*SOLVED* BIND server test not answering authoritatively
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
*SOLVED* BIND server test not answering authoritatively
I have a BIND server that I'm setting up with different views. There is another server out on the public Internet that currently handles all inquiries for this domain. I had installed the Yum packages, chroot, etc. and edited the config files by hand. When that didn't work, I erased the server and started over using Webmin to build everything for me. Same result. I want to setup and verify everything is working on this new server before I take it into production.
This is in /var/log/messages
Quote:
Jun 13 21:33:20 dns1 named[13838]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named
Jun 13 21:33:20 dns1 named[13838]: adjusted limit on open files from 1024 to 1048576
Jun 13 21:33:20 dns1 named[13838]: found 1 CPU, using 1 worker thread
Jun 13 21:33:20 dns1 named[13838]: using up to 4096 sockets
Jun 13 21:33:20 dns1 named[13838]: loading configuration from '/etc/named.conf'
Jun 13 21:33:20 dns1 named[13838]: using default UDP/IPv4 port range: [1024, 65535]
Jun 13 21:33:20 dns1 named[13838]: using default UDP/IPv6 port range: [1024, 65535]
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 13 21:33:20 dns1 named[13838]: command channel listening on 127.0.0.1#953
Jun 13 21:33:20 dns1 named[13838]: command channel listening on ::1#953
Jun 13 21:33:20 dns1 named[13838]: the working directory is not writable
Jun 13 21:33:20 dns1 named[13838]: running
Jun 13 21:46:46 dns1 named[13838]: network unreachable resolving 'ldap1.ics-il.net/A/IN': 2001:503:231d::2:30#53
Jun 14 19:48:35 dns1 named[13838]: query logging is now on
Jun 14 19:48:49 dns1 named[13838]: client 10.1.5.5#33422: query: ldap1.ics-il.net IN A +
Jun 14 19:49:28 dns1 last message repeated 2 times
Jun 14 20:05:38 dns1 named[13838]: client 10.1.5.5#33422: query: google.com IN A +
Jun 14 11:05:38 dns1 named[13838]: network unreachable resolving 'google.com/A/IN': 2001:503:ba3e::2:30#53
Jun 14 11:05:38 dns1 named[13838]: network unreachable resolving 'google.com/A/IN': 2001:503:231d::2:30#53
Jun 13 21:33:20 dns1 named[13838]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named
Jun 13 21:33:20 dns1 named[13838]: adjusted limit on open files from 1024 to 1048576
Jun 13 21:33:20 dns1 named[13838]: found 1 CPU, using 1 worker thread
Jun 13 21:33:20 dns1 named[13838]: using up to 4096 sockets
Jun 13 21:33:20 dns1 named[13838]: loading configuration from '/etc/named.conf'
Jun 13 21:33:20 dns1 named[13838]: using default UDP/IPv4 port range: [1024, 65535]
Jun 13 21:33:20 dns1 named[13838]: using default UDP/IPv6 port range: [1024, 65535]
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 13 21:33:20 dns1 named[13838]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 13 21:33:20 dns1 named[13838]: command channel listening on 127.0.0.1#953
Jun 13 21:33:20 dns1 named[13838]: command channel listening on ::1#953
Jun 13 21:33:20 dns1 named[13838]: the working directory is not writable
Jun 13 21:33:20 dns1 named[13838]: running
Jun 13 21:46:46 dns1 named[13838]: network unreachable resolving 'ldap1.ics-il.net/A/IN': 2001:503:231d::2:30#53
Jun 14 19:48:35 dns1 named[13838]: query logging is now on
Jun 14 19:48:49 dns1 named[13838]: client 10.1.5.5#33422: query: ldap1.ics-il.net IN A +
Jun 14 19:49:28 dns1 last message repeated 2 times
Jun 14 20:05:38 dns1 named[13838]: client 10.1.5.5#33422: query: google.com IN A +
Jun 14 11:05:38 dns1 named[13838]: network unreachable resolving 'google.com/A/IN': 2001:503:ba3e::2:30#53
Jun 14 11:05:38 dns1 named[13838]: network unreachable resolving 'google.com/A/IN': 2001:503:231d::2:30#53
Jun 14 12:06:01 dns1 named[13838]: client 10.1.5.5#33422: query: ldap1.ics-il.net IN A +
Jun 14 15:45:26 dns1 named[13838]: loading configuration from '/etc/named.conf'
Jun 14 15:45:26 dns1 named[13838]: /etc/named.conf:5: option 'fetch-glue' is obsolete
Jun 14 15:45:26 dns1 named[13838]: using default UDP/IPv4 port range: [1024, 65535]
Jun 14 15:45:26 dns1 named[13838]: using default UDP/IPv6 port range: [1024, 65535]
Jun 14 15:45:26 dns1 named[13838]: the working directory is not writable
Jun 14 15:45:26 dns1 named[13838]: zone ics-il.net/IN/internal: loaded serial 1276451157
Jun 14 15:45:34 dns1 named[13838]: shutting down: flushing changes
Jun 14 15:45:34 dns1 named[13838]: stopping command channel on 127.0.0.1#953
Jun 14 15:45:34 dns1 named[13838]: stopping command channel on ::1#953
Jun 14 15:45:34 dns1 named[13838]: no longer listening on 127.0.0.1#53
Jun 14 15:45:34 dns1 named[13838]: no longer listening on 10.1.5.101#53
Jun 14 15:45:34 dns1 named[13838]: no longer listening on 65.182.165.33#53
Jun 14 15:45:34 dns1 named[13838]: exiting
Jun 14 15:45:36 dns1 named[23600]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named
Jun 14 15:45:36 dns1 named[23600]: adjusted limit on open files from 1024 to 1048576
Jun 14 15:45:36 dns1 named[23600]: found 1 CPU, using 1 worker thread
Jun 14 15:45:36 dns1 named[23600]: using up to 4096 sockets
Jun 14 15:45:36 dns1 named[23600]: loading configuration from '/etc/named.conf'
Jun 14 15:45:36 dns1 named[23600]: /etc/named.conf:5: option 'fetch-glue' is obsolete
Jun 14 15:45:36 dns1 named[23600]: using default UDP/IPv4 port range: [1024, 65535]
Jun 14 15:45:36 dns1 named[23600]: using default UDP/IPv6 port range: [1024, 65535]
Jun 14 15:45:36 dns1 named[23600]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 14 15:45:36 dns1 named[23600]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 14 15:45:36 dns1 named[23600]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 14 15:45:36 dns1 named[23600]: command channel listening on 127.0.0.1#953
Jun 14 15:45:36 dns1 named[23600]: command channel listening on ::1#953
Jun 14 15:45:36 dns1 named[23600]: the working directory is not writable
Jun 14 15:45:36 dns1 named[23600]: zone ics-il.net/IN/internal: loaded serial 1276451157
Jun 14 15:45:36 dns1 named[23600]: running
view "internal" {
match-clients {
10.0.0.0/8;
};
zone "ics-il.net" {
type master;
file "/var/named/ics-il.net.internal.hosts";
};
};
[root@dns1 named]# cat /var/named/ics-il.net.internal.hosts
$ttl 38400
ics-il.net. IN SOA dns1.ics-il.net. admin.ics-il.net. (
1276451157
10800
3600
604800
38400 )
ics-il.net. IN NS dns1.ics-il.net.
ldap1.ics-il.net. IN A 10.1.5.151
dns1.ics-il.net. IN A 10.1.5.101
Anything else you see before I start populating more hosts?
It appears to not be chrooted. I suppose that would be the next step.
Quote:
Jun 15 00:52:36 dns1 yum: Installed: 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386
Jun 15 00:52:36 dns1 yum: Installed: 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386
Jun 14 15:52:54 dns1 named[23840]: shutting down: flushing changes
Jun 14 15:52:54 dns1 named[23840]: stopping command channel on 127.0.0.1#953
Jun 14 15:52:54 dns1 named[23840]: stopping command channel on ::1#953
Jun 14 15:52:54 dns1 named[23840]: no longer listening on 127.0.0.1#53
Jun 14 15:52:54 dns1 named[23840]: no longer listening on 10.1.5.101#53
Jun 14 15:52:54 dns1 named[23840]: no longer listening on 65.182.165.33#53
Jun 14 15:52:54 dns1 named[23840]: exiting
Jun 14 15:52:56 dns1 named[23943]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Jun 14 15:52:56 dns1 named[23943]: adjusted limit on open files from 1024 to 1048576
Jun 14 15:52:56 dns1 named[23943]: found 1 CPU, using 1 worker thread
Jun 14 15:52:56 dns1 named[23943]: using up to 4096 sockets
Jun 14 15:52:56 dns1 named[23943]: loading configuration from '/etc/named.conf'
Jun 14 15:52:56 dns1 named[23943]: /etc/named.conf:5: option 'fetch-glue' is obsolete
Jun 14 15:52:56 dns1 named[23943]: using default UDP/IPv4 port range: [1024, 65535]
Jun 14 15:52:56 dns1 named[23943]: using default UDP/IPv6 port range: [1024, 65535]
Jun 14 15:52:56 dns1 named[23943]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 14 15:52:56 dns1 named[23943]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 14 15:52:56 dns1 named[23943]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 14 15:52:56 dns1 named[23943]: command channel listening on 127.0.0.1#953
Jun 14 15:52:56 dns1 named[23943]: command channel listening on ::1#953
Jun 14 15:52:56 dns1 named[23943]: the working directory is not writable
Jun 14 15:52:56 dns1 named[23943]: zone ics-il.net/IN/internal: loaded serial 1276451157
Jun 14 15:52:56 dns1 named[23943]: running
I turned off the glue-fetching in Webmin. I was going drastic trying to figure out why it was pulling public records.
Quote:
[root@dns1 named]# ls -al /var/named/chroot/var/run/named/
total 12
drwxrwx--- 2 named named 4096 Jun 14 15:52 .
drwxr-x--- 4 root named 4096 Jun 14 15:52 ..
-rw-r--r-- 1 named named 6 Jun 14 15:52 named.pid
Quote:
Jun 14 16:42:51 dns1 named[25706]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Jun 14 16:42:51 dns1 named[25706]: adjusted limit on open files from 1024 to 1048576
Jun 14 16:42:51 dns1 named[25706]: found 1 CPU, using 1 worker thread
Jun 14 16:42:51 dns1 named[25706]: using up to 4096 sockets
Jun 14 16:42:51 dns1 named[25706]: loading configuration from '/etc/named.conf'
Jun 14 16:42:51 dns1 named[25706]: using default UDP/IPv4 port range: [1024, 65535]
Jun 14 16:42:51 dns1 named[25706]: using default UDP/IPv6 port range: [1024, 65535]
Jun 14 16:42:51 dns1 named[25706]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 14 16:42:51 dns1 named[25706]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 14 16:42:51 dns1 named[25706]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 14 16:42:51 dns1 named[25706]: command channel listening on 127.0.0.1#953
Jun 14 16:42:51 dns1 named[25706]: command channel listening on ::1#953
Jun 14 16:42:51 dns1 named[25706]: the working directory is not writable
Jun 14 16:42:51 dns1 named[25706]: zone ics-il.net/IN/internal: loaded serial 1276451166
Jun 14 16:42:51 dns1 named[25706]: running
[root@dns1 etc]# ls -al
total 20
drwxr-x--- 2 named named 4096 Jun 14 16:40 .
drwxr-x--- 6 root named 4096 Jun 14 15:52 ..
-rw-r--r-- 1 named named 3543 May 13 19:07 localtime
-rw-r--r-- 1 named named 233 Jun 14 16:40 named.conf
-rw-r----- 1 named named 113 Jan 8 2009 rndc.key
[root@dns1 etc]# pwd
/var/named/chroot/etc
I had ignored that error because previously when researching, I found a lot of people saying to.
Quote:
Jun 15 06:44:24 dns1 named[9648]: starting BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 -u named -t /var/named/chroot
Jun 15 06:44:24 dns1 named[9648]: adjusted limit on open files from 1024 to 1048576
Jun 15 06:44:24 dns1 named[9648]: found 1 CPU, using 1 worker thread
Jun 15 06:44:24 dns1 named[9648]: using up to 4096 sockets
Jun 15 06:44:24 dns1 named[9648]: loading configuration from '/etc/named.conf'
Jun 15 06:44:24 dns1 named[9648]: using default UDP/IPv4 port range: [1024, 65535]
Jun 15 06:44:24 dns1 named[9648]: using default UDP/IPv6 port range: [1024, 65535]
Jun 15 06:44:24 dns1 named[9648]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 15 06:44:24 dns1 named[9648]: listening on IPv4 interface eth0, 10.1.5.101#53
Jun 15 06:44:24 dns1 named[9648]: listening on IPv4 interface eth1, 65.182.165.33#53
Jun 15 06:44:24 dns1 named[9648]: command channel listening on 127.0.0.1#953
Jun 15 06:44:24 dns1 named[9648]: command channel listening on ::1#953
Jun 15 06:44:24 dns1 named[9648]: zone ics-il.net/IN/internal: loaded serial 1276451166
Jun 15 06:44:24 dns1 named[9648]: running
Cool!!
If you're not using IPv6 you can start named with "-4" option so it uses only IPv4 addresses
Anyway, if you're done you can mark the thread solved
Idea why all items return something in dig, but the MXes aren't to be found? I restarted BIND and no go.
Quote:
$ttl 38400
ics-il.net. IN SOA dns1.ics-il.net. admin.ics-il.net. (
1276451168
10800
3600
604800
38400 )
ics-il.net. IN NS dns1.ics-il.net.
ldap1.ics-il.net. IN A 10.1.5.151
dns1.ics-il.net. IN A 10.1.5.101
ldap2.ics-il.net. IN A 10.1.5.152
mailbox1.ics-il.net. IN A 10.1.5.153
mailbox2.ics-il.net. IN A 10.1.5.154
mta1.ics-il.net. IN A 10.1.5.155
mta2.ics-il.net. IN A 10.1.5.156
proxy.ics-il.net. IN A 10.1.5.157
imap.ics-il.net. IN A 10.1.5.157
smtp.ics-il.net. IN A 10.1.5.157
pop3.ics-il.net. IN A 10.1.5.157
mta1.ics-il.net. IN MX 10 10.1.5.155
mta2.ics-il.net. IN MX 10 10.1.5.156
The MX records define the mailserver for a domain (ics-il.net) not for a host (unless mtaX.ics-il.net are subdomains):
Quote:
mta1.ics-il.net. IN MX 10 10.1.5.155
mta2.ics-il.net. IN MX 10 10.1.5.156
But more important is that you have to use a FQDN and not a IP address in the above 2 lines. Note that you have to use A RRs and not CNAMEs when you specify the IP of the mail exchanger.
Also it's common practice to put MX records together with the NS RRs, before any A or CNAME RRs.
That been said, change the zone file to:
Code:
$ttl 38400
ics-il.net. IN SOA dns1.ics-il.net. admin.ics-il.net. (
1276451168
10800
3600
604800
38400 )
ics-il.net. IN NS dns1.ics-il.net.
ics-il.net. IN MX 10 mta1.ics-il.net.
ics-il.net. IN MX 10 mta2.ics-il.net.
ldap1.ics-il.net. IN A 10.1.5.151
dns1.ics-il.net. IN A 10.1.5.101
ldap2.ics-il.net. IN A 10.1.5.152
mailbox1.ics-il.net. IN A 10.1.5.153
mailbox2.ics-il.net. IN A 10.1.5.154
mta1.ics-il.net. IN A 10.1.5.155
mta2.ics-il.net. IN A 10.1.5.156
proxy.ics-il.net. IN A 10.1.5.157
imap.ics-il.net. IN A 10.1.5.157
smtp.ics-il.net. IN A 10.1.5.157
pop3.ics-il.net. IN A 10.1.5.157
Good deal, thanks a bunch. I hadn't put the FQDN in for the MX record because I was told to avoid CNAMEs at all cost, since an A record resolves so much faster. Apparently it doesn't matter how fast it is if it doesn't work.
At some point I'll have another nameserver as well. Well, and the external view as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
