0

I'm attempting to create a DNS server to serve copies of a zone for 'example.com'.

Preamble:

The current setup includes:

  • Ubuntu 11.10
  • Bind9
  • Apache 2

I have created Glue records at the registrar level, that resemble:

  1. ns1.example.com A x.x.x.x
  2. ns2.example.com A x.x.x.x

UFW has an exception for port 53.

The Problem

After installing Bind9, I have configured named.conf.local, named.conf.options (using Google DNS as my forwarders) and created a zone file (db.example.com) for my domain.

Upon testing my configuration via IntoDNS, no A record seems to be appearing, and I receive a slew of errors, including:

ERROR: One or more of your nameservers did not respond: The ones that did not respond are: x.x.x.x

The above error seems to be a recurring issue, even indicated via a tracert provided by Network Tools:

DNS server returned an error: Name server failed

Requesting a Resolution

So, what am I doing wrong? Why aren't my provided nameservers reachable?

I've followed numerous guides with no avail, any suggestions, resources or advice would be greatly appreciated.

Drew
  • 1
  • 1
  • 2

2 Answers2

1

can you show that your named instance is listening on the external interfaces like so;

[root@someserver ~]# netstat -lnp | grep ":53 "
tcp        0      0 123.123.123.213:53       0.0.0.0:*       LISTEN      27989/named
udp        0      0 123.123.123.123:53       0.0.0.0:*                   27989/named

also that you are able to query the local nameserver using dig (from bind-utils package);

# dig @localhost example.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> @localhost example.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35676
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.                   IN      A

;; ANSWER SECTION:
example.com.            172800  IN      A       192.0.43.10

;; AUTHORITY SECTION:
example.com.            172800  IN      NS      b.iana-servers.net.
example.com.            172800  IN      NS      a.iana-servers.net.

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 26 03:45:20 2012
;; MSG SIZE  rcvd: 93

(i am not familiar with UFW) but the docs indicate that something like this should dump your running firewall;

# sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
Tom
  • 11,176
  • 5
  • 41
  • 63
  • well if that ip is accurate, then your nameserver is up and available, because I can query it. Whats the domain name? – Tom May 26 '12 at 11:18
  • Hi Tom, See [link](http://pastebin.com/pXfDT56C) for listening instances. See [link](http://pastebin.com/H4yZ05VS) for dig responses. See [link](http://pastebin.com/7ZZ4fuKX) for the db zone file. See [link](http://pastebin.com/LYX2gYei) for the UFW status. Hope this helps, thank's for the response! – Drew May 26 '12 at 11:22
  • the problem seems to be in the zone configuration because you would expect the dig to have an answer field, but its returning SERVFAIL, id: 4530 – Tom May 26 '12 at 11:28
  • try to run the following command as root on the nameserver `named-checkconf /etc/named.conf ` – Tom May 26 '12 at 11:29
  • Running: named-checkconf /etc/named.conf, produces: `root@xen:/etc/bind# named-checkconf /etc/named.conf none:0: open: /etc/named.conf: file not found` I didn't believe named.conf had to be in /etc/, I currently have it in /etc/bind/named.conf? /etc/bind/named.conf currently serves as a controller, it includes named.conf.local which includes the zone definition(s). – Drew May 26 '12 at 11:35
  • try `named-checkconf` alone, to see if its finding your `named.conf` automatically, and then try `named-checkconf /etc/bind/named.conf` to test your file syntax – Tom May 26 '12 at 11:37
  • Strange, it produces no results? As in, nothing appears? – Drew May 26 '12 at 11:40
  • thats the good sign. – Tom May 26 '12 at 11:42
  • basically if the zone was not configured locally, I would expect `dig @localhost xxxyyyzzz.com` to produce `NXDOMAIN` in the response, however as its producing `SERVFAIL` then config has loaded but has an error – Tom May 26 '12 at 11:52
  • try temporarily setting `recursion yes` in your `named.conf` like so; `options { directory "/etc"; pid-file "/var/run/named/named.pid";` recursion yes; }; – Tom May 26 '12 at 11:56
1

Assumming that tcp/udp connectivity to port 53 on the server is not blocked...

The default BIND named.conf is for a DNS to work "as a caching only nameserver (as a localhost DNS resolver only)"

To turn that into a public DNS server, you may apply some of these according to your needs:

  • list on any ip, by default it only listens in localhost
  • allow-query from any
  • recursion no, transfer none

.

...

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;
        allow-transfer { none; };

        dnssec-enable yes;
        dnssec-validation auto;

        auth-nxdomain no; # conform to RFC1035

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};


...

include "/etc/named/named.conf.local";
Jose Manuel Gomez Alvarez
  • 133
  • 6