Glue Records, Bind9 and Ubuntu 11.10 – DNS Server not Responding

binddomain-name-systemdomainsglue-record

I'm attempting to create a DNS server to serve copies of a zone for 'example.com'.

Preamble:

The current setup includes:

  • Ubuntu 11.10
  • Bind9
  • Apache 2

I have created Glue records at the registrar level, that resemble:

  1. ns1.example.com A x.x.x.x
  2. ns2.example.com A x.x.x.x

UFW has an exception for port 53.

The Problem

After installing Bind9, I have configured named.conf.local, named.conf.options (using Google DNS as my forwarders) and created a zone file (db.example.com) for my domain.

Upon testing my configuration via IntoDNS, no A record seems to be appearing, and I receive a slew of errors, including:

ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
x.x.x.x

The above error seems to be a recurring issue, even indicated via a tracert provided by Network Tools:

DNS server returned an error: Name server failed

Requesting a Resolution

So, what am I doing wrong? Why aren't my provided nameservers reachable?

I've followed numerous guides with no avail, any suggestions, resources or advice would be greatly appreciated.

Best Answer

can you show that your named instance is listening on the external interfaces like so;

[root@someserver ~]# netstat -lnp | grep ":53 "
tcp        0      0 123.123.123.213:53       0.0.0.0:*       LISTEN      27989/named
udp        0      0 123.123.123.123:53       0.0.0.0:*                   27989/named

also that you are able to query the local nameserver using dig (from bind-utils package);

# dig @localhost example.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> @localhost example.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35676
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.                   IN      A

;; ANSWER SECTION:
example.com.            172800  IN      A       192.0.43.10

;; AUTHORITY SECTION:
example.com.            172800  IN      NS      b.iana-servers.net.
example.com.            172800  IN      NS      a.iana-servers.net.

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 26 03:45:20 2012
;; MSG SIZE  rcvd: 93

(i am not familiar with UFW) but the docs indicate that something like this should dump your running firewall;

# sudo ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
Related Topic