ittechlab
asked on
DNS issue
unable to get DNS service up and running.
[root@dns01 named]# systemctl restart named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@dns01 named]# journalctl -xe
-- Unit named-setup-rndc.service has begun starting up.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Started Generate rndc key for BIND (DNS).
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named-setup-rndc.service has finished starting up.
--
-- The start-up result is done.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has begun starting up.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:9: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:11: unknown RR type 'internal'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:12: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:13: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:14: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:16: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone cioft.com/IN: loading from master file cioft.com.lan failed: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone cioft.com/IN: not loaded due to errors.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: internal/cioft.com/IN: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:9: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:12: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:14: #.2.168.192.in-addr.arpa: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:16: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 2.168.192.in-addr.arpa/IN: loading from master file 2.168.192.db failed: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 2.168.192.in-addr.arpa/IN: not loaded due to errors.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: internal/2.168.192.in-addr .arpa/IN: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone localhost.localdomain/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone localhost/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 0.in-addr.arpa/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com polkitd[656]: Unregistered Authentication Agent for unix-process:11613:234915 (system bus name :1.32, object path
Mar 16 21:02:24 dns01.cioft.com systemd[1]: named.service: control process exited, code=exited status=1
Mar 16 21:02:24 dns01.cioft.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has failed.
--
-- The result is failed.
Mar 16 21:02:24 dns01.cioft.com systemd[1]: Unit named.service entered failed state.
Mar 16 21:02:24 dns01.cioft.com systemd[1]: named.service failed.
[root@dns01 named]# /var/log/messages |grep named
-bash: /var/log/messages: Permission denied
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# tail -f /var/log/messages |grep named
Mar 16 21:02:24 dns01 systemd: named.service: control process exited, code=exited status=1
Mar 16 21:02:24 dns01 systemd: Unit named.service entered failed state.
Mar 16 21:02:24 dns01 systemd: named.service failed.
Mar 16 21:04:17 dns01 systemd: named.service: control process exited, code=exited status=1
Mar 16 21:04:17 dns01 systemd: Unit named.service entered failed state.
Mar 16 21:04:17 dns01 systemd: named.service failed.
[root@dns01 named]# systemctl restart named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@dns01 named]# journalctl -xe
-- Unit named-setup-rndc.service has begun starting up.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Started Generate rndc key for BIND (DNS).
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named-setup-rndc.service has finished starting up.
--
-- The start-up result is done.
Mar 16 21:02:23 dns01.cioft.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has begun starting up.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:9: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:11: unknown RR type 'internal'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:12: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:13: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:14: #.cioft.com: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: cioft.com.lan:16: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone cioft.com/IN: loading from master file cioft.com.lan failed: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone cioft.com/IN: not loaded due to errors.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: internal/cioft.com/IN: unknown class/type
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:9: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:12: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:14: #.2.168.192.in-addr.arpa: bad owner name (check-names)
Mar 16 21:02:24 dns01.cioft.com bash[11622]: 2.168.192.db:16: unknown RR type 'define'
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 2.168.192.in-addr.arpa/IN:
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 2.168.192.in-addr.arpa/IN:
Mar 16 21:02:24 dns01.cioft.com bash[11622]: internal/2.168.192.in-addr
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone localhost.localdomain/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone localhost/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 1.0.0.127.in-addr.arpa/IN:
Mar 16 21:02:24 dns01.cioft.com bash[11622]: zone 0.in-addr.arpa/IN: loaded serial 0
Mar 16 21:02:24 dns01.cioft.com polkitd[656]: Unregistered Authentication Agent for unix-process:11613:234915 (system bus name :1.32, object path
Mar 16 21:02:24 dns01.cioft.com systemd[1]: named.service: control process exited, code=exited status=1
Mar 16 21:02:24 dns01.cioft.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has failed.
--
-- The result is failed.
Mar 16 21:02:24 dns01.cioft.com systemd[1]: Unit named.service entered failed state.
Mar 16 21:02:24 dns01.cioft.com systemd[1]: named.service failed.
[root@dns01 named]# /var/log/messages |grep named
-bash: /var/log/messages: Permission denied
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# tail -f /var/log/messages |grep named
Mar 16 21:02:24 dns01 systemd: named.service: control process exited, code=exited status=1
Mar 16 21:02:24 dns01 systemd: Unit named.service entered failed state.
Mar 16 21:02:24 dns01 systemd: named.service failed.
Mar 16 21:04:17 dns01 systemd: named.service: control process exited, code=exited status=1
Mar 16 21:04:17 dns01 systemd: Unit named.service entered failed state.
Mar 16 21:04:17 dns01 systemd: named.service failed.
For some reason you have words like define, internal , ... etc. for record types in your zone file...
Normal types are SOA (Start of Authority aka a Zone), NS (Name server), A (IPv4 address) , AAAA (IPv6 address), PTR, (Revers lookup), TXT (text) and a few others
Class is CH, IN, .. (IN = Internet is default, DNS also was used for other queries for something called CHAOS net (=CH)).
TTL is defined as a default before using $TTL= n seconds, or in a record if different from default, and defines the Max. time the name is record after being issued from the DNS server,
default is 1 Day validity.
all record in a zone file should look like:
name [TTL] [RR-class] RR-type Value
crioft.com. SOA ns1.crioft.com admin.crioft.com .......
crioft.com. NS ns1.crioft.lan.
ns1.crioft.com. A 192.168.103.2
gw.crioft.com. A 192.168.103.1
your reverse lookup zone would then be like...
103.168.192.in-addr.arpa. SOA ns1.crioft.com admin.crioft.com ....
1 PTR gw.crioft.com.
2 PTR ns1.crioft.com,
(no define, include, .... ).
Maybe you can show a snippet without publishing Public addresses etc.
Normal types are SOA (Start of Authority aka a Zone), NS (Name server), A (IPv4 address) , AAAA (IPv6 address), PTR, (Revers lookup), TXT (text) and a few others
Class is CH, IN, .. (IN = Internet is default, DNS also was used for other queries for something called CHAOS net (=CH)).
TTL is defined as a default before using $TTL= n seconds, or in a record if different from default, and defines the Max. time the name is record after being issued from the DNS server,
default is 1 Day validity.
all record in a zone file should look like:
name [TTL] [RR-class] RR-type Value
crioft.com. SOA ns1.crioft.com admin.crioft.com .......
crioft.com. NS ns1.crioft.lan.
ns1.crioft.com. A 192.168.103.2
gw.crioft.com. A 192.168.103.1
your reverse lookup zone would then be like...
103.168.192.in-addr.arpa. SOA ns1.crioft.com admin.crioft.com ....
1 PTR gw.crioft.com.
2 PTR ns1.crioft.com,
(no define, include, .... ).
Maybe you can show a snippet without publishing Public addresses etc.
As Dr. Klahn said, unless you're actually serving records for DNS for various zones.
If you aren't serving actually DNS records, open another question about how to get dnsmasq running + include what Distro you're using.
To debug named, if you really must, run this command...
This runs named in foreground + debug mode.
Running named like this will produce an error log showing you exactly what file + line number of errors.
Then just fix every error.
Tip: It looks like you really are trying to serve zone records, so simple way to debug errors, is to do this...
Do this for every zone you serve. You must have 100% success from this command, for every zone file you serve, before named will start.
If you aren't serving actually DNS records, open another question about how to get dnsmasq running + include what Distro you're using.
To debug named, if you really must, run this command...
named -d -f
This runs named in foreground + debug mode.
Running named like this will produce an error log showing you exactly what file + line number of errors.
Then just fix every error.
Tip: It looks like you really are trying to serve zone records, so simple way to debug errors, is to do this...
named-checkzone $domain $zonefile
Do this for every zone you serve. You must have 100% success from this command, for every zone file you serve, before named will start.
ASKER
[root@dns01 named]# /usr/sbin/named-checkconf -z /etc/named.conf
zone cioft.com/IN: loaded serial 2014071003
zone 2.168.192.in-addr.arpa/IN: loaded serial 2014071001
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone cioft.com/IN: loaded serial 2014071003
zone 2.168.192.in-addr.arpa/IN:
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.
zone 1.0.0.127.in-addr.arpa/IN:
zone 0.in-addr.arpa/IN: loaded serial 0
ASKER
[root@dns01 named]# cat cioft.com.lan
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071003 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN A 192.168.2.200
IN MX 10 dns01.cioft.com.
dns01 IN A 192.168.2.200
vcenter IN A 192.168.2.201
[root@dns01 named]# cat 2.168.192.db
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN PTR cioft.com.
IN A 255.255.255.0
200 IN PTR dns01.cioft.com.
[root@dns01 named]# dig dns01.cioft.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> dns01.cioft.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20647
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01.cioft.com. IN A
;; Query time: 1 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 09:54:13 EDT 2019
;; MSG SIZE rcvd: 44
[root@dns01 named]#
[root@dns01 named]# dig dns01
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> dns01
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 44774
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01. IN A
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 09:54:17 EDT 2019
;; MSG SIZE rcvd: 34
dig dns01 is not returning any records
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071003 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN A 192.168.2.200
IN MX 10 dns01.cioft.com.
dns01 IN A 192.168.2.200
vcenter IN A 192.168.2.201
[root@dns01 named]# cat 2.168.192.db
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN PTR cioft.com.
IN A 255.255.255.0
200 IN PTR dns01.cioft.com.
[root@dns01 named]# dig dns01.cioft.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20647
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01.cioft.com. IN A
;; Query time: 1 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 09:54:13 EDT 2019
;; MSG SIZE rcvd: 44
[root@dns01 named]#
[root@dns01 named]# dig dns01
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 44774
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dns01. IN A
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 09:54:17 EDT 2019
;; MSG SIZE rcvd: 34
dig dns01 is not returning any records
Many modern distros run named in a chrooted environment. Make sure you are looking at the proper location for your zones...
Dig does NOT user the resolver library... so it doesn't "search" a list of domains for you.
So you need to ask for : dns01.cioft.com
(full name)
requesting dig dns01 is requesting if there is an address (A) for to TLD dns01.... which doesn't exist.
try:
dig com NS
dig com SOA
dig cioft.com NS
dig cioft.com SOA
etc.
dig +trace dns01.cioft.com
Also: 192.168.2.200 refused to answer your query.
The nameserver's logs should explain why it refused.
So you need to ask for : dns01.cioft.com
(full name)
requesting dig dns01 is requesting if there is an address (A) for to TLD dns01.... which doesn't exist.
try:
dig com NS
dig com SOA
dig cioft.com NS
dig cioft.com SOA
etc.
dig +trace dns01.cioft.com
Also: 192.168.2.200 refused to answer your query.
The nameserver's logs should explain why it refused.
run named-checkzone cioft.com.lan
Deals with whether the source where you created this file has introduced some foreign chracters,
cat -v cioft.com.lan
As others pointed out, it reports errors, one of the error is what it is getting from the master server.
Echo David's suggestion to run in the foreground and it should shed light on ..
dig cioft.com. SOA
not sure you can have A records in an ARPA zone
if you want to identify a mask, use eihter TXT or INFO records not A records.
Deals with whether the source where you created this file has introduced some foreign chracters,
cat -v cioft.com.lan
As others pointed out, it reports errors, one of the error is what it is getting from the master server.
Echo David's suggestion to run in the foreground and it should shed light on ..
dig cioft.com. SOA
not sure you can have A records in an ARPA zone
if you want to identify a mask, use eihter TXT or INFO records not A records.
@Arnold, technically you can have a A record in ARPA zones, they only make little sense.
I never have seen a use case for it....
As such it is just another RR.
Like putting PTR records in other zones is not strictly forbidden, it only make no sense as well.
I never have seen a use case for it....
As such it is just another RR.
Like putting PTR records in other zones is not strictly forbidden, it only make no sense as well.
Thanks noci, little sense/use from habbit categorized an rr as invalid
I think there has to be a disconnect between where the files are located and the files the author posted.
I.e. The author thinks the files are those in /var/named while the processing is looking at a different data. Db backend, or the files are din a different location.
I think there has to be a disconnect between where the files are located and the files the author posted.
I.e. The author thinks the files are those in /var/named while the processing is looking at a different data. Db backend, or the files are din a different location.
ASKER
@arnlod
[root@dns01 named]# named-checkzone cioft.com.lan
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|l ocal-sibli ng|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@dns01 named]# named-checkzone cioft.com.lan
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|l
ASKER
@noci
[root@dns01 named]# dig com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 29454
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; Query time: 2 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 20:57:32 EDT 2019
;; MSG SIZE rcvd: 32
[root@dns01 named]# dig com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 20:57:39 EDT 2019
;; MSG SIZE rcvd: 32
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# dig cioft.com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> cioft.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 57771
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cioft.com. IN NS
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 20:57:49 EDT 2019
;; MSG SIZE rcvd: 38
[root@dns01 named]#
[root@dns01 named]# dig cioft.com SOA
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> cioft.com SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31968
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cioft.com. IN SOA
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2 .200)
;; WHEN: Sun Mar 17 20:57:55 EDT 2019
;; MSG SIZE rcvd: 38
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# dig +trace dns01.cioft.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_ 6 <<>> +trace dns01.cioft.com
;; global options: +cmd
;; Received 28 bytes from 192.168.2.200#53(192.168.2 .200) in 0 ms
[root@dns01 named]# dig com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 29454
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; Query time: 2 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 20:57:32 EDT 2019
;; MSG SIZE rcvd: 32
[root@dns01 named]# dig com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46636
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com. IN NS
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 20:57:39 EDT 2019
;; MSG SIZE rcvd: 32
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# dig cioft.com NS
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 57771
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cioft.com. IN NS
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 20:57:49 EDT 2019
;; MSG SIZE rcvd: 38
[root@dns01 named]#
[root@dns01 named]# dig cioft.com SOA
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31968
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cioft.com. IN SOA
;; Query time: 0 msec
;; SERVER: 192.168.2.200#53(192.168.2
;; WHEN: Sun Mar 17 20:57:55 EDT 2019
;; MSG SIZE rcvd: 38
[root@dns01 named]#
[root@dns01 named]#
[root@dns01 named]# dig +trace dns01.cioft.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_
;; global options: +cmd
;; Received 28 bytes from 192.168.2.200#53(192.168.2
So your name server : 192.168.2.200 doesn't resolve names from the internet and has no knowledge on cioft.com.
Does not forward or recusively resolve names on the internet.
(if you enable recursively resolving that may require tuning en where you allow regular queries answered from.. (Your network, not the internet).
As Arnold suggested, check what files are used by the named instance you run.
if running from a chroot environment those might be somewhere else.
Does not forward or recusively resolve names on the internet.
(if you enable recursively resolving that may require tuning en where you allow regular queries answered from.. (Your network, not the internet).
As Arnold suggested, check what files are used by the named instance you run.
if running from a chroot environment those might be somewhere else.
ASKER
cioft.com is not from internet, its local.
ASKER
[root@dns01 named]# pwd
/var/named
[root@dns01 named]# ll
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 430 Mar 17 10:06 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 166 Mar 17 21:52 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
/var/named
[root@dns01 named]# ll
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 430 Mar 17 10:06 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 166 Mar 17 21:52 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
ASKER
chroot
/var/named/chroot/var/name d
[root@dns01 named]# ll
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 430 Mar 17 10:06 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 166 Mar 17 21:52 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
/var/named/chroot/var/name
[root@dns01 named]# ll
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 430 Mar 17 10:06 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 166 Mar 17 21:52 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
ASKER
[root@dns01 named]# cat 2.168.192.db
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN PTR cioft.com.
IN A 255.255.255.0
200 IN PTR dns01.cioft.com.
[root@dns01 named]#
[root@dns01 named]# cat cioft.com.lan
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071004 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN A 192.168.2.200
IN MX 10 dns01.cioft.com.
dns01 IN A 192.168.2.200
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN PTR cioft.com.
IN A 255.255.255.0
200 IN PTR dns01.cioft.com.
[root@dns01 named]#
[root@dns01 named]# cat cioft.com.lan
$TTL 86400
@ IN SOA dns01.cioft.com. root.cioft.com. (
2014071004 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS dns01.cioft.com.
IN A 192.168.2.200
IN MX 10 dns01.cioft.com.
dns01 IN A 192.168.2.200
what is in the chroot directory?........
ls -lR /var/named
ls -lR /var/named
Your above statement makes no difference.
If you serve any records for public or local consumption, the records still must be correct.
To use the above tool, you must provide both the zone file + domain name, so something like...
1) So, you can't append a .lan to your domain name, unless you actually lookup records for cioft.com.lan + not the cioft.com domain name.
2) Looks like you only provided the domain name + no config file, or visa versa. You must provide both.
The way to debug this is still to kill named (if running) + issue the command...
Which will tell you each file + line number of any syntax errors during startup.
If you serve any records for public or local consumption, the records still must be correct.
To use the above tool, you must provide both the zone file + domain name, so something like...
named-checkzone cioft.com /etc/bind/zones/cioft.com.conf
1) So, you can't append a .lan to your domain name, unless you actually lookup records for cioft.com.lan + not the cioft.com domain name.
2) Looks like you only provided the domain name + no config file, or visa versa. You must provide both.
The way to debug this is still to kill named (if running) + issue the command...
named -d -f
Which will tell you each file + line number of any syntax errors during startup.
ASKER
[root@dns01 named]# ls -lR /var/named
/var/named:
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 354 Mar 18 09:17 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 84 Mar 18 09:18 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
/var/named/chroot:
total 0
drwxr-x---. 2 root named 44 Mar 16 22:48 dev
drwxr-x---. 4 root named 30 Mar 18 09:18 etc
drwxr-x---. 3 root named 19 Mar 16 22:48 run
drwxr-xr-x. 3 root root 19 Mar 16 22:48 usr
drwxr-x---. 5 root named 52 Mar 16 22:48 var
/var/named/chroot/dev:
total 0
crw-r--r--. 1 root root 1, 3 Mar 16 22:48 null
crw-r--r--. 1 root root 1, 8 Mar 16 22:48 random
crw-r--r--. 1 root root 1, 5 Mar 16 22:48 zero
/var/named/chroot/etc:
total 0
drwxr-x---. 2 root named 6 Jan 29 12:23 named
drwxr-x---. 3 root named 25 Mar 16 22:48 pki
/var/named/chroot/etc/name d:
total 0
/var/named/chroot/etc/pki:
total 0
drwxr-x---. 2 root named 6 Jan 29 12:23 dnssec-keys
/var/named/chroot/etc/pki/ dnssec-key s:
total 0
/var/named/chroot/run:
total 0
drwxr-xr-x. 2 named named 6 Jan 29 12:23 named
/var/named/chroot/run/name d:
total 0
/var/named/chroot/usr:
total 0
drwxr-xr-x. 3 root root 18 Mar 16 22:48 lib64
/var/named/chroot/usr/lib6 4:
total 0
drwxr-xr-x. 2 root root 6 Jan 29 12:23 bind
/var/named/chroot/usr/lib6 4/bind:
total 0
/var/named/chroot/var:
total 0
drwxrwx---. 2 named named 6 Jan 29 12:23 log
drwxrwx--T. 6 root named 182 Mar 18 09:18 named
lrwxrwxrwx. 1 named named 6 Mar 16 22:48 run -> ../run
drwxrwx---. 2 named named 6 Jan 29 12:23 tmp
/var/named/chroot/var/log:
total 0
ls: /var/named/chroot/var/name d: not listing already-listed directory
/var/named/chroot/var/tmp:
total 0
/var/named/data:
total 152
-rw-r--r--. 1 named named 118993 Mar 18 09:18 named.run
-rw-r--r--. 1 named named 30055 Mar 17 03:23 named.run-20190317
/var/named/dynamic:
total 4
-rw-r--r--. 1 named named 720 Mar 17 21:52 3bed2cb3a3acf7b6a8ef408420 cc682d5520 e26976d354 254f528c96 5612054f.m keys
/var/named/slaves:
total 0
/var/named:
total 24
-rw-r--r--. 1 root root 351 Mar 16 21:51 2.168.192.db
drwxr-x---. 7 root named 61 Mar 16 22:48 chroot
-rw-r--r--. 1 root root 354 Mar 18 09:17 cioft.com.lan
drwxrwx---. 2 named named 49 Mar 17 03:23 data
drwxrwx---. 2 named named 84 Mar 18 09:18 dynamic
-rw-r-----. 1 root named 2281 May 22 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 6 Jan 29 12:23 slaves
/var/named/chroot:
total 0
drwxr-x---. 2 root named 44 Mar 16 22:48 dev
drwxr-x---. 4 root named 30 Mar 18 09:18 etc
drwxr-x---. 3 root named 19 Mar 16 22:48 run
drwxr-xr-x. 3 root root 19 Mar 16 22:48 usr
drwxr-x---. 5 root named 52 Mar 16 22:48 var
/var/named/chroot/dev:
total 0
crw-r--r--. 1 root root 1, 3 Mar 16 22:48 null
crw-r--r--. 1 root root 1, 8 Mar 16 22:48 random
crw-r--r--. 1 root root 1, 5 Mar 16 22:48 zero
/var/named/chroot/etc:
total 0
drwxr-x---. 2 root named 6 Jan 29 12:23 named
drwxr-x---. 3 root named 25 Mar 16 22:48 pki
/var/named/chroot/etc/name
total 0
/var/named/chroot/etc/pki:
total 0
drwxr-x---. 2 root named 6 Jan 29 12:23 dnssec-keys
/var/named/chroot/etc/pki/
total 0
/var/named/chroot/run:
total 0
drwxr-xr-x. 2 named named 6 Jan 29 12:23 named
/var/named/chroot/run/name
total 0
/var/named/chroot/usr:
total 0
drwxr-xr-x. 3 root root 18 Mar 16 22:48 lib64
/var/named/chroot/usr/lib6
total 0
drwxr-xr-x. 2 root root 6 Jan 29 12:23 bind
/var/named/chroot/usr/lib6
total 0
/var/named/chroot/var:
total 0
drwxrwx---. 2 named named 6 Jan 29 12:23 log
drwxrwx--T. 6 root named 182 Mar 18 09:18 named
lrwxrwxrwx. 1 named named 6 Mar 16 22:48 run -> ../run
drwxrwx---. 2 named named 6 Jan 29 12:23 tmp
/var/named/chroot/var/log:
total 0
ls: /var/named/chroot/var/name
/var/named/chroot/var/tmp:
total 0
/var/named/data:
total 152
-rw-r--r--. 1 named named 118993 Mar 18 09:18 named.run
-rw-r--r--. 1 named named 30055 Mar 17 03:23 named.run-20190317
/var/named/dynamic:
total 4
-rw-r--r--. 1 named named 720 Mar 17 21:52 3bed2cb3a3acf7b6a8ef408420
/var/named/slaves:
total 0
Provide output from following for best answers...
named -d -f
So you most probably need to update:
/var/named/chroot/etc/name d.conf
/var/named/chroot/var/....
Which does not look like it has been populated/configured, although timestamps seem to indicate it is used.
please configure that environment.
/var/named/chroot/etc/name
/var/named/chroot/var/....
Which does not look like it has been populated/configured, although timestamps seem to indicate it is used.
please configure that environment.
ASKER
[root@dns01 named]# named -d -f
named: debug level '-f' must be numeric
named: debug level '-f' must be numeric
ASKER
How do i populate this again. need some direction
So you most probably need to update:
/var/named/chroot/etc/name d.conf
/var/named/chroot/var/....
Which does not look like it has been populated/configured, although timestamps seem to indicate it is used.
please configure that environment.
So you most probably need to update:
/var/named/chroot/etc/name
/var/named/chroot/var/....
Which does not look like it has been populated/configured, although timestamps seem to indicate it is used.
please configure that environment.
Add in whatever debug level seems good.
Lowest value will work for this situation.
https://docstore.mik.ua/or elly/netwo rking/dnsb ind/ch12_0 1.htm
Full command will be something like...
Since you're running a chroot environment, your command may be different.
Lowest value will work for this situation.
https://docstore.mik.ua/or
Full command will be something like...
named -u bind -d 1 -f
Since you're running a chroot environment, your command may be different.
Note: You may find hosting your DNS records with GoDaddy will be far simpler, as GoDaddy is the cioft.com Registrar.
IN short: for a chroot environment to work:
chroot /var/named/chroot named -f ..
the tools need to be known inside the chroot as well..
which means that /var/named/chroot/etc/name d.conf is the config file.....
if in that config file the file /blabla/whatever.xyz is used then the file needs to be created as /var/named/chroot/blabla/w hatever.xy z
all files need to be ralative to the /var/named/chroot
I can;t find the named.conf file in the above set.
Also are we on one system? there is a DNS server runnning on 192.168.2.200
and the Question clearly states the DNS server failed to start....
(That would mean no answers...)
In your case you maybe able to chosse to run WITHOUT chroot.
chroot /var/named/chroot named -f ..
the tools need to be known inside the chroot as well..
which means that /var/named/chroot/etc/name
if in that config file the file /blabla/whatever.xyz is used then the file needs to be created as /var/named/chroot/blabla/w
all files need to be ralative to the /var/named/chroot
I can;t find the named.conf file in the above set.
Also are we on one system? there is a DNS server runnning on 192.168.2.200
and the Question clearly states the DNS server failed to start....
(That would mean no answers...)
In your case you maybe able to chosse to run WITHOUT chroot.
if memory serves, a chrooted named,
you would need the files in /var/named/chroot/var/name d
commonly to maintain a single copy, for root the files in /var/named are symvolic links to the ones in the chrooted environment.
when starting up, as root it loads the data from /var/named, then when it drops privileges to named or the restricted user, the reference drops to /var/named/chroot/var/name d
where it refreshes the files....
you would need the files in /var/named/chroot/var/name
commonly to maintain a single copy, for root the files in /var/named are symvolic links to the ones in the chrooted environment.
when starting up, as root it loads the data from /var/named, then when it drops privileges to named or the restricted user, the reference drops to /var/named/chroot/var/name
where it refreshes the files....
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Is there some reason BIND must run on this system? Very few systems have a need for it.