[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Domain name stopped resolving despite seemingly proper config

Posted on 2007-08-07
24
Medium Priority
?
482 Views
Last Modified: 2008-01-09
Today the domain name that for our company stopped working.  I have no idea why - a few days ago we renewed out domain, but none of the nameservers should have been changed.

We use bluequartz to administer DNS, and everything looks like it's still set up okay - it's worked fine for the last year or so.

if you try an nslookup, even using the server that acts as the nameserver, you get nothing:

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find avalonglobal.com: SERVFAIL


I did a report through DNSStuff.com, and these were the more interesting points:

FAIL      Lame nameservers      
ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
64.141.17.140
64.141.17.130

FAIL      Missing nameservers 2
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.avalonglobal.net.
ns2.avalonglobal.net.


I actually went onto the registrar's site and changed the ns records from ns1.avalonglobal.com to ns1.avalonglobal.net, which actually do resolve at the moment, but it didn't help. (They resolve to the same IP addresses).  Even though I've changed the SOA, and the nameservers in my config, nothign seems to have helped...

If anyone can help sort this out, that would be much appreciated.
0
Comment
Question by:supacon
  • 13
  • 10
24 Comments
 
LVL 13

Expert Comment

by:bluetab
ID: 19651054
I can't help you regarding bluequartz, but have you considered moving your DNS services externally.  zoneedit.com offers free services for up to five domains and does a great job.  

The problem could either be with the DNS software or your network.  You may want to check the firewall to make sure that DNS requests are still being forwarded to your nameservers/IP addresses properly.  However I would recommend moving to an external DNS service as setting up DNS properly to be responsive to external requests can be a security risk (depending on setup) and obviously can be troublesome if something goes wrong.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651409
ns1.avalonglobal.net is responding as expected.  i just don't see that it knows about avalonglobal.com.
0
 

Author Comment

by:supacon
ID: 19651471
Yeah, the .net domain works fine.  I'm just reading through my DNS & BIND book, and there's a section that talks about Incorrect Subdomain Delegation that results in Lame Server errors.

(I see tons of those in /var/log/messages)  There's obviously something wrong... and I don't know if this is related, but many, many (but not most) websites won't resolve at all either... that's a minor issue at this immediate moment in time, however.

But... about the Subdomain Registration, I don't understand what that would mean.  Is this something do do with our registrar? Are they the parent for us?  It doesn't appear that anything I have done would have caused this, so is it the registrar messing something up and maybe not being aware of it?  They don't seem to think that it's a problem on their end thus far...
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651498
could you post your named.conf with the section for avalonglobal.com and the avalonglobal.com.db along with the relevant inverse file?

And, do you use views?
0
 

Author Comment

by:supacon
ID: 19651537
I have no idea what views is, so I'd say that no, I don't use them... but in any case, here's the config stuff you reqeusted:

// BIND9 configuration file
// automatically generated Tue Aug  7 21:18:37 2007
//
// Do not edit this file by hand.  Your changes will be lost the
// next time this file is automatically re-generated.

options {
  directory "/var/named";
  // spoof version for a little more security via obscurity
  version "100.100.100";
  // no forwarders defined
  allow-transfer { 64.141.17.130; };
  // recursion access denied

  // recursion allowed
};

// key rndc_key {
//   algorithm "hmac-md5";
//   secret "sample";
// };
//
// controls {
//   inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
//   inet 127.0.0.1 allow { localhost; } keys { };
// };

include "/etc/named.conf.include";

zone "." {
  type hint;
  file "root.hint";
};


zone "0.0.127.in-addr.arpa" {
  type master;
  file "pri.0.0.127.in-addr.arpa";
  notify no;
};


zone "avalonglobal.com" {
  type master;
  file "db.avalonglobal.com";
};
// (There are many, many more domains in here that all work)




And here's db.avalonglobal.com:

; db.avalonglobal.com
;
; This file was automatically generated by dns_generate.pl.  Do not
; edit this file directly.  If you need to make additions to this
; file that CCE does not support, add your extra records to the
; db.avalonglobal.com.include file.

$TTL 900
avalonglobal.com. IN SOA ns1.avalonglobal.net. avalonjd.avalonglobal.com. (
        2007080701 ; serial number
        1200 ; refresh
        900 ; retry
        604800 ; expire
        900 ; ttl
        )
avalonglobal.com.       IN      NS      ns1.avalonglobal.net.
avalonglobal.com.       IN      NS      ns2.avalonglobal.net.

avalonglobal.com.       in mx 20 mail.avalonglobal.com.
ns2.avalonglobal.com.   in a 64.141.17.130
avalonglobal.com.       in a 64.141.17.140
ns1.avalonglobal.com.   in a 64.141.17.140
www.avalonglobal.com.   in a 64.141.17.140
ww1.avalonglobal.com.   in a 64.141.17.141

; User customizations go in this include file:
$INCLUDE db.avalonglobal.com.include


(also, I've removed some subdomains from this, because I don't want them to become anymore well known)
0
 

Author Comment

by:supacon
ID: 19651632
Uh.. wait a minute, what's an inverse file?  That's a new one to me.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651690
That's the file that maps via a PTR record an IP address to fully qualified domain name.

A couple of questions:

Was the serial number updated and named restarted after the changes?

Is the file "db.avalonglobal.com" where named expects it?   Did you verify that there is not a typo in the actual filename?

Can you post the lines in the logfile that identify avalonglobal.com when named starts?
0
 

Author Comment

by:supacon
ID: 19651812
I don't think we've got any of the PTR records set up on here, actually... is that really important to do?

I'm not 100% sure if the serial number was updated, but I'm thinking that BlueQuartz must do that.  I can't edit this stuff by hand, as it breaks things sometimes (AFAIK)... but I know that I have manually restarted the named server.

db.avalonglobal.com is located in /etc/named which is really an alias to  /var/named/chroot/var/named.
That part seems okay.

There are a LOT of lines that show up when named is restarted... but here are some of the more interesting ones:


Aug  8 01:53:31 ww1 named[11944]: exiting
Aug  8 01:53:33 ww1 named[11987]: starting BIND 9.2.4 -u named -t /var/named/chroot
Aug  8 01:53:33 ww1 named[11987]: using 2 CPUs
Aug  8 01:53:33 ww1 named[11987]: loading configuration from '/etc/named.conf'
Aug  8 01:53:33 ww1 named[11987]: no IPv6 interfaces found
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface lo, 127.0.0.1#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0, 64.141.17.141#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:0, 64.141.17.145#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:1, 64.141.17.147#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:10, 64.141.17.155#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:11, 64.141.17.156#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:2, 64.141.17.149#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:3, 64.141.17.142#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:4, 64.141.17.146#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:5, 64.141.17.143#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:6, 64.141.17.148#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:7, 64.141.17.144#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:8, 64.141.17.150#53
Aug  8 01:53:33 ww1 named[11987]: listening on IPv4 interface eth0:9, 64.141.17.140#53
Aug  8 01:53:33 ww1 named[11987]: command channel listening on 127.0.0.1#953
Aug  8 01:53:33 ww1 named[11987]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2000081417
...
Aug  8 01:53:33 ww1 named[11987]: zone avalonglobal.ca/IN: loaded serial 2007080701
...
Aug  8 01:53:35 ww1 named[11987]: zone karafoundation.org/IN: loaded serial 2007080701
Aug  8 01:53:35 ww1 named[11987]: running
Aug  8 01:53:35 ww1 named[11987]: zone sprucelandinsurance.com/IN: sending notifies (serial 2007080701)
Aug  8 01:53:35 ww1 named: named startup succeeded
...
Aug  8 01:53:35 ww1 named[11987]: client 64.141.17.129#35410: update 'hotlinkwireless.net/IN' denied

0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651858
grep "Aug  8" /path/to/named/logfile | grep avalonglobal.com
  -> and show me the results.

ls -l /var/named/chroot/var/named/db.avalonglobal.com
  -> and show me the results.

Thanks!
0
 

Author Comment

by:supacon
ID: 19651878
Wow... look at that:
Aug  8 01:53:34 ww1 named[11987]: dns_rdata_fromtext: db.avalonglobal.com.include:4: near eol: unbalanced quotes
Aug  8 01:53:34 ww1 named[11987]: zone avalonglobal.com/IN: loading master file db.avalonglobal.com: unbalanced quotes

Interestingly the time on the server is two hours ahead... there's nothing from the seventh, even though it's just after midnight here.  Obviusly the time needs fixing, and I should run ntp (I swear I just reset it a couple weeks ago).

Uhm... yeah, the ls:
[root@ww1 named]# ls -l /var/named/chroot/var/named/db.avalonglobal.com
-rw-r--r--  2 named named 1736 Aug  7 21:18 /var/named/chroot/var/named/db.avalonglobal.com

0
 

Author Comment

by:supacon
ID: 19651894
I'm not sure what these unbalanced quotes are from... there isn't a single (or double) quote in the entire file.

The include file has a domainkey in it:

; /var/named/chroot/var/named/db.avalonglobal.com.include
; user customizations can be added here.

_domainkey.avalonglobal.com.         IN TXT  o=-"
private._domainkey.your-domain.com. IN TXT "k=rsa;
p=[KEY DATA]=="
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 19651901
If the domainkey is the only line with quotes, let's comment it out and try reloading named to see if it starts.

An syntax error in a zone file will prevent that zone from loading.
0
 

Author Comment

by:supacon
ID: 19651919
Holy frickin' crap!

[root@ww1 named]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@ww1 named]# nslookup avalonglobal.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   avalonglobal.com
Address: 64.141.17.140

[root@ww1 named]# ping avalonglobal.com
PING avalonglobal.com (64.141.17.140) 56(84) bytes of data.
64 bytes from ww1.avalonglobal.com (64.141.17.140): icmp_seq=0 ttl=64 time=0.061 ms
64 bytes from ww1.avalonglobal.com (64.141.17.140): icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from ww1.avalonglobal.com (64.141.17.140): icmp_seq=2 ttl=64 time=0.045 ms

--- avalonglobal.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.045/0.050/0.061/0.009 ms, pipe 2
0
 

Author Comment

by:supacon
ID: 19651924
well... it looks like that may have been the problem, but that spawns a number of other questions.

First off... can I just remove one of those quotes from the include file?
And... what is the domainkey for?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651926
wow.  much better.  we need to take a look at that domain key.

can you paste the exact key?
0
 

Author Comment

by:supacon
ID: 19651931
Here are the contents of the include file:

; /var/named/chroot/var/named/db.avalonglobal.com.include
; user customizations can be added here.

;_domainkey.avalonglobal.com.         IN TXT  o=-"
;private._domainkey.your-domain.com. IN TXT "k=rsa;
;p=MIHxAgEAAjEA0Vj1LgDpQ6H4Qx/73ZcYtm7x3rWyq6IktH8Q+DXhQpDeoXhsPT4d
;TGgTeAwKxD/5AgMBAAECMFd/1vpjZxvdluZ3d84mWS3nMTDkwMj7+5luy7Ha3DRe
;P/R6zzM9S5ROikrXBwPMAQIZAPjZMp/7M5hcHxx9L/jzQYS9ekZWrPZqiwIZANdd
;JdCw+hVSw4gFXocqkgub9RGyNXqECwIYcOjb94rbFj52P07t/V8iU0BFwrSBNi2R
;AhgocHMzVqf+7QWOOwPe+Z1m1KgV5JKqKLUCGAvSYN7VWsFll6GevHPPNkqLR2R0
;bGKF4g=="
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651936
domainkeys are used for validating mail servers to prevent spoofing (an anti-spam measure).

if you were using it, i suggest continuing with it.  let's review the dkey so that we can fix it.
0
 

Author Comment

by:supacon
ID: 19651937
Something else I'm wondering is why would this have stopped working after all this time?  The server had been up for about seven days.  I think some hackers managed to crash the server somehow... but prior to that, it had probably been up for months and months.

Not too long ago, we renewed this domain as well... could that have had something to do with it?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19651956
did this key ever work ???
0
 

Author Comment

by:supacon
ID: 19651962
Uhm... I actually have no idea, but I kind of doubt it.  I wasn't the one who set it up initially.  Do you know offhand of a resource where I can learn more about setting this up?
0
 

Author Comment

by:supacon
ID: 19651983
Ugh... I looked it up, and it looks like there's a piece of a config for DJBDNS in there, and part for BIND.  This may have been as a result of me installing qmail a while back... but since the server was never restarted I hadn't noticed it until now.

Uhm... as for the domainkey thing, I'll probably just ditch it for now, since it's obviously causing so many issues elsewhere.  I just don't get how I never noticed this until today.
0
 

Author Comment

by:supacon
ID: 19651993
Many thanks _jesper_! You've saved me from a rather sleepless night, I must say.  You deserve more points than I can assign, and you've earned a top grade.

Also, since it's impossible for me to edit my posts, I'd like to requests to admins that all domainnames and IP addresses get replaced with something more generic, just for security purposes.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19652022
My rule of thumb is that if the information is publicly available without having to review a configuration, then it's probably not a security risk to identify the actual data.

I don't think you've put your domain or network at risk, honestly.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question