I have everything setup properly

the first name server i.e ns1.domain.com responds properly but the second name server i.e ns2.domain.com doesn't respond properly.

I get the following error and my second dns ns2.domain.com is listed.

One or more of your nameservers did not respond:
The ones that did not respond are:

ns1 and ns2 both have different subnet domain names.

found this thread http://www.linuxquestions.org/questi...espond-847975/ but it didn't help.

I also used allow-query { all; }; in /etc/named.conf but it doesn't solve the problem.

please kindly help.

Hi,

This could happen for a variety or reasons.
Could be a firewall blocking port 53udp/tcp.
The server is not running or it's not listening on its public IP
Run the following commands on ns2 and see what you get
Regards

1 members found this post helpful.

I get the following when entering netstat -tunapl|grep 53

tcp 0 0 second ns2 ip:53 0.0.0.0:* LIST EN 7855/named
tcp 0 0 second ns2 ip:53 0.0.0.0:* LIST EN 7855/named
tcp 0 0 second ns2 ip:53 0.0.0.0:* LIST EN 7855/named
tcp 0 0 first ns2 ip:53 0.0.0.0:* LIST EN 7855/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LIST EN 7855/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LIST EN 1530/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LIST EN 7855/named
tcp 0 0 :::53 :::* LIST EN 7855/named
tcp 0 0 :::21 :::* LIST EN 1538/xinetd
tcp 0 0 :::22 :::* LIST EN 1530/sshd
tcp 0 0 :::106 :::* LIST EN 1538/xinetd
udp 0 0 0.0.0.0:53 0.0.0.0:* 7855/named
udp 0 0 third ip:53 0.0.0.0:* 7855/named
udp 0 0 fourth ip:53 0.0.0.0:* 7855/named
udp 0 0 second ns2 ip:53 0.0.0.0:* 7855/named
udp 0 0 first ns2 ip:53 0.0.0.0:* 7855/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 7855/named
udp 0 0 :::53 :::* 7855/named



; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> mydomain.com @ns2.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.com. IN A

;; ANSWER SECTION:
mydomain.com. 86400 IN A first ns1 ip

;; AUTHORITY SECTION:
mydomain.com. 86400 IN NS ns1.mydomain.com.
mydomain.com. 86400 IN NS ns2.mydomain.com.

;; ADDITIONAL SECTION:
ns1.mydomain.com. 86400 IN A first ns1 ip
ns2.mydomain.com. 86400 IN A second ns2 ip

;; Query time: 14 msec
;; SERVER: second ns2 ip#53(ns2 ip)
;; WHEN: Thu Jul 19 02:19:33 2012
;; MSG SIZE rcvd: 116


Service named restart shows :-

service named status
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 (none)
CPUs found: 16
worker threads: 16
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 7855) is running..

I have configured both the ns1 and ns2 in my own server using two different subnet ips provided to me by the service providers.

The first IP which is used in ns1.mydomain.com always responds and works but for ns2.mydomain.com .. even if I change other ips they do not respond.

I still can't understand what's wrong am a very basic user.

Hi,

Just to be sure: You have one box with 2 IPs. Are these assigned on 2 different nics or there are aliased on the same nic?
The dig output is fine. Your ns2 server answers authoritatively (aa) as it should, so if you cannot contact it from other boxes check for a firewall.

Thank you for your kind reply,

I have a VPS and it has four IP addresses

they are all bind in same interface. i.e
ifcfg-venet0
ifcfg-venet0:0
ifcfg-venet0:1
ifcfg-venet0:2
ifcfg-venet0:3

I can nslookup it from other boxes, it resolved it properly but the only problem is that intodns.com shows the following error for my ns2.mydomain.com showing it's ip.

ERROR: One or more of your nameservers did not respond:
The ones that did not respond are: my ns 2 ip address.

I have no idea about firewall, I had centos 6 installed and plesk 10, unmanaged. I used dns template to create everything. Everything works properly the only thing doesn't work is this second name server ns2.mydomain.com and it's domain.. but it's working.. please give me further clues to fix.

I have an ADSL connection and leased line in office, my isp doesn't block port 53, I disabled the iptable in my vps server but still the problem persists.

Is there any solution ?

I also have the following in /etc/named.conf


options {
query-source address * port 53;
listen-on { any; };
listen-on-v6 { any; };
listen-on port 53 { any; };
allow-recursion { localnets; };
allow-query { any; };
version "none";
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";


Also
please see
netstat -an | grep ":53 "
tcp 0 0 third ip:53 0.0.0.0:* LISTEN
tcp 0 0 fourth ip:53 0.0.0.0:* LISTEN
tcp 0 0 ns2.mydomain.com ip:53 0.0.0.0:* LISTEN
tcp 0 0 ns1.mydomain.com ip:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
udp 0 0 0.0.0.0:53 0.0.0.0:*
udp 0 0 third ip:53 0.0.0.0:*
udp 0 0 fourth up:53 0.0.0.0:*
udp 0 0 ns2.mydomain.com ip:53 0.0.0.0:*
udp 0 0 ns1.mydomain.com ip:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 :::53 :::*

So you have one named instance running listening on all 4 interfaces and you only get an error for the 2nd of them!!
The netstat output shows that named is listening on that interface, you can use it to resolve hosts locally, so looks like a firewall problem. Run:
to verify that there is no rules loaded.
Try also to use ns2 from outside your lan and see if it works

If everything comes out normal double-check the zone file to see if you have assigned the correct IP to ns2, as I cannot think of something else.

Regards

The result are :

iptables -nvL
Chain INPUT (policy ACCEPT 20143 packets, 2129K bytes)
pkts bytes target prot opt in out source destination
25534 2473K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0. 0.0.0/0

Chain OUTPUT (policy ACCEPT 25394 packets, 5965K bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
5391 344K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53

it's a vps with public ips all those 4 ips are publicly accessible, I get same error everywhere but can access them from anywhere.

So port 53udp/tcp is open.
Did you check the output of intoDNS to see if lists the correct ip for ns2?
Did you try to use ns2 from outside your network to resolve your domain and see wht you get?
Also you may comment out the following as it's not necessary in your case

Yes it shows the correct ip for ns2.
yes I used it from outside network and it still resolves my ns2
I will comment it out, I really want to get this solved as it's getting too much frustrating and I don't have any clues.. ams ad.

Sure it doesn't make sense.
If you can contact ns2 from outside and it resolves correctly, then I can't think of a reason why intoDNS cannot contact it.
You may check /var/log/messages, (or whatever logfile bind uses for its logs) and see if you get something. Or you can enable bind logging to log queries and check what happens when intoDNS contacts your server

it doesn't show anything about intodns.com. Thank you very very much for the support.