DrDamnit
asked on
nslookup looks for www.domainx.com.domainy.com and returns SERVFAIL
On the DNS server, I run nslookup, then do server localhost to make sure it queries itself. Asking it ot find google.com works fine. Asking it to find domainX.net or DomainY.com (zones hosted locally on the internet webserver) returns this error:
> www.domainXnet
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server: localhost
Address: 127.0.0.1#53
** server can't find www.domainX.net.domainY.com: SERVFAIL
I guess it thinks those zones are part of the local domain, which means something is wrong in my configs. It should think that those are stand alone domains.
Here's named.conf.local
Here is the zone file for domainX.net:
Here is the zone file for domainY.com:
What's wrong?
> www.domainXnet
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server: localhost
Address: 127.0.0.1#53
** server can't find www.domainX.net.domainY.com: SERVFAIL
I guess it thinks those zones are part of the local domain, which means something is wrong in my configs. It should think that those are stand alone domains.
Here's named.conf.local
;named.conf.local
zone "domainX.net" {
type master;
file "zones/domainX.net.zone";
};
zone "domainY.com" {
type master;
file "zones/domainY.com.zone";
};
Here is the zone file for domainX.net:
$TTL 3D
@ IN SOA domainX.net. root.domainX.net. (
199609206 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS ns1.domaindiscover.com.
NS ns2.domaindiscover.com.
MX 10 domainX.net. ; Primary Mail Exchanger
TXT "My Corporation 2"
localhost A 127.0.0.1
domainX.net. A 192.168.13.3
www CNAME domainX.net.
ftp CNAME domainX.net.
mail CNAME domainX.net.
Here is the zone file for domainY.com:
$TTL 3D
@ IN SOA domainY.com. kgoodwin.domainY.com. (
199609206 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS ns1.domaindiscover.com.
NS ns2.domaindiscover.com.
MX 10 domainY.com. ; Primary Mail Exchanger
TXT "My Corporation 1"
localhost A 127.0.0.1
domainY.com. A 192.168.13.3
www CNAME domainY.com.
ftp CNAME domainY.com.
mail CNAME domainY.com.
What's wrong?
;named.conf.local
zone "domainX.net" {
type master;
file "zones/domainX.net.zone";
};
zone "domainY.com" {
type master;
file "zones/domainY.com.zone";
};
Do you have any views setup in bind? Can you paste your entire named.conf file please? When you start or restart named look in /var/log/messages for errors.
ASKER
Default setup. No views (that I know of) have been setup.
named.conf just has three include statements for the named.conf.local, the rfc one, and another one.
named.conf just has three include statements for the named.conf.local, the rfc one, and another one.
ASKER
Here you go...
Here's options:
Here's default:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Here's options:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Here's default:
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
Is named running and listening for connections:
# netstat -anp | grep :53|grep LISTEN
Do you have UDP/53 allowed through iptables on the server?
# netstat -anp | grep :53|grep LISTEN
Do you have UDP/53 allowed through iptables on the server?
ASKER
Yes it's running, and yes ip tables is configured properly.
After changing the DNS zone files did you increase the serial number?
Try to do nslookup for "www.domainX.net." - with the trailing dot.
Try to do nslookup for "www.domainX.net." - with the trailing dot.
ASKER
Perhaps I didn't explain this well enough.
The two domains in question are websites. From the outside world, the DNS is fine because it resolves ot the public IP address. However, internally on the LAN, that DNS won't work because the firewall doesn't allow you to "go out and come back in" (that's insecure).
So, I need the client machines to have www.domainx.com to resovle the local 192.168.x.x address when querying the domain via DNS on the local network.
Right now, it is treating the www.domainx.com query like a "you're looking for a computer that is part of the local network, aren't you?" query. As if I was on a windows.local domain. Not the case.
Does this clarify what I need?
The two domains in question are websites. From the outside world, the DNS is fine because it resolves ot the public IP address. However, internally on the LAN, that DNS won't work because the firewall doesn't allow you to "go out and come back in" (that's insecure).
So, I need the client machines to have www.domainx.com to resovle the local 192.168.x.x address when querying the domain via DNS on the local network.
Right now, it is treating the www.domainx.com query like a "you're looking for a computer that is part of the local network, aren't you?" query. As if I was on a windows.local domain. Not the case.
Does this clarify what I need?
ASKER
This is starting to get frustrating! :-)
If I query the FQDN that is defined in the zone file, it is appending the domain of the mail server to the end of my query. Why is it doing that?
If I query the FQDN that is defined in the zone file, it is appending the domain of the mail server to the end of my query. Why is it doing that?
ASKER
OK... I apparently fixed the appending a domain problem.
I had "search domainx.com" in /etc/resolv.conf. So, I deleted that line.
Now, that's fixed, it is just not finding the zone files properly?
I had "search domainx.com" in /etc/resolv.conf. So, I deleted that line.
Now, that's fixed, it is just not finding the zone files properly?
ASKER
Update. Once I removed the search domainx.com from /etc/resolv.conf, I say in syslog that the zone file could not be loaded. Turned out ot be a permissions problem. Fixed that, now it says there is a syntax error... working on that...
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Hello PAQ. This fixed it.