Not able to lookup only to one domain

Ashish Pati · 09-10-2009, 02:04 AM

hi,

I hv a BIND server, in that i hv added some ips for

allow-query{ip1,ip2,ip3,ip4....,localhost};
allow-recursion(ip1,ip2,ip3,ip4.......,localhost};

the above configuration is within the option{ };

NOW THE PROBLEM IS

i am able to lookup to every outside domain(yahoo,google, etc).
but SERVER FAILED message is coming for only one domain.

i hv created a new BIND server with defaults setting and the domain is resolving from this new BIND server.

is there any issue in allow-recursion ?

Please help me.

bathory · 09-10-2009, 02:17 AM

It's not a recursion problem. Could be a allow-query problem, if you query your dns from a box not listed there, which I doubt.
What is the output of:

Code:

dig domain.com
dig +trace domain.com

Ashish Pati · 09-10-2009, 11:46 PM

Quote:

Originally Posted by bathory

It's not a recursion problem. Could be a allow-query problem, if you query your dns from a box not listed there, which I doubt.
What is the output of:

Code:

dig domain.com
dig +trace domain.com

Thanks for your reply

===================================================================================================
[root@fresh named]# dig lekha.com

; <<>> DiG 9.5.2b1 <<>> lekha.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25069
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lekha.com. IN A

;; Query time: 738 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 11 10:33:08 2009
;; MSG SIZE rcvd: 27

[root@fresh named]# dig +trace lekha.com

; <<>> DiG 9.5.2b1 <<>> +trace lekha.com
;; global options: printcmd
. 515397 IN NS k.root-servers.net.
. 515397 IN NS l.root-servers.net.
. 515397 IN NS m.root-servers.net.
. 515397 IN NS a.root-servers.net.
. 515397 IN NS b.root-servers.net.
. 515397 IN NS c.root-servers.net.
. 515397 IN NS d.root-servers.net.
. 515397 IN NS e.root-servers.net.
. 515397 IN NS f.root-servers.net.
. 515397 IN NS g.root-servers.net.
. 515397 IN NS h.root-servers.net.
. 515397 IN NS i.root-servers.net.
. 515397 IN NS j.root-servers.net.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 3 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 490 bytes from 199.7.83.42#53(l.root-servers.net) in 232 ms

lekha.com. 172800 IN NS ns.siteprotect.com.
lekha.com. 172800 IN NS ns2.siteprotect.com.
;; Received 106 bytes from 192.42.93.30#53(g.gtld-servers.net) in 1042 ms

;; Received 27 bytes from 64.26.38.2#53(ns2.siteprotect.com) in 232 ms

==============================================================================

now i removed everything form allow-query{} and allow-recursion{},
then also the same problem is happening
i am posting my conf file Please look into this should i edit anything in it.

===============================================================================
options {
listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;

allow-query { localhost; };

};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
==================================================================================================

bathory · 09-11-2009, 12:40 AM

Hi,

It's not your fault, unless you're responsible for that domain. In fact I get the same error using my name server. Also I get this in logs:

Quote:

unexpected RCODE (REFUSED) resolving 'lekha.com/A/IN': 64.26.0.23#53

The strange thing is that it resolves using opendns servers:

Quote:

dig lekha.com @208.67.222.222

; <<>> DiG 9.6.1-P1 <<>> lekha.com @208.67.222.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31241
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lekha.com. IN A

;; ANSWER SECTION:
lekha.com. 0 IN A 67.215.66.132

;; Query time: 2220 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Fri Sep 11 08:36:49 2009
;; MSG SIZE rcvd: 43

And it can't be resolved using the authoritative dns servers!!!

Quote:

dig lekha.com @ns.siteprotect.com

; <<>> DiG 9.6.1-P1 <<>> lekha.com @ns.siteprotect.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 44865
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;lekha.com. IN A

;; Query time: 178 msec
;; SERVER: 64.26.0.23#53(64.26.0.23)
;; WHEN: Fri Sep 11 08:38:50 2009
;; MSG SIZE rcvd: 27

Ashish Pati · 09-16-2009, 04:56 AM

Quote:

Originally Posted by bathory

Hi,

It's not your fault, unless you're responsible for that domain. In fact I get the same error using my name server. Also I get this in logs:

The strange thing is that it resolves using opendns servers:

And it can't be resolved using the authoritative dns servers!!!

yes, you are right it is strange. bcoz it is resolving from my Windows server.
if there is any solution then kindly let me know. thanks for your reply