Results 1 to 2 of 2
  1. #1

    DNS resolution problems; dig SERVFAIL error

    I'm setting up a couple of dedicated servers, and having problems setting up my nameservers properly. One of these is a LEMP server (LAMP with nginx in place of Apache), and the other will function solely as an email server, running exim/dovecot/ASSP antispam (no Apache). The LEMP server is CentOS 5.5, with no control panel, while the email server is CentOS 5.5 as well, with cPanel/WHM.

    So, I've had problems getting DNS set up properly. I have two domains, each one pointing to one of these servers. The nameservers are registered correctly with the domain registrar, and the nameserver IPs are entered correctly as well. I've spoken to tech support at the registrar and they confirm that everything is set up on their end. Not knowing much about DNS, I googled nameservers and DNS until I nearly went blind, and spent hours messing with the configuration.

    Eventually, I got the LEMP server's DNS working properly (no cPanel). Pleased with this triumph, I'm trying to mimic that configuration and repeat the process with the email server, and it's just not happening. The nameserver starts and stops, but the domain doesn't resolve.

    Things I have tried
    Going through standard procedures to set up DNS in WHM
    Clearing all DNS information, uninstalling BIND, then reinstalling all of that and again going through WHM procedures for setting up DNS
    Clearing all DNS information, and setting up BIND via shell (completely outside of cPanel) by using my config and zone files from the LEMP server as a template

    named runs just fine, but nothing is resolving. When I "dig any example.com" I get a SERVFAIL message. Nslookups return no information.


    Here are my config and zone files.


    named.conf

    Code:
    controls {
            inet 127.0.0.1 allow { localhost; }
            keys { coretext-key; };
    };
    options {
            listen-on port 53 { any; };
            listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
    
            // Those options should be used carefully because they disable port
            // randomization
            // query-source    port 53;
            // query-source-v6 port 53;
    
            allow-query     { any; };
            allow-query-cache { any; };
    };
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    view "localhost_resolver" {
            match-clients      { 127.0.0.0/24; };
            match-destinations { localhost; };
            recursion yes;
    
            //zone "." IN {
            //      type hint;
            //      file "/var/named/named.ca";
            //};
    
            include "/etc/named.rfc1912.zones";
    };
    view "internal" {
    /* This view will contain zones you want to serve only to "internal" clients
       that connect via your directly attached LAN interfaces - "localnets" .
    */
        match-clients        { localnets; };
        match-destinations    { localnets; };
        recursion yes;
    
        zone "." IN {
            type hint;
    	        file "/var/named/named.ca";
        };
    
        // include "/var/named/named.rfc1912.zones";
        // you should not serve your rfc1912 names to non-localhost clients.
    
        // These are your "authoritative" internal zones, and would probably
        // also be included in the "localhost_resolver" view above :
            zone "example.com" {
                    type master;
                    file "data/db.example.com";
            };
            zone "3.2.1.in-addr.arpa" {
                    type master;
                    file "data/db.1.2.3";
            };
    };
    view "external" {
    /* This view will contain zones you want to serve only to "external" clients
     * that have addresses that are not on your directly attached LAN interface subnets:
     */
            match-clients           { any; };
            match-destinations      { any; };
    
            recursion no;
            // you'd probably want to deny recursion to external clients, so you don't
            // end up providing free DNS service to all takers
    
            allow-query-cache { none; };
            // Disable lookups for any cached data and root hints
    
            // all views must contain the root hints zone:
            //include "/etc/named.rfc1912.zones";
    
            zone "." IN {
                    type hint;
                    file "/var/named/named.ca";
            };
            zone "example.com" {
                    type master;
                    file "data/db.example.com";
            };
            zone "3.2.1.in-addr.arpa" {
                    type master;
                    file "data/db.1.2.3";
            };
    };
    
    include "/etc/rndc.key";

    db.example.com

    Code:
    $TTL 1D
    ;
    ; Zone file for example.com
    ;
    ; Mandatory minimum for a working domain
    ;
    @       IN  SOA ns1.example.com. contact.example.com. (
                    2011042905 ; serial
                    8H ; refresh
                    2H ; retry
                    4W ; expire
                    1D ; default_ttl
            )
    
                    NS      ns1.example.com.
                    NS      ns2.example.com.
    
    ns1             A       1.2.3.4
    ns2             A       1.2.3.5
    
    example.com.            A       1.2.3.4
    
    localhost               A       127.0.0.1
    
    www                     CNAME   example.com.
    mail                    CNAME   example.com.
    ;
    db.1.2.3

    Code:
    $TTL 1D
    $ORIGIN 3.2.1.in-addr.arpa.
    
    @       IN      SOA     ns1.example.com  contact.example.com.   (
                            2011042908 ;
                            8H      ;
                            2H      ;
                            4W      ;
                            1D      ;
                    )
    
                    NS      ns1.example.com.
                    NS      ns2.example.com.
    
    4               PTR     hostname.example.com.
    5               PTR     hostname.example.com.
    ;

    Also of note: both of these servers are managed. Tech support is very responsive, and largely useless. Hours go by with them asking me questions to narrow down what could be wrong, then they pass the ticket to the tech on the next shift, who ignores everything that's happened already and spend his whole shift asking all the same questions the last guy asked.


    So, in summary:

    *Nameservers, with IPs, are correctly registered with domain registrar
    *named is configured and running
    *...and must not be configured correctly, because nothing resolves.


    Any help would be great. I changed domains and IPs in the files to generics, but let me know if you need to know the domain in question.

    Thanks!

  2. #2
    UPDATE

    I found that I didn't have 127.0.0.1 in /etc/resolv.conf, so I added it, along with my two public IPs that I have named listening on.

    resolv.conf
    Code:
    search www.example.com example.com
    nameserver 127.0.0.1
    nameserver 7.8.9.10   ;Was in here by default, authoritative nameserver of hosting company
    nameserver 1.2.3.4    ;Public IP #1
    nameserver 1.2.3.5    ;Public IP #2
    Now when I DIG example.com from the host, it resolves. If I try to DIG from my other server (in the same datacenter), or from the internet, it times out or I get SERVFAIL.

Similar Threads

  1. How To Fix Dig Error
    By Yoruichi in forum Hosting Security and Technology
    Replies: 26
    Last Post: 10-05-2008, 02:50 PM
  2. DNS SERVFAIL error
    By timmyd in forum Hosting Security and Technology
    Replies: 15
    Last Post: 05-02-2008, 09:33 PM
  3. dns issue, servfail
    By themedia in forum Hosting Security and Technology
    Replies: 7
    Last Post: 01-09-2008, 01:58 PM
  4. Servfail Dns
    By jozeph in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-31-2006, 03:01 PM
  5. dns help! Getting servfail overnight
    By deuce868 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-14-2006, 06:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •