dns is broken

Mark Andrews marka at isc.org
Fri Sep 17 01:28:24 UTC 2010 

In message <AANLkTi=Lu1MqTtBq=1nnpurab5Zf7PdrYygY1Mxb96u3 at mail.gmail.com>, Tim 
Dunphy writes:
> Hello BIND9!
> 
> I've got a bad situation after accidentally selecting the wrong option
> in sysinstall. The DNS server that I've been using for quite a while
> is quite broken.
> 
> Normally I could type in the host name of any machine I had configured
> in DNS and it would return the correct network request (in terms of
> ssh, ping, host, dig).
> 
> Now this is what get:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#host bsd2
> Host bsd2 not found: 3(NXDOMAIN)
> [root at LBSD2:/etc/namedb]#ping bsd2
> ping: cannot resolve bsd2: Unknown host
> [root at LBSD2:/etc/namedb]#ssh bsd2
> ssh: Could not resolve hostname bsd2: hostname nor servname provided,
> or not known
> 
> These requests are taking place on the machine that I have setup as
> the DNS server.
> 
> My resolv.conf is setup to use my LBSD2 DNS server:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#cat /etc/resolv.conf
> domain	summitnjhome.com
> nameserver      192.168.1.44
> #nameserver      4.2.2.2
> 
> And even tho I don't seem to have an external DNS server setup at the
> moment on this box, network services to external sources seem to work:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#ping yahoo.com
> PING yahoo.com (98.137.149.56): 56 data bytes
> 64 bytes from 98.137.149.56: icmp_seq=0 ttl=56 time=101.503 ms
> 64 bytes from 98.137.149.56: icmp_seq=1 ttl=56 time=97.850 ms
> 
> [root at LBSD2:/etc/namedb]#host yahoo.com
> yahoo.com has address 72.30.2.43
> yahoo.com has address 98.137.149.56
> yahoo.com has address 209.191.122.70
> yahoo.com has address 67.195.160.76
> yahoo.com has address 69.147.125.65
> yahoo.com mail is handled by 1 g.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 h.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 i.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 j.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 k.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 a.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 b.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 c.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 d.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 e.mx.mail.yahoo.com.
> yahoo.com mail is handled by 1 f.mx.mail.yahoo.com.
> 
> [root at LBSD2:/etc/namedb]#host summitnjhome.com
> summitnjhome.com has address 123.45.67.89
> summitnjhome.com mail is handled by 0 smtp.secureserver.net.
> summitnjhome.com mail is handled by 10 mailstore1.secureserver.net.
> 
> [root at LBSD2:/etc/namedb]#host bsd2.summitnjhome.com
> Host bsd2.summitnjhome.com not found: 3(NXDOMAIN)

What does "dig bsd2.summitnjhome.com" report?

> It looks like I may be using verizon's DNS server tho I am at a loss
> to know where this is set:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#dig bsd2 bsd2

Dig does not perform searches by default also you probably ment
"dig bsd2 @bsd2"  "dig <domain> @<server>".

> DNS _does_ restart correctly:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#/etc/rc.d/named restart
> Stopping named.
> Waiting for PIDS: 4015.
> Starting named.
> 
> But notice what happens in the messages log when I do that:
> 
> Code:
> 
> Sep 17 00:03:24 LBSD2 named[4170]: starting BIND 9.6.1-P1 -t /var/named -u bi
> nd
> Sep 17 00:03:24 LBSD2 named[4170]: built with '--prefix=/usr'
> '--infodir=/usr/share/info' '--mandir=/usr/share/man'
> '--enable-threads' '--disable-ipv6' '--enable-getifaddrs'
> '--disable-linux-caps' '--with-openssl=/usr'
> '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
> Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on 127.0.0.1#953
> Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on ::1#953
> Sep 17 00:03:24 LBSD2 named[4170]: the working directory is not writable
> Sep 17 00:03:24 LBSD2 named[4170]: running
> 
> 
> So it is complaining about the working directory not being writable.
> In my /etc/namedb/named.conf these are the relevant directories:
> 
> Code:
> 
> options {
>         // Relative to the chroot directory, if any
>         directory       "/etc/namedb";
>         pid-file        "/var/run/named/pid";
>         dump-file       "/var/dump/named_dump.db";
>         statistics-file "/var/stats/named.stats";
> 
> And these are the permissions on each:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#ls -l /etc | grep namedb
> lrwxr-xr-x  1 root        wheel          21 Sep 17 00:03 namedb ->
> /var/named/etc/namedb
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#ls -l /var | grep named
> drwxr-xr-x   6 root    wheel      512 Sep 16 23:13 named
> 
> I've tried to change the permissions on each to bind.wheel. For some
> reason this works on /var/named but NOT on /etc/namedb

Because that is where the symbolic link points.
 
> Code:
> 
> [root at LBSD2:/etc/namedb]#chown -R bind:wheel /etc/namedb/
> [root at LBSD2:/etc/namedb]#chown -R bind:wheel /var/named
> [root at LBSD2:/etc/namedb]#ls -l /etc | grep namedb
> lrwxr-xr-x  1 root        wheel          21 Sep 17 00:03 namedb ->
> /var/named/etc/namedb
> [root at LBSD2:/etc/namedb]#ls -l /var | grep named
> drwxr-xr-x   6 bind    wheel      512 Sep 16 23:13 named
> 
> Here are some more permissions that may be factoring into this situation:
> 
> Code:
> 
> [root at LBSD2:/etc/namedb]#ls -l
> total 48
> drwxr-xr-x  2 bind  wheel    512 Nov 21  2009 dynamic
> drwxr-xr-x  2 bind  wheel    512 Sep 16 18:38 master
> -rw-r--r--  1 bind  wheel  12088 Sep 16 17:44 named.conf
> -rw-r--r--  1 bind  wheel   2969 Nov 21  2009 named.root
> -rw-------  1 bind  wheel     97 Aug 21 18:50 rndc.key
> drwxr-xr-x  2 bind  wheel    512 Nov 21  2009 slave
> [root at LBSD2:/etc/namedb]#cd master/
> [root at LBSD2:/etc/namedb/master]#ls -l
> total 20
> -rw-r--r--  1 bind  wheel   243 Nov 21  2009 empty.db
> -rw-r--r--  1 bind  wheel   265 Nov 21  2009 localhost-forward.db
> -rw-r--r--  1 bind  wheel   333 Nov 21  2009 localhost-reverse.db
> -rw-r--r--  1 bind  wheel  3027 Sep 16 18:37 summitnjhome.com

And the content of summitnjhome.com are?
Also the named.conf zone definition for summitnjhome.com is?

> And lastly it does not appear to be a misconfiguration of the zone
> file, because as SOON as I encountered this problem I rm'd the one in
> /etc/namedb and copied a known working backup to the same location.
> 
> Clearly this situation needs a new set of eyes. I would _greatly_
> appreciate your input here. Thank you BIND9!!
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list