DNS servfail

[wcsing]

Hi everyone,

Just install Debian 6 with desktop and perfect server, setup a client in ISP (3.0.4.1) and a zone by DNS wizard. But when i check the DNS with nslookup and it shown SERVFAIL:

================================================== ===
root@ci1:/home/terry# nslookup
> server 10.0.1.150
Default server: 10.0.1.150
Address: 10.0.1.150#53
> tadj.com
Server: 10.0.1.150
Address: 10.0.1.150#53

** server can't find tadj.com.tadj.com: SERVFAIL
================================================== ====
check the following files and it seem OK, can some one tell me what should i try?

IN /etc/bind/named.cond
...........
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
............


IN /etc/bind/named.conf.options
....................................
// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035

listen-on-v6 { any; };
......................................


IN /etc/bind/named.conf.local
..................
zone "tadj.com" {
type master;
allow-transfer {none;};
file "/etc/bind/pri.tadj.com";
};
...................


in /etc/bind/named.conf.default-zones
..............................................
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
..................................................


and there is full records in /etc/bind/pri.tadj.com
................................
$TTL 3600
@ IN SOA ci1.tadj.com. terry.computerinstruments.com.au. (
2011122501 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

mail 3600 A 123.243.65.181
tadj.com. 3600 A 123.243.65.181
tadj.com. 3600 MX 10 mail.tadj.com.
tadj.com. 3600 NS ci1.tadj.com.
tadj.com. 3600 NS ns1.telstra.net.
www 3600 A 123.243.65.181
...................................

also netstat as;

oot@ci1:/home/terry# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:10024 *:* LISTEN 1487/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 2705/master
tcp 0 0 *:mysql *:* LISTEN 2248/mysqld
tcp 0 0 *op3 *:* LISTEN 2720/dovecot
tcp 0 0 *:imap2 *:* LISTEN 2720/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 788/portmap
tcp 0 0 *:ftp *:* LISTEN 2652/pure-ftpd (SER
tcp 0 0 ci1.tadj.com:domain *:* LISTEN 1326/named
tcp 0 0 localhost.locald:domain *:* LISTEN 1326/named
tcp 0 0 *:ssh *:* LISTEN 2251/sshd
tcp 0 0 localhost.localdoma:ipp *:* LISTEN 1871/cupsd
tcp 0 0 *:smtp *:* LISTEN 2705/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 1326/named
tcp 0 0 *:imaps *:* LISTEN 2720/dovecot
tcp 0 0 *:35553 *:* LISTEN 800/rpc.statd
tcp 0 0 *op3s *:* LISTEN 2720/dovecot
tcp6 0 0 [::]:http-alt [::]:* LISTEN 1500/apache2
tcp6 0 0 [::]:www [::]:* LISTEN 1500/apache2
tcp6 0 0 [::]:tproxy [::]:* LISTEN 1500/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 2652/pure-ftpd (SER
tcp6 0 0 [::]:domain [::]:* LISTEN 1326/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 2251/sshd
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN 1871/cupsd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 1326/named
tcp6 0 0 [::]:https [::]:* LISTEN 1500/apache2
root@ci1:/home/terry#

Thanks.

[falko]

What's in /etc/bind/named.conf.local?

What's the output of

Code:

dig @localhost tadj.com

?

[wcsing]

in /etc/bind/named.conf.local:
..................................................
zone "tadj.com" {
type master;
allow-transfer {none;};
file "/etc/bind/pri.tadj.com";
};

-------------------------------------------------------------
root@ci1:/home/terry# dig @localhost tadj.com

; <<>> DiG 9.7.3 <<>> @localhost tadj.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36391
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tadj.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Dec 27 10:09:26 2011
;; MSG SIZE rcvd: 26

root@ci1:/home/terry#

Thanks

[falko]

What are the outputs of

Code:

netstat -uap

and

Code:

iptables -L

?

[wcsing]

root@ci1:/home/terry# netstat -uap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 ci1.tadj.com:46127 uneeda.telstra.n:domain ESTABLISHED 19856/firefox-bin
udp 0 0 ci1.tadj.com:49199 uneeda.telstra.n:domain ESTABLISHED 19856/firefox-bin
udp 0 0 ci1.tadj.com:domain *:* 1313/named
udp 0 0 localhost.locald:domain *:* 1313/named
udp 0 0 *:965 *:* 789/rpc.statd
udp 0 0 *:mdns *:* 1261/avahi-daemon:
udp 0 0 *:39149 *:* 1261/avahi-daemon:
udp 0 0 *:sunrpc *:* 774/portmap
udp 0 0 *:ipp *:* 1920/cupsd
udp 0 0 ci1.tadj.com:ntp *:* 2514/ntpd
udp 0 0 localhost.localdoma:ntp *:* 2514/ntpd
udp 0 0 *:ntp *:* 2514/ntpd
udp 0 0 *:48395 *:* 789/rpc.statd
udp 0 0 ci1.tadj.com:56482 uneeda.telstra.n:domain ESTABLISHED 19856/firefox-bin
udp6 0 0 [::]:domain [::]:* 1313/named
udp6 0 0 [::]:48713 [::]:* 1261/avahi-daemon:
udp6 0 0 [::]:mdns [::]:* 1261/avahi-daemon:
udp6 0 0 fe80::213:72ff:feb4:ntp [::]:* 2514/ntpd
udp6 0 0 ip6-localhost:ntp [::]:* 2514/ntpd
udp6 0 0 [::]:ntp [::]:* 2514/ntpd


root@ci1:/home/terry# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (15 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:imaps
PAROLE tcp -- anywhere anywhere tcp dptop3s
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:tproxy
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:mysql
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-dovecot-pop3imap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-pureftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
root@ci1:/home/terry#

Thanks

[falko]

Looks ok. Can you post your FULL /etc/bind/named.conf here (not sure if what you posted in your first post was the full file)?

[wcsing]

Quote:

Originally Posted by falko

Looks ok. Can you post your FULL /etc/bind/named.conf here (not sure if what you posted in your first post was the full file)?

Sure, here is my /etc/bind/named.local:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/bind/named.conf" 11L, 463C 1,1 All

[falko]

I see you didn't create an A record for ci1.tadj.com - maybe that is the problem.

[wcsing]

Add A record and reboot server, but same error.

IN /etc/bind/pri.tadj.com:

$TTL 3600
@ IN SOA ci1.tadj.com. terry.computerinstruments.com.au. (
2011123101 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

ci1.tadj.com 86400 A 123.243.65.181
mail 3600 A 123.243.65.181
tadj.com. 3600 A 123.243.65.181
tadj.com. 3600 MX 10 mail.tadj.com.
tadj.com. 3600 NS ci1.tadj.com.
tadj.com. 3600 NS ns1.telstra.net.
www 3600 A 123.243.65.181

~
~
~
"/etc/bind/pri.tadj.com" 17L, 705C 1,1 All

root@ci1:/home/terry# dig @localhost tadj.com

; <<>> DiG 9.7.3 <<>> @localhost tadj.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44142
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tadj.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 31 10:05:05 2011
;; MSG SIZE rcvd: 26

Will it help if we reinstall ISP3 ?

Falko; Happy New Year to you and your family. (many thanks for all the help). Terry Dec/2011.

[falko]

Quote:

ci1.tadj.com 86400 A 123.243.65.181

You forgot the dot. It must either be

Code:

ci1.tadj.com. 86400 A 123.243.65.181

or

Code:

ci1 86400 A 123.243.65.181

Quote:

Falko; Happy New Year to you and your family. (many thanks for all the help). Terry Dec/2011.

Thanks a lot, I wish the same to you and your family.