Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

new records in bind aren't being given out when doing nslookup....

we had an old DNS server and I moved everything to a new box. DNS is working and it resolves names and internet, etc.

However, when I add a new record and then update the serial in named.soa and then restart the named service computers don't see the new records. Even if I do the lookup from the server itself it says it can't find it even though I can see it in the zone file.

Can anyone tell me what I'm missing?
0
willlandymore
Asked:
willlandymore
  • 8
  • 8
1 Solution
 
PortableTechCommented:
Can you give me the domain name so I can run some tests on it?  I plan to use the dig tool to try and trace where teh fault lies to make sure it is that system.
0
 
willlandymoreAuthor Commented:
mercyships.org
0
 
PortableTechCommented:
Ok, based on the trace below, it appears that this is hosted with rackspace, and is using their name servers.  Can you verify that the ip address at the end also appears correct?

=========================

; <<>> DiG 9.7.1-P2 <<>> +trace mercyships.org
;; global options: +cmd
.                       32380   IN      NS      b.root-servers.net.
.                       32380   IN      NS      d.root-servers.net.
.                       32380   IN      NS      i.root-servers.net.
.                       32380   IN      NS      c.root-servers.net.
.                       32380   IN      NS      g.root-servers.net.
.                       32380   IN      NS      f.root-servers.net.
.                       32380   IN      NS      l.root-servers.net.
.                       32380   IN      NS      k.root-servers.net.
.                       32380   IN      NS      m.root-servers.net.
.                       32380   IN      NS      e.root-servers.net.
.                       32380   IN      NS      h.root-servers.net.
.                       32380   IN      NS      a.root-servers.net.
.                       32380   IN      NS      j.root-servers.net.
;; Received 500 bytes from 192.168.1.34#53(192.168.1.34) in 27 ms

org.                    172800  IN      NS      c0.org.afilias-nst.info.
org.                    172800  IN      NS      b0.org.afilias-nst.org.
org.                    172800  IN      NS      a0.org.afilias-nst.info.
org.                    172800  IN      NS      a2.org.afilias-nst.info.
org.                    172800  IN      NS      b2.org.afilias-nst.org.
org.                    172800  IN      NS      d0.org.afilias-nst.org.
;; Received 434 bytes from 128.8.10.90#53(d.root-servers.net) in 35 ms

mercyships.org.         86400   IN      NS      ns2.rackspace.com.
mercyships.org.         86400   IN      NS      ns1.mercyships.org.
;; Received 97 bytes from 2001:500:b::1#53(c0.org.afilias-nst.info) in 64 ms

mercyships.org.         86400   IN      A       70.42.57.90
mercyships.org.         86400   IN      NS      ns.rackspace.com.
mercyships.org.         86400   IN      NS      ns2.rackspace.com.
;; Received 128 bytes from 65.61.188.4#53(ns2.rackspace.com) in 42 ms
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
PortableTechCommented:
Also, can you provide me with a specific FQDN (Fully qualified domain name) that you are attempting to look up. Also, when you are doing this lookup are you on the new DNS server testing it, or on a client system.  If on the DNS server, can you verify that it is set to look at itself DNS resolution and not some other name server?
0
 
willlandymoreAuthor Commented:
well the rackspace one is in there, but then you can see the ns1.mercyships.org which is this box. I'm using:

nslookup server.mercyships.org ns1.mercyships.org

so that it specifically goes to itself to check that record. It's not finding it which means that it's looking at itself and not getting it even though it's sitting right there in /var/named/mercyships.org

0
 
PortableTechCommented:
Just to confirm, this is your current SOA serial number (2011030200).  Also, server.mercyships.org is the FQDN of the item that is not working, and not just an example, correct?
0
 
willlandymoreAuthor Commented:
no the name of the box is thunderball.mercyships.org and the serial number now is 2011030201.
0
 
PortableTechCommented:
This is actually a bit odd.  The SOA for your ns1.mercyships.org seems to have regressed since I last loaded it, and is now stating (2011012600) and your rackspace servers are showing a completely different answer.  Are you intending to even use the rackspace servers any more?  

Are you seeing any bind error messages in your /var/log/syslog?


=======================

; <<>> DiG 9.7.1-P2 <<>> thunderball.mercyships.org. @ns1.mercyships.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9062
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 64 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:04:50 2011
;; MSG SIZE  rcvd: 89

root@ryoko:~# dig thunderball.mercyships.org. @ns1.rackspace.com                                                                                                    

; <<>> DiG 9.7.1-P2 <<>> thunderball.mercyships.org. @ns1.rackspace.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19926
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns.rackspace.com. hostmaster.rackspace.com. 1293861717 3600 300 1814400 300

;; Query time: 40 msec
;; SERVER: 69.20.95.4#53(69.20.95.4)
;; WHEN: Wed Mar  2 15:05:15 2011
;; MSG SIZE  rcvd: 107


0
 
willlandymoreAuthor Commented:
No, I plan on removing the Rackspace hosts, but I need 2 external DNS servers before I can replace it.
0
 
PortableTechCommented:
Well, my concern is the rackspace and your dns are not in sync and are returning much different info, that could be causing problems with people being able to connect to you.  Not sure that is related to your initial issue, but a concern either way.  Other than that, are you seeing any errors in

/var/log/syslog

that are from the named process?
0
 
willlandymoreAuthor Commented:
there are lots of entries in /var/log/messages concerning bind but it's to do with people trying zone transfers, etc.
0
 
PortableTechCommented:
Ok,  Try the following commands for me and post the results.  I am assuming these are being done on the DNS server itself.

dig thunderball.mercyships.org

dig thunderball.mercyships.org @127.0.0.1

dig thunderball.mercyships.org @ns1.mercyships.org
0
 
willlandymoreAuthor Commented:
dig thunderball.mercyships.org

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6158
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 56 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:03:44 2011
;; MSG SIZE  rcvd: 89

===============


dig thunderball.mercyships.org @127.0.0.1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org @127.0.0.1
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@excalibur named]# dig thunderball.mercyships.org @ns1.mercyships.org

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> thunderball.mercyships.org @ns1.mercyships.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30159
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;thunderball.mercyships.org.    IN      A

;; AUTHORITY SECTION:
mercyships.org.         300     IN      SOA     ns1.mercyships.org. root.mercyships.org. 2011012600 1800 900 3600 1800

;; Query time: 0 msec
;; SERVER: 198.97.51.1#53(198.97.51.1)
;; WHEN: Wed Mar  2 15:05:06 2011
;; MSG SIZE  rcvd: 89

That serial number it's getting is from the old named.soa on the old server, but the record for ns1 points to the new box and the service on the old one is stopped...
0
 
willlandymoreAuthor Commented:
Okay, I found something. The default install of bind puts things in /var/named, but ours uses the /var/named/chroot/var/named.....so it's looking at the original copies of what's in the /var/named directory instead of using the links going to the deeper one.

Should I just delete the contents of that directory and then make the links pointing to the other ones?
0
 
PortableTechCommented:
Well, you will either need to place the files where it is looking as you have a chrooted server, or change the bind startup scripts to point it to where you want them to be.

The -t option will allow you to point it to the chrooted directory

-t /var/named/chroot/var/named

generally that is used with the -u option if you are trying to enhance security by running it as a non-root user.  But I am unsure what you were trying to accomplish with the chroot initially so I can only guess.
0
 
willlandymoreAuthor Commented:
eh, I just removed the chroot and then updated the files where it was actually looking.

Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 8
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now