| View previous topic :: View next topic |
| Author |
Message |
am02
n00b
Joined: 15 Apr 2014
Posts: 13
|
 Posted: Wed Apr 30, 2014 4:06 am Post subject: DNS SERVER WITH ERROR: "Server Can't Find : SERVFAIL&qu |
 |
|
I've set up bind for my mailserver and did the configuration of the zones and created the files in the directory / etc / bind. Domain name is example.com and the domain name servers are man1.example.com.
After the process I typed the following command to test my DNS but it gives me error 'SERVFAIL'
This is the output when I tried to dig,nslookup and find host of my server:
| Code: | man1 ~ # host -l example.com
;; communications error to 150.151.20.209#53: end of file
man1 ~ # nslookup man1
Server: 150.151.20.209
Address: 150.151.20.209#53
** server can't find man1: REFUSED
man1 ~ # nslookup man1.example.com
Server: 150.151.20.209
Address: 150.151.20.209#53
** server can't find man1: REFUSED
man1 ~ # dig example.com
; <<>> DiG 9.9.4 <<>> man1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9038
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp:4096
;; QUESTION SECTION:
;man1.example.com. IN A
;; Query time: 0 msec
;; SERVER: 150.151.20.209#53 (150.151.20.209)
;; WHEN: Tue Apr 29 15:45:38 MYT 2014
;; MSG SIZE rcvd: 48
man1 ~ # dig man1
; <<>> DiG 9.9.4 <<>> man1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21842
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp:4096
;; QUESTION SECTION:
;man1 IN A
;; Query time: 0 msec
;; SERVER: 150.151.20.209#53 (150.151.20.209)
;; WHEN: Tue Apr 29 15:45:44 MYT 2014
;; MSG SIZE rcvd: 48 |
This is my named.conf file:
| Code: | acl "xfer" {
none;
};
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
auth-nxdomain no;
listen-on-v6 { none; };
listen-on port 53 { 127.0.0.1; 150.151.20.209; };
allow-query { trusted;}
allow-query-cache { trusted; }
allow-recursion { trusted; }
allow-transfer { none; }
allow-update { none; }
/*
forward first;
forwarders {
150.151.20.209;
}
*/
};
logging {
channel default_syslog {
file "/var/log/named/named.log" versions 5 size 50M;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_syslog; };
category general { default_syslog; };
};
zone "." IN {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type hint;
file "pri/localhost.zone";
notify no;
};
zone "example.com" {
type master;
file "pri/example.com.zone";
allow-query { any; };
#allow-transfer { SLAVE_DNS_SERVER; };
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "20.151.150.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
}; |
example.com.zone file:
| Code: | $ORIGIN example.com.
$TTL 1W
@ IN SOA man1.example.com. mailuserserver.example.com. (
2008122601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire -1 week
86400 ) ; Minimum
example.com. IN NS man1.example.com.
example.com. IN A 150.151.20.209
@ IN A 127.0.0.1
@ IN AAAA ::1
client IN A 150.151.20.210
gateway IN A 150.151.20.209
man1 IN A 150.151.20.209
FaxOut IN CNAME asterisk.
www IN CNAME example.com. |
20.151.150.zone file:
| Code: | $ORIGIN 20.151.150.in-addr.arpa.
$TTL 1W
@ 1D IN SOA man1.example.com. mailuserserver.example.com. (
2008122601 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expire -1 week
1D ) ; Minimum
@ IN NS man1.
1 IN PTR gateway.example.com.
209 IN PTR man1.example.com.
210 IN PTR client.example.com.
asterisk IN PTR FaxOut. |
Maybe someone with experience can help me out?
Any help would be great. |
|
| Back to top |
|
 |
desultory
Bodhisattva
Joined: 04 Nov 2005
Posts: 9410
|
| Posted: Tue May 06, 2014 4:38 am Post subject: |
|
|
You mostly just need to work through what the scripts tell you to fix your configuration.
| am02 wrote: | | Code: | acl "xfer" {
none;
};
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
auth-nxdomain no;
listen-on-v6 { none; };
listen-on port 53 { 127.0.0.1; 150.151.20.209; };
allow-query { trusted;}
allow-query-cache { trusted; }
allow-recursion { trusted; }
allow-transfer { none; }
allow-update { none; }
/*
forward first;
forwarders {
150.151.20.209;
}
*/
};
logging {
channel default_syslog {
file "/var/log/named/named.log" versions 5 size 50M;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_syslog; };
category general { default_syslog; };
};
zone "." IN {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type hint;
file "pri/localhost.zone";
notify no;
};
zone "example.com" {
type master;
file "pri/example.com.zone";
allow-query { any; };
#allow-transfer { SLAVE_DNS_SERVER; };
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "20.151.150.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
}; |
|
First, we need to clean up the named.conf just a bit:
| Code: | # /etc/init.d/named checkconfig
* Checking named configuration ...
/etc/bind/named.conf:21: missing ';' before 'allow-query-cache'
/etc/bind/named.conf:23: missing ';' before 'allow-recursion'
/etc/bind/named.conf:25: missing ';' before 'allow-transfer'
/etc/bind/named.conf:27: missing ';' before 'allow-update'
/etc/bind/named.conf:34: missing ';' before '}'
* named-checkconf failed! Please fix your config first.
|
Which just means the allow-foo blocks need semicolons after their closing curly braces.
Adding them leads to:
| Code: | # /etc/init.d/named checkconfig
* Checking named configuration ...
/etc/bind/named.conf:56: option 'notify' is not allowed in 'hint' zone 'localhost'
* named-checkconf failed! Please fix your config first.
|
Which is just the subtle manner of the script telling you that having localhost as a hint zone is perhaps not the best of ideas.
Setting that zone to master and pointing the "20.151.150.in-addr.arpa" zone at the correct zone file produces:
| Code: | acl "xfer" {
none;
};
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
auth-nxdomain no;
listen-on-v6 { none; };
listen-on port 53 { 127.0.0.1; 150.151.20.209; };
allow-query { trusted; };
allow-query-cache { trusted; };
allow-recursion { trusted; };
allow-transfer { none; };
allow-update { none; };
/*
forward first;
forwarders {
150.151.20.209;
}
*/
};
logging {
channel default_syslog {
file "/var/log/named/named.log" versions 5 size 50M;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_syslog; };
category general { default_syslog; };
};
zone "." IN {
type hint;
file "/var/bind/named.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
zone "example.com" {
type master;
file "pri/example.com.zone";
allow-query { any; };
#allow-transfer { SLAVE_DNS_SERVER; };
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "20.151.150.in-addr.arpa" IN {
type master;
file "pri/20.151.150.zone";
allow-update { none; };
notify no;
};
|
Which results in:
| Code: | # /etc/init.d/named checkconfig
* Checking named configuration ... [ ok ]
|
On to the zones:
| Code: | # /etc/init.d/named checkzones
* Checking named configuration and zones ...
zone localhost/IN: loaded serial 2008122601
zone example.com/IN: loaded serial 2008122601
zone 127.in-addr.arpa/IN: loaded serial 2008122601
zone 20.151.150.in-addr.arpa/IN: loaded serial 2008122601 [ ok ]
|
Which tells us that you are reusing the serial numbers from the default zone files, better to use serial numbers which actually reflect when the file was most recently changed as that helps to preserve sanity when the DNS weevils come. Aside from that, they are well formed, modulo the missing entry for asterisk which the FaxOut CNAME entry points to. |
|
| Back to top |
|
|
am02
n00b
Joined: 15 Apr 2014
Posts: 13
|
| Posted: Tue May 06, 2014 8:33 am Post subject: DNS SERVER WITH ERROR: "Server Can't Find : SERVFAIL&qu |
|
|
Yeah noted, ty. I made mistake in the conf. file.
Anyway, I've corrected the file including zones file, but when I tried to nslookup and dig my name server it still gives me SERVFAIL.
I've also tried host -l example.com which gives me communication error.
I've also tried to check whether my zones file are loaded or not. But only example.com.zone file are loaded correctly but 20.151.150.zone are not.
| Code: | # named-checkzone example.com /etc/bind/pri/example.com.zone
zone example.com/IN: loaded serial 2008122601
OK |
| Code: | # named-checkzone 20.151.150 /etc/bind/pri/20.151.150.zone
/etc/bind/pri/20.151.150.zone:3: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:12: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:13: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:14: ignoring out-of-zone data (20.151.150.in-addr.arpa)
zone 20.151.150/IN: has 0 SOA records
zone 20.151.150/IN: has no NS records
zone 20.151.150/IN: no loaded due to errors. |
20.151.150.zone file:
| Code: | $ORIGIN 20.151.150.in-addr.arpa.
$TTL 1W
@ 1D IN SOA man1.example.com. mailuserserver.example.com. (
2008122601 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expire -1 week
1D ) ; Minimum
IN NS man1.
209 IN PTR gateway.example.com.
209 IN PTR man1.example.com.
210 IN PTR client.example.com. |
|
|
| Back to top |
|
|
freke
l33t
Joined: 23 Jan 2003
Posts: 974
Location: Somewhere in Denmark
|
| Posted: Tue May 06, 2014 12:55 pm Post subject: Re: DNS SERVER WITH ERROR: "Server Can't Find : SERVFAI |
|
|
| am02 wrote: |
Yeah noted, ty. I made mistake in the conf. file.
Anyway, I've corrected the file including zones file, but when I tried to nslookup and dig my name server it still gives me SERVFAIL.
I've also tried host -l example.com which gives me communication error.
|
Dumb question - but you did restart bind after correction the conf?
| am02 wrote: |
I've also tried to check whether my zones file are loaded or not. But only example.com.zone file are loaded correctly but 20.151.150.zone are not.
| Code: | # named-checkzone example.com /etc/bind/pri/example.com.zone
zone example.com/IN: loaded serial 2008122601
OK |
| Code: | # named-checkzone 20.151.150 /etc/bind/pri/20.151.150.zone
/etc/bind/pri/20.151.150.zone:3: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:12: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:13: ignoring out-of-zone data (20.151.150.in-addr.arpa)
/etc/bind/pri/20.151.150.zone:14: ignoring out-of-zone data (20.151.150.in-addr.arpa)
zone 20.151.150/IN: has 0 SOA records
zone 20.151.150/IN: has no NS records
zone 20.151.150/IN: no loaded due to errors. |
20.151.150.zone file:
| Code: | $ORIGIN 20.151.150.in-addr.arpa.
$TTL 1W
@ 1D IN SOA man1.example.com. mailuserserver.example.com. (
2008122601 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expire -1 week
1D ) ; Minimum
IN NS man1.
209 IN PTR gateway.example.com.
209 IN PTR man1.example.com.
210 IN PTR client.example.com. |
|
I believe this should be: | Code: | | named-checkzone 20.151.150.in-addr.arpa /etc/bind/pri/20.151.150.zone |
|
|
| Back to top |
|
|
am02
n00b
Joined: 15 Apr 2014
Posts: 13
|
| Posted: Wed May 07, 2014 4:30 am Post subject: |
|
|
| Quote: | | Dumb question - but you did restart bind after correction the conf? |
Already done that before running nslookup and dig.
| Quote: | I believe this should be:
Code:
named-checkzone 20.151.150.in-addr.arpa /etc/bind/pri/20.151.150.zone |
Noted. Now its loaded. But nslookup and dig still gives me SERVFAIL. |
|
| Back to top |
|
|
|
Networking & Security
