[SOLVED] DNS problem - One or more of your nameservers did not respond

zubinn · 12-02-2010, 12:06 PM

i had to reinstall one of my DNS servers.

seems to be running fine ...

service named is working okay ... and telnet to port 53 gives a response.

however when i test my installation using the website

http://www.intodns.com

i get an error message

ERROR: One or more of your nameservers did not respond:
The ones that did not responded are:
210.193.XXX.XXX

anybody can suggest what i can do to fix it ?

bathory · 12-02-2010, 01:10 PM

Hi,

DNS uses udp by default, so the fact that telnet 210.193.XXX.XXX 53 works, could be that there is a firewall (or your ISP) blocking port 53 udp.

Regards

zubinn · 12-02-2010, 01:59 PM

bathory, how can i check ? because firewall is off on the server, and we are connected to a leased line. my isp does not block anything. if anything it could be internal configuration.

can you suggest a number of tests that i could do so i can trouble shoot and homein on the problem

bathory · 12-02-2010, 02:14 PM

You can post your config and zone files if you want, masking domain names and ip addresses, so we can check if there is some configuration error.
Also you can try:

Code:

dig +trace domain.com

and this to see what you get

zubinn · 12-02-2010, 11:06 PM

dns2 is the one that is reportedly not responding. but the dig gives a response ? maybe i am interpreting wrongly ?

dig for dns1
=================

; <<>> DiG 9.2.3 <<>> @dns1.mydomain.xx mydomain.xx A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64597
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mydomain.xx. IN A

;; ANSWER SECTION:
mydomain.xx. 86400 IN A xxx.xxx.xxx.129

;; AUTHORITY SECTION:
mydomain.xx. 86400 IN NS dns2.mydomain.xx.
mydomain.xx. 86400 IN NS dns1.mydomain.xx.

;; ADDITIONAL SECTION:
dns1.mydomain.xx. 86400 IN A xxx.xxx.xxx.132
dns2.mydomain.xx. 86400 IN A xxx.xxx.xxx.137

;; Query time: 186 msec
;; SERVER: xxx.xxx.xxx.132#53(dns1.mydomain.xx)
;; WHEN: Fri Dec 3 05:01:46 2010
;; MSG SIZE rcvd: 114

dig for dns2
==============
; <<>> DiG 9.2.3 <<>> @dns2.mydomain.xx mydomain.xx A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8265
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.xx. IN A

;; Query time: 186 msec
;; SERVER: xxx.xxx.xxx.137#53(dns2.mydomain.xx)
;; WHEN: Fri Dec 3 04:57:08 2010
;; MSG SIZE rcvd: 28

zubinn · 12-02-2010, 11:08 PM

dig +trace domain.com
=======================

[root@dns1 ~]# dig +trace domain.com

; <<>> DiG 9.3.1 <<>> +trace domain.com
;; global options: printcmd
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
;; Received 228 bytes from 210.193.2.34#53(210.193.2.34) in 73 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 491 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 262 ms

domain.com. 172800 IN NS ns2.domain.com.
domain.com. 172800 IN NS ns1.domain.com.
domain.com. 172800 IN NS ns3.domain.com.
;; Received 130 bytes from 192.5.6.30#53(a.gtld-servers.net) in 267 ms

domain.com. 3600 IN A 66.150.120.145
domain.com. 60 IN NS ns2.dotsterhost.com.
domain.com. 60 IN NS ns3.dotsterhost.com.
domain.com. 60 IN NS ns1.dotsterhost.com.
;; Received 158 bytes from 72.5.54.13#53(ns2.domain.com) in 243 ms

zubinn · 12-02-2010, 11:09 PM

dig on my own domain ...

i see dns2 is not responding correctly 0 value

; <<>> DiG 9.3.1 <<>> +trace mydomain.xx
;; global options: printcmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
;; Received 228 bytes from 210.193.2.34#53(210.193.2.34) in 11 ms

sg. 172800 IN NS ns2.cuhk.edu.hk.
sg. 172800 IN NS sec3.apnic.net.
sg. 172800 IN NS dsany.sgnic.sg.
sg. 172800 IN NS sg-ns.anycast.pch.net.
;; Received 321 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 193 ms

mydomain.xx. 0 IN NS dns2.mydomain.xx.
mydomain.xx. 3600 IN NS dns1.mydomain.xx.
;; Received 98 bytes from 137.189.6.21#53(ns2.cuhk.edu.hk) in 48 ms

;; Received 28 bytes from 192.168.0.71#53(dns2.mydomain.xx) in 1 ms

zubinn · 12-02-2010, 11:14 PM

the named.conf file
=========================

[root@dns2 etc]# cat named.conf

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24; };
recursion yes;
//query-source address * port 53;
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "37.193.210.in-addr.arpa" IN {
type master;
file "xxx.xxx.37";
allow-update { none; };
};

zone "mydomain.xx" IN {
type master;
file "mydomain.xx.zone";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";

include "/etc/rndc.key";

zubinn · 12-02-2010, 11:18 PM

zone file
===========

$TTL 1D
@ IN SOA dns1.mydomain.xx. myname.mydomain.xx. (
200812091 ;
28800 ;
7200 ;
604800 ;
86400 )
NS dns1.digilab.sg.
NS dns2.mydomain.xx.
MX 10 dns1.mydomain.xx.
localhost A 127.0.0.1
www A xxx.xxx.xxx.129
mydomain.xx. A xxx.xxx.xxx.129
dns2 A xxx.xxx.xxx.137
dns1 A xxx.xxx.xxx.132

bathory · 12-03-2010, 12:39 AM

Hi,

Quote:

dig for dns2
==============
; <<>> DiG 9.2.3 <<>> @dns2.mydomain.xx mydomain.xx A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8265
<snip>

You should allow queries from everywhere. On the same time you should allow recursion only for localhost and your LAN computers. So use this in named.conf:

Code:

# allow-query { localhost; 192.168.1.0/24; }; 
allow-recursion { localhost; 192.168.1.0/24; };

Try again dig (only for your domain) and see what you get

zubinn · 12-03-2010, 03:23 AM

amazingly i set

allow-query { all; };

and it is working again. how can i be sure though ?

bathory · 12-03-2010, 03:38 AM

Glad to see it worked.
Since you're running an authoritative name server, you should allow queries from anyone. On the other hand you should limit recursion only to selected hosts/networks, so your name server is not abused by others.

If you think your problem is answered, please mark the thread SOLVED using the "Thread Tools" on top of the page.

Regards