DNS Troubleshooting – Why DNS Won’t Work Despite Following Tutorial

binddomain-name-systemlinuxtroubleshootingunix

If anyone can help me troubleshoot this, I would very much appreciate it!!

The tests work. It's just that when I do the manual ping/nslookup test, nothing is working.
By the way, I followed everything in this tutorial.

This is my /etc/bind/zones/master/main.com.db file:

;
; BIND data file for main.com
;
$TTL    604800
@       IN      SOA     main.com. info.main.com. (
                            2007011501         ; Serial
                                  7200         ; Refresh
                                   120         ; Retry
                               2419200         ; Expire
                                604800)        ; Default TTL
;
@       IN      NS      ns1.main.com.
@       IN      NS      ns2.main.com.
main.com.    IN      MX      10      mail.main.com.
main.com.    IN      A       174.143.182.58
www                     IN      CNAME   main.com.
mail                    IN      A       174.143.182.58
ftp                     IN      CNAME   main.com.
main.com.            IN      TXT     "v=spf1 ip4:174.143.182.58 a mx ~all"
mail                    IN      TXT     "v=spf1 a -all"

This is my reverse DNS (/etc/bind/zones/master/174.143.182.rev) file:

$TTL 1d ;
$ORIGIN 182.143.174.IN-ADDR.ARPA.
@       IN      SOA     ns1.main.com.   info.main.com. (
                                       2007011501
                                       7200
                                       120
                                       2419200
                                       604800
)
        IN      NS      ns1.main.com.
        IN      NS      ns2.main.com.
1       IN      PTR     ns1.main.com.
2       IN      PTR     ns2.main.com.

This is my named.conf.local file for BIND:

zone "main.com" {
       type master;
       file "/etc/bind/zones/master/main.com.db";
};

zone "182.143.174.IN-ADDR.ARPA" {
       type master;
       file "/etc/bind/zones/master/174.143.182.58.rev";
};

When I do my named-checkzones, it works.

named-checkzone main.com main.com.db
zone main.com/IN: NS 'ns1.main.com' has no address records (A or AAAA)
zone main.com/IN: NS 'ns2.main.com' has no address records (A or AAAA)
zone main.com/IN: loaded serial 2007011501
OK

However, something is wrong when I restart BIND9.

/etc/init.d/bind9 restart
Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused
.
Starting domain name service...: bind9.

When I do a ping test, it does not work:

ping ns1.main.com
PING ns1.main.com (72.16.146.146) 56(84) bytes of data.
64 bytes from ns1.main.com (72.16.146.146): icmp_seq=1 ttl=52 time=20.0 ms

I expect the ping test to show my IP (174.143.182.58) instead of 72.16.146.146.

I even tried to edit my resolve.conf to the same IP:

nameserver      174.143.182.58

If anyone can help figure out why it's not detecting my own IP when I ping it…please help me!

Best Answer

You haven't got A records for your nameservers ns1.main.com and ns2.main.com. The named-checkzones hasn't worked as it is warning you that you haven't got A records for your nameservers:

zone main.com/IN: NS 'ns1.main.com' has no address records (A or AAAA)

zone main.com/IN: NS 'ns2.main.com' has no address records (A or AAAA)

So you need to add the following to your main.com.db file:

ns1           IN    A    174.143.182.1
ns2           IN    A    174.143.182.2

Without these glue records the whole thing won't work.

Also your SOA record for main.com is wrong. It should be:

@       IN      SOA     ns1.main.com. info.main.com.

It didn't fail in the named-checkzones because you have a main.com A record and BIND assumed that was the name server record.

Related Solutions

Web-server – How to setup Bind9 on ubuntu as a nameserver

Do you have the zone pointed to your DNS server at the registrar level? A dig +trace ns1.myhostingdomain.com should give you some more information as well as the output from cat /etc/resolv.conf

Global Reverse DNS look-ups not working

You've set it up correctly on your server, but your server is not marked as authoritative for 123.5.253.159.in-addr.arpa. Your reverse DNS is managed by your ISP (the whole 5.253.159.in-addr.arpa zone):

; <<>> DiG 9.7.3-P3 <<>> ns 5.253.159.in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43579
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;5.253.159.in-addr.arpa.        IN  NS

;; ANSWER SECTION:
5.253.159.in-addr.arpa. 86010   IN  NS  ns3.uxw.nl.
5.253.159.in-addr.arpa. 86010   IN  NS  ns4.uxw.nl.

You have 2 solutions to solve that:

ask your ISP to define the 123.5.253.159.in-addr.arpa record for you on their DNS (ns3.uxw.nl and ns4.uxw.nl),
ask your ISP to delegate the 123.5.253.159.in-addr.arpa record to your server, as per the RFC 2317, this is just a matter of defining a CNAME pointing to a new record on a new zone on your DNS (you then have to define this special zone on your DNS, your ISP will tell you how to name this new zone).

First solution is probably the quickest, but if you change your server's name in the future, you've got to ask them to change it again. Second solution is the most flexible, if your ISP is willing to support RFC 2317. If your ISP is providing you with more than a single address, reverse DNS can be delegated for all of them (the whole range) so you can be in charge. I'd recommend you to ask for that.

This similar question is worth reading.

Trivia: a few years ago (5, or 10 years back), some people were advocating against RFC-2317, because some DNS clients couldn't handle the reverse queries well. However, I don't think that is relevant anymore, RFC-2317 exists for about 15 years now.

Best Answer

Related Solutions

Web-server – How to setup Bind9 on ubuntu as a nameserver

Global Reverse DNS look-ups not working

Related Topic