BIND9 - dig server fail

I have finally completed the main bind configuration.
Now when i run the gadmin tool i get status OK.
The zones are reloaded OK, resolv works but there i one problem.
When i dig my registered address i get servfail.

Google:
SERVFAIL means that the domain does exist and the root name servers have
information on this domain, but that the authoritative name servers are
not answering queries for this domain.

How to solve this ?

Hello,

alike a écrit :
> I have finally completed the main bind configuration.
> Now when i run the gadmin tool i get status OK.
> The zones are reloaded OK, resolv works but there i one problem.
> When i dig my registered address i get servfail.

What do you mean by your "registered address" ?
Is it supposed to be served authoritatively by your server ?

alike <(E-Mail Removed)> wrote:
> How to solve this ?

Provide some detail. For example, tell us what domain are you talking
about, so we can try it from "out here".

Chris

On 01/15/2012 10:18 PM, Chris Davies wrote:
> alike<(E-Mail Removed)> wrote:
>> How to solve this ?
>
> Provide some detail. For example, tell us what domain are you talking
> about, so we can try it from "out here".
>
> Chris
This are the main ones:

Named.conf.local
--------------------------------
zone "aisnet.com.hr" {
type master;
file "/etc/bind/db.aisnet.com.hr";
};
controls {
inet 127.0.0.1 {localhost;} keys {rndc_key;};
};


acl internals {
127.0.0.0/8;
10.0.0.0/24;
};
---------------------------------
db.aisnet.com.hr
---------------------------------
; aisnet.com.hr
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns1
IN A 192.168.1.110
ns1 IN A dns1.aisnet.com.hr
www IN A 192.168.1.110
---------------------------------
dns1.aisnet.com.hr --> 85.114.42.51
Local IP of my computer: 192.168.1.110

alike <(E-Mail Removed)> wrote:
> I have finally completed the main bind configuration.
> Now when i run the gadmin tool i get status OK.
> The zones are reloaded OK, resolv works but there i one problem.
> When i dig my registered address i get servfail.

> Named.conf.local
> --------------------------------
> zone "aisnet.com.hr" {
> type master;
> file "/etc/bind/db.aisnet.com.hr";
> };

> db.aisnet.com.hr
> ---------------------------------
> ; aisnet.com.hr
> $TTL 604800
> $ORIGIN aisnet.com.hr
> @ IN SOA ns1.aisnet.com.hr. (
> 2006020201 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800); Negative Cache TTL
> ;
> @ IN NS ns1
> IN A 192.168.1.110
> ns1 IN A dns1.aisnet.com.hr
> www IN A 192.168.1.110


Firstly, there are two errors in this file.

1. An "A" record cannot resolve to a name, so your ns1 record is
invalid. Frankly, I'm amazed that bind9 will even run with this error.

2. Your SOA label should be an email address in dotted notation,
not what I assume is your NS hostname. So you might have @ IN SOA
hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
aisnet.com.hr).

While you're experimenting I'd suggest you reduce the negative cache
ttl to something like 600 (10 minutes) and the retry down to 3600. Not
essential but can be helpful while you're changing the domain entries
around.


> dns1.aisnet.com.hr --> 85.114.42.51

Agreed. I can find that delegation, but there seems to be nothing
listening on that address.

* Have you allowed both UDP/53 and TCP/53 through your firewall?
* Is bind *really* running?

Chris

On 01/16/2012 12:34 PM, Chris Davies wrote:
> alike<(E-Mail Removed)> wrote:
>> I have finally completed the main bind configuration.
>> Now when i run the gadmin tool i get status OK.
>> The zones are reloaded OK, resolv works but there i one problem.
>> When i dig my registered address i get servfail.
>
>> Named.conf.local
>> --------------------------------
>> zone "aisnet.com.hr" {
>> type master;
>> file "/etc/bind/db.aisnet.com.hr";
>> };
>
>> db.aisnet.com.hr
>> ---------------------------------
>> ; aisnet.com.hr
>> $TTL 604800
>> $ORIGIN aisnet.com.hr
>> @ IN SOA ns1.aisnet.com.hr. (
>> 2006020201 ; Serial
>> 604800 ; Refresh
>> 86400 ; Retry
>> 2419200 ; Expire
>> 604800); Negative Cache TTL
>> ;
>> @ IN NS ns1
>> IN A 192.168.1.110
>> ns1 IN A dns1.aisnet.com.hr
>> www IN A 192.168.1.110
>
>
> Firstly, there are two errors in this file.
>
> 1. An "A" record cannot resolve to a name, so your ns1 record is
> invalid. Frankly, I'm amazed that bind9 will even run with this error.
>
> 2. Your SOA label should be an email address in dotted notation,
> not what I assume is your NS hostname. So you might have @ IN SOA
> hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
> aisnet.com.hr).
>
> While you're experimenting I'd suggest you reduce the negative cache
> ttl to something like 600 (10 minutes) and the retry down to 3600. Not
> essential but can be helpful while you're changing the domain entries
> around.
>
>
>> dns1.aisnet.com.hr --> 85.114.42.51
>
> Agreed. I can find that delegation, but there seems to be nothing
> listening on that address.
>
> * Have you allowed both UDP/53 and TCP/53 through your firewall?
> * Is bind *really* running?
>
> Chris
-------------------
I changed the resolv.conf file and reload the configuration.
Now i can get noerror when i run dig but when i check it at intodns.com
i get some errors. Please chek it out:
http://www.intodns.com/aisnet.com.hr ( it takes some time to load )

Chris Davies a écrit :
> alike <(E-Mail Removed)> wrote:
>> $TTL 604800
>> $ORIGIN aisnet.com.hr
>> @ IN SOA ns1.aisnet.com.hr. (
>> 2006020201 ; Serial
>> 604800 ; Refresh
>> 86400 ; Retry
>> 2419200 ; Expire
>> 604800); Negative Cache TTL
>> ;
>> @ IN NS ns1
>> IN A 192.168.1.110
>> ns1 IN A dns1.aisnet.com.hr
>> www IN A 192.168.1.110
>
>
> Firstly, there are two errors in this file.
>
> 1. An "A" record cannot resolve to a name, so your ns1 record is
> invalid. Frankly, I'm amazed that bind9 will even run with this error.
>
> 2. Your SOA label should be an email address in dotted notation,
> not what I assume is your NS hostname. So you might have @ IN SOA
> hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
> aisnet.com.hr).

Actually an SOA record contains *both* a hostname and an e-mail addresse
in dotted notation. Here the address is missing.

3. The NS record(s) in the zone do not match the delegation in the
parent zone.

;; AUTHORITY SECTION:
aisnet.com.hr. 14400 IN NS dns2.aisnet.com.hr.
aisnet.com.hr. 14400 IN NS dns1.aisnet.com.hr.

;; ADDITIONAL SECTION:
dns1.aisnet.com.hr. 14400 IN A 85.114.42.51
dns2.aisnet.com.hr. 14400 IN A 85.114.42.52

4. A publicly accessible zone should not advertise private addresses
(192.168.1.110).

Pascal Hambourg <boite-a-(E-Mail Removed)> wrote:
> Actually an SOA record contains *both* a hostname and an e-mail addresse
> in dotted notation. Here the address is missing.

Thank you Pascal. Once again I've leaped too quickly and you've had to
correct me. (I do know what I'm doing. Really!)

Cheers
Chris

On 01/16/2012 08:18 PM, Pascal Hambourg wrote:
> Chris Davies a écrit :
>> alike<(E-Mail Removed)> wrote:
>>> $TTL 604800
>>> $ORIGIN aisnet.com.hr
>>> @ IN SOA ns1.aisnet.com.hr. (
>>> 2006020201 ; Serial
>>> 604800 ; Refresh
>>> 86400 ; Retry
>>> 2419200 ; Expire
>>> 604800); Negative Cache TTL
>>> ;
>>> @ IN NS ns1
>>> IN A 192.168.1.110
>>> ns1 IN A dns1.aisnet.com.hr
>>> www IN A 192.168.1.110
>>
>>
>> Firstly, there are two errors in this file.
>>
>> 1. An "A" record cannot resolve to a name, so your ns1 record is
>> invalid. Frankly, I'm amazed that bind9 will even run with this error.
>>
>> 2. Your SOA label should be an email address in dotted notation,
>> not what I assume is your NS hostname. So you might have @ IN SOA
>> hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
>> aisnet.com.hr).
>
> Actually an SOA record contains *both* a hostname and an e-mail addresse
> in dotted notation. Here the address is missing.
>
> 3. The NS record(s) in the zone do not match the delegation in the
> parent zone.
>
> ;; AUTHORITY SECTION:
> aisnet.com.hr. 14400 IN NS dns2.aisnet.com.hr.
> aisnet.com.hr. 14400 IN NS dns1.aisnet.com.hr.
>
> ;; ADDITIONAL SECTION:
> dns1.aisnet.com.hr. 14400 IN A 85.114.42.51
> dns2.aisnet.com.hr. 14400 IN A 85.114.42.52
>
> 4. A publicly accessible zone should not advertise private addresses
> (192.168.1.110).
---------------------
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;

aisnet.com.hr 14400 IN NS dns2.aisnet.com.hr
aisnet.com.hr 14400 IN NS dns1.aisnet.com.hr

dns2.aisnet.com.hr 14400 IN A 85.114.42.51
dns1.aisnet.com.hr 14400 IN A 85.114.42.52
------------------
Is this correct ?

When i make bind restart it will load ok but when i look at syslog i get
error:

automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: 0.1.1.0.0.2.IP6.ARPA
command channel listening on 127.0.0.1#953
command channel listening on ::1#953
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
dns_rdata_fromtext: /etc/bind/db.aisnet.com.hr:8: near eol: unexpected
end of input
zone aisnet.com.hr/IN: loading from master file
/etc/bind/db.aisnet.com.hr failed: unexpected end of input
zone aisnet.com.hr/IN: not loaded due to errors.
zone localhost/IN: loaded serial 2
managed-keys-zone ./IN: loading from master file managed-keys.bind
failed: file not found
managed-keys-zone ./IN: loaded serial 0
named[10130]: running
---------------------------------------

alike a écrit :
> On 01/16/2012 08:18 PM, Pascal Hambourg wrote:
>> Actually an SOA record contains *both* a hostname and an e-mail addresse
>> in dotted notation. Here the address is missing.
>
> $TTL 604800
> $ORIGIN aisnet.com.hr
> @ IN SOA ns1.aisnet.com.hr. (
> 2006020201 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800); Negative Cache TTL
> ;
>
> aisnet.com.hr 14400 IN NS dns2.aisnet.com.hr
> aisnet.com.hr 14400 IN NS dns1.aisnet.com.hr
>
> dns2.aisnet.com.hr 14400 IN A 85.114.42.51
> dns1.aisnet.com.hr 14400 IN A 85.114.42.52
> ------------------
> Is this correct ?

Not yet, but almost.
The SOA record is still incomplete, see my comment above. Also you need
to add a final dot at the end of fully qualified domain names, otherwise
the base domain (origin) is appended.

dns2.aisnet.com.hr -> dns2.aisnet.com.hr.aisnet.com.hr.
dns2.aisnet.com.hr. -> ok