| Summary: | net-dns/bind-9.7.1_p2 zones doesn't work | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Vicente Olivert Riera (RETIRED) <vincent> |
| Component: | [OLD] Server | Assignee: | BIND Maintainers (DISABLED) <bind+disabled> |
| Status: | RESOLVED INVALID | ||
| Severity: | major | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Vicente Olivert Riera (RETIRED)
2010-09-25 11:04:06 UTC
Please check your zone with e.g. named-checkzone. SERVFAIL usually points to a zone/config issue but what happens if you use bind-9.6.2_p2-r1? Is there anything else interesting in your logs? Maybe enable some debug options. (In reply to comment #1) > Please check your zone with e.g. named-checkzone. > SERVFAIL usually points to a zone/config issue Checking the named.conf ----------------------- atom ~ # named-checkconf No output. Everything ok. Checking carrosses.com zone (internal view) --------------------------------------------- atom ~ # named-checkzone carrosses.com /var/bind/pri/carrosses.com.internal /var/bind/pri/carrosses.com.internal:12: NS record '80.59.169.250' appears to be an address zone carrosses.com/IN: NS '80.59.169.250.carrosses.com' has no address records (A or AAAA) zone carrosses.com/IN: loaded serial 2010092401 OK Checking carrosses.com zone (external view) atom ~ # named-checkzone carrosses.com /var/bind/pri/carrosses.com /var/bind/pri/carrosses.com:12: NS record '80.59.169.250' appears to be an address zone carrosses.com/IN: NS '80.59.169.250.carrosses.com' has no address records (A or AAAA) zone carrosses.com/IN: loaded serial 2010030801 OK > but what happens if you use bind-9.6.2_p2-r1? Everything works fine. > Is there anything else interesting in your logs? If I make "ping router" , it works, and this is the log file: 25-Sep-2010 14:01:36.445 security: warning: client 127.0.0.1#56782: view internal: RFC 1918 response from Internet for 4.0.16.172.in-addr.arpa 25-Sep-2010 14:01:54.382 security: warning: client 127.0.0.1#37975: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:01:55.384 security: warning: client 127.0.0.1#39322: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:13.853 security: warning: client 127.0.0.1#54464: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:14.855 security: warning: client 127.0.0.1#47557: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:15.856 security: warning: client 127.0.0.1#59790: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:16.857 security: warning: client 127.0.0.1#48583: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:17.858 security: warning: client 127.0.0.1#54197: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa > Maybe enable some debug options. > Ok, so if bind-9.6.2_p2-r1 runs fine as well then its at least not a gentoo/configuration problem. Can you enable some debugging options in your logging conf? It might show us something interesting. Is it only the one zone? Can you show me the zone please? Or even better the whole config if possible. (In reply to comment #3) > Ok, so if bind-9.6.2_p2-r1 runs fine as well then its at least not a > gentoo/configuration problem. > > Can you enable some debugging options in your logging conf? It might show us > something interesting. This is my current logging configuration: #################### logging { channel default_syslog { file "/var/log/named/named.log" versions 3 size 5m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { default_syslog; }; }; #################### Do you want I change anything? > Is it only the one zone? Can you show me the zone please? I have two zones for one domain. One as internal (for my LAN) and one as external (for Internet) This is the configuration of the internal zone: filename: /var/bind/pri/carrosses.com.internal ########################## $TTL 2d @ IN SOA ns.carrosses.com. peratu.carrosses.com. ( 2010092401 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum carrosses.com. IN MX 0 correo.carrosses.com. carrosses.com. IN TXT "v=spf1 ip4:80.25.146.18/32 mx ptr mx:correo.carrosses.com ~all" carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS 80.59.169.250 www.carrosses.com. IN A 172.16.0.7 ns.carrosses.com. IN A 172.16.0.7 correo.carrosses.com. IN A 172.16.0.7 router.carrosses.com. IN A 172.16.0.1 ap.carrosses.com. IN A 172.16.0.2 cristian.carrosses.com. IN A 172.16.0.3 fujitsu.carrosses.com. IN A 172.16.0.4 ibook.carrosses.com. IN A 172.16.0.5 hp.carrosses.com. IN A 172.16.0.6 atom.carrosses.com. IN A 172.16.0.7 xbox.carrosses.com. IN A 172.16.0.8 ########################### This is the configuration of the external zone: filename: /var/bind/pri/carrosses.com ########################### $TTL 2d @ IN SOA ns.carrosses.com. peratu.carrosses.com. ( 2010030801 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum carrosses.com. IN MX 0 correo.carrosses.com. carrosses.com. IN TXT "v=spf1 ip4:80.25.146.18/32 mx ptr mx:correo.carrosses.com ~all" carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS 80.59.169.250 www.carrosses.com. IN A 80.25.146.18 ns.carrosses.com. IN A 80.25.146.18 correo.carrosses.com. IN A 80.25.146.18 ftp.carrosses.com. IN A 80.25.146.18 ssh.carrosses.com. IN A 80.25.146.18 ########################### And this is the bind configuration: filename: /etc/bind/named.conf ########################### options { directory "/var/bind"; listen-on-v6 { none; }; listen-on port 53 { 127.0.0.1; 172.16.0.7; }; pid-file "/var/run/named/named.pid"; }; view "internal" { match-clients { 172.16.0.0/24; localhost; }; recursion yes; zone "carrosses.com" { type master; file "pri/carrosses.com.internal"; allow-transfer { any; }; }; }; view "external" { match-clients { any; }; recursion no; zone "." IN { type hint; file "named.cache"; }; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; allow-update { none; }; notify no; }; zone "carrosses.com" { type master; file "pri/carrosses.com"; allow-query { any; }; allow-transfer { 80.59.169.250; }; }; zone "karl0sfx.net" IN { type slave; masters { 80.59.169.250; }; file "pri/karl0sfx.net"; allow-query { any; }; allow-transfer { 80.59.169.250; }; }; }; logging { channel default_syslog { file "/var/log/named/named.log" versions 3 size 5m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { default_syslog; }; }; ########################### Hm, works for me. I had to remove both "carrosses.com. IN NS 80.59.169.250" lines and then add "@ IN A xx.xx.xx.xx" as the named-checkzone already said. I even wonder that named started at all since a added a config check by running named-checkconf which fails in this case. Please fix your zones and try again, if this issue still occurs reopen the bug. (In reply to comment #6) > Hm, works for me. I had to remove both > "carrosses.com. IN NS 80.59.169.250" > lines and then add "@ IN A xx.xx.xx.xx" as the named-checkzone already said. > I even wonder that named started at all since a added a config check by running > named-checkconf which fails in this case. > Please fix your zones and try again, if this issue still occurs reopen the bug. > So..., for instance, in my carrosses.com file I have to replace this line: carrosses.com. IN NS 80.59.169.250 by this other: @ IN A 80.59.169.250 It's right? That means the same? 80.59.169.250 is my slave DNS. (In reply to comment #7) > So..., for instance, in my carrosses.com file I have to replace this line: > > carrosses.com. IN NS 80.59.169.250 > > by this other: > > @ IN A 80.59.169.250 > > It's right? > > That means the same? 80.59.169.250 is my slave DNS. > Oh, replace the @ by ns.carrosses.com., sorry. So in both zone files it has to be: carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS ns.karl0sfx.net. ns.carrosses.com. IN A <ip of the master> So you have two nameserver, one master and one slave. I assume the machine where your named is running is the master so add its ip to the third line of my example. The slave dns in this case would be "ns.karl0sfx.net." (replace it by the correct domain) An NS entry is usually a domain but in case its the same domain as the one from your zone file you have to define an A entry for it (ns... IN A ....). Ok, now it works. Thank you :-) (In reply to comment #9) > Ok, now it works. > Thank you :-) > You're welcome ;) |