6

I have a BIND server running on Ubuntu that is failing to lookup www.microsoft.com or any records at Microsoft. All other domains like google.com and yahoo.com seem to be working just fine. I am looking for some suggestions on how to improve logging to figure out why BIND is having problems with this domain.

I already am capturing the query channel into the default_syslog and see the queries coming to the server, but I don't see the result of the efforts of the BIND server in trying to find the IP address of these names.

Symptoms

> ping www.microsoft.com fails on lookup, indicates host is not found

> dig @A.B.C.D www.microsoft.com also times out, where A.B.C.D is the IP address of this internal DNS server.

other queries seem to work fine

At this time, I am using db.root for the root servers and have no forwarders setup in this configuration. I would expect this server to be determining the root servers of microsoft.com and then being able to find the records from there. Thank you for any suggestions on how to improve logging detail in BIND and where to look for the log messages.

KodeTitan
  • 881
  • 2
  • 10
  • 15
  • 1
    I have run `rndc trace 9` to open up debugging and I have found the default_debug file at /var/cache/bind/named.run which has detailed logging. When I look a little more closely at the DNS log entries, I see for microsoft.com queries, the log is showwing `request failed: duplicate query`. I don't know what this might be, but wanted to add more information. – KodeTitan Jan 02 '12 at 16:35
  • What does "dig +trace www.microsoft.com" say? – Michael McNally Oct 23 '12 at 18:56

2 Answers2

14

How to see what's going on:

  • To view what the server is doing live, if you have rndc configured run rndc trace x (where x is the debugging level you want to view).

  • To view what the server is doing live without rndc you'll have to run the server in foreground mode named -g -d x (where x is again is the debug level).

  • To configure logging to a file, open named.conf and edit/add a logging section such as:

    logging {
        channel default_file {
                file "/var/log/named.log" size 10m;
                severity info;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
        category default{ default_file; };
};

    Note that this configures the logging for "info" level and higher. This dumps quite a bit of information for a live server. Possible values include "extra", "debug", "info", "error", "fatal", and "dynamic" (a value for -d must be provided on the command line for dynamic).

What's wrong with your server:

Your server is looping back to itself while trying to recursively resolve the domain. Since this is only happening for one domain that you know if, it's likely a problem in your hosts file or in your named.conf file (probably the latter).

Getting request failed: duplicate query is almost always a problem with a forwarders directive that loops back to the server or something similar.

Rufflewind
  • 103
  • 4
Chris S
  • 77,945
  • 11
  • 124
  • 216
1

This may be a cache problem. Have you tried to flush cache?

rndc flush # all entries

rndc flushname microsoft.com # all entries for microsoft.com supported from bind 9.3
Adam Zalcman
  • 780
  • 5
  • 19
Fabio
  • 11
  • 1
  • I had already tried this with no luck for this issue. I was not aware of the `flushname` option, but even this didn't help. The only thing that gets this domain working is to setup forwarders for this DNS server which then lets queries find microsoft.com resources. – KodeTitan Jan 03 '12 at 18:54