Results 1 to 8 of 8
  1. #1

    Angry dns issue, servfail

    this issue has been bugging me for a while, it has no issues whatsoever upon the production, but i would just love to have those messages go away.

    [[email protected] ~]# dig opyum.us @localhost

    ; <<>> DiG 9.3.3rc2 <<>> opyum.us @localhost
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28364
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;opyum.us. IN A

    ;; Query time: 5 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Jan 7 15:53:02 2008
    ;; MSG SIZE rcvd: 26

    BUT

    [[email protected] ~]# netstat -an |grep -w 53 |grep LISTEN
    tcp 0 0 208.98.31.254:53 0.0.0.0:* LISTEN
    tcp 0 0 208.98.31.253:53 0.0.0.0:* LISTEN
    tcp 0 0 208.98.31.252:53 0.0.0.0:* LISTEN
    tcp 0 0 208.98.31.251:53 0.0.0.0:* LISTEN
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN

    i have my named.conf, an acl called "trusted" so my zones look like this:

    acl "trusted" {
    127.0.0.1;
    208.98.31.252;
    208.98.31.253;
    208.98.31.254;
    208.98.47.226;
    };
    options
    {
    query-source port 53;
    directory "/var/named"; // the default
    dump-file "data/cache_dump.db";
    statistics-file "data/named_stats.txt";
    memstatistics-file "data/named_mem_stats.txt";
    listen-on { 127.0.0.1; 208.98.31.254; 208.98.31.253; 208.98.31.252; 208.98.31.251; };

    };
    view "localhost_resolver"
    {
    match-clients { trusted; };
    match-destinations { trusted; };
    recursion yes;

    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };
    include "/var/named/named.rfc1912.zones";
    };
    view "internal"
    {
    match-clients { trusted; };
    match-destinations { trusted; };
    recursion yes;

    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };
    view "external"
    {
    match-clients { any; };
    match-destinations { any; };
    recursion no;

    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };
    I really don't get what's wrong here.

    Jan 7 15:57:57 viper named[27746]: client 208.98.31.253#58576: view localhost_resolver: received notify for zone 'thing2.opyum.us': not authoritative
    Jan 7 15:57:57 viper named[27746]: client 208.98.31.251#58576: view localhost_resolver: received notify for zone 'thing2.opyum.us': not authoritative
    Jan 7 15:57:57 viper named[27746]: client 208.98.31.254#58576: view localhost_resolver: received notify for zone 'thing2.opyum.us': not authoritative
    Jan 7 15:57:58 viper named[27746]: client 208.98.31.254#58576: view localhost_resolver: received notify for zone 'thing3.opyum.us': not authoritative
    Jan 7 15:57:58 viper named[27746]: client 208.98.31.251#58576: view localhost_resolver: received notify for zone 'thing4.opyum.us': not authoritative
    The issue, summarizing it, is that none of the local domains are being resolved via the local nameservers. i get servfail. i can resolve other domains with no issues whatsoever. again it has no production impact, the dns works fine, dnsreport goes fine as well.

  2. #2
    bump .... nobody has any ideas?

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Paste the opyum.us zone file here.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    ; Modified by Web Host Manager
    ; Zone File for opyum.us
    $TTL 14400
    @ 86400 IN SOA thing3.opyum.us. katmai.keptprivate.com. (
    2006100414
    86400
    7200
    3600000
    86400
    )

    opyum.us. 86400 IN NS thing1.opyum.us.
    opyum.us. 86400 IN NS thing2.opyum.us.
    opyum.us. 86400 IN NS thing3.opyum.us.
    opyum.us. 86400 IN NS thing4.opyum.us.

    THING4.opyum.us. 14400 IN A 208.98.31.254
    THING3.opyum.us. 14400 IN A 208.98.31.253
    THING2.opyum.us. 14400 IN A 208.98.31.252
    THING1.opyum.us. 14400 IN A 208.98.31.251

    opyum.us. 14400 IN A 86.107.130.2

    localhost.opyum.us. 14400 IN A 127.0.0.1

    opyum.us. 14400 IN MX 0 opyum.us.

    mail 14400 IN CNAME opyum.us.
    www 14400 IN CNAME opyum.us.

  5. #5
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    My guess is that you're doing your query from 208.98.31.251 which isn't in the acl.

    Why do you have four nameservers for this domain, that are all actually the same BIND?

    Unrelated, for your reference:

    http://cr.yp.to/djbdns/separation.html
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  6. #6
    acl "trusted" {
    127.0.0.1;
    208.98.1.85;
    208.98.31.250;
    208.98.31.251;
    208.98.31.252;
    208.98.31.253;
    208.98.31.254;
    };


    the full acl is this. the 4 nameservers on the same bind, is because i plan on extending sometime soon, and i want all domains hosted to get no issues, while i do the dns network extension.

  7. #7
    [[email protected] ~]# dig opyum.us @thing1.opyum.us

    ; <<>> DiG 9.3.3rc2 <<>> opyum.us @thing1.opyum.us
    ; (1 server found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36991
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

    ;; QUESTION SECTION:
    ;opyum.us. IN A

    ;; ANSWER SECTION:
    opyum.us. 14400 IN A 86.107.130.2

    ;; AUTHORITY SECTION:
    opyum.us. 86400 IN NS thing4.opyum.us.
    opyum.us. 86400 IN NS thing1.opyum.us.
    opyum.us. 86400 IN NS thing2.opyum.us.
    opyum.us. 86400 IN NS thing3.opyum.us.

    ;; ADDITIONAL SECTION:
    thing1.opyum.us. 14400 IN A 208.98.31.251
    thing2.opyum.us. 14400 IN A 208.98.31.252
    thing3.opyum.us. 14400 IN A 208.98.31.253
    thing4.opyum.us. 14400 IN A 208.98.31.254

    ;; Query time: 33 msec
    ;; SERVER: 208.98.31.251#53(208.98.31.251)
    ;; WHEN: Wed Jan 9 05:30:22 2008
    ;; MSG SIZE rcvd: 190
    all the problem seems to be with the ACL / local resolver i think. the external queries work fine. what strikes me, is that when i set 'any' in the local_resolver views , doesn't work either.
    Last edited by themedia; 01-09-2008 at 07:32 AM.

  8. #8
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    I don't see why you have the internal or external views, when it seems like they won't ever be used.

    What view is your opyum.us zone in?
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •