ISPConfig 3.0.4.1 Bind9 & localhost SERVFAIL

Discussion in 'Installation/Configuration' started by chrisphotonic, Feb 2, 2012.

  1. chrisphotonic

    chrisphotonic New Member

    This has been driving me crazy, but I can't seem resolve anything on a virtual machine I've set up using the Ubuntu 10.04 LTS guide. I've only used the web gui to add the domain in. See below for what was generated.

    Brand new install. I've searched/replaced my domain name with webdesign.com.

    HTML Code:
    <pre>
    [email protected]:/etc/bind# dig @localhost webdesign.com

    ; <<>> DiG 9.7.0-P1 <<>> @localhost webdesign.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8212
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;webdesign.com. IN A

    ;; Query time: 151 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Feb 1 17:26:17 2012
    ;; MSG SIZE rcvd: 39
    </pre>

    [email protected]:/etc/bind# cat named.conf.local
    --empty--
    [email protected]:/etc/bind



    [email protected]:/etc/bind# cat named.conf.options
    options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk. See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    // 0.0.0.0;
    // };

    auth-nxdomain no; # conform to RFC1035
    listen-on-v6 { any; };
    };

    [email protected]:/etc/bind#

    [email protected]:/etc/bind# cat named.conf.default-zones
    // prime the server with knowledge of the root servers
    zone "." {
    type hint;
    file "/etc/bind/db.root";
    };

    // be authoritative for the localhost forward and reverse zones, and for
    // broadcast zones as per RFC 1912

    zone "localhost" {
    type master;
    file "/etc/bind/db.local";
    };

    zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
    };

    zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
    };

    zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
    };

    [email protected]:/etc/bind# cat pri.webdesign.com
    $TTL 3600
    @ IN SOA ns1.webdesign.com. webmaster.webdesign.com. (
    2012020105 ; serial, todays date + todays serial #
    7200 ; refresh, seconds
    540 ; retry, seconds
    604800 ; expire, seconds
    86400 ) ; minimum, seconds
    ;

    86400 CNAME core
    * 86400 CNAME core
    core 86400 A 74.208.64.241
    ns1.webdesign.com 86400 A 74.208.123.123
    ns2.webdesign.com 86400 A 74.208.123.123 (keeping them the same for testing)

    Any ideas? I have another virtual machine with 10.4 LTS and the same version of ISPConfig. No issues.

    I'm also seeing this in the syslog:

    Feb 1 18:07:35 webcenter4-v1 named[9607]: client 74.212.25.205#34128: query (cache) 'webdesign.com/A/IN' denied
     
  2. chrisphotonic

    chrisphotonic New Member

    [solution]

    Ok, so always add:

    ns1 and ns2 as an A record even though you set their IP with your registar, AND you have them listed as an NS server in ISP.

    OI...



    $TTL 3600
    @ IN SOA ns1.webdesign.com. webmaster.webdesign.com. (
    2012020103 ; serial, todays date + todays serial #
    7200 ; refresh, seconds
    540 ; retry, seconds
    604800 ; expire, seconds
    86400 ) ; minimum, seconds
    ;

    mail 3600 A 74.208.64.123
    ns1 86400 A 74.208.71.123
    ns2 86400 A 74.208.71.123
    webdesign.com. 3600 A 74.208.64.123
    webdesign.com. 3600 MX 10 mail.webdesign.com.
    webdesign.com. 3600 NS ns1.webdesign.com.
    webdesign.com. 3600 NS ns2.webdesign.com.
     

Share This Page