#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    7
    Rep Power
    0

    Unhappy servfail problem bind9


    i have a dns server on my machine (serv_t.terrabike.com/200.73.10.69) with 2 domains (terrabike.cl-terrabike.com) and several subdomains but it always answers whit servfail when i query it with dig

    [jaiherna@adi ~]$ dig terrabike.com

    ; <<>> DiG 9.2.1 <<>> terrabike.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63027
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;terrabike.com. IN A

    ;; Query time: 10 msec
    ;; SERVER: 200.9.97.3#53(200.9.97.3)
    ;; WHEN: Wed Jul 30 13:28:47 2003
    ;; MSG SIZE rcvd: 31


    with dnsstuff.com i get this:

    http://www.dnsstuff.com/tools/dnstim...ike.com&type=A

    Searching for A record for terrabike.com at j.root-servers.net: Got referral to L.GTLD-SERVERS.NET. [took 123 ms]
    Searching for A record for terrabike.com at L.GTLD-SERVERS.NET.: Got referral to ns1.terrabike.com. [took 123 ms]
    Searching for A record for terrabike.com at ns1.terrabike.com.: Reports a server failure! [took 374 ms].

    Answer:
    Unknown (server failure at ns1.terrabike.com).


    Sorry, I could not continue.


    my files:

    >>>>named.conf:<<<<

    // generated by named-bootconf.pl

    options {
    directory "/var/named";
    /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below. Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
    // query-source address * port 53;
    };

    //
    // a caching only nameserver config
    //
    controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
    };
    zone "." IN {
    type hint;
    file "named.ca";
    };

    zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
    };

    zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
    };

    include "/etc/rndc.key";


    >>>>named.custom :<<<<
    ## named.custom - custom configuration for bind
    #
    # Any changes not currently supported by redhat-config-bind should be put
    # in this file.
    #

    zone "." {
    type hint;
    file "named.ca";
    };

    zone "terrabike.com" {
    type master;
    file "terrabike.com.zone";
    };

    zone "terrabike.cl" {
    type master;
    file "terrabike.cl.zone";
    };

    options {
    directory "/var/named/";
    };


    >>>terrabike.cl.zone:<<<<<

    $TTL 86400
    terrabike.com. IN SOA ns1.terrabike.com. webmaster.terrabike.com. (
    20030721 ; serial
    28800 ; refresh
    7200 ; retry
    604800 ; expire
    86400 ); ttl

    terrabike.com. IN NS ns1.terrabike.com.
    terrabike.com. IN MX 10 mail.terrabike.com.

    ns1.terrabike.com. IN A 200.73.10.69
    mail.terrabike.com. IN A 200.73.10.69
    terrabike.com. IN A 200.73.10.69
    www.terrabike.com. IN A 200.73.10.69
    foro.terrabike.com. IN A 200.73.10.69
    webmail.terrabike.com. IN A 200.73.10.69
    mohaa.terrabike.com. IN A 200.73.10.69
    webhosting.terrabike.com. IN A 200.73.10.69
    ftp.terrabike.com. IN A 200.73.10.69


    >>>terrabike.cl.zone:<<<<

    $TTL 86400
    terrabike.cl. IN SOA ns1.terrabike.com. webmaster.terrabike.com. (
    20030722 ; serial
    28800 ; refresh
    7200 ; retry
    604800 ; expire
    86400 ); ttl

    terrabike.cl. IN NS ns1.terrabike.com.
    terrabike.cl. IN MX 10 mail.terrabike.com.

    terrabike.cl. IN A 200.73.10.69
    www.terrabike.cl. IN A 200.73.10.69
    foro.terrabike.cl. IN A 200.73.10.69
    webhosting.terrabike.cl. IN A 200.73.10.69
    webmail.terrabike.cl. IN A 200.73.10.69


    please help me i dont know what im doing wrong my machine's name is server_t.terrabike.com and its ip is 200.73.10.69
  2. #2
  3. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    heh, I'm having some serious issues trying to debug your server. Sometimes I get UDP timeouts and sometimes the server rejects my queries, and sometimes it simply tells me that it is not authoritative for your zone. Whenever you're done playing with it, post a LINK please to each of your configuration files.

    I had to do some modification of my dns crawler to be a bit more verbose cause your misconfigurations was confusing me. I think you might've fixed that part of the problem now. (ns1 had a couple IP's there for a bit, one authoritative, the other not)

    My configs:

    http://serialcoders.sytes.net/BIND/
    Last edited by SilentRage; July 30th, 2003 at 02:11 PM.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  4. #3
  5. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    I've been watching ya in my webserver logs. It appears you're starting to get the problems hammered out. :-)
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    7
    Rep Power
    0
    ok, the only thing i had done is change the following lines in respective files:

    before:
    terrabike.cl. IN NS ns1.terrabike.com.
    terrabike.com. IN NS ns1.terrabike.com.

    after:
    terrabike.cl. IN NS serv_t.terrabike.com.
    terrabike.com. IN NS serv_t.terrabike.com.

    now i get response sometimes, not authoritative, and a few not answers... but im still confused.... would do you mind trying to see if there is response from the subdomains too?? the problem is im leaving my webhosting service, so.. sometimes they are still geaving answers from their ns servers (ns1-ns2.intellired.com /ip: 64.191.30.165-166)
    Last edited by ToKu-John; July 30th, 2003 at 03:05 PM.
  8. #5
  9. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    you need to put that stuff you have in the named.custom file into the named.conf file. In your tinkering with the options on DNS Crawler I noticed that the server failure only occurs when the client requests recursion.

    Recursion Desired: asks the server to do the work in resolving queries
    Local Recursion: the client does the work in resolving queries.
    Neither: you do the work in resolving queries.
    Last edited by SilentRage; July 30th, 2003 at 03:27 PM.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  10. #6
  11. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    7
    Rep Power
    0
    wow (i belived you could put stuff in named.custom and then that should be loaded on named start, but now i see i cant)now it seems to work but when i try to dig terrabike.com/cl from computers here in chile i still receive servfail and ping terrabike.com/cl looks like pointing to 64.191.30.165 also reversing 200.73.10.69 seems to have non-authoritative

    by the way: your DNS Crawler ROCKS!!
  12. #7
  13. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    You haven't tried zone transfers yet:

    http://serialcoders.sytes.net/cgi-bi...AXFR&submit=DS

    http://serialcoders.sytes.net/cgi-bi...AXFR&submit=DS

    I'll check out whatever other problems you may be having in a bit. I'm multi-tasking right now and it's hard to concentrate. But thanks for the compliment man. I search hard for webbased dns tools, and I make sure to keep mine the best. ;-) Plus, spamming my address to people in need here on the board gives me a heck of a lot of testing. I'm always making minor enhancements here and there.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  14. #8
  15. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    7
    Rep Power
    0
    zone transfers seems to be working too, if you see something working wrong or not working at all let me know please
  16. #9
  17. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    Alright, got plenty of time for a full analysis:

    [ns1.terrabike.com accessibility]

    PASSED
    All GTLD are returning ns1.terrabike.com (200.73.10.69). There is no secondary or slave server, but that's ok.

    PASSED
    Submitting query for ns1.terrabike.com. Authoritative answers are always 200.73.10.69, however, ns1.terrabike.com still resolves to 64.191.30.165 on one of my ISP caching servers, but not the other. Expect the domain to not work in various places as cache times expire. This is a temporary problem that you cannot fix.

    PASSED
    Both UDP and TCP queries to 200.73.10.69 work.

    FAILED (minor problem)
    Reverse lookup on 200.73.10.69 does not point to anything. Even worse, the person who does have that IP registered has a NS server that is authoritative, but doesn't have an entry - while the other continues to return non-authoritative answers with no error. You probably have no control over whether a reverse lookup will ever point to you though. This problem may result in some domain checking routines failing, or spitting warnings. Not a big deal really.

    [ns1.terrabike.com zone]

    PASSED
    SOA record primary server is properly set, and a contact email address provided.

    FAILED (problem)
    The NS for the zone is specified as serv_t.terrabike.com, but there is no 'A' record giving serv_t.terrabike.com an IP. It is recommended that you change the existing NS record to point to ns1.terrabike.com. You DO have an 'A' record for that. This is unlikely to cause problems, but there's no sense in inconsistency.

    PASSED
    It is easy to forget to set an IP for the root domain. You didn't forget however.

    PASSED
    All domains found in records have an associated 'A' record (like the mail host).

    TIP
    All those domains are associated with an 'A' record. This is good for fast resolution. However, if you have a problem with a frequently changing IP, then it may be proper to CNAME all those domains to the root domain, so that all you need to do is change 1 IP for the root.

    [ns1.terrabike.cl accessibility]

    PASSED
    All servers recommended by A.ROOT-SERVERS.NET in turn recommend ns1.terrabike.com. Only 1 of them however also returns an IP. This is not a problem since the domain does not reside in this zone, and is already confirmed above to resolve properly.

    No other tests for this section since the authoritative server accessibility was already tested above.

    [ns1.terrabike.cl zone]

    PASSED
    SOA record primary server is properly set, and a contact email address provided.

    FAILED (problem)
    The NS specified for the zone is serv_t.terrabike.com but there is no 'A' record for that domain in the terrabike.com zone. It is recommended that you change it to ns1.terrabike.com.

    FAILED (problem)
    Sometimes when typing in a URL, a person forgets to stick the www. part on the front of it and get confused if the address doesn't work. Create an 'A' record for the root domain indicating the same IP as the www host.

    PASSED
    All domains within the zone can be resolved to address records.

    [end of analysis]

    What are you doing about that other server that hosts records for your 2 zones? Are you gonna remove yourself from them? If you wanted to, you could keep them authoritative - update their records - and use them as a secondary domain in case you happen to be down.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  18. #10
  19. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    7
    Rep Power
    0

    FAILED (minor problem)
    Reverse lookup on 200.73.10.69 does not point to anything. Even worse, the person who does have that IP registered has a NS server that is authoritative, but doesn't have an entry - while the other continues to return non-authoritative answers with no error. You probably have no control over whether a reverse lookup will ever point to you though. This problem may result in some domain checking routines failing, or spitting warnings. Not a big deal really.
    mail sent to isp (cc to hostmaster@ifx... i dont remember exactly i sent it from work) to add our ip range to their zones to get reverse lookup


    FAILED (problem)
    The NS for the zone is specified as serv_t.terrabike.com, but there is no 'A' record giving serv_t.terrabike.com an IP. It is recommended that you change the existing NS record to point to ns1.terrabike.com. You DO have an 'A' record for that. This is unlikely to cause problems, but there's no sense in inconsistency.
    fixed

    TIP
    All those domains are associated with an 'A' record. This is good for fast resolution. However, if you have a problem with a frequently changing IP, then it may be proper to CNAME all those domains to the root domain, so that all you need to do is change 1 IP for the root.
    the ip is not meant to change so i chosed to have faster resolution, other reason is i have a very low bandwidth from outside my country (256 KBps and 10 Mbps local) and i want to have fast resolution at least.

    [ns1.terrabike.cl accessibility]

    FAILED (problem)
    The NS specified for the zone is serv_t.terrabike.com but there is no 'A' record for that domain in the terrabike.com zone. It is recommended that you change it to ns1.terrabike.com.
    fixed


    FAILED (problem)
    Sometimes when typing in a URL, a person forgets to stick the www. part on the front of it and get confused if the address doesn't work. Create an 'A' record for the root domain indicating the same IP as the www host.
    i have an A for terrabike.cl, cant you see it??


    What are you doing about that other server that hosts records for your 2 zones? Are you gonna remove yourself from them? If you wanted to, you could keep them authoritative - update their records - and use them as a secondary domain in case you happen to be down. [/B]
    that name server are from my old hosting provider, and because we buy our own server and a fast local connection (slow for international but all our traffic comes from chile, so there is no problem),im not going to have those ns servers for so much time, but im thinking on use as secondary the nic.cl/domaindiscover.com servers


    thkz a lot again.... i have no words to thk you for your time an dispossal


    pd: sorry for my uggly english but as you can imagine i dont use to speak english very often
  20. #11
  21. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    173
    Yes, I think I missed the A record for terrabike.cl.

    Since you are intending to fix the minor problem...

    FAILED
    ns1.terrabike.com (200.73.10.69) does not provide reverse resolution for its own IP address. As seen below:

    http://serialcoders.sytes.net/cgi-bi...=PTR&submit=DS

    You need to create a zone. Since you only have the one IP address, the zone should be the same name as the query.

    Zone: 69.10.73.200.IN-ADDR.ARPA

    Since there are many hosts associated with the zone, I think it should point to the root of the main zone:

    69.10.73.200.IN-ADDR.ARPA PTR terrabike.com

    Either that or to the name server:

    69.10.73.200.IN-ADDR.ARPA PTR ns1.terrabike.com

    It is really up to you. Shoot, even though I've never seen it done, I don't see any reason to not add multiple PTR records.

    Your ISP doesn't need to know what it points to though. All they need to know is to forward that zone request to your ns1.terrabike.com.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts

IMN logo majestic logo threadwatch logo seochat tools logo