-t" option

Code:

# ps -ef | grep named
bind      1979     1  0 10:18 ?        00:00:11 /usr/sbin/named -u bind
root      9434  9259  0 15:07 pts/0    00:00:00 grep named

Quote:

rndc does not work, because you have to configure it first.

I am trying to configure it through this http://www.howtoforge.com/debian_dns

brgsousa · 01-22-2010, 12:59 PM

I didn't change a thing, and bind, out of nowhere, started to resolve the domain.

Code:

# dig soa www.techweek.myplace.edu.br

; <<>> DiG 9.6.0-P1 <<>> soa www.techweek.myplace.edu.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13210
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.techweek.myplace.edu.br. IN SOA

;; ANSWER SECTION:
www.techweek.myplace.edu.br. 86400 IN CNAME myproblematicserver.myplace.edu.br.

;; AUTHORITY SECTION:
myplace.edu.br.            86400   IN      SOA     myproblematicserver.myplace.edu.br. root.myplace.edu.br. 2010012103 28800 7200 604800 86400

;; Query time: 0 msec
;; SERVER: 201.101.3.13#53(201.101.3.13)
;; WHEN: Fri Jan 22 15:52:21 2010
;; MSG SIZE  rcvd: 116

Is there any refresh delay configured somewhere?

bathory · 01-22-2010, 03:13 PM

Glad to see it worked.

Quote:

theres is no "-t" option

That means that named does not run chrooted. So the correct path to the zone files is defined by the "directory" directive in /etc/named.conf (I guess it's /etc/bind/)

Quote:

I didn't change a thing, and bind, out of nowhere, started to resolve the domain.

Are you sure about this? Because in the 1st dig query you got answer from 201.101.3.13 with serial 2009120101 (obviously wrong as it's from last December), while the last query was answered from 200.128.35.5 (serial 2010012103).
Maybe your changed nameservers in /etc/resolv.conf and now you're using the correct one/

The various times (ttl ,refresh etc) defined in a zone file are used by the clients, so you should always get a fresh answer if you query the authoritative dns.

brgsousa · 01-23-2010, 08:40 AM

it's 201.101.3.13.
I just changed the real one to the wrong one. it had to be 201.101.3.13 anyway. I edited the last post now.

I'll recheck all my configurations
thanks!