LinuxQuestions.org - [SOLVED] SOA for nameserver can't be retrieved, possible port or BIND misconfiguration

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - SOA for nameserver can't be retrieved, possible port or BIND misconfiguration (https://www.linuxquestions.org/questions/linux-server-73/soa-for-nameserver-cant-be-retrieved-possible-port-or-bind-misconfiguration-828264/)

SOA for nameserver can't be retrieved, possible port or BIND misconfiguration

My configuration: CentOS in a VPS environment, I have 2 static IPs at my disposal.

I'm having trouble setting up my nameservers. I've registered the nameservers with my registrar and supplied the GLUE records, however my registrar has not yet applied this information into the DNS zone, because my nameservers fail to generate a response on port 53.

DNS check says the following about my nameserver address:

Checking SOA records for domain. Domain server is not answering to UDP requests on port 53. Possible problems: A firewall is blocking port 53, server is down, server is not running software for handling dns requests.

So the only two possibilities I see is that my port 53 is somehow blocked or not properly set to accept and send the correct traffic or that I've misconfigured BIND.

I've run netstat -anp and found out that named is listening on tcp port 53 on all IPs, and it has udp port 53 on all IPs listed among active connections, though I'm unsure if that also means the port is actually active?

Your name servers appear to be working and can be accessed, but there appears to be something wrong with your zone configuration. I was able to connect to use your servers to do a look up (I realize using someone else's DNS is rude and I only did this to help troubleshoot your problem) for google and yahoo. However, when I attempted to look up your domain I got either unknown or servfail. The server fail is indicative of a problem in your configuration somewhere. Bind syntax can be both obscure and is very sensitive to syntax errors. I don't see anything obviously wrong with your zones, so I would suggest that you use the named-checkconf utility to see if anything gets reported.

Also, restart your DNS server and look at the output of syslog and possibly daemon log. Chances are you will see some message indicating what might be at fault.

See the following output

Code:

> server 77.235.60.14

Default server: 77.235.60.14

Address: 77.235.60.14#53

> google.com

Server:                77.235.60.14

Address:        77.235.60.14#53



Non-authoritative answer:

Name:        google.com

Address: 74.125.77.99

Name:        google.com

Address: 74.125.77.104

Name:        google.com

Address: 74.125.77.147

> server 77.235.60.108

Default server: 77.235.60.108

Address: 77.235.60.108#53

> yahoo.com

Server:                77.235.60.108

Address:        77.235.60.108#53



Non-authoritative answer:

Name:        yahoo.com

Address: 209.191.122.70

Name:        yahoo.com

Address: 67.195.160.76

Name:        yahoo.com

Address: 69.147.125.65

Name:        yahoo.com

Address: 72.30.2.43

Name:        yahoo.com

Address: 98.137.149.56

> drustvo-mmm.si

Server:                77.235.60.108

Address:        77.235.60.108#53



** server can't find drustvo-mmm.si: NXDOMAIN

> ns1.drustvo-mmm.si

Server:                77.235.60.108

Address:        77.235.60.108#53



** server can't find ns1.drustvo-mmm.si: NXDOMAIN

> ns1.drustvo-mmm.si.

Server:                77.235.60.108

Address:        77.235.60.108#53



** server can't find ns1.drustvo-mmm.si: SERVFAIL

>

Haha, oh, you won't believe what I found out! I feel so relieved! And to think I was looking at the wrong place for the whole day! :)

I checked the log after I restarted bind, and found an interesting line:

Code:

Aug 25 02:51:09 drustvo-mmm named[10094]: zone drustvo-mmm.si/IN: loading master file drustvo.zone: permission denied

Then I used ls -la, and guess what I saw? All zones had read permissions set only for root. That's what you get if you work as root.

It's working now. Thanks Noway2! :)