My named server is resolving the links to the wrong ip adress.

named.conf

acl listaint { 127.0.0.1; 192.168.1.0/24; 192.234.56.0/24; 192.234.57.0/24; 10.11.0.0/24; 10.10.0.0/24; };
acl listaext { 189.4.65.54; 200.166.40.200; };


options {
directory "/var/named";


allow-transfer { 201.17.2.196; 192.234.56.236; 200.19.203.1; 200.19.203.2; 200.19.203.104; };
# So faz consultas recursivas para os seguintes clientes
allow-recursion { listaint; listaext; };
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/rndc.key";





view "int.ext" {
match-clients { listaint; listaext; any; };
include "/etc/named.conf.int.ext";

};


# view "others" {
# match-clients { any; };
# include "/etc/named.conf.int.ext";
# };


named.conf.int.ext

#recursion yes;



zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};


zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};


zone "." IN {
type hint;
file "named.ca";
};



zone "vpn.jucesc.sc.gov.br" IN {
type slave;
file "slaves/vpn.jucesc.sc.gov.br";
masters { 200.19.203.104; };
};




# zone "pscs.com.br" IN {
# type slave;
# file "slaves/pscs.com.br.zone";
# masters { 189.4.65.54; };
# };

# zone "sc.vpn" IN {
# type slave;
# file "slaves/sc.vpn";
# masters { 189.4.65.54; };
# };


zone "pscs.com.br" IN {
type master;
file "int.ext/pscs.com.br.zone";
notify yes;
allow-update { none; };
};

zone "sc.vpn" IN {
type master;
file "vpn/sc.vpn";
notify yes;
allow-update { none; };
};

zone "pscs.rj" IN {
type master;
file "int.ext/pscs.rj.zone";
notify yes;
allow-update { 10.11.0.110; };
};


#################################################################################################### #####################
# REVERSE #
#################################################################################################### #####################
# firewallrj
zone "40.166.200.in-addr.arpa" IN {
type master;
file "int.ext/65.4.189.in-addr.arpa";
notify yes;
allow-update { none; };
};
# Monitor
zone "242.255.200.in-addr.arpa" IN {
type master;
file "int.ext/242.255.200.in-addr.arpa";
notify yes;
allow-update { none; };
};


zone "245.219.200.in-addr.arpa" IN {
type master;
file "int.ext/245.219.200.in-addr.arpa";
notify yes;
allow-update { none; };
};


zone "210.219.200.in-addr.arpa" IN {
type master;
file "int.ext/210.219.200.in-addr.arpa";
notify yes;
allow-update { none; };
};

Could you please be a little more precise ? ... ie. run the commands that demonstrate the problem

ping host.domain.tld
dig host.domain.tld A
grep host domain_zone_file
grep host reverse_zone_file

thanks

ping host.domain.tld
ping: unknown host host.domain.tld





[root@firewall-rj ~]# dig host.domain.tld A

; <<>> DiG 9.3.4-P1 <<>> host.domain.tld A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38035
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;host.domain.tld. IN A

;; AUTHORITY SECTION:
. 8063 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009112401 1800 900 604800 86400

;; Query time: 21 msec
;; SERVER: 192.234.57.1#53(192.234.57.1)
;; WHEN: Wed Nov 25 13:04:30 2009
;; MSG SIZE rcvd: 108


grep host /var/namedes/named/localhost.zone
$ORIGIN localhost.


grep host /var/named/chroot/var/named/int.ext/pscs.com.br.zone
; Define hosts names

obs: it works fine for most of webpages

It looks like firewall-rj is not configured to use your name server, please take a look at /etc/resolv.conf

Generally you would configure your name server with forwarders so that it can resolve names outside your organisation then ensure all your internal hosts use your name server

named.conf
I add forwarders

options {
directory "/var/named";
forwarders { 200.255.255.65; 200.255.255.70; 192.168.0.2; 200.184.26.3; 200.184.26.4; 200.185.6.131; 200.185.6.163; };


resolv.conf I changed to this

; generated by /sbin/dhclient-script
search local.lan
domain pscs.com.br
nameserver 127.0.0.1
nameserver 192.234.57.1
nameserver 192.168.1.3


But still same...most the webpages are browsing properly but some pages never open.

Can you please confirm that named is listening on all addresses -

Command -
look for something like
and
Once confirmed please retry the dig command like so -

is not listening..
Im trying to make this listen for named now..thanks after that i will replay the result

dig @localhost host.domain.tld A

; <<>> DiG 9.3.4-P1 <<>> @localhost host.domain.tld A
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50420
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;host.domain.tld. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009113000 1800 900 604800 86400

;; Query time: 558 msec
;; SERVER: 189.4.65.54#53(189.4.65.54)
;; WHEN: Mon Nov 30 16:35:06 2009
;; MSG SIZE rcvd: 108

Looks like there is no answer from your name server for that query, could you try querying for 'www.google.com' ?

dig @localhost www.google.com

; <<>> DiG 9.3.4-P1 <<>> @localhost www.google.com
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1837
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 8955 IN CNAME www.l.google.com.
www.l.google.com. 60 IN A 66.249.81.104

;; AUTHORITY SECTION:
google.com. 81820 IN NS ns1.google.com.
google.com. 81820 IN NS ns2.google.com.
google.com. 81820 IN NS ns3.google.com.
google.com. 81820 IN NS ns4.google.com.

;; Query time: 441 msec
;; SERVER: 189.4.65.54#53(189.4.65.54)
;; WHEN: Tue Dec 1 09:37:23 2009
;; MSG SIZE rcvd: 140

And 'dig @my.ip.ad.ress www.google.com A' ?

OBS: I have load balance running with 2 providers...at my shorewall...
I dsabled the load balance and looks fine, but I need it running, why the named is messing resolving the names when balance is enabled??
looks like the named is resolving to providers 1 the route, but when shorewall try provider 2, named still resolving the route from providers 1.But most pages work fine. I dont know if is really that....


dig @172.16.184.249 www.google.com A

; <<>> DiG 9.3.4-P1 <<>> @172.16.184.249 www.google.com A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40314
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 545139 IN CNAME www.l.google.com.

;; AUTHORITY SECTION:
google.com. 113135 IN NS ns2.google.com.
google.com. 113135 IN NS ns3.google.com.
google.com. 113135 IN NS ns4.google.com.
google.com. 113135 IN NS ns1.google.com.

;; Query time: 0 msec
;; SERVER: 172.16.184.249#53(172.16.184.249)
;; WHEN: Wed Dec 2 09:47:13 2009
;; MSG SIZE rcvd: 124


dig @192.168.1.3 www.google.com A

; <<>> DiG 9.3.4-P1 <<>> @192.168.1.3 www.google.com A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61958
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 545092 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 64.233.163.99
www.l.google.com. 300 IN A 64.233.163.103
www.l.google.com. 300 IN A 64.233.163.104
www.l.google.com. 300 IN A 64.233.163.147

;; AUTHORITY SECTION:
google.com. 113088 IN NS ns2.google.com.
google.com. 113088 IN NS ns3.google.com.
google.com. 113088 IN NS ns4.google.com.
google.com. 113088 IN NS ns1.google.com.

;; Query time: 371 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Wed Dec 2 09:48:00 2009
;; MSG SIZE rcvd: 188

dig @192.168.1.3 www.globo.com A

; <<>> DiG 9.3.4-P1 <<>> @192.168.1.3 www.globo.com A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62961
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;www.globo.com. IN A

;; ANSWER SECTION:
www.globo.com. 7265 IN A 201.7.178.45

;; AUTHORITY SECTION:
globo.com. 7265 IN NS ns03.globo.com.
globo.com. 7265 IN NS ns01.globo.com.
globo.com. 7265 IN NS ns02.globo.com.

;; Query time: 1 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Wed Dec 2 09:56:54 2009
;; MSG SIZE rcvd: 104

[root@firewall-rj ~]# dig @172.16.184.249 www.globo.com A

; <<>> DiG 9.3.4-P1 <<>> @172.16.184.249 www.globo.com A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3358
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;www.globo.com. IN A

;; ANSWER SECTION:
www.globo.com. 7245 IN A 201.7.178.45

;; AUTHORITY SECTION:
globo.com. 7245 IN NS ns02.globo.com.
globo.com. 7245 IN NS ns03.globo.com.
globo.com. 7245 IN NS ns01.globo.com.

;; Query time: 1 msec
;; SERVER: 172.16.184.249#53(172.16.184.249)
;; WHEN: Wed Dec 2 09:57:14 2009
;; MSG SIZE rcvd: 104

Named does not resolve the route, only the destination ip address. Can you confirm that both provider connections are functioning ? ... also how are you load balancing across the links? round-robin ? ... etc