DNS Problems - Need to get it working.

Spencer Yost syost at triad.rr.com
Sun Jun 20 05:14:01 UTC 2004 

Sorry if this has been discussed, but my problem is a bit vague and
shapeless and searching the archives proved difficult.

I am in the midst of creating a new authoritative nameserver for several
domains.   I got the latest BIND (9.3.0rc1)and had no trouble building and
installing.  Configuring seemed to be a snap (I was running 9.1 on the old
machine so nothing much was different).   I ran DNSWALK to confirm stuff
and everything is AOK.   Doing a nslookup with "set debug" reveals DNS info
on the Internet is correct for my server and domains.

Sound good?   Not quite.

Every computer that tries to use this new name server as a resolver can NOT
resolve any domains.  If I am logged in locally to the server  I can
resolve anything.  No one on the Internet can find any of my
hostname/domains either.  (ie can't find www.yhimc.com).   Turning up/ON
debugging produces nothing in the log files except success messages from
startup and me logged onto the DNS server doing lookups.

As an example, I host yhimc.com.   The new DNS server is
heavyiron.atis.net.  I can do a nslookup/dig on any machine on my network
that uses heavyiron.atis.net as a DNS server and can NOT resolve
www.yhimc.com or any other domain.  Likewise John Doe on his machine and
ISP across the world can not  resolve www.yhimc.com. Logging on to the
server and doing a query DOES resolve it just fine though.

Clues/Hints/Weird Observations:

- DNSWALK likes everything

- Statfiles show no requests(should be getting hundreds but only have a
handful)

- Message everyone gets is SERVFAIL

- If anyone runs nslookup and types server <heavyiron IP  address> and then
does his lookup, he gets a SERVFAIL also.

- My server acts like it doesn't see any request that doesn't originate
from localhost(nothing in log files, stat files, etc).

- Using zone and conf files that are in production in BIND 9.1.   I just
changed IP addresses and few little odds and ends like that.

- The old/current name server is still running and serving up info to any
computer that wants it.

- NS records at the registrar were changed 36 hours ago and because most
users do NOT seem to be getting the old information found at the old server
and are getting errors instead, I assume the DNS/NS information has
propagated.

Thanks in advance for any help you can provide,

Spencer Yost

More information about the bind-users mailing list