LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-26-2010, 12:30 PM   #1
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
Question DNS broken?


I run BIND9 in Debian on my server, and did a dist-upgrade last night. Prior to the dist-upgrade, everything worked fine. It does not appear that any of the configuration or zone files were changed.

Right now, I am seeing ServFail replies to the A queries:

Code:
13:00:26.496391 IP 10.7.21.12.45956 > 10.7.7.2.53: 39290+ A? int0x80.com. (29)
        0x0000:  4500 0039 603c 4000 4011 aa5c 0a07 150c  E..9`<@.@..\....
        0x0010:  0a07 0702 b384 0035 0025 3052 997a 0100  .......5.%0R.z..
        0x0020:  0001 0000 0000 0000 0769 6e74 3078 3830  .........int0x80
        0x0030:  0363 6f6d 0000 0100 01                   .com.....

13:00:28.569409 IP 10.7.7.2.53 > 10.7.21.12.45956: 39290 ServFail 0/0/0 (29)
        0x0000:  4500 0039 7571 0000 8011 9527 0a07 0702  E..9uq.....'....
        0x0010:  0a07 150c 0035 b384 0025 ad7a 997a 8182  .....5...%.z.z..
        0x0020:  0001 0000 0000 0000 0769 6e74 3078 3830  .........int0x80
        0x0030:  0363 6f6d 0000 0100 01                   .com.....
These entries are in /var/log:

Code:
aptitude:615:[REMOVE, NOT USED] libbind9-50
aptitude:642:[INSTALL, DEPENDENCIES] libbind9-60
aptitude:676:[UPGRADE] bind9 1:9.6.1.dfsg.P1-1 -> 1:9.7.0.dfsg.P1-1
aptitude:677:[UPGRADE] bind9-host 1:9.6.1.dfsg.P1-1 -> 1:9.7.0.dfsg.P1-1
aptitude:678:[UPGRADE] bind9utils 1:9.6.1.dfsg.P1-1 -> 1:9.7.0.dfsg.P1-1
Code:
daemon.log:1681:May 25 15:03:02 int0x80 named[2288]: starting BIND 9.7.0-P1 -u bind
daemon.log:1682:May 25 15:03:02 int0x80 named[2288]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
daemon.log:1686:May 25 15:03:02 int0x80 named[2288]: loading configuration from '/etc/bind/named.conf'
daemon.log:1687:May 25 15:03:02 int0x80 named[2288]: reading built-in trusted keys from file '/etc/bind/bind.keys'

Last night, and this morning I was able to SSH into my server without issue, and am still currently connected there. However, other boxes do not resolve the IP for it. So I'm assuming the SSH session used cached DNS data to resolve the IP.

I don't really know a whole lot about DNS, so I'm sort of forking this thread as one path in my search while I continue to dig through Google results. Please ask me to provide any additional information that might be helpful in fixing this.
 
Old 05-26-2010, 12:41 PM   #2
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Original Poster
Rep: Reputation: 31
Also, when I sniff and do look-ups against the server, the only entries that show in dmesg are regarding the NIC using promiscuous mode:

Code:
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
Firewall rules are currently accept all:

Code:
Chain INPUT (policy ACCEPT 33539 packets, 8905K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 35908 packets, 16M bytes)
 pkts bytes target     prot opt in     out     source               destination
 
Old 05-27-2010, 11:17 AM   #3
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Original Poster
Rep: Reputation: 31
Fixed it, I had an old entry in one of my db files that bind didn't like. The entry had been outdated for years actually, but bind never complained until now.
 
  


Reply

Tags
debian


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect local DNS query to remote DNS server on non standard port? rock_ya_baby Linux - Server 8 04-13-2010 04:31 AM
DNS broken after Fedora 10 upgrade woodson2 Fedora 4 12-05-2008 09:23 AM
i want make DNS server on fedora 8 opreting system plz tell me what is file use DNS nitin gupta Linux - Newbie 2 02-20-2008 05:01 PM
Win2k3 DNS + PFsense DNS Forwarder = No internal DNS resolution Panopticon Linux - Networking 1 11-19-2007 09:59 PM
TEMP_FAILURE: DNS Error: Timeout while contacting DNS servers when receiving emails tonysutherland Linux - Networking 2 02-10-2006 09:04 AM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration