What is wrong with my bind settings ? It doesn't respond to queries.

adrianTNT · 05-25-2015, 06:21 AM

I am using BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6. I will use example.com and 5.5.5.5 instead of actual ip.

It is not responding to queries, port is open from what I can tell.

Even from actual server if I ping my domain "ping example.com", it doesn't find it as being local host, so I suspect the problem is in bind zone/config files and not a blocked port.

I tested with an online debug tool, typed the domain, it got the ns.example.com record associated with my domain, it tried to query the right server IP address and the server didn't respond.

From my home computer if I "telnet 5.5.5.5 53" it enters as waiting commands (like for my other servers), so I assume that is Bind and port is open.

Code:

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
    
            listen-on port 53 { any; };
    
            // listen-on-v6 port 53 { any; };
    
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
    
            allow-query { any; };

            recursion yes;
    
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
    
            /* Path to ISC DLV key */
            bindkeys-file "/etc/named.iscdlv.key";
    
            managed-keys-directory "/var/named/dynamic";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    zone "example.com" {
            type master;
            file "/var/named/example.com.hosts";
            };

And my zone file:

Code:

    $ttl 38400
    example.com.	IN	SOA	localhost.localdomain. dns.example.com. (
    			1432513360
    			10800
    			3600
    			604800
    			38400 )
    example.com.	IN	NS	ns1.example.com.
    example.com.	IN	NS	ns2.example.com.
    example.com.	IN	NS	ns3.example.com.
    example.com.	IN	NS	ns4.example.com.
    example.com.	IN	A	5.5.5.5
    mail.example.com.	IN	A	5.5.5.5
    ns1.example.com.	IN	A	5.5.5.5
    ns2.example.com.	IN	A	5.5.5.5
    ns3.example.com.	IN	A	5.5.5.5
    ns4.example.com.	IN	A	5.5.5.5
    www.example.com.	IN	CNAME	example.com.
    example.com.    IN    MX   10     mail.example.com.

rayfordj · 05-25-2015, 07:11 AM

I did a quick, as a friend of mine likes to call it, "stare-&-compare" and it looks ok to me. Some thoughts...

Try setting 'dnssec-validation yes;' to no and restarting the daemon to see if that has any impact?
Anything in the logs indicating a problem? Permissions on the file(s) correct? SELinux contexts? The daemon running/listening ss -plunt | grep ':53' (netstat if not ss)?

adrianTNT · 05-25-2015, 07:16 AM

selinux is "Disabled".
I set dnssec-validation to no (no effect), I also commented those 3 lines, no effect.
Maybe this looks wrong ?

Code:

ss -plunt | grep ':53'
udp    UNCONN     0      0           10.168.49.49:53                    *:*      users:(("named",770,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",770,512))
tcp    LISTEN     0      3           10.168.49.49:53                    *:*      users:(("named",770,21))
tcp    LISTEN     0      3              127.0.0.1:53                    *:*      users:(("named",770,20))

adrianTNT · 05-25-2015, 09:08 AM

Do these permissions look wrong?

Quote:

ls -l /var/named
-rw-r--r-- 1 root named 347 May 25 13:48 example.com.hosts
drwxrwx---. 2 named named 4096 May 25 13:34 data
drwxrwx---. 2 named named 4096 May 25 13:53 dynamic
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
drwxrwx--- 2 named named 4096 May 19 13:27 slaves