bind 9.2.1 SERVFAIL driving me nuts
Victor Wren
vwrennospam at ponyhomenospam.com
Tue Dec 16 06:51:00 UTC 2003
I'm running out of ideas. I have a 2.4.20 server running bind 9.2.1.
Actually, I have two servers, one of which is trouble-free, the other
of which is being a pig. They are mutual slaves for each other's
domains.
When I check the name service on other servers, it appears to be
working (though the web checkers, like DNSReport, might be going into
recursion, which gets its answer from server number two, the good one,
and not server number one, the pig).
Starting the server shows no errors in the syslog. Doing very simple
things like "dig @127.0.0.1 ." results in
; <<>> DiG 9.2.1 <<>> @127.0.0.1 .
;; global options: printcmd
;; connection timed out; no servers could be reached
I have been thinking that the firewall configuration could be the
problem, but even when I flush all the rules and set all the chains to
policy "ACCEPT" it still acts the same. In my firewall rules, I allow
anybody to connect to port 53 by TCP or UDP.
"netstat -an" shows the server listening on all my interfaces
udp 0 0 67.112.125.92:53 0.0.0.0:*
udp 0 0 67.112.125.91:53 0.0.0.0:*
udp 0 0 67.112.125.90:53 0.0.0.0:*
udp 0 0 172.16.24.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
I can't find any problems in my named.conf. Here's an edited section
of it:
=========================================
options {
directory "/var/named/";
auth-nxdomain yes ;
allow-query { 67.112.125.88/29; localhost; };
allow-transfer {67.116.23.64/28; localhost;};
allow-recursion { 127.0.0.1; 67.112.125.88/29; 67.116.23.64/28;
172.16.24/24;};
pid-file "/var/run/named/named.pid";
listen-on-v6 { none; };
query-source address * port 53;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "zone/db.127.0.0";
allow-query {any;};
};
zone "125.112.67.in-addr.arpa" {
type master;
notify yes;
file "zone/db.67.112.125.88:29";
allow-query {any;};
};
zone "ponyhome.com" {
type master;
file "zone/db.ponyhome";
notify yes;
allow-query {any;};
};
=====================================================
Here is zone file "db.67.112.125.88:29"
============================
$TTL 3D
@ IN SOA trip.ponyhome.com. root.trip.ponyhome.com. (
2003121401 ; Serial
8H ; Refresh
4H ; Retry
7D ; Expire
3D ) ; Minimum
NS trip.ponyhome.com.
NS helios.timension.com.
89 PTR gateway.ponyhome.com.
90 PTR trip.ponyhome.com.
==================================
And here is the forward zone, "db.ponyhome":
==================================
$ORIGIN ponyhome.com.
$TTL 86400
@ IN SOA trip.ponyhome.com. root.trip.ponyhome.com. (
2003121402 ; Serial
2H ; Refresh
1H ; Retry
7D ; Expire
1D ) ; Minimum TTL
NS trip.ponyhome.com.
NS helios.timension.com.
MX 10 trip.ponyhome.com.
MX 20 helios.timension.com.
@ IN A 67.112.125.90
trip IN A 67.112.125.90
gateway IN A 67.112.125.89
==================================
It IS responding nicely to all the domains that I have authority for.
For example:
dig @67.112.125.90 wren.ponyhome.com
; <<>> DiG 9.2.1 <<>> @67.112.125.90 wren.ponyhome.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33704
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL:
1
;; QUESTION SECTION:
;wren.ponyhome.com. IN A
;; ANSWER SECTION:
wren.ponyhome.com. 86400 IN CNAME trip.ponyhome.com.
trip.ponyhome.com. 86400 IN A 67.112.125.90
;; AUTHORITY SECTION:
ponyhome.com. 86400 IN NS helios.timension.com.
ponyhome.com. 86400 IN NS trip.ponyhome.com.
;; ADDITIONAL SECTION:
helios.timension.com. 86400 IN A 67.116.23.65
;; Query time: 2 msec
;; SERVER: 67.112.125.90#53(67.112.125.90)
;; WHEN: Mon Dec 15 22:28:29 2003
;; MSG SIZE rcvd: 131
============================
But if I try to look up anything not under my authority:
dig @67.112.125.90 microsoft.com
; <<>> DiG 9.2.1 <<>> @67.112.125.90 microsoft.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16238
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;microsoft.com. IN A
;; Query time: 2 msec
;; SERVER: 67.112.125.90#53(67.112.125.90)
;; WHEN: Mon Dec 15 22:30:49 2003
;; MSG SIZE rcvd: 31
==================
Any suggestions, yelling or pointing out of stupid mistakes would be
gladly accepted. I just can't see what I'm doing wrong, here.
Victor Wren vwren ampersand ponyhome period com
More information about the bind-users
mailing list