Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-22-2012, 09:17 PM
|
#1
|
Member
Registered: Jul 2009
Posts: 645
Rep:
|
linux dns issue
I am having a issue:
from my client gives me
and from my nameserver
if I do
dig www.domain.com @111.111.111.1
Quote:
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> www.domain.com @111.111.111.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.domain.com. IN A
;; ANSWER SECTION:
www.domain.com. 3423 IN CNAME 95.211.1xx.xx.
;; AUTHORITY SECTION:
. 10623 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042201 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 111.111.111.1#53(111.111.111.1)
;; WHEN: Sun Apr 22 20:46:54 2012
;; MSG SIZE rcvd: 143
|
but also from my nameserver
nslookup www.domain.com
Quote:
Server: 111.111.111.1
Address: 111.111.111.1#53
** server can't find www.domain.com: NXDOMAIN
|
but once i restart everything is fine.Till a few minutes I cant resolve that one domain.
any ideas?
|
|
|
04-23-2012, 01:39 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
|
Hi,
Quote:
dig www.domain.com @111.111.111.1
; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> www.domain.com @111.111.111.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35745
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.domain.com. IN A
;; ANSWER SECTION:
www.domain.com. 3423 IN CNAME 95.211.1xx.xx.
;; AUTHORITY SECTION:
. 10623 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042201 1800 900 604800 86400
<-snip->
|
Also dig gives a NXDOMAIN.
Now it also gives an answer (a CNAME to an IP), but from the whole dig output:
1. your dns did not answer authoritatively (no aa in the header flags)
2. gave as authoritative dns a root server
Defining a CNAME pointing to an IP address is not a wise think to do. You should always point to an A record.
Anyway you can post your zone file so we could see what is wrong.
Regards
|
|
|
04-23-2012, 02:20 AM
|
#3
|
Member
Registered: Jul 2009
Posts: 645
Original Poster
Rep:
|
I have no input in my zone file for www.domain.com ,I dont know why it showed up with CNAME and HOST A
.
My zone file is:
Quote:
@ IN SOA server1.domain.com. root.localhost. (
2012042213; serial
28800; refresh, seconds
7200; retry, seconds
604800; expire, seconds
86400 ); minimum, seconds
;
NS server1.domain.com.;
;
MX 10 server1.domain.com.
;
domain.com. A 111.111.111.1
server1 A 111.111.111.1
domain.com. TXT "v=spf1 a mx ~all"
server1.domain.com. TXT "v=spf1 a -all"
|
|
|
|
04-23-2012, 03:06 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
|
Quote:
I have no input in my zone file for www.domain.com ,I dont know why it showed up with CNAME and HOST A
|
The dig answer is very strange indeed.
At first it gives a NXDOMAIN correctly and then it resolves the non-existent domain to a CNAME pointing to an IP address.
I guess your dns is forwarding queries to somewhere else. So show us also named.conf and the output of
|
|
|
04-23-2012, 03:49 AM
|
#5
|
Member
Registered: Jul 2009
Posts: 645
Original Poster
Rep:
|
named.conf is below.
Code:
options {
listen-on port 53 { 111.111.111.1;};
listen-on-v6
{ none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ localhost;
111.111.111.0/26;
};
allow-transfer { localhost; 111.111.111.0/26; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
match-clients {
localhost;
111.111.111.0/26;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "111.111.111.in-addr.arpa" {
type master;
file "pri.111.111.111.in-addr.arpa";
};
zone "domain.com" {
type master;
file "pri.domain.com";
};
include "/etc/named.rfc1912.zones";
};
|
|
|
04-23-2012, 05:13 AM
|
#6
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
|
I guess this happens because you're using dnssec validation, while you have not configured dnssec correctly.
If you don't want dnssec comment out those lines and restart the service
BTW, you don't need the internal view, as you don't define another view in named.conf. So try this:
Code:
options {
listen-on port 53 { 111.111.111.1;};
listen-on-v6
{ none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ localhost;
111.111.111.0/26;
};
allow-transfer { localhost; 111.111.111.0/26; };
recursion yes;
#dnssec-enable yes;
#dnssec-validation yes;
#dnssec-lookaside auto;
#bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "111.111.111.in-addr.arpa" {
type master;
file "pri.111.111.111.in-addr.arpa";
};
zone "domain.com" {
type master;
file "pri.domain.com";
};
include "/etc/named.rfc1912.zones";
|
|
|
04-23-2012, 06:24 AM
|
#7
|
Member
Registered: Jul 2009
Posts: 645
Original Poster
Rep:
|
Thank you, I will try your config, but I just put a host A record in 111.111.111.1 and it seems to be stable now.I do not get any error about dnssec so why do you say it is configured incorrectly? I wanna offer some security to users browsing on my LAN.
|
|
|
04-23-2012, 07:41 AM
|
#8
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
|
Quote:
but I just put a host A record in 111.111.111.1 and it seems to be stable now
|
You mean, that you add an A record for www, so it can be resolved now?
Quote:
I do not get any error about dnssec so why do you say it is configured incorrectly? I wanna offer some security to users browsing on my LAN.
|
I'm not a dnssec expert, but from my knowledge for an authoritative dns you should sign your zone.
|
|
|
04-23-2012, 07:23 PM
|
#9
|
Member
Registered: Jul 2009
Posts: 645
Original Poster
Rep:
|
Quote:
Originally Posted by bathory
You mean, that you add an A record for www, so it can be resolved now?
I'm not a dnssec expert, but from my knowledge for an authoritative dns you should sign your zone.
|
Yes, this seems to resolve it.I dont know why but it does lolll.I will look into dnssec a bit more closely to see if I am doing anything wrong.
Code:
dig www.domain.com @111.111.111.1
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> www.domain.com @111.111.111.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14923
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.domian.com. IN A
;; ANSWER SECTION:
www.domain.com. 266 IN CNAME 95.211.xx.xx.
;; AUTHORITY SECTION:
. 7466 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042301 1800 900 604800 86400
I inputted the A record, I havent a clue where it is reading the CNAME from loll
I thank you for your assistance.
Cheers
Last edited by cbtshare; 04-23-2012 at 07:28 PM.
|
|
|
04-24-2012, 02:47 AM
|
#10
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,215
|
Hi,
Why you say it's solved, as you still get the same results from dig?
BTW did you try to resolve that 95.211.xx.xx ip address?
|
|
|
All times are GMT -5. The time now is 02:24 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|