3

I am making an Authoritative DNS for a new site. The site responds nicely to all pings and most digs on its IP address, however rejects anything to its domain name. I would presume this is due to a DNS forwarding problem, but I can't make heads or tails of it. I'm hoping that someone with greater wisdom than I will see the answer. It should be noted that I am the server are on the same network.

In short (jk), here are my symptoms:

Edits
I had guessed that my first problem was related to the Forward Zone file (/exe/bind/db.example.com). TIFFolk confirmed this and suggested that I add a line of code as noted below. All of the pings and digs work as would be expected now. I have left the old ping/dig results for anyone else who may be experiencing the same problems.

At this point I don't know how to put it more formaly, but the remaining problem is that the site can not be called by domain name in a browser.

Content of /exe/bind/db.example.com:

$TTL    604800
@               IN      SOA    box.example.com. root.example.com. (
                              4         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@               IN      NS      box.example.com.
                IN      A       1.2.3.4   ;box ip, suggested by TIFFolk
box             IN      A       192.168.1.64
localhost       IN      A       127.0.0.1
www             IN      CNAME   box.

Old information

Output of dig -x 127.0.0.1:

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6189
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.                IN      PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 604800  IN      PTR     localhost.

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa.   604800  IN      NS      box.example.com.

;; ADDITIONAL SECTION:
box.example.com. 604800 IN  A       192.168.1.64

;; Query time: 0 msec
;; SERVER: 192.168.1.64#53(192.168.1.64)
;; WHEN: Tue Nov 24 00:08:59 2009
;; MSG SIZE  rcvd: 120

Output of dig 1.2.3.4 (global IP address or network IP address):

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27762
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.2.3.4.                        IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2009112301 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 128.107.241.184#53(128.107.241.184)
;; WHEN: Mon Nov 23 21:09:13 2009
;; MSG SIZE  rcvd: 107

Output of dig example.com - (previously timed out):

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52478
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.                 IN      A

;; AUTHORITY SECTION:
example.com.          604800  IN      SOA     box.example.com.             root.example.com. 4 604800 86400 2419200 604800

;; Query time: 0 msec
;; SERVER: 192.168.1.64#53(192.168.1.64)
;; WHEN: Mon Nov 23 23:56:45 2009
;; MSG SIZE  rcvd: 86

Output of ping 1.2.3.4 (same result for local network, global IP address, or localhost)

PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data.
(pings)
--- 1.2.3.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.012/0.015/0.020/0.004 ms

Output of ping example.com <--- still the main problem

ping: unknown host example.com

and just for fun: content of resolv.conf:

search example.com
nameserver 127.0.0.1
nameserver 192.168.1.64

Some Suggested Stuff

The following 3 digs all had the same result:
dig @1.2.3.4 (server ip)
dig @127.0.0.1 example.com
dig @box example.com

; <<>> DiG 9.6.1-P1 <<>> @box example.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Content of /etc/bind/db.local - (unaltered from Ubuntu defaults):

$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
            w              86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1

Output of nslookup example.com (from a comp inside the ns' netowrk)

Server:         127.0.0.1
Address:        127.0.0.1#53

Name:   example.com
Address: 1.2.3.4

Output of nslookup example.com (from a comp outside the ns' network)

;; Got SERVFAIL reply from 68.238.64.12, trying next server
;; Got SERVFAIL reply from 68.238.96.12, trying next server
;; connection timed out; no servers could be reached

Output of nslookup example.com 192.168.1.64:

Server:         192.168.1.64
Address:        192.168.1.64#53

Name:   example.com
Address: 1.2.3.4
Peter Mortensen
  • 2,318
  • 5
  • 23
  • 24
storm
  • 89
  • 2
  • 3
  • 12

2 Answers2

1

You should be using dig @ip-of-server to ensure that the server in question is the one being queried. I.e., if you want to query the server running on localhost, use

dig @127.0.0.1 example.com

If you don't provide @server, dig consults /etc/resolv.conf and fires off a query to every server, then responds with whatever server answers first.

As for what the problem is with the server, it's not clear to me from your post what the exact problem is.

Rudedog
  • 732
  • 5
  • 9
0

To begin with, 127.0.0.1 does not answer your queries.

Your zone file willl respond to

box.example.com

not to example.com

You have to add:

        IN      A       your_server_ip

If you want your dns to respond to example.com

Anyway, show db.local, then restart bind9 and cat syslog | grep named

TiFFolk
  • 1,077
  • 3
  • 15
  • 25
  • hello again. the extra line of code fixed everything as far as I can tell, except I still can't find the site when I go into a browser. I added db.local above, but entering "cat syslog | grep named" gave me a "No such file or directory" error. – storm Nov 24 '09 at 19:33
  • syslog) /var/log/syslog – TiFFolk Nov 24 '09 at 20:43
  • this should do it. http://pastebin.com/md242916 – storm Nov 24 '09 at 21:37
  • Work normally, so 192.168.1.64 this is your PC. 16 CPU omg O_o, this is 4 sockets machine? Show `nslookup example.com 127.0.0.1` and `nslookup example.com 192.168.1.64` – TiFFolk Nov 24 '09 at 22:18
  • yeah, company just got it and its dead without TIFFolk. I'm appending the results above. – storm Nov 24 '09 at 22:23
  • So OK, your server resolves domain, what the problem then? – TiFFolk Nov 24 '09 at 23:12
  • it will not resolve in the browser, and given the good command line results I'm rather surprised. although ive noticed that I can not ping or dig the site by name when I'm outside the network. – storm Nov 24 '09 at 23:33
  • Your browser is on the same PC as DNS server or it is on the other one? – TiFFolk Nov 24 '09 at 23:42
  • different. I'm working through ssh. The syslog is from a server, I'm working on a pc. – storm Nov 24 '09 at 23:47
  • i've added the adjusted nslookups (same results) and had a computer outside the network do an nslookup on the site as well (no server could be reached). – storm Nov 25 '09 at 00:20
  • The problem appears to be that my ISP is blocking traffic. I found out using the Open Port Tool that can be found here: http://www.dyndns.com/support/kb/why_cant_i_connect_to_my_server.html I will follow up with the final results. – storm Nov 25 '09 at 02:16
  • The problem is tha, your DNS server's I is private: 192.168.x.x . These addresses aren't routed across internet. So you have to buy external static IP from your ISP – TiFFolk Nov 25 '09 at 10:04
  • Then that should be all that I can do until I take it to the collocation facility. Thank you so very much. – storm Nov 25 '09 at 20:29