servfail problem bind9

i have a dns server on my machine (serv_t.terrabike.com/200.73.10.69) with 2 domains (terrabike.cl-terrabike.com) and several subdomains but it always answers whit servfail when i query it with dig

[jaiherna@adi ~]$ dig terrabike.com

; <<>> DiG 9.2.1 <<>> terrabike.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63027
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;terrabike.com. IN A

;; Query time: 10 msec
;; SERVER: 200.9.97.3#53(200.9.97.3)
;; WHEN: Wed Jul 30 13:28:47 2003
;; MSG SIZE rcvd: 31


with dnsstuff.com i get this:

http://www.dnsstuff.com/tools/dnsti...bike.com&type=A

Searching for A record for terrabike.com at j.root-servers.net: Got referral to L.GTLD-SERVERS.NET. [took 123 ms]
Searching for A record for terrabike.com at L.GTLD-SERVERS.NET.: Got referral to ns1.terrabike.com. [took 123 ms]
Searching for A record for terrabike.com at ns1.terrabike.com.: Reports a server failure! [took 374 ms].

Answer:
Unknown (server failure at ns1.terrabike.com).


Sorry, I could not continue.


my files:

>>>>named.conf:<<<<

// generated by named-bootconf.pl

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";


>>>>named.custom :<<<<
## named.custom - custom configuration for bind
#
# Any changes not currently supported by redhat-config-bind should be put
# in this file.
#

zone "." {
type hint;
file "named.ca";
};

zone "terrabike.com" {
type master;
file "terrabike.com.zone";
};

zone "terrabike.cl" {
type master;
file "terrabike.cl.zone";
};

options {
directory "/var/named/";
};


>>>terrabike.cl.zone:<<<<<

$TTL 86400
terrabike.com. IN SOA ns1.terrabike.com. webmaster.terrabike.com. (
20030721 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ); ttl

terrabike.com. IN NS ns1.terrabike.com.
terrabike.com. IN MX 10 mail.terrabike.com.

ns1.terrabike.com. IN A 200.73.10.69
mail.terrabike.com. IN A 200.73.10.69
terrabike.com. IN A 200.73.10.69
www.terrabike.com. IN A 200.73.10.69
foro.terrabike.com. IN A 200.73.10.69
webmail.terrabike.com. IN A 200.73.10.69
mohaa.terrabike.com. IN A 200.73.10.69
webhosting.terrabike.com. IN A 200.73.10.69
ftp.terrabike.com. IN A 200.73.10.69


>>>terrabike.cl.zone:<<<<

$TTL 86400
terrabike.cl. IN SOA ns1.terrabike.com. webmaster.terrabike.com. (
20030722 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ); ttl

terrabike.cl. IN NS ns1.terrabike.com.
terrabike.cl. IN MX 10 mail.terrabike.com.

terrabike.cl. IN A 200.73.10.69
www.terrabike.cl. IN A 200.73.10.69
foro.terrabike.cl. IN A 200.73.10.69
webhosting.terrabike.cl. IN A 200.73.10.69
webmail.terrabike.cl. IN A 200.73.10.69


please help me i dont know what im doing wrong my machine's name is server_t.terrabike.com and its ip is 200.73.10.69

heh, I'm having some serious issues trying to debug your server. Sometimes I get UDP timeouts and sometimes the server rejects my queries, and sometimes it simply tells me that it is not authoritative for your zone. Whenever you're done playing with it, post a LINK please to each of your configuration files.

I had to do some modification of my dns crawler to be a bit more verbose cause your misconfigurations was confusing me. I think you might've fixed that part of the problem now. (ns1 had a couple IP's there for a bit, one authoritative, the other not)

My configs:

http://serialcoders.sytes.net/BIND/

I've been watching ya in my webserver logs. It appears you're starting to get the problems hammered out. :-)

ok, the only thing i had done is change the following lines in respective files:

before:
terrabike.cl. IN NS ns1.terrabike.com.
terrabike.com. IN NS ns1.terrabike.com.

after:
terrabike.cl. IN NS serv_t.terrabike.com.
terrabike.com. IN NS serv_t.terrabike.com.

now i get response sometimes, not authoritative, and a few not answers... but im still confused.... would do you mind trying to see if there is response from the subdomains too?? the problem is im leaving my webhosting service, so.. sometimes they are still geaving answers from their ns servers (ns1-ns2.intellired.com /ip: 64.191.30.165-166)

you need to put that stuff you have in the named.custom file into the named.conf file. In your tinkering with the options on DNS Crawler I noticed that the server failure only occurs when the client requests recursion.

Recursion Desired: asks the server to do the work in resolving queries
Local Recursion: the client does the work in resolving queries.
Neither: you do the work in resolving queries.

wow (i belived you could put stuff in named.custom and then that should be loaded on named start, but now i see i cant)now it seems to work but when i try to dig terrabike.com/cl from computers here in chile i still receive servfail and ping terrabike.com/cl looks like pointing to 64.191.30.165 also reversing 200.73.10.69 seems to have non-authoritative

by the way: your DNS Crawler ROCKS!!

You haven't tried zone transfers yet:

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

http://serialcoders.sytes.net/cgi-b...=AXFR&submit=DS

I'll check out whatever other problems you may be having in a bit. I'm multi-tasking right now and it's hard to concentrate. But thanks for the compliment man. I search hard for webbased dns tools, and I make sure to keep mine the best. ;-) Plus, spamming my address to people in need here on the board gives me a heck of a lot of testing. I'm always making minor enhancements here and there.

zone transfers seems to be working too, if you see something working wrong or not working at all let me know please

Alright, got plenty of time for a full analysis:

[ns1.terrabike.com accessibility]

PASSED
All GTLD are returning ns1.terrabike.com (200.73.10.69). There is no secondary or slave server, but that's ok.

PASSED
Submitting query for ns1.terrabike.com. Authoritative answers are always 200.73.10.69, however, ns1.terrabike.com still resolves to 64.191.30.165 on one of my ISP caching servers, but not the other. Expect the domain to not work in various places as cache times expire. This is a temporary problem that you cannot fix.

PASSED
Both UDP and TCP queries to 200.73.10.69 work.

FAILED (minor problem)
Reverse lookup on 200.73.10.69 does not point to anything. Even worse, the person who does have that IP registered has a NS server that is authoritative, but doesn't have an entry - while the other continues to return non-authoritative answers with no error. You probably have no control over whether a reverse lookup will ever point to you though. This problem may result in some domain checking routines failing, or spitting warnings. Not a big deal really.

[ns1.terrabike.com zone]

PASSED
SOA record primary server is properly set, and a contact email address provided.

FAILED (problem)
The NS for the zone is specified as serv_t.terrabike.com, but there is no 'A' record giving serv_t.terrabike.com an IP. It is recommended that you change the existing NS record to point to ns1.terrabike.com. You DO have an 'A' record for that. This is unlikely to cause problems, but there's no sense in inconsistency.

PASSED
It is easy to forget to set an IP for the root domain. You didn't forget however.

PASSED
All domains found in records have an associated 'A' record (like the mail host).

TIP
All those domains are associated with an 'A' record. This is good for fast resolution. However, if you have a problem with a frequently changing IP, then it may be proper to CNAME all those domains to the root domain, so that all you need to do is change 1 IP for the root.

[ns1.terrabike.cl accessibility]

PASSED
All servers recommended by A.ROOT-SERVERS.NET in turn recommend ns1.terrabike.com. Only 1 of them however also returns an IP. This is not a problem since the domain does not reside in this zone, and is already confirmed above to resolve properly.

No other tests for this section since the authoritative server accessibility was already tested above.

[ns1.terrabike.cl zone]

PASSED
SOA record primary server is properly set, and a contact email address provided.

FAILED (problem)
The NS specified for the zone is serv_t.terrabike.com but there is no 'A' record for that domain in the terrabike.com zone. It is recommended that you change it to ns1.terrabike.com.

FAILED (problem)
Sometimes when typing in a URL, a person forgets to stick the www. part on the front of it and get confused if the address doesn't work. Create an 'A' record for the root domain indicating the same IP as the www host.

PASSED
All domains within the zone can be resolved to address records.

[end of analysis]

What are you doing about that other server that hosts records for your 2 zones? Are you gonna remove yourself from them? If you wanted to, you could keep them authoritative - update their records - and use them as a secondary domain in case you happen to be down.

mail sent to isp (cc to hostmaster@ifx... i dont remember exactly i sent it from work) to add our ip range to their zones to get reverse lookup



fixed


the ip is not meant to change so i chosed to have faster resolution, other reason is i have a very low bandwidth from outside my country (256 KBps and 10 Mbps local) and i want to have fast resolution at least.



fixed



i have an A for terrabike.cl, cant you see it??



that name server are from my old hosting provider, and because we buy our own server and a fast local connection (slow for international but all our traffic comes from chile, so there is no problem),im not going to have those ns servers for so much time, but im thinking on use as secondary the nic.cl/domaindiscover.com servers


thkz a lot again.... i have no words to thk you for your time an dispossal


pd: sorry for my uggly english but as you can imagine i dont use to speak english very often

Yes, I think I missed the A record for terrabike.cl.

Since you are intending to fix the minor problem...

FAILED
ns1.terrabike.com (200.73.10.69) does not provide reverse resolution for its own IP address. As seen below:

http://serialcoders.sytes.net/cgi-b...e=PTR&submit=DS

You need to create a zone. Since you only have the one IP address, the zone should be the same name as the query.

Zone: 69.10.73.200.IN-ADDR.ARPA

Since there are many hosts associated with the zone, I think it should point to the root of the main zone:

69.10.73.200.IN-ADDR.ARPA PTR terrabike.com

Either that or to the name server:

69.10.73.200.IN-ADDR.ARPA PTR ns1.terrabike.com

It is really up to you. Shoot, even though I've never seen it done, I don't see any reason to not add multiple PTR records.

Your ISP doesn't need to know what it points to though. All they need to know is to forward that zone request to your ns1.terrabike.com.