Re: DNS not resolving on google, but is on other services
On Feb 17, 2018, at 06:04, Reindl Haraldwrote: > "Is google just b0rked?" is mostly wrong to start with As I said, that seems unlikely. But the different behavior from multiple large DNS services was odd. > Delegation > > Failed to find name servers of david-dodge.com/IN. I may have been mucking with it then. Everything returns correct now except that the serial numbers don’t match on one server because the delegation has failed to sync. I’ll see if it clears on its own. -- This is my signature. There are many like it, but this one is mine. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving on google, but is on other services
On 2018-02-17 (02:48 MST), Niall O'Reillywrote: > > In my not-very-extensive experience, Google's 8.8.8.8 service seems to have > limited tolerance of badly-behaving authority servers; in such a case, it > seems to give up early and report SERVFAIL. > > As it happens, there seem to be problems with the set of authority servers > involved. > > You'll find more information at https://zonemaster.fr/test/932ded6946bfebb4 . Thank you for that, I got the missing server up and running and it all checks out now (Well, other than my servers are in the same IP block, which I cannot do anything about). I've never heard of zonemaster.fr before, so I've added it to my bookmarks. -- "His mother should have thrown him away and kept the stork." - Mae West ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving on google, but is on other services
Hi there, On Sat, 17 Feb 2018, LuKreme wrote: ... Is google just b0rked? ... You might need to look closer to home. You claim three nameservers, but it appears that they're all on the same network segment - a *really* bad idea - and one of them doesn't respond to DNS requests, using IPs located both here in the UK and way over in the western USA: 8<-- laptop3:~$ >>> dig www.david-dodge.com [snip] ;; ANSWER SECTION: www.david-dodge.com.86349 IN CNAME www.covisp.net. www.covisp.net. 86361 IN A 65.121.55.45 ;; AUTHORITY SECTION: covisp.net. 172119 IN NS ns2.covisp.net. covisp.net. 172119 IN NS ns3.covisp.net. covisp.net. 172119 IN NS ns1.covisp.net. [snip] 8<-- laptop3:~$ >>> dig @ns1.covisp.net -t any covisp.net [snip] ;; ANSWER SECTION: covisp.net. 86400 IN SOA ns1.covisp.net. root.covisp.net. 2018020300 14400 1800 1209600 3600 covisp.net. 172800 IN NS ns1.covisp.net. covisp.net. 172800 IN NS ns2.covisp.net. covisp.net. 172800 IN NS ns3.covisp.net. covisp.net. 172800 IN MX 10 mail.covisp.net. covisp.net. 86400 IN TXT "v=spf1 mx a ip4:65.121.55.42/32 -all" covisp.net. 86400 IN TXT "google-site-verification=6rB9Dkgu8_hfTbLiieRTAkvFitENOvyszmzoAu1N27U" covisp.net. 86400 IN A 65.121.55.42 ;; ADDITIONAL SECTION: ns1.covisp.net. 172800 IN A 65.121.55.42 ns2.covisp.net. 172800 IN A 65.121.55.43 ns3.covisp.net. 172800 IN A 65.121.55.45 mail.covisp.net.172800 IN A 65.121.55.42 [snip] 8<-- laptop3:~$ >>> dig @ns3.covisp.net -t any covisp.net ; <<>> DiG 9.10.3-P4-Debian <<>> @ns3.covisp.net -t any covisp.net ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached 8<-- However ns3 responds to 'ping' 8<-- laptop3:~$ >>> ping ns3.covisp.net PING ns3.covisp.net (65.121.55.45) 56(84) bytes of data. 64 bytes from www.covisp.net (65.121.55.45): icmp_seq=1 ttl=49 time=141 ms 64 bytes from www.covisp.net (65.121.55.45): icmp_seq=2 ttl=49 time=141 ms 64 bytes from www.covisp.net (65.121.55.45): icmp_seq=3 ttl=49 time=141 ms ... 8<-- Maybe the nameserver just isn't running? Perhaps you should look into one of the free DNS slave services. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving on google, but is on other services
On 16 Feb 2018, at 23:23, LuKreme wrote: > Is google just b0rked? (Seems unlikely) or is there something in the > configuration for the dns that they don't like? In my not-very-extensive experience, Google's 8.8.8.8 service seems to have limited tolerance of badly-behaving authority servers; in such a case, it seems to give up early and report SERVFAIL. As it happens, there seem to be problems with the set of authority servers involved. You'll find more information at https://zonemaster.fr/test/932ded6946bfebb4 . Best regards, Niall O'Reilly signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS not resolving on google, but is on other services
I have a domain that I host for a friend that he is not able to access suddenly. We thought it was SSL related, but after gettting more information his work computers are not getting an IP address (he can access it from home). I checked quadnines, openDNS, and google dns. The first two responded with the right IP and google timed out. OpenDNS 208.67.222.222 and 9.9.9.9 both respond: ;; ANSWER SECTION: www.david-dodge.com.86400 IN CNAME www.covisp.net. www.covisp.net. 86400 IN A 65.121.55.45 But googles 8.8.8.8 doesn't: ;; QUESTION SECTION: ;www.david-dodge.com. IN A ;; Query time: 5003 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Feb 16 15:27:10 MST 2018 ;; MSG SIZE rcvd: 48 Is google just b0rked? (Seems unlikely) or is there something in the configuration for the dns that they don't like? -- ADVANCE TO THE REAR! -- My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving for a particular domain only
In message <93595848.2099571.1503336849...@mail.yahoo.com>, U Zee writes: > Thanks Mark, > So mysteriously the problem is now gone and I have no idea how, I know > that I didn't change anything. > While investigating, I tried looking but didn't get anything in packet > capture on the recursive server, I think mainly because I had to grep for > something otherwise there was just too much traffic. So its possible, my > grep for lenovo didn't show related packets But I will never know now A single missing routing entry could have taken the site down. The delegation for lnvcdn.net only has 2 of the 4 nameservers listed and those 2 are in the same /24. There is a reason that it is recommended that there are multiple nameservers which are geographically and topologically dispersed are used and that both sides of the delegation have consistent NS and address records. It reduces the probability that single faults cause failures like this. Mark ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7439 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;lnvcdn.net.IN NS ;; AUTHORITY SECTION: lnvcdn.net. 172800 IN NS ns1.lnvcdn.net. lnvcdn.net. 172800 IN NS ns2.lnvcdn.net. A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20170825051539 20170818040539 57899 net. ZbkC2I24NO+y91E+sPWOADqbjsVpHfuFhnox5QfeuImFsL2z0x3X+UG6 Lt9emQ23VFesgs8+J1WQVjHHBuhvc1XdWG7jBpv3Tr776oBcSF5rrqMp zC5CjRIzOlojSVpNG3snkW0xfijBuOl51RzaKrSqKb2x/tcXWUWkHpDw ga8= 2K5T76ECDUK1RJEDVHKHNL0LCCENKMES.net. 86400 IN NSEC3 1 1 0 - 2K673TEK531CUGB8J9QHASJNDFOVU87L NS DS RRSIG 2K5T76ECDUK1RJEDVHKHNL0LCCENKMES.net. 86400 IN RRSIG NSEC3 8 2 86400 20170828050756 20170821035756 57899 net. s905nQwEBRv9cbVzZMWFLfb0Jnq/K+R32MJdnYa9CaPpJCtGIMzWkmPt yl7MKawRlhJE01n4ll4/4Grj3asVi5/LsrGSH7bjO9GkclWqsuxoeepl JrUh/UkZFw5qhnCvw1teWAPcZ6T93DBmq02c8UemFAYRrMO1ugbvHGQo QPw= ;; ADDITIONAL SECTION: ns1.lnvcdn.net. 172800 IN A 192.16.0.5 ns2.lnvcdn.net. 172800 IN A 192.16.0.6 ;; Query time: 257 msec ;; SERVER: 2001:503:d414::30#53(2001:503:d414::30) ;; WHEN: Tue Aug 22 09:45:04 AEST 2017 ;; MSG SIZE rcvd: 592 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22513 ;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;lnvcdn.net.IN NS ;; ANSWER SECTION: lnvcdn.net. 3600IN NS ns1.lnvcdn.net. lnvcdn.net. 3600IN NS ns3.lnvcdn.net. lnvcdn.net. 3600IN NS ns4.lnvcdn.net. lnvcdn.net. 3600IN NS ns2.lnvcdn.net. ;; ADDITIONAL SECTION: ns1.lnvcdn.net. 3600IN A 192.16.0.5 ns2.lnvcdn.net. 3600IN A 192.16.0.6 ns3.lnvcdn.net. 3600IN A 198.7.30.5 ns4.lnvcdn.net. 3600IN A 198.7.30.6 ;; Query time: 12 msec ;; SERVER: 192.16.0.5#53(192.16.0.5) ;; WHEN: Tue Aug 22 09:45:04 AEST 2017 ;; MSG SIZE rcvd: 175 > From: Mark Andrews <ma...@isc.org> > To: U Zee <uzee...@yahoo.com> > Cc: Grant Taylor <gtay...@tnetconsulting.net>; "bind-users@lists.isc.org" > <bind-us...@isc.org> > Sent: Monday, August 14, 2017 3:00 AM > Subject: Re: DNS not resolving for a particular domain only > > > In message <1396839156.197734.1502489970...@mail.yahoo.com>, U Zee via > bind-users writ > es: > > Thanks for the suggestion Grant. > > Here's what I get for the recursive server's capture: ( I queried from > > the recursive server itself from another ssh session so it is the client > > as well) > > > > # tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on > > eth0, link-type EN10MB (Ethernet), capture size 65535 bytes  > >  86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ > A? www.lenovo.com. (32) > >  86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ > A? www.lenovo.com. (32) > >  86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] > 12966 [1au] A? > > www.lenovo.com. ar: . OPT UDPsize=4096 OK (43) > >  193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A? > www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . > OPT UDPsize=4096 OK (76) > >  86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ > A? www.lenovo.com.
Re: DNS not resolving for a particular domain only
Thanks Mark, So mysteriously the problem is now gone and I have no idea how, I know that I didn't change anything. While investigating, I tried looking but didn't get anything in packet capture on the recursive server, I think mainly because I had to grep for something otherwise there was just too much traffic. So its possible, my grep for lenovo didn't show related packets But I will never know now From: Mark Andrews <ma...@isc.org> To: U Zee <uzee...@yahoo.com> Cc: Grant Taylor <gtay...@tnetconsulting.net>; "bind-users@lists.isc.org" <bind-us...@isc.org> Sent: Monday, August 14, 2017 3:00 AM Subject: Re: DNS not resolving for a particular domain only In message <1396839156.197734.1502489970...@mail.yahoo.com>, U Zee via bind-users writ es: > Thanks for the suggestion Grant. > Here's what I get for the recursive server's capture: ( I queried from > the recursive server itself from another ssh session so it is the client > as well) > > # tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on > eth0, link-type EN10MB (Ethernet), capture size 65535 bytes > 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? >www.lenovo.com. (32) > 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? >www.lenovo.com. (32) > 86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] 12966 >[1au] A? > www.lenovo.com. ar: . OPT UDPsize=4096 OK (43) > 193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A? >www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . OPT >UDPsize=4096 OK (76) > 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? >www.lenovo.com. (32) > 86.36.AA.BB.10224 > 86.36.DD.EE.domain: [badudp cksum 18c7!] 12721 [1au] >A? www.lenovo.com.ourdomain.com. ar: . OPT UDPsize=4096 OK (57) > 86.36.DD.EE.domain > 86.36.AA.BB.10224: [udp sum ok] 12721 NXDomain*- q: >A? www.lenovo.com.ourdomain.com. 0/1/1 ns: ourdomain.com. SOA >master.ourdomain.com. host-master.ourparentdomain.com. 138524105 900 450 >360 60 ar: . OPT UDPsize=4096 OK (138) > 86.36.AA.CC.domain > 86.36.AA.BB.45776: [udp sum ok] 34468 ServFail q: A? >www.lenovo.com. 0/0/0 (32) > > 86.36.AA.BB = localhost (our recursive server) where I ran the query and > capture > 86.36.AA.CC = our secondary recursive server (no idea why that was > contacted) > 86.36.DD.EE = our one of two anycast addresses which point to the > recursive servers > > > So it looks like we do get to the CNAME (4th line) but still it > fails...?I also tried a capture from a regular linux client but the > output was similar except that it didn't include the CNAME line. Well the next stage is to trace what happens when the recursive server looks for cs47.can.lnvcdn.net, the target of the CNAME. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving for a particular domain only
In message <1396839156.197734.1502489970...@mail.yahoo.com>, U Zee via bind-users writ es: > Thanks for the suggestion Grant. > Here's what I get for the recursive server's capture: ( I queried from > the recursive server itself from another ssh session so it is the client > as well) > > # tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on > eth0, link-type EN10MB (Ethernet), capture size 65535 bytes  >86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? > www.lenovo.com. (32) >86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? > www.lenovo.com. (32) >86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] 12966 > [1au] A? > www.lenovo.com. ar: . OPT UDPsize=4096 OK (43) >193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A? > www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . OPT > UDPsize=4096 OK (76) >  86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? > www.lenovo.com. (32) >86.36.AA.BB.10224 > 86.36.DD.EE.domain: [badudp cksum 18c7!] 12721 [1au] > A? www.lenovo.com.ourdomain.com. ar: . OPT UDPsize=4096 OK (57) >86.36.DD.EE.domain > 86.36.AA.BB.10224: [udp sum ok] 12721 NXDomain*- q: > A? www.lenovo.com.ourdomain.com. 0/1/1 ns: ourdomain.com. SOA > master.ourdomain.com. host-master.ourparentdomain.com. 138524105 900 450 > 360 60 ar: . OPT UDPsize=4096 OK (138)  >86.36.AA.CC.domain > 86.36.AA.BB.45776: [udp sum ok] 34468 ServFail q: A? > www.lenovo.com. 0/0/0 (32) > > 86.36.AA.BB = localhost (our recursive server) where I ran the query and > capture > 86.36.AA.CC = our secondary recursive server (no idea why that was > contacted) > 86.36.DD.EE = our one of two anycast addresses which point to the > recursive servers > > > So it looks like we do get to the CNAME (4th line) but still it > fails...?I also tried a capture from a regular linux client but the > output was similar except that it didn't include the CNAME line. Well the next stage is to trace what happens when the recursive server looks for cs47.can.lnvcdn.net, the target of the CNAME. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS not resolving for a particular domain only
Thanks for the suggestion Grant. Here's what I get for the recursive server's capture: ( I queried from the recursive server itself from another ssh session so it is the client as well) # tcpdump -v -v -nt -i eth0 udp port 53|grep lenovotcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.36143 > 193.108.91.79.domain: [bad udp cksum c63c!] 12966 [1au] A? www.lenovo.com. ar: . OPT UDPsize=4096 OK (43) 193.108.91.79.domain > 86.36.AA.BB.36143: [udp sum ok] 12966*- q: A? www.lenovo.com. 1/0/1 www.lenovo.com. CNAME cs47.can.lnvcdn.net. ar: . OPT UDPsize=4096 OK (76) 86.36.AA.BB.45776 > 86.36.AA.CC.domain: [bad udp cksum 8a1b!] 34468+ A? www.lenovo.com. (32) 86.36.AA.BB.10224 > 86.36.DD.EE.domain: [bad udp cksum 18c7!] 12721 [1au] A? www.lenovo.com.ourdomain.com. ar: . OPT UDPsize=4096 OK (57) 86.36.DD.EE.domain > 86.36.AA.BB.10224: [udp sum ok] 12721 NXDomain*- q: A? www.lenovo.com.ourdomain.com. 0/1/1 ns: ourdomain.com. SOA master.ourdomain.com. host-master.ourparentdomain.com. 138524105 900 450 360 60 ar: . OPT UDPsize=4096 OK (138) 86.36.AA.CC.domain > 86.36.AA.BB.45776: [udp sum ok] 34468 ServFail q: A? www.lenovo.com. 0/0/0 (32) 86.36.AA.BB = localhost (our recursive server) where I ran the query and capture 86.36.AA.CC = our secondary recursive server (no idea why that was contacted) 86.36.DD.EE = our one of two anycast addresses which point to the recursive servers So it looks like we do get to the CNAME (4th line) but still it fails...?I also tried a capture from a regular linux client but the output was similar except that it didn't include the CNAME line. Frankly I have no idea if this is giving any useful info. I did see that for other queries also I saw bad udp cksum messages so not sure if thats an actual problem. Do you see anything specific that might help us diagnose further? Thanks From: Grant Taylor via bind-users <bind-users@lists.isc.org> To: bind-users@lists.isc.org Sent: Friday, August 11, 2017 7:06 PM Subject: Re: DNS not resolving for a particular domain only On 08/11/2017 06:49 AM, U Zee via bind-users wrote: > Any ideas please??? I'm seeing different A records returned depending on where I query from. As such I can only speculate that something related to DNS for a CDN is not working as desired. I'd suggest a packet capture of the client's DNS traffic and possibly (if not likely) the client's recursive DNS server's traffic (related to the query.) -- Grant. . . . unix || die ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS not resolving for a particular domain only
Hi All, We are experiencing a weird issue for the past week or two. We run bind9 on RHEL/CentOS and one of our international offices that has their own auth and caching servers cannot resolve lenovo.com for some odd reason. If that office clients use google DNS it works but using their own DNS caching servers, it cant resolve. Commands dig and nslookup give a timeout. Although dig with trace is able to get to the final answer. Nothing in the logs indicate an issue. Also, this is the only address that cant resolve, everything else works fine. We've contacted the ISP to make sure nothing is being blocked or anything, and thats all clear. The network team has confirmed they haven't done anything on the edge devices or any firewall rule modifications which can cause it. Any ideas please???___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns not resolving
On 2013-11-11 12:11, S. Jeff Cold wrote: ... ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 22495 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;jeffdiss.org. IN A ... BIND's configuration file is : $TTL 3600 $ORIGIN jeffdiss.org. ; Start of Authority record defining the key characteristics of the zone (domain) @ IN SOA server1.jeffdiss.org. zonemaster.jeffdiss.org. ( ... ; mail server Resource Records (RR) for the domain 3w IN MX 10 mail.jeffdiss.org. ; domain hosts includes NS and MX records defined above plus any others required server1 IN A 192.168.1.50 server2 IN A 192.168.1.51 www IN A 192.168.1.51 ... Jeff, The above is not the configuration file. As others have pointed out, there is no way to know why a SERVFAIL was returned without that and other important information. But you will NEVER be able to resolve the name jeffdiss.org with the zone file you included. Why is that? Because you never defined an address for that name! That would require either an A record with a blank left hand side before all the other A records, or one with @ in the LHS. And speaking of missing A records, what is the IP address of mail.jeffdiss.org? Nobody will ever know, given this zone file. As Tom Lehrer famously said, life is like a sewer: what you get out of it depends on what you put into it. Same with DNS - only a bit more pleasant, one might hope. I hope this starts to help. Joe Yao ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dns not resolving
I have two DNS servers both running Debian Linux 7.2.0, BIND 9.8.4 in a private LAN. I set up an unregistered domain to see how things would run. When I run dig on the domain just to see if it will resolve, I get this error: ; DiG 9.8.4-rpz2+rl005.12-P1 jeffdiss.org ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 22495 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;jeffdiss.org.INA ;; Query time: 0 msec ;; SERVER: 192.168.1.50#53(192.168.1.50) ;; WHEN: Mon Nov 11 10:05:10 2013 ;; MSG SIZE rcvd: 30 BIND's configuration file is : $TTL3600 $ORIGIN jeffdiss.org. ; Start of Authority record defining the key characteristics of the zone (domain) @INSOAserver1.jeffdiss.org. zonemaster.jeffdiss.org. ( 2013110701; serial, todays date + serial num 7200; refresh, seconds 540; retry, seconds 604800; expire, seconds 86400 ; minimum, seconds ) ; name servers Resources Records (RR) for the domain INNSserver1.jeffdiss.org. ; the second name server INNSserver2.jeffdiss.org. ; mail server Resource Records (RR) for the domain 3wINMX 10mail.jeffdiss.org. ; domain hosts includes NS and MX records defined above plus any others required server1INA192.168.1.50 server2INA192.168.1.51 wwwINA192.168.1.51 This seems simple enough. I'm running dig from the primary DNS server itself and I'm thinking I should be able to get an answer for jeffdiss.org. Can someone point me in the right direction? Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns not resolving
On Nov 11, 2013, at 12:11 PM, S. Jeff Cold col...@uvu.edu wrote: I have two DNS servers both running Debian Linux 7.2.0, BIND 9.8.4 in a private LAN. I set up an unregistered domain to see how things would run. When I run dig on the domain just to see if it will resolve, I get this error: [ SERVFAIL ] This seems simple enough. I'm running dig from the primary DNS server itself and I'm thinking I should be able to get an answer for jeffdiss.org. Can someone point me in the right direction? You gave us the zone file. A copy of the named.conf and (better yet) any logging generated when you do the dig would be much more helpful. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns not resolving
If you have check-mx fail; in named.conf then the zone will not load and you will get SERVFAIL. The default is check-mx warn;. 12-Nov-2013 07:40:07.546 zone jeffdiss.org/IN: jeffdiss.org/MX 'mail.jeffdiss.org' has no address records (A or ) 12-Nov-2013 07:40:07.546 zone jeffdiss.org/IN: not loaded due to errors. I would check the log files on the server and address any errors/warnings reported then try again. Also be explicit when you want to check a master server and use @server to make sure you are talking to the machine you think you are and +norec so referrals are returned. Additionally you should show the relevent parts of named.conf when asking for help as the contents affect how named treats the zone. options { pid-file none; check-mx fail; }; zone jeffdiss.org { type master; file junk; }; Mark In message 8b04639343ffed47b61063517bd9b1f1296b5...@uvuexchmb1.ad.uvu.edu, S. Jeff Cold writes: I have two DNS servers both running Debian Linux 7.2.0, BIND 9.8.4 in a private LAN. I set up an unregistered domain to see how things would run. When I run dig on the domain just to see if it will resolve, I get this error: ; DiG 9.8.4-rpz2+rl005.12-P1 jeffdiss.org ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 22495 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;jeffdiss.org.INA ;; Query time: 0 msec ;; SERVER: 192.168.1.50#53(192.168.1.50) ;; WHEN: Mon Nov 11 10:05:10 2013 ;; MSG SIZE rcvd: 30 BIND's configuration file is : $TTL3600 $ORIGIN jeffdiss.org. ; Start of Authority record defining the key characteristics of the zone (domain) @INSOAserver1.jeffdiss.org. zonemaster.jeffdiss.org. ( 2013110701; serial, todays date + serial num 7200; refresh, seconds 540; retry, seconds 604800; expire, seconds 86400 ; minimum, seconds ) ; name servers Resources Records (RR) for the domain INNSserver1.jeffdiss.org. ; the second name server INNSserver2.jeffdiss.org. ; mail server Resource Records (RR) for the domain 3wINMX 10mail.jeffdiss.org. ; domain hosts includes NS and MX records defined above plus any others required server1INA192.168.1.50 server2INA192.168.1.51 wwwINA192.168.1.51 This seems simple enough. I'm running dig from the primary DNS server itself and I'm thinking I should be able to get an answer for jeffdiss.org. Can someone point me in the right direction? Jeff -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
my DNS not resolving
BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; DiG 9.5.0-P2 jatec.us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IST Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
On 29-Jan-2009, at 13:49, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: [...] ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Your domain doesn't appear to have been registered yet (or, perhaps, is registered but is simply not yet in the .us zone): ; DiG 9.5.0-P1 jatec.us @K.GTLD.BIZ ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 17247 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.biz. 2003490289 900 900 604800 86400 ;; Query time: 20 msec ;; SERVER: 156.154.72.65#53(156.154.72.65) ;; WHEN: Thu Jan 29 14:48:05 2009 ;; MSG SIZE rcvd: 91 When did you register the domain? How often does .us update their zone? Matt PGP.sig Description: This is a digitally signed message part ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: my DNS not resolving
$ whois jatec.us --snip-- Domain Status: inactive Name Server: ICEMAN.JATEC.US --snip-- Domain Registration Date:Fri Oct 03 21:05:39 GMT 2008 Domain Expiration Date: Fri Oct 02 23:59:59 GMT 2009 Domain Last Updated Date:Sun Nov 23 06:34:22 GMT 2008 --snip-- Check with your registrar. Your domain has not expired, but some registrars will set your domain to inactive status if you don't have at least two name servers listed. -rich On Jan 29, 2009, at 12:49 PM, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig jatec.us, I get: xx--begin pastexx iceman:/home/coldje # dig jatec.us ; DiG 9.5.0-P2 jatec.us ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 2074 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;jatec.us. IN A ;; AUTHORITY SECTION: us. 900 IN SOA a.gtld.biz. hostmaster.neustar.b iz. 2003490240 900 900 604800 86400 ;; Query time: 28 msec ;; SERVER: 205.171.3.65#53(205.171.3.65) ;; WHEN: Thu Jan 29 11:44:18 2009 ;; MSG SIZE rcvd: 91 xx--end paste-xx I don't think there's a problem with my zone files or my named.conf file. As the domain registrar, my ISP has a place for me to put the IP address for my server with the domain, but that's it.This URL works http://166.70.208.147/moodle/ , but http://www.jatec.us/moodle does not work. How can I get this to resolve? Jeff S. Jeff Cold, Associate Professor IST Dept., MS-181 Utah Valley University 800 W. University Pkwy. Orem, UT 84058-5999 (801) 863-8851 - office (801) 863-8522 - fax (801) 494-4793 - cell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users