I broke my DNS (named) server and can't get up!

W

wildbill001

Weaksauce
Joined
Jun 2, 2012
Messages
85
I made more than one change to my home DNS server at one time (stupid, I know). Now, when I attempt to resolve a name from the internet like google.com or redhat.com, it doesn't.

Going into nslookup and setting debug, I see the following (wcwlab.com & wcwhome.com are my domains that I am using at home):

> redhat
Server: 172.16.239.2
Address: 172.16.239.2#53

------------
QUESTIONS:
redhat.wcwlab.com, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> wcwlab.com
origin = masterdns.wcwlab.com
mail addr = root.wcwlab.com
serial = 2013081401
refresh = 3600
retry = 1800
expire = 604800
minimum = 86400
ttl = 86400
ADDITIONAL RECORDS:
------------
** server can't find redhat: NXDOMAIN
Server: 172.16.239.2
Address: 172.16.239.2#53​

I've gone over the zone files and the named.conf files several times and now feel sure I'm missing some period or semi-colon or something. But where should I concentrate my efforts?

Bill W
 
wildbill001 said:
... redhat.com...

Going into nslookup and setting debug, I see the following (wcwlab.com & wcwhome.com are my domains that I am using at home):

> redhat
Server: 172.16.239.2
Address: 172.16.239.2#53

------------
QUESTIONS:
redhat.wcwlab.com, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> wcwlab.com
origin = masterdns.wcwlab.com
mail addr = root.wcwlab.com
serial = 2013081401
refresh = 3600
retry = 1800
expire = 604800
minimum = 86400
ttl = 86400
ADDITIONAL RECORDS:
------------
** server can't find redhat: NXDOMAIN
Server: 172.16.239.2
Address: 172.16.239.2#53​
Click to expand...


Your query above is for the host redhat in wcwlab.com. Query redhat.com to your DNS and post the response. You can also query using an external DNS as a test.
 
redhat.com will yield redhat.com.wcwlab.com.

When I point my PC to the ISPs DNS server(s) I get the correct response, i.e., it gives me the IP addresses for redhat.com.

Bill W.
 
Try to nslookup with debug "redhat.com." (notice the trailing period) and post the entire result.

Post your named.conf and all your zone files.

It looks like nslookup is appending the search subdomain and your DNS is not forwarding/recursing/iterating properly.

You should get:
Code: 
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        redhat.com.example.com, type = A, class = IN
    ...

and then
Code: 
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        redhat.com, type = A, class = IN
    ANSWERS:
    ->  redhat.com
        internet address = 209.132.183.181
        ttl = 60 (1 min)

In your previous post, you ended at the first query with NXDOMAIN.

Check your root hints by nslookup with debugging "." (just a period) and see if you get something like:
Code: 
Got answer:
    HEADER:
        opcode = QUERY, id = 8, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        (root), type = A, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        ttl = 5786 (1 hour 36 mins 26 secs)
        primary name server = a.root-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 2013081500
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)
 
It's no longer set to forward.

Looks like you're trying to be recursive and authoritative at the same time.. Which can work, but you have to set it up right.
 
Well, I did some more basic tests like ping 8.8.8.8 and it seems I have somehow messed up my routing as well as the DNS. OR maybe just the routing. I dunno. Think I'll tear it all down and start from the beginning, which I should have done in the first place. Testing as eash "phase" goes into place.

Moral of the story: Don't be in a hurry. Don't work when you are so tired you can't see straight or remember what you did 5 min ago. sigh.

Thanks folks!

Bill W
PS: Once I've got the routing working AND the DNS I'll post the solution(s) just to close the loop here.
 
On the other hand, you should always be able to work your way out of a mess so you exactly understand what was wrong.
 
You must log in or register to reply here.
Back
Top