LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-25-2015, 06:21 AM   #1
adrianTNT
LQ Newbie
 
Registered: Jul 2011
Posts: 12

Rep: Reputation: Disabled
Question What is wrong with my bind settings ? It doesn't respond to queries.


I am using BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6. I will use example.com and 5.5.5.5 instead of actual ip.

It is not responding to queries, port is open from what I can tell.

Even from actual server if I ping my domain "ping example.com", it doesn't find it as being local host, so I suspect the problem is in bind zone/config files and not a blocked port.

I tested with an online debug tool, typed the domain, it got the ns.example.com record associated with my domain, it tried to query the right server IP address and the server didn't respond.

From my home computer if I "telnet 5.5.5.5 53" it enters as waiting commands (like for my other servers), so I assume that is Bind and port is open.

Code:
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
    
            listen-on port 53 { any; };
    
            // listen-on-v6 port 53 { any; };
    
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
    
            allow-query { any; };

            recursion yes;
    
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
    
            /* Path to ISC DLV key */
            bindkeys-file "/etc/named.iscdlv.key";
    
            managed-keys-directory "/var/named/dynamic";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    zone "example.com" {
            type master;
            file "/var/named/example.com.hosts";
            };
And my zone file:

Code:
    $ttl 38400
    example.com.	IN	SOA	localhost.localdomain. dns.example.com. (
    			1432513360
    			10800
    			3600
    			604800
    			38400 )
    example.com.	IN	NS	ns1.example.com.
    example.com.	IN	NS	ns2.example.com.
    example.com.	IN	NS	ns3.example.com.
    example.com.	IN	NS	ns4.example.com.
    example.com.	IN	A	5.5.5.5
    mail.example.com.	IN	A	5.5.5.5
    ns1.example.com.	IN	A	5.5.5.5
    ns2.example.com.	IN	A	5.5.5.5
    ns3.example.com.	IN	A	5.5.5.5
    ns4.example.com.	IN	A	5.5.5.5
    www.example.com.	IN	CNAME	example.com.
    example.com.    IN    MX   10     mail.example.com.

Last edited by adrianTNT; 05-25-2015 at 06:22 AM.
 
Old 05-25-2015, 07:11 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 488

Rep: Reputation: 78
I did a quick, as a friend of mine likes to call it, "stare-&-compare" and it looks ok to me. Some thoughts...

Try setting 'dnssec-validation yes;' to no and restarting the daemon to see if that has any impact?
Anything in the logs indicating a problem? Permissions on the file(s) correct? SELinux contexts? The daemon running/listening ss -plunt | grep ':53' (netstat if not ss)?
 
Old 05-25-2015, 07:16 AM   #3
adrianTNT
LQ Newbie
 
Registered: Jul 2011
Posts: 12

Original Poster
Rep: Reputation: Disabled
selinux is "Disabled".
I set dnssec-validation to no (no effect), I also commented those 3 lines, no effect.
Maybe this looks wrong ?
Code:
ss -plunt | grep ':53'
udp    UNCONN     0      0           10.168.49.49:53                    *:*      users:(("named",770,513))
udp    UNCONN     0      0              127.0.0.1:53                    *:*      users:(("named",770,512))
tcp    LISTEN     0      3           10.168.49.49:53                    *:*      users:(("named",770,21))
tcp    LISTEN     0      3              127.0.0.1:53                    *:*      users:(("named",770,20))
 
Old 05-25-2015, 09:08 AM   #4
adrianTNT
LQ Newbie
 
Registered: Jul 2011
Posts: 12

Original Poster
Rep: Reputation: Disabled
Do these permissions look wrong?

Quote:
ls -l /var/named
-rw-r--r-- 1 root named 347 May 25 13:48 example.com.hosts
drwxrwx---. 2 named named 4096 May 25 13:34 data
drwxrwx---. 2 named named 4096 May 25 13:53 dynamic
-rw-r----- 1 root named 2075 Apr 23 2014 named.ca
drwxrwx--- 2 named named 4096 May 19 13:27 slaves
 
  


Reply

Tags
bind, dns, domain, named, nameserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Queries about bind... cj_cheema Linux - Server 1 04-11-2009 11:14 AM
How to log some kind of queries with BIND 9 sjfdj Linux - Server 1 09-17-2008 04:33 AM
Securing BIND queries broadcast Linux - Security 3 09-22-2006 09:18 PM
Runaway queries in BIND mj.fear Linux - Newbie 1 11-06-2005 01:09 PM
Some queries related to DNS(bind) coolamit78 Linux - Networking 1 12-19-2003 03:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration