dns is broken

Tim Dunphy bluethundr at gmail.com
Fri Sep 17 00:26:57 UTC 2010 

Hello BIND9!

I've got a bad situation after accidentally selecting the wrong option
in sysinstall. The DNS server that I've been using for quite a while
is quite broken.

Normally I could type in the host name of any machine I had configured
in DNS and it would return the correct network request (in terms of
ssh, ping, host, dig).

Now this is what get:

Code:

[root at LBSD2:/etc/namedb]#host bsd2
Host bsd2 not found: 3(NXDOMAIN)
[root at LBSD2:/etc/namedb]#ping bsd2
ping: cannot resolve bsd2: Unknown host
[root at LBSD2:/etc/namedb]#ssh bsd2
ssh: Could not resolve hostname bsd2: hostname nor servname provided,
or not known

These requests are taking place on the machine that I have setup as
the DNS server.

My resolv.conf is setup to use my LBSD2 DNS server:

Code:

[root at LBSD2:/etc/namedb]#cat /etc/resolv.conf
domain	summitnjhome.com
nameserver      192.168.1.44
#nameserver      4.2.2.2

And even tho I don't seem to have an external DNS server setup at the
moment on this box, network services to external sources seem to work:

Code:

[root at LBSD2:/etc/namedb]#ping yahoo.com
PING yahoo.com (98.137.149.56): 56 data bytes
64 bytes from 98.137.149.56: icmp_seq=0 ttl=56 time=101.503 ms
64 bytes from 98.137.149.56: icmp_seq=1 ttl=56 time=97.850 ms

[root at LBSD2:/etc/namedb]#host yahoo.com
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com mail is handled by 1 g.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 h.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 i.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 j.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 k.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 a.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 b.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 c.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 d.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 e.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 f.mx.mail.yahoo.com.

[root at LBSD2:/etc/namedb]#host summitnjhome.com
summitnjhome.com has address 123.45.67.89
summitnjhome.com mail is handled by 0 smtp.secureserver.net.
summitnjhome.com mail is handled by 10 mailstore1.secureserver.net.

[root at LBSD2:/etc/namedb]#host bsd2.summitnjhome.com
Host bsd2.summitnjhome.com not found: 3(NXDOMAIN)

It looks like I may be using verizon's DNS server tho I am at a loss
to know where this is set:

Code:

[root at LBSD2:/etc/namedb]#dig bsd2 bsd2

; <<>> DiG 9.6.1-P1 <<>> bsd2 bsd2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16338
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bsd2.				IN	A

;; AUTHORITY SECTION:
.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com.
2010091601 1800 900 604800 86400

;; Query time: 25 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Fri Sep 17 00:09:15 2010
;; MSG SIZE  rcvd: 97

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1692
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bsd2.				IN	A

;; AUTHORITY SECTION:
.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com.
2010091601 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Fri Sep 17 00:09:15 2010
;; MSG SIZE  rcvd: 97



DNS _does_ restart correctly:

Code:

[root at LBSD2:/etc/namedb]#/etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 4015.
Starting named.

But notice what happens in the messages log when I do that:

Code:

Sep 17 00:03:24 LBSD2 named[4170]: starting BIND 9.6.1-P1 -t /var/named -u bind
Sep 17 00:03:24 LBSD2 named[4170]: built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--disable-ipv6' '--enable-getifaddrs'
'--disable-linux-caps' '--with-openssl=/usr'
'--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on 127.0.0.1#953
Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on ::1#953
Sep 17 00:03:24 LBSD2 named[4170]: the working directory is not writable
Sep 17 00:03:24 LBSD2 named[4170]: running


So it is complaining about the working directory not being writable.
In my /etc/namedb/named.conf these are the relevant directories:

Code:

options {
        // Relative to the chroot directory, if any
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

And these are the permissions on each:

Code:

[root at LBSD2:/etc/namedb]#ls -l /etc | grep namedb
lrwxr-xr-x  1 root        wheel          21 Sep 17 00:03 namedb ->
/var/named/etc/namedb

Code:

[root at LBSD2:/etc/namedb]#ls -l /var | grep named
drwxr-xr-x   6 root    wheel      512 Sep 16 23:13 named



I've tried to change the permissions on each to bind.wheel. For some
reason this works on /var/named but NOT on /etc/namedb

Code:

[root at LBSD2:/etc/namedb]#chown -R bind:wheel /etc/namedb/
[root at LBSD2:/etc/namedb]#chown -R bind:wheel /var/named
[root at LBSD2:/etc/namedb]#ls -l /etc | grep namedb
lrwxr-xr-x  1 root        wheel          21 Sep 17 00:03 namedb ->
/var/named/etc/namedb
[root at LBSD2:/etc/namedb]#ls -l /var | grep named
drwxr-xr-x   6 bind    wheel      512 Sep 16 23:13 named

Here are some more permissions that may be factoring into this situation:

Code:

[root at LBSD2:/etc/namedb]#ls -l
total 48
drwxr-xr-x  2 bind  wheel    512 Nov 21  2009 dynamic
drwxr-xr-x  2 bind  wheel    512 Sep 16 18:38 master
-rw-r--r--  1 bind  wheel  12088 Sep 16 17:44 named.conf
-rw-r--r--  1 bind  wheel   2969 Nov 21  2009 named.root
-rw-------  1 bind  wheel     97 Aug 21 18:50 rndc.key
drwxr-xr-x  2 bind  wheel    512 Nov 21  2009 slave
[root at LBSD2:/etc/namedb]#cd master/
[root at LBSD2:/etc/namedb/master]#ls -l
total 20
-rw-r--r--  1 bind  wheel   243 Nov 21  2009 empty.db
-rw-r--r--  1 bind  wheel   265 Nov 21  2009 localhost-forward.db
-rw-r--r--  1 bind  wheel   333 Nov 21  2009 localhost-reverse.db
-rw-r--r--  1 bind  wheel  3027 Sep 16 18:37 summitnjhome.com


And lastly it does not appear to be a misconfiguration of the zone
file, because as SOON as I encountered this problem I rm'd the one in
/etc/namedb and copied a known working backup to the same location.

Clearly this situation needs a new set of eyes. I would _greatly_
appreciate your input here. Thank you BIND9!!

More information about the bind-users mailing list