#1  
Old 24th October 2011, 15:23
dolmax dolmax is offline
Member
 
Join Date: Mar 2008
Posts: 33
Thanks: 2
Thanked 0 Times in 0 Posts
Default BIND 9 issue

I have recently installed ISPConfig 3 in a new server. The system was OK after the installation, but when I have physically installed it in the data center, I have realized that external DNSs responses were not functioning. I have parked two separate domains on the server and added some A and CNAME records using ISPconfig interface. Server does not respond to external queries. Just for your information, the version installed is 3.0.3.3 and the WAN interface is on the DMZ (so no port forwarding is required). I can confirm that, the prior server (an ISPconfig 2 machine) had no issues using the existing configuration.

I have used the following different installations when trying to localize the problem. Just to make sure that I was not doing any mistakes I have installed and checked each configuration separately.

The Perfect Server – Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3]
The Perfect Server – Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]

In all of these cases, BIND queries failed. Later I have discovered that during boot I receive BIND related errors. When I use /etc/init.d/bind9 restart, it looks like the service is running, but again no response on the outside.

Could this be a specific BIND bug related to current version?

Thanx,
Hakan
Reply With Quote
Sponsored Links
  #2  
Old 24th October 2011, 16:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,269 Times in 4,130 Posts
Default

Please post the error messages that you get in the syslog when you restart bind.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 26th October 2011, 14:16
dolmax dolmax is offline
Member
 
Join Date: Mar 2008
Posts: 33
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Dear Till,

Please omit the "boot up DNS error" part in my previous message. That was my fault. In one of the installations I have included some parameters in /etc/bind/named.conf.local file. Those errors were related to that.

Still, the server does not respond to queries outside.

Need help? Any suggestions would do fine.

Have you receive a BIND related issue in near future. I strongly believe that this related to the recent BIND update.

Thanks,
Hakan
Reply With Quote
  #4  
Old 26th October 2011, 16:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,269 Times in 4,130 Posts
Default

Please post the output of:

netstat -tap

and the content of the named.conf file
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 26th October 2011, 16:51
dolmax dolmax is offline
Member
 
Join Date: Mar 2008
Posts: 33
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I have revised the domain name into "mydomain.com" and the real IP as "X.X.X.X".

netstat -tap output
Quote:
root@debian:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 1831/mysqld
tcp 0 0 *:submission *:* LISTEN 2337/master
tcp 0 0 *:sunrpc *:* LISTEN 1046/portmap
tcp 0 0 *:ftp *:* LISTEN 2352/pure-ftpd (SER
tcp 0 0 debian.mydomain.:domain *:* LISTEN 1720/named
tcp 0 0 localhost:domain *:* LISTEN 1720/named
tcp 0 0 *:ssh *:* LISTEN 1692/sshd
tcp 0 0 *:smtp *:* LISTEN 2337/master
tcp 0 0 localhost:953 *:* LISTEN 1720/named
tcp 0 0 *:59360 *:* LISTEN 1058/rpc.statd
tcp 0 0 localhost:10024 *:* LISTEN 2103/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 2337/master
tcp 0 0 debian.mydomain.com:ssh 10.0.5.250:38242 ESTABLISHED 4282/0
tcp6 0 0 [::]op3 [::]:* LISTEN 1405/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1410/couriertcpd
tcp6 0 0 [::]:http-alt [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:www [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:tproxy [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 2352/pure-ftpd (SER
tcp6 0 0 [::]:domain [::]:* LISTEN 1720/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 1692/sshd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1720/named
tcp6 0 0 [::]:https [::]:* LISTEN 2114/apache2
tcp6 0 0 [::]:imaps [::]:* LISTEN 1406/couriertcpd
tcp6 0 0 [::]op3s [::]:* LISTEN 1407/couriertcpd
named.conf
Quote:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
named.conf.local
Quote:
zone "mydomain.com" {
type master;
allow-query { any;};
allow-transfer {none;};
file "/etc/bind/pri.mydomain.com";
};
pri.mydomain.com
Quote:
@ IN SOA ns1.mydomain.com. admin.mydomain.com. (
2011102303 ; serial, todays date + todays serial #
28800 ; refresh, seconds
7200 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

mydomain.com. 86400 A X.X.X.X
mydomain.com. MX 10 mail.mydomain.com.
mydomain.com. NS ns1.mydomain.com.
mydomain.com. NS ns2.mydomain.com.
mail 86400 A X.X.X.X
ns1 86400 A X.X.X.X
www 86400 A X.X.X.X
Reply With Quote
  #6  
Old 26th October 2011, 17:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,269 Times in 4,130 Posts
Default

There ais a dns A-Record for ns2 missing. Please add a ns2 A-Record in the zone mydomain.com.

Then check if you are you able to resolve the domain when you run this command on the server:

dig @localhost mydomain.com

If yes, then the problem might be either a closed firewall (please post the output of "iptables -L") or BIND is configured in /etc/bind/named.conf.options to not answer external queries.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 27th October 2011, 11:17
dolmax dolmax is offline
Member
 
Join Date: Mar 2008
Posts: 33
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
root@debian:~# dig @localhost mydomain.com

; <<>> DiG 9.7.3 <<>> @localhost mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58912
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 27 12:12:43 2011
;; MSG SIZE rcvd: 33
This is the output. This is exactly what my problem is. Everything looks OK in the configuration files, the BIND service look OK, but no query response.
Reply With Quote
  #8  
Old 27th October 2011, 11:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,269 Times in 4,130 Posts
 
Default

Restart bind, then take a look into the syslog. You will find messages there which dns zones were skipped during start due to errors in the configuration.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Hardy chrooted bind9 fails to start Djamu Server Operation 35 21st April 2010 08:28
Bind / IPTABLES issue ybz Installation/Configuration 4 2nd November 2009 13:22
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Problem on restart bind9 satimis Server Operation 6 30th October 2007 02:01
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 14:50


All times are GMT +2. The time now is 07:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.