0

I have a very strange intermittent issue with BIND. I am running a redhat server (although my Gentoo boxes do the same thing periodically) and every once in awhile if you change the zone file in any way, it suddenly wont respond to queries. When you try: 

dig @DNSServer localDomainHostName

it give you NXDOMAIN for a status. Now this has been happening for years, and it always seems to fix itself at some point, but it always seems to take different things to fix it.

One time I just had to change the owner of the file MYDOMAIN.db and MYDOMAIN.db.jnl to named:named from root:root. But for example today, that didn't do it. I know that my configuration is OK, since it has worked for months now without a hitch (they all do). But then I add one extra static A record to my MYDOMAIN.db file, and suddenly the whole thing stops responding to any localdomain queries. While still serving its forwarding role just fine.

What makes it even more confounding is that it doesnt seem to matter whether I use the redhat GUI for DNS, or if I use VI to edit the file in a bash prompt. Or which OS I'm using. Its one of the most elusive and annoying problems I have ever encountered.

Has anyone else ever encountered anything like what I'm talking about, or know any tricks to see where the system might be getting caught? Its starting to become annoying to have to just keep spending random afternoons resetting everything and messing with every file in sight until suddenly out of the blue it starts working again.

dynamphorous
  • 276
  • 1
  • 2
  • 13
  • Anything of interest in the nameserver logs? – voretaq7 Apr 06 '11 at 18:30
  • Thats I think the strangest part. Its supposed to be (well I think that I understand what i'm reading here) saving debugging information into a file named named.run. But when I try to locate that file, I see nothing. And there is nothing in /var/log or /var/named/chroot/var/log/ which references the named server. I guess that is definitely the right first step, but I'm just confused as to why there is no logging at all. – dynamphorous Apr 06 '11 at 18:44
  • Definitely check the logs. One of the things I always hated about bind is that if anything was wrong with a zone file, it'd bury a message about the error in the log and just run without loading the file. bind uses syslog for logging so the messages are probably in /var/log/messages or /var/log/daemon.log or the like – DerfK Apr 06 '11 at 18:45
  • Check your bind configuration files and make sure logging is enabled (If it isn't, enable it ; if it is that will also tell you where the log messages are going) – voretaq7 Apr 06 '11 at 18:46
  • Now I'm more confused than before. Voretaq I think that you are right about "enabling" the logging. However I just found (using the damnable GUI redhat provides) that it doesnt think that my /var/named/chroot/var/log folder is writable. So the whole time my logging has been directed to a non writable folder, which does explain allot. Since I have tried both root:named and named:named for owners, who is supposed to own that folder for it to be writable by my named deamon? – dynamphorous Apr 06 '11 at 18:49
  • Oh and i have definitely confirmed with a tail -f check (and of course some judicious dig @ing) that there is no named logging taking place in /var/log/messages. – dynamphorous Apr 06 '11 at 18:52
  • So I finally did get my logs redirected to stderr (I will deal with the "no write permissions" thing later) and now it does give a comprehensive restarting analisys. One thing that I noticed was a little odd was it told me that the journal rollforward failed: journal out of sync with zone. But no matter what logging level I set it too it doesnt seem to record when I try to dig @DNSServer – dynamphorous Apr 06 '11 at 19:08

1 Answers1

1

Well in this particular instance the problem was the lack of sync between the MYDOMAIN.db and MYDOMAIN.db.jnl. So getting rid of the jnl file allowed it to all work again. Its very odd to me that the jnl file somehow got out of sync. If there is a better way to add static hosts than just straight up modification of the MYDOMAIN.db file (or using the redhat GUI) I would love to know about it! But for now my problem is solved. Thank you for your help Voretaq7, and DerfK! I appreciate your time!

dynamphorous
  • 276
  • 1
  • 2
  • 13