Linux – nxdomain – host not found

binddomain-name-systemlinux

I have 2 domains in the same server(Linux). (The ip addresses are only examples)

server: 192.168.1.20
domain1: server1.example.com
domain2: server2.example.com

    cat /etc/resolv.conf 
    # Generated by NetworkManager
    search example.com
    nameserver 192.168.1.3
    nameserver 192.168.1.2

    cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

In my DNS server (bind), I have:

    $TTL 3D
    1.168.192.in-addr.arpa. IN SOA  ns1.example.com. root.example.com. (
      2007082126        ; Serial Number
      10800         ; Refresh after 3 hours
      3600          ; Retry after 1 hour
      604800            ; Expire after 1 week
      86400 )           ; Minimum TTL of 1 day

        IN NS   ns1.example.com.
        20  IN PTR  server1.example.com.
        20  IN PTR  server2.example.com.

Now, externally some servers can't resolve server2.example.com address but can resolve server1.

    $host server2.example.com
    Host server2.example.com not found: 3(NXDOMAIN)

    $host server1.example.com
    Host server1.example.com has address 192.168.1.20

When I use ip address:

    $host 192.168.1.20
    20.1.168.192.in-addr.arpa domain name pointer server1.example.com.
    20.1.168.192.in-addr.arpa domain name pointer server2.example.com.

When I use dig command:

    $ dig server2.example.com

    ; <<>> DiG 9.8.1-P1 <<>> server2.example.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5549
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;server2.example.com.       IN  A

    ;; AUTHORITY SECTION:
    example.com.        401 IN  SOA ns1.example.com. root.example.com. 2007111668 28800     7200 2419200 86400

    ;; Query time: 2 msec

dig command with google dns

    ; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 server2.example.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58750
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;server2.example.com.       IN  A

    ;; ANSWER SECTION:
    server2.example.com.    21599   IN  A   192.168.1.20

    ;; Query time: 93 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)

What could be the problem that is causing some locations to can't access server2.example.com giving them NXDOMAIN error ?

Thanks in advance

Best Answer

You only posted the reverse zone "1.168.192.in-addr.arpa.". It would be useful to check your "example.com" zone file and make sure the A record are present.

Posting an extract from the zone file will help. Knowing the actual domain will help troubleshooting. You might have some good reason not to share it.

Note: (sorry if already obvious to you)

Forward DNS record is when you look up a hostname and the response is an IP. A record are used.
Reverse DNS record is when you look up an IP and the response is a hostname.
The "host" command will automatically lookup the reverse when given an IP. With "dig" you need to use the "-x" option when looking up an ip (ie. "dig -x 192.168.1.1").

Concerning having multiple names pointing to the same IP. It is not recommended to have multiple PTR record pointing to same IP.

https://en.wikipedia.org/wiki/Reverse_DNS_lookup

Ideally you should have have one forward (A) and one reverse (PTR) for each IP. You can have two IP on one server, which might be the cleanest way if you are running two separate services. Obviously when dealing with public IP you often don't have that luxury.

People often use CNAME record for having multiple names pointing to the same IP. A CNAME is essentially a pointer to another name. For example:

example.org zone

server1 IN A 192.168.1.20

server2 CNAME server1.example.org.

1.168.192.in-addr.arpa. zone

20 IN PTR server1.example.org.

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.

You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.

To see if your BIND is configured correctly, try this:

dig example.test @192.168.1.52

BIND – How to Set Up Wildcard DNS

Your origin for the zone is . per your configuration. You are creating records for ns1. and ns2. instead of ns1.example.com. and ns2.example.com. Since ns1.example.com and ns2.example.com aren't defined, they are matched by the wildcard.

EDIT: here's an edit of your config and zone:

zone "example.com." {
        type master;
        file "ext.zone";
};

ext.zone:

$TTL    3600
@       IN      SOA     ns1 root (
                              1         ; Serial
                         3600         ; Refresh
                          300         ; Retry
                         3600         ; Expire
                         300 )        ; Negative Cache TTL


        IN      NS      ns1
        IN      NS      ns2
        IN      A       192.0.2.6


ns1     IN      A       192.0.2.4
ns2     IN      A       192.0.2.5

*      IN      A       192.0.2.6

Everything in the zone is relative to the zone name in the named configuration, so adding a second zone just points to the same file:

zone "example.net." {
    type master;
    file "ext.zone";
};

Best Answer

Related Solutions

Debian – Setting up a DNS name server for a mass virtual host with Bind9

BIND – How to Set Up Wildcard DNS

Related Topic