Link to home
Create AccountLog in
Avatar of DrDamnit
DrDamnitFlag for United States of America

asked on

nslookup looks for www.domainx.com.domainy.com and returns SERVFAIL

On the DNS server, I run nslookup, then do server localhost to make sure it queries itself. Asking it ot find google.com works fine. Asking it to find domainX.net or DomainY.com (zones hosted locally on the internet webserver) returns this error:

www.domainXnet
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server:         localhost
Address:        127.0.0.1#53

** server can't find www.domainX.net.domainY.com: SERVFAIL

I guess it thinks those zones are part of the local domain, which means something is wrong in my configs. It should think that those are stand alone domains.

Here's named.conf.local
 
;named.conf.local

zone "domainX.net" {
        type master;
        file "zones/domainX.net.zone";
};

zone "domainY.com" {
        type master;
        file "zones/domainY.com.zone";
};

Open in new window


Here is the zone file for domainX.net:
 
$TTL 3D
@       IN      SOA     domainX.net. root.domainX.net. (
                        199609206       ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
                NS      ns1.domaindiscover.com.
                NS      ns2.domaindiscover.com.
                MX      10 domainX.net.  ; Primary Mail Exchanger
                TXT     "My Corporation 2"

localhost       A       127.0.0.1

domainX.net.     A  192.168.13.3
www             CNAME   domainX.net.
ftp             CNAME   domainX.net.
mail            CNAME   domainX.net.

Open in new window


Here is the zone file for domainY.com:
 
$TTL 3D
@       IN      SOA     domainY.com. kgoodwin.domainY.com. (
                        199609206       ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
                NS      ns1.domaindiscover.com.
                NS      ns2.domaindiscover.com.
                MX      10 domainY.com.  ; Primary Mail Exchanger
                TXT     "My Corporation 1"

localhost       A       127.0.0.1

domainY.com.     A  192.168.13.3
www             CNAME   domainY.com.
ftp             CNAME   domainY.com.
mail            CNAME   domainY.com.

Open in new window


What's wrong?
;named.conf.local

zone "domainX.net" {
        type master;
        file "zones/domainX.net.zone";
};

zone "domainY.com" {
        type master;
        file "zones/domainY.com.zone";
};

Open in new window

Avatar of jar3817
jar3817

Do you have any views setup in bind? Can you paste your entire named.conf file please? When you start  or restart named look in /var/log/messages for errors.
Avatar of DrDamnit

ASKER

Default setup. No views (that I know of) have been setup.

named.conf just has three include statements for the named.conf.local, the rfc one, and another one.
Here you go...

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

Open in new window


Here's options:
 
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

Open in new window


Here's default:
 
// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

Open in new window

Is named running and listening for connections:

# netstat -anp | grep :53|grep LISTEN

Do you have UDP/53 allowed through iptables on the server?
Yes it's running, and yes ip tables is configured properly.
After changing the DNS zone files did you increase the serial number?

Try to do nslookup for "www.domainX.net." - with the trailing dot.

Perhaps I didn't explain this well enough.

The two domains in question are websites. From the outside world, the DNS is fine because it resolves ot the public IP address. However, internally on the LAN, that DNS won't work because the firewall doesn't allow you to "go out and come back in" (that's insecure).

So, I need the client machines to have www.domainx.com to resovle the local 192.168.x.x address when querying the domain via DNS on the local network.

Right now, it is treating the www.domainx.com query like a "you're looking for a computer that is part of the local network, aren't you?" query. As if I was on a windows.local domain. Not the case.

Does this clarify what I need?
This is starting to get frustrating! :-)

If I query the FQDN that is defined in the zone file, it is appending the domain of the mail server to the end of my query. Why is it doing that?

OK... I apparently fixed the appending a domain problem.

I had "search domainx.com" in /etc/resolv.conf. So, I deleted that line.

Now, that's fixed, it is just not finding the zone files properly?
Update. Once I removed the search domainx.com from /etc/resolv.conf, I say in syslog that the zone file could not be loaded. Turned out ot be a permissions problem. Fixed that, now it says there is a syntax error... working on that...
ASKER CERTIFIED SOLUTION
Avatar of DrDamnit
DrDamnit
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hello PAQ. This fixed it.