Ubuntu 12.04 and bind9 not responding to queries












3















I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.



External problem



When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"



Also, external online dig tools such as this give back the following output:




; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro



; (1 server found)



;; global options: +cmd



;; connection timed out; no servers could be reached




Primary TLD from Parent



The parent is set up the following way:



; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;biotechnics.ro. IN NS

;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.

;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100

;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100


Configuration on ns1



rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};

// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};

// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};


Zone file



$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23


What I checked




  • There is no problem with the firewall (i disabled it for the moment)

  • Dig from inside the hosts work

  • Dig from slave works

  • Putting recursion yes; doesn't solve the problem

  • Netstat shows that port 53 is in use on UDP and TCP by named

  • named-checkconf and named-checkzone issue no warning.


What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.



[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.










share|improve this question

























  • Have you used tcpdump to verify that the query is arriving on your server?

    – Robie Basak
    Feb 12 '13 at 16:47











  • tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

    – rsavu
    Feb 12 '13 at 19:01











  • tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

    – Robie Basak
    Feb 12 '13 at 19:12
















3















I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.



External problem



When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"



Also, external online dig tools such as this give back the following output:




; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro



; (1 server found)



;; global options: +cmd



;; connection timed out; no servers could be reached




Primary TLD from Parent



The parent is set up the following way:



; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;biotechnics.ro. IN NS

;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.

;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100

;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100


Configuration on ns1



rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};

// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};

// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};


Zone file



$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23


What I checked




  • There is no problem with the firewall (i disabled it for the moment)

  • Dig from inside the hosts work

  • Dig from slave works

  • Putting recursion yes; doesn't solve the problem

  • Netstat shows that port 53 is in use on UDP and TCP by named

  • named-checkconf and named-checkzone issue no warning.


What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.



[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.










share|improve this question

























  • Have you used tcpdump to verify that the query is arriving on your server?

    – Robie Basak
    Feb 12 '13 at 16:47











  • tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

    – rsavu
    Feb 12 '13 at 19:01











  • tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

    – Robie Basak
    Feb 12 '13 at 19:12














3












3








3








I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.



External problem



When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"



Also, external online dig tools such as this give back the following output:




; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro



; (1 server found)



;; global options: +cmd



;; connection timed out; no servers could be reached




Primary TLD from Parent



The parent is set up the following way:



; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;biotechnics.ro. IN NS

;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.

;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100

;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100


Configuration on ns1



rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};

// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};

// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};


Zone file



$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23


What I checked




  • There is no problem with the firewall (i disabled it for the moment)

  • Dig from inside the hosts work

  • Dig from slave works

  • Putting recursion yes; doesn't solve the problem

  • Netstat shows that port 53 is in use on UDP and TCP by named

  • named-checkconf and named-checkzone issue no warning.


What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.



[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.










share|improve this question
















I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.



External problem



When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"



Also, external online dig tools such as this give back the following output:




; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro



; (1 server found)



;; global options: +cmd



;; connection timed out; no servers could be reached




Primary TLD from Parent



The parent is set up the following way:



; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;biotechnics.ro. IN NS

;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.

;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100

;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100


Configuration on ns1



rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};

// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};

// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};


Zone file



$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23


What I checked




  • There is no problem with the firewall (i disabled it for the moment)

  • Dig from inside the hosts work

  • Dig from slave works

  • Putting recursion yes; doesn't solve the problem

  • Netstat shows that port 53 is in use on UDP and TCP by named

  • named-checkconf and named-checkzone issue no warning.


What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.



[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.







server bind






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 12 '13 at 14:43







rsavu

















asked Feb 12 '13 at 13:19









rsavursavu

2614




2614













  • Have you used tcpdump to verify that the query is arriving on your server?

    – Robie Basak
    Feb 12 '13 at 16:47











  • tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

    – rsavu
    Feb 12 '13 at 19:01











  • tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

    – Robie Basak
    Feb 12 '13 at 19:12



















  • Have you used tcpdump to verify that the query is arriving on your server?

    – Robie Basak
    Feb 12 '13 at 16:47











  • tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

    – rsavu
    Feb 12 '13 at 19:01











  • tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

    – Robie Basak
    Feb 12 '13 at 19:12

















Have you used tcpdump to verify that the query is arriving on your server?

– Robie Basak
Feb 12 '13 at 16:47





Have you used tcpdump to verify that the query is arriving on your server?

– Robie Basak
Feb 12 '13 at 16:47













tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

– rsavu
Feb 12 '13 at 19:01





tcpdump udp and port 53 doesn't show any packages received. What can be the problem?

– rsavu
Feb 12 '13 at 19:01













tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

– Robie Basak
Feb 12 '13 at 19:12





tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.

– Robie Basak
Feb 12 '13 at 19:12










1 Answer
1






active

oldest

votes


















0














Try adding the option



listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };





share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f254211%2fubuntu-12-04-and-bind9-not-responding-to-queries%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Try adding the option



    listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };





    share|improve this answer




























      0














      Try adding the option



      listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };





      share|improve this answer


























        0












        0








        0







        Try adding the option



        listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };





        share|improve this answer













        Try adding the option



        listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 14 '13 at 18:42









        jdthoodjdthood

        10.5k24163




        10.5k24163






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f254211%2fubuntu-12-04-and-bind9-not-responding-to-queries%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            How to make a Squid Proxy server?

            Is this a new Fibonacci Identity?

            19世紀