LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-22-2012, 09:17 PM   #1
cbtshare
Member
 
Registered: Jul 2009
Posts: 645

Rep: Reputation: 42
linux dns issue


I am having a issue:
Quote:
nslookup www.domain.com
from my client gives me

Quote:
nslookup www.domain.com
Server: 111.111.111.1
Address: 111.111.111.1#53

** server can't find www.domain.com: NXDOMAIN
and from my nameserver

if I do

dig www.domain.com @111.111.111.1

Quote:
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> www.domain.com @111.111.111.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.domain.com. IN A

;; ANSWER SECTION:
www.domain.com. 3423 IN CNAME 95.211.1xx.xx.

;; AUTHORITY SECTION:
. 10623 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042201 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 111.111.111.1#53(111.111.111.1)
;; WHEN: Sun Apr 22 20:46:54 2012
;; MSG SIZE rcvd: 143

but also from my nameserver

nslookup www.domain.com
Quote:
Server: 111.111.111.1
Address: 111.111.111.1#53

** server can't find www.domain.com: NXDOMAIN

but once i restart everything is fine.Till a few minutes I cant resolve that one domain.

any ideas?
 
Old 04-23-2012, 01:39 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
Blog Entries: 1

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Hi,

Quote:
dig www.domain.com @111.111.111.1

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> www.domain.com @111.111.111.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.domain.com. IN A

;; ANSWER SECTION:
www.domain.com. 3423 IN CNAME 95.211.1xx.xx.

;; AUTHORITY SECTION:
. 10623 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042201 1800 900 604800 86400
<-snip->
Also dig gives a NXDOMAIN.
Now it also gives an answer (a CNAME to an IP), but from the whole dig output:
1. your dns did not answer authoritatively (no aa in the header flags)
2. gave as authoritative dns a root server

Defining a CNAME pointing to an IP address is not a wise think to do. You should always point to an A record.
Anyway you can post your zone file so we could see what is wrong.

Regards
 
Old 04-23-2012, 02:20 AM   #3
cbtshare
Member
 
Registered: Jul 2009
Posts: 645

Original Poster
Rep: Reputation: 42
I have no input in my zone file for www.domain.com ,I dont know why it showed up with CNAME and HOST A
.
My zone file is:

Quote:
@ IN SOA server1.domain.com. root.localhost. (

2012042213; serial
28800; refresh, seconds
7200; retry, seconds
604800; expire, seconds
86400 ); minimum, seconds

;
NS server1.domain.com.;


;
MX 10 server1.domain.com.

;
domain.com. A 111.111.111.1
server1 A 111.111.111.1
domain.com. TXT "v=spf1 a mx ~all"
server1.domain.com. TXT "v=spf1 a -all"
 
Old 04-23-2012, 03:06 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
Blog Entries: 1

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Quote:
I have no input in my zone file for www.domain.com ,I dont know why it showed up with CNAME and HOST A
The dig answer is very strange indeed.
At first it gives a NXDOMAIN correctly and then it resolves the non-existent domain to a CNAME pointing to an IP address.
I guess your dns is forwarding queries to somewhere else. So show us also named.conf and the output of
Code:
dig ns domain.com
 
Old 04-23-2012, 03:49 AM   #5
cbtshare
Member
 
Registered: Jul 2009
Posts: 645

Original Poster
Rep: Reputation: 42
named.conf is below.

Code:
options {

listen-on port 53 { 111.111.111.1;};

listen-on-v6
{ none; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query
{ localhost;
111.111.111.0/26;
};

allow-transfer { localhost; 111.111.111.0/26; };

recursion yes;
dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;


bindkeys-file "/etc/named.iscdlv.key";

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};



view "internal" {
        match-clients {
                localhost;
                111.111.111.0/26;
        };
        zone "." IN {
                type hint;
                file "named.ca";
        };


        zone "111.111.111.in-addr.arpa" {
                type master;
                file "pri.111.111.111.in-addr.arpa";

        };
        zone "domain.com" {
                type master;
                file "pri.domain.com";

        };

include "/etc/named.rfc1912.zones";
};
 
Old 04-23-2012, 05:13 AM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
Blog Entries: 1

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
I guess this happens because you're using dnssec validation, while you have not configured dnssec correctly.
If you don't want dnssec comment out those lines and restart the service
BTW, you don't need the internal view, as you don't define another view in named.conf. So try this:
Code:
options {

listen-on port 53 { 111.111.111.1;};

listen-on-v6
{ none; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query
{ localhost;
111.111.111.0/26;
};

allow-transfer { localhost; 111.111.111.0/26; };

recursion yes;
#dnssec-enable yes;
#dnssec-validation yes;
#dnssec-lookaside auto;
#bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

        zone "." IN {
                type hint;
                file "named.ca";
        };


        zone "111.111.111.in-addr.arpa" {
                type master;
                file "pri.111.111.111.in-addr.arpa";

        };
        zone "domain.com" {
                type master;
                file "pri.domain.com";

        };

include "/etc/named.rfc1912.zones";
 
Old 04-23-2012, 06:24 AM   #7
cbtshare
Member
 
Registered: Jul 2009
Posts: 645

Original Poster
Rep: Reputation: 42
Thank you, I will try your config, but I just put a host A record in 111.111.111.1 and it seems to be stable now.I do not get any error about dnssec so why do you say it is configured incorrectly? I wanna offer some security to users browsing on my LAN.
 
Old 04-23-2012, 07:41 AM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
Blog Entries: 1

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Quote:
but I just put a host A record in 111.111.111.1 and it seems to be stable now
You mean, that you add an A record for www, so it can be resolved now?

Quote:
I do not get any error about dnssec so why do you say it is configured incorrectly? I wanna offer some security to users browsing on my LAN.
I'm not a dnssec expert, but from my knowledge for an authoritative dns you should sign your zone.
 
Old 04-23-2012, 07:23 PM   #9
cbtshare
Member
 
Registered: Jul 2009
Posts: 645

Original Poster
Rep: Reputation: 42
Quote:
Originally Posted by bathory View Post
You mean, that you add an A record for www, so it can be resolved now?

I'm not a dnssec expert, but from my knowledge for an authoritative dns you should sign your zone.
Yes, this seems to resolve it.I dont know why but it does lolll.I will look into dnssec a bit more closely to see if I am doing anything wrong.



Code:
 dig www.domain.com @111.111.111.1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> www.domain.com @111.111.111.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14923
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.domian.com.       IN      A 

;; ANSWER SECTION:
www.domain.com. 266    IN      CNAME   95.211.xx.xx.

;; AUTHORITY SECTION:
.                       7466    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2012042301 1800 900 604800 86400
I inputted the A record, I havent a clue where it is reading the CNAME from loll
I thank you for your assistance.

Cheers

Last edited by cbtshare; 04-23-2012 at 07:28 PM.
 
Old 04-24-2012, 02:47 AM   #10
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
Blog Entries: 1

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Hi,

Why you say it's solved, as you still get the same results from dig?
BTW did you try to resolve that 95.211.xx.xx ip address?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
linux dns(named) issue amartlk Linux - Newbie 5 05-25-2011 05:43 AM
DNS issue - DNS works perfect on server but not on any other computer jtneal Linux - Networking 3 03-15-2008 04:30 PM
Linux Firewall Server (Proxy) - DNS issue ddzc Linux - Networking 4 05-14-2007 04:54 PM
DNS Issue with BOINC Linux Carpinus Linux - General 6 12-13-2005 03:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration