I have a net-dns/bind-9.6.2_p2 working perfectly for my internal and external zones. When I upgrade to the latest stable version in portage main tree (net-dns/bind-9.7.1_p2) my zones stop working anymore. I can resolv external domains, like google.com , gentoo.org , etc. But any domain of my zones doesn't work. This is a small part of the named.log when I make "ping router" , that should resolve to 172.16.0.1: ############################### 25-Sep-2010 12:45:28.953 query-errors: debug 1: client 127.0.0.1#36115: view internal: query failed (SERVFAIL) for router.carrosses.com/IN/A at query.c:3912 25-Sep-2010 12:45:29.013 query-errors: debug 1: client 80.58.172.17#24497: view external: query failed (SERVFAIL) for router.carrosses.com/IN/A at query.c:3912 25-Sep-2010 12:45:32.011 query-errors: debug 1: client 80.58.173.142#57826: view external: query failed (SERVFAIL) for router.carrosses.com/IN/A at query.c:3912 25-Sep-2010 12:45:37.011 query-errors: debug 1: client 127.0.0.1#37348: view internal: query failed (SERVFAIL) for router.carrosses.com/IN/A at query.c:3912 25-Sep-2010 12:45:37.592 query-errors: debug 1: client 80.58.172.19#27346: view external: query failed (SERVFAIL) for router.carrosses.com/IN/A at query.c:3912 ############################### Reproducible: Always Steps to Reproduce: 1. upgrade to net-dns/bind-9.7.1_p2 2. follow the instructions of ebuild messages after installation 3. restart the server (/etc/init.d/named restart) 4. try to resolve any domain of YOUR zones
Please check your zone with e.g. named-checkzone. SERVFAIL usually points to a zone/config issue but what happens if you use bind-9.6.2_p2-r1? Is there anything else interesting in your logs? Maybe enable some debug options.
(In reply to comment #1) > Please check your zone with e.g. named-checkzone. > SERVFAIL usually points to a zone/config issue Checking the named.conf ----------------------- atom ~ # named-checkconf No output. Everything ok. Checking carrosses.com zone (internal view) --------------------------------------------- atom ~ # named-checkzone carrosses.com /var/bind/pri/carrosses.com.internal /var/bind/pri/carrosses.com.internal:12: NS record '80.59.169.250' appears to be an address zone carrosses.com/IN: NS '80.59.169.250.carrosses.com' has no address records (A or AAAA) zone carrosses.com/IN: loaded serial 2010092401 OK Checking carrosses.com zone (external view) atom ~ # named-checkzone carrosses.com /var/bind/pri/carrosses.com /var/bind/pri/carrosses.com:12: NS record '80.59.169.250' appears to be an address zone carrosses.com/IN: NS '80.59.169.250.carrosses.com' has no address records (A or AAAA) zone carrosses.com/IN: loaded serial 2010030801 OK > but what happens if you use bind-9.6.2_p2-r1? Everything works fine. > Is there anything else interesting in your logs? If I make "ping router" , it works, and this is the log file: 25-Sep-2010 14:01:36.445 security: warning: client 127.0.0.1#56782: view internal: RFC 1918 response from Internet for 4.0.16.172.in-addr.arpa 25-Sep-2010 14:01:54.382 security: warning: client 127.0.0.1#37975: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:01:55.384 security: warning: client 127.0.0.1#39322: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:13.853 security: warning: client 127.0.0.1#54464: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:14.855 security: warning: client 127.0.0.1#47557: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:15.856 security: warning: client 127.0.0.1#59790: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:16.857 security: warning: client 127.0.0.1#48583: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa 25-Sep-2010 14:02:17.858 security: warning: client 127.0.0.1#54197: view internal: RFC 1918 response from Internet for 1.0.16.172.in-addr.arpa > Maybe enable some debug options. >
Ok, so if bind-9.6.2_p2-r1 runs fine as well then its at least not a gentoo/configuration problem. Can you enable some debugging options in your logging conf? It might show us something interesting. Is it only the one zone? Can you show me the zone please?
Or even better the whole config if possible.
(In reply to comment #3) > Ok, so if bind-9.6.2_p2-r1 runs fine as well then its at least not a > gentoo/configuration problem. > > Can you enable some debugging options in your logging conf? It might show us > something interesting. This is my current logging configuration: #################### logging { channel default_syslog { file "/var/log/named/named.log" versions 3 size 5m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { default_syslog; }; }; #################### Do you want I change anything? > Is it only the one zone? Can you show me the zone please? I have two zones for one domain. One as internal (for my LAN) and one as external (for Internet) This is the configuration of the internal zone: filename: /var/bind/pri/carrosses.com.internal ########################## $TTL 2d @ IN SOA ns.carrosses.com. peratu.carrosses.com. ( 2010092401 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum carrosses.com. IN MX 0 correo.carrosses.com. carrosses.com. IN TXT "v=spf1 ip4:80.25.146.18/32 mx ptr mx:correo.carrosses.com ~all" carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS 80.59.169.250 www.carrosses.com. IN A 172.16.0.7 ns.carrosses.com. IN A 172.16.0.7 correo.carrosses.com. IN A 172.16.0.7 router.carrosses.com. IN A 172.16.0.1 ap.carrosses.com. IN A 172.16.0.2 cristian.carrosses.com. IN A 172.16.0.3 fujitsu.carrosses.com. IN A 172.16.0.4 ibook.carrosses.com. IN A 172.16.0.5 hp.carrosses.com. IN A 172.16.0.6 atom.carrosses.com. IN A 172.16.0.7 xbox.carrosses.com. IN A 172.16.0.8 ########################### This is the configuration of the external zone: filename: /var/bind/pri/carrosses.com ########################### $TTL 2d @ IN SOA ns.carrosses.com. peratu.carrosses.com. ( 2010030801 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1d ) ; minimum carrosses.com. IN MX 0 correo.carrosses.com. carrosses.com. IN TXT "v=spf1 ip4:80.25.146.18/32 mx ptr mx:correo.carrosses.com ~all" carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS 80.59.169.250 www.carrosses.com. IN A 80.25.146.18 ns.carrosses.com. IN A 80.25.146.18 correo.carrosses.com. IN A 80.25.146.18 ftp.carrosses.com. IN A 80.25.146.18 ssh.carrosses.com. IN A 80.25.146.18 ########################### And this is the bind configuration: filename: /etc/bind/named.conf ########################### options { directory "/var/bind"; listen-on-v6 { none; }; listen-on port 53 { 127.0.0.1; 172.16.0.7; }; pid-file "/var/run/named/named.pid"; }; view "internal" { match-clients { 172.16.0.0/24; localhost; }; recursion yes; zone "carrosses.com" { type master; file "pri/carrosses.com.internal"; allow-transfer { any; }; }; }; view "external" { match-clients { any; }; recursion no; zone "." IN { type hint; file "named.cache"; }; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; allow-update { none; }; notify no; }; zone "carrosses.com" { type master; file "pri/carrosses.com"; allow-query { any; }; allow-transfer { 80.59.169.250; }; }; zone "karl0sfx.net" IN { type slave; masters { 80.59.169.250; }; file "pri/karl0sfx.net"; allow-query { any; }; allow-transfer { 80.59.169.250; }; }; }; logging { channel default_syslog { file "/var/log/named/named.log" versions 3 size 5m; severity debug; print-time yes; print-severity yes; print-category yes; }; category default { default_syslog; }; }; ###########################
Hm, works for me. I had to remove both "carrosses.com. IN NS 80.59.169.250" lines and then add "@ IN A xx.xx.xx.xx" as the named-checkzone already said. I even wonder that named started at all since a added a config check by running named-checkconf which fails in this case. Please fix your zones and try again, if this issue still occurs reopen the bug.
(In reply to comment #6) > Hm, works for me. I had to remove both > "carrosses.com. IN NS 80.59.169.250" > lines and then add "@ IN A xx.xx.xx.xx" as the named-checkzone already said. > I even wonder that named started at all since a added a config check by running > named-checkconf which fails in this case. > Please fix your zones and try again, if this issue still occurs reopen the bug. > So..., for instance, in my carrosses.com file I have to replace this line: carrosses.com. IN NS 80.59.169.250 by this other: @ IN A 80.59.169.250 It's right? That means the same? 80.59.169.250 is my slave DNS.
(In reply to comment #7) > So..., for instance, in my carrosses.com file I have to replace this line: > > carrosses.com. IN NS 80.59.169.250 > > by this other: > > @ IN A 80.59.169.250 > > It's right? > > That means the same? 80.59.169.250 is my slave DNS. > Oh, replace the @ by ns.carrosses.com., sorry. So in both zone files it has to be: carrosses.com. IN NS ns.carrosses.com. carrosses.com. IN NS ns.karl0sfx.net. ns.carrosses.com. IN A <ip of the master> So you have two nameserver, one master and one slave. I assume the machine where your named is running is the master so add its ip to the third line of my example. The slave dns in this case would be "ns.karl0sfx.net." (replace it by the correct domain) An NS entry is usually a domain but in case its the same domain as the one from your zone file you have to define an A entry for it (ns... IN A ....).
Ok, now it works. Thank you :-)
(In reply to comment #9) > Ok, now it works. > Thank you :-) > You're welcome ;)