Bind 8 DNS troubles

Hello All,

I am for the most part an NT administrator that inherited two Linux servers, one for mail, and one for web. My problem is that recently something happened to the servers that prevents mail from being delivered to the mailboxes - it is in queue, but the DNS lookup for my domain locally does not resolve, so mail does not deliver.

nslookup returns this:

C:\>nslookup www.nucps.org
Server: www.nucps.org
Address: 10.0.2.3

*** www.nucps.org can't find www.nucps.org: Server failed

and for the IP address directly:

C:\>nslookup 10.0.2.3
Server: www.nucps.org
Address: 10.0.2.3

Name: www.nucps.org
Address: 10.0.2.3

Unfortunately for me I am at a total loss when it comes to Linux - I am running RedHat 7.1 with Webmin 0.88 on the DNS server, and RedHat 8 wnd webmin 1.150 on the mail server.

Anything hlse I can provide to help debug this? Both servers are available to the Internet, but not locally.

ok, so you made a query to the DNS server at 10.0.2.3 which is BIND8 and it resulted in a server failure. This may mean there's a syntax error in the zone file that needs to be resolved.

If you don't know how to get error information to resolve the issue, then I need to know what operating system you're running BIND 8 on.

Thanks for the quick reply!! Yes, I am really in the dark. I appreciate your patience with a newbie to this... Guess I have it too good with the other stuff in my network. Something happened recently, and the whole thing just stopped. I resolved part of the problem - the ISP that manages my outside DNS wasn't sending mail into me - Now, mail comes into the mail server, but stays in the queue giving a name server timeout on attempts to flush.

Bind 8 is running on the Web server - RedHat Linux 7.1. Should I post the zone info here? I do know how to get around Webmin, at least.

I know this stuff we are using is all kinda cheesy - I lurked this forum before daring to post, but as y'all know, when e-mail ain't gettin' through, an admin is like an ant under a magnifying glass... and the sun is just about to come out. I just need to get it going.

Nucps.org.hosts :

$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
nucps.org IN SOA www.nucps.org. webmaster.nucps.org. (
1015338470
10800
3600
604800
38400 )
nucps.org. IN NS www.nucps.org.
$ORIGIN nucps.org.
$TTL 600 ; 10 minutes
$TTL 38400 ; 10 hours 40 minutes
imap.nucps.org. IN A 10.0.2.2
mail.nucps.org. IN A 10.0.2.2
pop.nucps.org. IN A 10.0.2.2
smtp.nucps.org. IN A 10.0.2.2
squirrelmail.nucps.org. IN A 10.0.2.2
webmail A 10.0.2.2
www.nucps.org. IN A 10.0.2.3

and I have 10.0.2.2.rev - I have 3 other subnets, but this one is the main zone I am working with presently:

$ttl 38400
2.0.10.in-addr.arpa. IN SOA www.nucps.org. webmaster.nucps.org. (
1015418487
10800
3600
604800
38400 )
2.0.10.in-addr.arpa. IN NS www.nucps.org.
2.2.0.10.in-addr.arpa. IN PTR squirrelmail.nucps.org.
4.2.0.10.in-addr.arpa. IN PTR ncps-igear.
3.2.0.10.in-addr.arpa. IN PTR www.nucps.org.
2.2.0.10.in-addr.arpa. IN PTR mail.nucps.org.

Hope this helps!!

ok I want you to execute the following commands and paste for me what happens.

named-checkzone nucps.org /var/named/nucps.org.hosts

Of course, correct the path if it's not in /var/named.

Thanks - I really appreciate this - the sun is about to come out. here it is - the path is default:


> named-checkzone nucps.org /var/named/nucps.org.hosts

dns_zone_load: zone nucps.org/IN: journal out of sync with zone

oh my, BIND8 and dynamic zones. *SilentRage shakes his head in dismay* Sorry but you can't raw edit zone files for dynamic zones (I know it's dynamic cause journals are only kept for dynamic zones). We're going to have to completely flush the server of this zone. If you had BIND9.3 then there's a more elegant solution. But anyway, let's put the smack down.

Shut down the server flushing any changes to dynamic zones to their respective zone files.

ndc stop

Then you need to delete the journal file:

rm -rf /var/named/nucps.org.hosts.jnl

Then you need to edit "nucps.org.hosts" to have the information you want. (It might already be accurate)

Then you need to start the server. At this point BIND8 will check for a journal file and since it doesn't exist, it will load the zone file instead.

ndc start

Now we test to see if the domain resolves to an IP as it should. Show me the response.

dig www.nucps.org

Well, like I said, I inherited the sucker. I also fired the guy because he was robbing us - triple-dipping a T1 - he had about 20 servers on it, and was charging 3 counties for the same T! He was a consultant/ISP...

Okay, I couldn't use the commands (NDC STOP, NDC START) because this is my day off, and I am using webmin command shell. I killed all instances of named, deleted the journal file, and restarted BIND 8. I ran the command you asked for previously, and then the DiG:

> named-checkzone nucps.org /var/named/nucps.org.hosts
dns_zone_load: zone nucps.org/IN: no NS records


> dig www.nucps.org [/QUOTE]

; <<>> DiG 9.1.0 <<>> www.nucps.org [/QUOTE]
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27414
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.nucps.org. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 6 12:31:51 2004
;; MSG SIZE rcvd: 31

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6913
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;[/QUOTE]. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2004080501 1800 900 604800 86400

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Aug 6 12:31:51 2004
;; MSG SIZE rcvd: 101

ok, shut down the server again, edit the zone file to add some NS records, and start it back up again. btw, if you aren't using dynamic update then I suggest that you disable it for that zone cause then it would make everything easier and more efficient.

How do I disable dynamic mapping?

Here is my nucps.org zone - it has an NS record...

$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
nucps.org IN SOA www.nucps.org. webmaster.nucps.org. (
1015338479
10800
3600
604800
38400 )
$ORIGIN nucps.org.
$TTL 600 ; 10 minutes
$TTL 38400 ; 10 hours 40 minutes
imap.nucps.org. IN A 10.0.2.2
mail.nucps.org. IN A 10.0.2.2
pop.nucps.org. IN A 10.0.2.2
smtp.nucps.org. IN A 10.0.2.2
squirrelmail.nucps.org. IN A 10.0.2.2
webmail A 10.0.2.2
www.nucps.org. IN A 10.0.2.3
www.nucps.org. IN NS 10.0.2.3

Ah Haaaaaaaa!

I saw what the problem was, looking at the old records file I posted as opposed to the new one... I was hacking around, and messed it up.

IT IS WORKING!!! THANK YOU!!!

if there is anything I can do for ya...

Want to do something for me eh?

http://www.dollardns.net/paypal.html

* SilentRage wanders off whistling innocently

Well, I was thinking more of sending you flowers, but you didn't tell me how to turn Dynamic Mapping off.

any "allow-update" lines you see in named.conf should be deleted and dynamic update will no longer work.

Thank you - I did have a Server 2003 server online, and I bet when the ISP dropped out his name server stuff, the dang thing took over and corrupted the zone file. I was, of course, on vacation.

You have saved the network (and the network Admin, not for nothing) of a small school system in Virginia... Thank you. I have asked the superintendent if we could, uh, make a donation to your favorite charity... I hope he will let me.

*(Photogf4 walks away happy that there still are good people out there)