BIND not answering query

Question

I have fairly simple BIND setup on CentOS 5.5 (in a chrooted env) that handles DNS for two domains. I just added a third domain, but it's not working. It has to be something simple.

Here's an excerpt of my named.conf:

acl "trusted" {
        192.168.100.0/24;
        localhost;
};

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named.stats";
        zone-statistics yes;
        notify no;
        transfer-format many-answers;
        max-transfer-time-in 60;
        interface-interval 0;
        version "Not Available";

        forwarders {
         8.8.8.8;
         8.8.4.4;
        };

        allow-query {
                trusted;
        };
};

zone "." {
        type hint;
        file "named.root";
};

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
};

zone "localhost" {
        type master;
        file "localhost.zone";
};

zone "example.corp" {
        type master;
        file "example.corp.zone";
};

zone "tudy.it" {
        type master;
        notify no;
        file "tudy.it.zone";
};

And here's my tudy.it zone file:

$TTL    3600
$ORIGIN tudy.it.
@       3600    SOA     dns1.example.corp. sean.example.corp. (
                        2011030306      ; serial YYYYMMDDnn
                        24h             ; Refresh (24 hours)
                        2h              ; Retry (2 hours)
                        1000h           ; Expire (1000 hours)
                        2d )            ; Minimum (2 days)

       IN      NS      dns1.example.corp.

@               IN      A       192.168.100.40
s               IN      A       192.168.100.40

When I query the DNS server, I don't get an answer back:

$ dig @192.168.100.10 s.tudy.it ANY

; <<>> DiG 9.7.1-P2 <<>> @192.168.100.10 s.tudy.it ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64075
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;s.tudy.it.                     IN      ANY

;; Query time: 0 msec
;; SERVER: 192.168.100.10#53(192.168.100.10)
;; WHEN: Thu Mar  3 15:16:32 2011
;; MSG SIZE  rcvd: 27

I'm sure I'm missing something obvious. Any suggestions?

Check your logs for something like "not loaded due to errors". They usually accompany SERVFAIL. — Cakemox, Mar 03 '11 at 21:35
This would certainly fall under the realm of "something obvious," but have you reloaded the config since adding the zone file and changing named.conf? — Shane Madden, Mar 03 '11 at 21:23

score 1 · Accepted Answer · answered Mar 03 '11 at 21:35

1

Have you looked in /var/log/messages for any warnings/errors from named ? You can start named in the foreground and increase the debug level with

/usr/sbin/named -f -d 3 -t /path/to/chroot

and it will output messages to stdout.

answered Mar 03 '11 at 21:35

user9517

115,471
20
215
297

I had run named-checkconf successfully before reloading and everything _appeared_ fine. Lo and behold, hidden quietly in /var/log/messages: "one tudy.it/IN: loading master file tudy.it.zone: permission denied". I had created the zone file by hand and the group ownership was wrong. – organicveggie Mar 03 '11 at 22:12
1

It may also be helpful to momentarily log each and every query that BIND receives. This can be quickly turned on (and back off) without running BIND in the foreground by executing `rndc querylog`. It helped me to discover that the real reason for my non-working setup were malformed split view rules, because my queries were directed to a wrong view; it would likely be helpful while troubleshooting other SERVFAIL problems as well. – pinjaliina Apr 07 '21 at 13:30

BIND not answering query

1 Answers1