HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Installation/Configuration (
-   -   BIND 9 issue (

dolmax 24th October 2011 16:23

BIND 9 issue
I have recently installed ISPConfig 3 in a new server. The system was OK after the installation, but when I have physically installed it in the data center, I have realized that external DNSs responses were not functioning. I have parked two separate domains on the server and added some A and CNAME records using ISPconfig interface. Server does not respond to external queries. Just for your information, the version installed is and the WAN interface is on the DMZ (so no port forwarding is required). I can confirm that, the prior server (an ISPconfig 2 machine) had no issues using the existing configuration.

I have used the following different installations when trying to localize the problem. Just to make sure that I was not doing any mistakes I have installed and checked each configuration separately.

The Perfect Server Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3]
The Perfect Server Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]

In all of these cases, BIND queries failed. Later I have discovered that during boot I receive BIND related errors. When I use /etc/init.d/bind9 restart, it looks like the service is running, but again no response on the outside.

Could this be a specific BIND bug related to current version?


till 24th October 2011 17:48

Please post the error messages that you get in the syslog when you restart bind.

dolmax 26th October 2011 15:16

Dear Till,

Please omit the "boot up DNS error" part in my previous message. That was my fault. In one of the installations I have included some parameters in /etc/bind/named.conf.local file. Those errors were related to that.

Still, the server does not respond to queries outside.

Need help? Any suggestions would do fine.

Have you receive a BIND related issue in near future. I strongly believe that this related to the recent BIND update.


till 26th October 2011 17:10

Please post the output of:

netstat -tap

and the content of the named.conf file

dolmax 26th October 2011 17:51

I have revised the domain name into "" and the real IP as "X.X.X.X".

netstat -tap output

root@debian:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1831/mysqld
tcp 0 0 *:submission *:* LISTEN 2337/master
tcp 0 0 *:sunrpc *:* LISTEN 1046/portmap
tcp 0 0 *:ftp *:* LISTEN 2352/pure-ftpd (SER
tcp 0 0 debian.mydomain.:domain *:* LISTEN 1720/named
tcp 0 0 localhost:domain *:* LISTEN 1720/named
tcp 0 0 *:ssh *:* LISTEN 1692/sshd
tcp 0 0 *:smtp *:* LISTEN 2337/master
tcp 0 0 localhost:953 *:* LISTEN 1720/named
tcp 0 0 *:59360 *:* LISTEN 1058/rpc.statd
tcp 0 0 localhost:10024 *:* LISTEN 2103/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 2337/master
tcp 0 0 ESTABLISHED 4282/0
tcp6 0 0 [::]:pop3 [::]:* LISTEN 1405/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1410/couriertcpd
tcp6 0 0 [::]:http-alt [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:www [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:tproxy [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 2352/pure-ftpd (SER
tcp6 0 0 [::]:domain [::]:* LISTEN 1720/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 1692/sshd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1720/named
tcp6 0 0 [::]:https [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:imaps [::]:* LISTEN 1406/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 1407/couriertcpd

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

zone "" {
type master;
allow-query { any;};
allow-transfer {none;};
file "/etc/bind/";

@ IN SOA (
2011102303 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
; 86400 A X.X.X.X MX 10 NS NS
mail 86400 A X.X.X.X
ns1 86400 A X.X.X.X
www 86400 A X.X.X.X

till 26th October 2011 18:22

There ais a dns A-Record for ns2 missing. Please add a ns2 A-Record in the zone

Then check if you are you able to resolve the domain when you run this command on the server:

dig @localhost

If yes, then the problem might be either a closed firewall (please post the output of "iptables -L") or BIND is configured in /etc/bind/named.conf.options to not answer external queries.

dolmax 27th October 2011 12:17


root@debian:~# dig @localhost

; <<>> DiG 9.7.3 <<>> @localhost
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

; IN A

;; Query time: 0 msec
;; WHEN: Thu Oct 27 12:12:43 2011
;; MSG SIZE rcvd: 33
This is the output. This is exactly what my problem is. Everything looks OK in the configuration files, the BIND service look OK, but no query response.

till 27th October 2011 12:20

Restart bind, then take a look into the syslog. You will find messages there which dns zones were skipped during start due to errors in the configuration.

All times are GMT +2. The time now is 11:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.