Ubuntu 12.04 and bind9 not responding to queries
I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.
External problem
When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"
Also, external online dig tools such as this give back the following output:
; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Primary TLD from Parent
The parent is set up the following way:
; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;biotechnics.ro. IN NS
;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.
;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100
;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100
Configuration on ns1
rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};
// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};
// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};
Zone file
$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23
What I checked
- There is no problem with the firewall (i disabled it for the moment)
- Dig from inside the hosts work
- Dig from slave works
- Putting recursion yes; doesn't solve the problem
- Netstat shows that port 53 is in use on UDP and TCP by named
- named-checkconf and named-checkzone issue no warning.
What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.
[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.
server bind
add a comment |
I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.
External problem
When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"
Also, external online dig tools such as this give back the following output:
; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Primary TLD from Parent
The parent is set up the following way:
; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;biotechnics.ro. IN NS
;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.
;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100
;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100
Configuration on ns1
rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};
// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};
// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};
Zone file
$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23
What I checked
- There is no problem with the firewall (i disabled it for the moment)
- Dig from inside the hosts work
- Dig from slave works
- Putting recursion yes; doesn't solve the problem
- Netstat shows that port 53 is in use on UDP and TCP by named
- named-checkconf and named-checkzone issue no warning.
What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.
[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.
server bind
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12
add a comment |
I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.
External problem
When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"
Also, external online dig tools such as this give back the following output:
; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Primary TLD from Parent
The parent is set up the following way:
; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;biotechnics.ro. IN NS
;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.
;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100
;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100
Configuration on ns1
rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};
// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};
// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};
Zone file
$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23
What I checked
- There is no problem with the firewall (i disabled it for the moment)
- Dig from inside the hosts work
- Dig from slave works
- Putting recursion yes; doesn't solve the problem
- Netstat shows that port 53 is in use on UDP and TCP by named
- named-checkconf and named-checkzone issue no warning.
What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.
[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.
server bind
I'm trying to set up an authoritative DNS server with bind9 (9.8.1-P1) on Ubuntu 12.04.2 LTS (upgraded from Ubuntu 11.04) and I am encountering some problems.
External problem
When trying to check my DNS configuration with the following tools solvedns.com/biotechnics.ro and dnscheck.pingdom.com/?domain=biotechnics.ro they fail with output messages like "Name server ns1.biotechnics.ro (89.36.94.53) does not answer queries" or "Your name server ns1.biotechnics.ro is NOT responding to NS record queries!"
Also, external online dig tools such as this give back the following output:
; <<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Primary TLD from Parent
The parent is set up the following way:
; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;biotechnics.ro. IN NS
;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.
;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100
;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100
Configuration on ns1
rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};
// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};
// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};
Zone file
$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23
What I checked
- There is no problem with the firewall (i disabled it for the moment)
- Dig from inside the hosts work
- Dig from slave works
- Putting recursion yes; doesn't solve the problem
- Netstat shows that port 53 is in use on UDP and TCP by named
- named-checkconf and named-checkzone issue no warning.
What can be the problem? Any ideas? I don't understand what's happening and why isn't my host replying to queries.
[Later edit] The slave is on Debian 4.0 and works very well (as you can see in the dns solvers above.
server bind
server bind
edited Feb 12 '13 at 14:43
rsavu
asked Feb 12 '13 at 13:19
rsavursavu
2614
2614
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12
add a comment |
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12
add a comment |
1 Answer
1
active
oldest
votes
Try adding the option
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f254211%2fubuntu-12-04-and-bind9-not-responding-to-queries%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Try adding the option
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };
add a comment |
Try adding the option
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };
add a comment |
Try adding the option
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };
Try adding the option
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };
answered Feb 14 '13 at 18:42
jdthoodjdthood
10.5k24163
10.5k24163
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f254211%2fubuntu-12-04-and-bind9-not-responding-to-queries%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you used tcpdump to verify that the query is arriving on your server?
– Robie Basak
Feb 12 '13 at 16:47
tcpdump udp and port 53 doesn't show any packages received. What can be the problem?
– rsavu
Feb 12 '13 at 19:01
tcpdump shows packets arriving before any internal (iptables) firewall. It seems likely that your problem is outside Ubuntu. To be absolutely sure, run a tcpdump on a port configured with mirroring on the same switch that your server is connected to.
– Robie Basak
Feb 12 '13 at 19:12