0

I have a DNS zone file with the following config :

$TTL    86400 
$ORIGIN example.com.

@       IN      SOA     ns1.example.com. dns.example.com. (
                 2014022604 ; Serial
                          1h ; Refresh
                         15m ; Retry
                          1w ; Expire
                          1h ; Negative Cache TTL
);

          IN      NS      ns1.example.com.
          IN      NS      ns6.gandi.net.
          IN      MX      10 mail
ns1       IN      A       192.0.2.1

After reloading bind, the following commands return :

> dig ns1.example.com
status: NOERROR, correct answer

> dig ns1.example.com @localhost
status: NOERROR, correct answer

> dig ns1.example.com @192.0.2.1
status: SERVFAIL, no answer

What is going on ? Is the config messed up ? Thanks.

manu_v
  • 133
  • 1
  • 5
  • Is your server's address really 1.1.1.1 (or if you changed it for confidentialyty matters, is the address right ?) – mveroone Feb 26 '14 at 10:11
  • Yes, changed for confidentiality. The IP address matches the one in the zone – manu_v Feb 26 '14 at 10:13
  • FYI : Please use correct IP blocks defined by RFC5737 when in need of a "documentation" address. To answer your question, are you able to trace communications with wireshark/tcpdump during the query ? Anything in bind's logs ? – mveroone Feb 26 '14 at 10:13
  • Are you sure bind is listening on 192.0.2.1? Most bind installs listen on `localhost` by default.. – NickW Feb 26 '14 at 10:16
  • Edited IP, thanks. Nothing in bind's logs (although the zone was broken ah hour ago, it's now fixed). I'll check tcpdump right now, however the server has no IP tables set up. – manu_v Feb 26 '14 at 10:16
  • Before you waste time on that, look at the `options{` stanza in `/etc/named.conf` what does the `listen-on port 53 {}` look like? – NickW Feb 26 '14 at 10:24
  • NickW : you are correct, and I'm silly. It listens only on localhost. I'll close this issue. – manu_v Feb 26 '14 at 10:25
  • No problems, sometimes a second pair of eyes helps:) – NickW Feb 26 '14 at 10:41

1 Answers1

0

Bind only listens on localhost port 53 by default. Output is normal.

manu_v
  • 133
  • 1
  • 5