BIND 9 issue

[dolmax]

I have recently installed ISPConfig 3 in a new server. The system was OK after the installation, but when I have physically installed it in the data center, I have realized that external DNSs responses were not functioning. I have parked two separate domains on the server and added some A and CNAME records using ISPconfig interface. Server does not respond to external queries. Just for your information, the version installed is 3.0.3.3 and the WAN interface is on the DMZ (so no port forwarding is required). I can confirm that, the prior server (an ISPconfig 2 machine) had no issues using the existing configuration.

I have used the following different installations when trying to localize the problem. Just to make sure that I was not doing any mistakes I have installed and checked each configuration separately.

The Perfect Server – Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3]
The Perfect Server – Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]

In all of these cases, BIND queries failed. Later I have discovered that during boot I receive BIND related errors. When I use /etc/init.d/bind9 restart, it looks like the service is running, but again no response on the outside.

Could this be a specific BIND bug related to current version?

Thanx,
Hakan

[till]

Please post the error messages that you get in the syslog when you restart bind.

[dolmax]

Dear Till,

Please omit the "boot up DNS error" part in my previous message. That was my fault. In one of the installations I have included some parameters in /etc/bind/named.conf.local file. Those errors were related to that.

Still, the server does not respond to queries outside.

Need help? Any suggestions would do fine.

Have you receive a BIND related issue in near future. I strongly believe that this related to the recent BIND update.

Thanks,
Hakan

[till]

Please post the output of:

netstat -tap

and the content of the named.conf file

[dolmax]

I have revised the domain name into "mydomain.com" and the real IP as "X.X.X.X".

netstat -tap output

Quote:

root@debian:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1831/mysqld
tcp 0 0 *:submission *:* LISTEN 2337/master
tcp 0 0 *:sunrpc *:* LISTEN 1046/portmap
tcp 0 0 *:ftp *:* LISTEN 2352/pure-ftpd (SER
tcp 0 0 debian.mydomain.:domain *:* LISTEN 1720/named
tcp 0 0 localhost:domain *:* LISTEN 1720/named
tcp 0 0 *:ssh *:* LISTEN 1692/sshd
tcp 0 0 *:smtp *:* LISTEN 2337/master
tcp 0 0 localhost:953 *:* LISTEN 1720/named
tcp 0 0 *:59360 *:* LISTEN 1058/rpc.statd
tcp 0 0 localhost:10024 *:* LISTEN 2103/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 2337/master
tcp 0 0 debian.mydomain.com:ssh 10.0.5.250:38242 ESTABLISHED 4282/0
tcp6 0 0 [::]op3 [::]:* LISTEN 1405/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1410/couriertcpd
tcp6 0 0 [::]:http-alt [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:www [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:tproxy [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 2352/pure-ftpd (SER
tcp6 0 0 [::]:domain [::]:* LISTEN 1720/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 1692/sshd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1720/named
tcp6 0 0 [::]:https [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:imaps [::]:* LISTEN 1406/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 1407/couriertcpd

named.conf

Quote:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

named.conf.local

Quote:

zone "mydomain.com" {
type master;
allow-query { any;};
allow-transfer {none;};
file "/etc/bind/pri.mydomain.com";
};

pri.mydomain.com

Quote:

@ IN SOA ns1.mydomain.com. admin.mydomain.com. (
2011102303 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

mydomain.com. 86400 A X.X.X.X
mydomain.com. MX 10 mail.mydomain.com.
mydomain.com. NS ns1.mydomain.com.
mydomain.com. NS ns2.mydomain.com.
mail 86400 A X.X.X.X
ns1 86400 A X.X.X.X
www 86400 A X.X.X.X

[till]

There ais a dns A-Record for ns2 missing. Please add a ns2 A-Record in the zone mydomain.com.

Then check if you are you able to resolve the domain when you run this command on the server:

dig @localhost mydomain.com

If yes, then the problem might be either a closed firewall (please post the output of "iptables -L") or BIND is configured in /etc/bind/named.conf.options to not answer external queries.

[dolmax]

Quote:

root@debian:~# dig @localhost mydomain.com

; <<>> DiG 9.7.3 <<>> @localhost mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 27 12:12:43 2011
;; MSG SIZE rcvd: 33

This is the output. This is exactly what my problem is. Everything looks OK in the configuration files, the BIND service look OK, but no query response.

[till]

Restart bind, then take a look into the syslog. You will find messages there which dns zones were skipped during start due to errors in the configuration.