BIND returns serverfail when querying for its authoriative domain
- by estol
Hi there Serverfault folks!
First of all: sorry about the title, I had some problem coming up with the proper title.
I have a little home server set up, for internet sharing, samba, basic http, dlna mediaserver and what not, and I happend to have a domain at hand, so I thought why not direct it to this computer?
I have a BIND 9.8.0 installed, and - afaik - configured it properly.
For a few days, the public view did not worked, and I really did not cared, since the local view worked.
But now suddenly, even the local view fails.
If I try to query the nameserver for anything in my domain, it returns the following error:
$ nslookup andromeda.dafaces.com
;; Got SERVFAIL reply from ::1, trying next server
;; Got SERVFAIL reply from ::1, trying next server
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find andromeda.dafaces.com.dafaces.com: SERVFAIL
Also, the public view points to the old ip address of the domain, probably because of the same error.
Some information about the system:
$ uname -a
Linux tressis 2.6.37-ARCH #1 SMP PREEMPT Tue Mar 15 09:21:17 CET 2011 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ AuthenticAMD GNU/Linux
$ named -v
BIND 9.8.0
And the named.conf file:
# cat /etc/named.conf
//
// /etc/named.conf
//
include "/etc/rndc.key";
#controls {
# inet 127.0.0.1 allow {localhost; } keys { "dnskulcs"; };
#};
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
auth-nxdomain yes;
datasize default;
// Uncomment these to enable IPv6 connections support
// IPv4 will still work:
listen-on-v6 { any; };
listen-on { any; };
// Add this for no IPv4:
// listen-on { none; };
// Default security settings.
// allow-recursion { 127.0.0.1; ::1; 192.168.1.0/24; };
// allow-recursion { any; };
allow-query { any; };
allow-transfer { 127.0.0.1; ::1; 92.243.14.172; 87.98.164.164; 88.191.64.64; };
allow-update { key "dnskulcs"; };
version none;
hostname none;
server-id none;
zone-statistics yes;
forwarders { 213.46.246.53; 213.26.246.54; 8.8.8.8; 8.8.4.4; 192.188.242.65; 193.227.196.3; 2001:470:20::2; };
};
view "local" {
match-clients { 192.168.1.0/24; 127.0.0.1; ::1; fec0:0:0:ffff::/64; };
recursion yes;
zone "localhost" IN {
type master;
file "localhost.zone";
allow-transfer { any; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.zone";
allow-transfer { any; };
};
zone "." IN {
type hint;
file "root.hint";
};
zone "dafaces.com" IN {
type master;
file "internal/dafaces.com.fw";
allow-update { key "dnskulcs"; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "internal/dafaces.com.rev";
allow-update { key "dnskulcs"; };
};
};
view "public" {
match-clients { any;};
recursion no;
zone "dafaces.com" IN {
type master;
file "external/dafaces.com.fw";
allow-transfer {
87.98.164.164; 195.234.42.1; 88.191.64.64;
};
};
};
//zone "example.org" IN {
// type slave;
// file "example.zone";
// masters {
// 192.168.1.100;
// };
// allow-query { any; };
// allow-transfer { any; };
//};
logging {
channel xfer-log {
file "/var/log/named.log";
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category xfer-in { xfer-log; };
category xfer-out { xfer-log; };
category notify { xfer-log; };
};
All help would be highly appreciated!
EDIT: Zone files:
# cat /var/named/internal/dafaces.com.fw
$ORIGIN .
$TTL 3600 ; 1 hour
dafaces.com IN SOA tressis.dafaces.com. postmaster.dafaces.com. (
2011032201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
2419200 ; expire (4 weeks)
3600 ; minimum (1 hour)
)
NS tressis.dafaces.com.
A 192.168.1.1
MX 10 mail.dafaces.com.
$ORIGIN _tcp.dafaces.com.
_http SRV 0 5 80 www.dafaces.com.
_ssh SRV 0 5 22 tressis.dafaces.com.
$ORIGIN dafaces.com.
acrisius A 192.168.1.230
andromeda A 192.168.1.7
andromeda-win7 CNAME andromeda
aspasia A 192.168.1.233
athena A 192.168.1.232
callisto A 192.168.1.102
db A 192.168.1.1
management A 192.168.1.1 ; web management for the router functions
haley A 192.168.1.5
hoth A 192.168.1.101
mail A 192.168.1.1
satelite A 192.168.1.20
sony-player A 192.168.1.103
TXT "310f16de2d2712dfc4ae6e5c54f60f828e"
torrent A 192.168.1.1
tracker A 192.168.1.1
tressis A 192.168.1.1
www A 192.168.1.1
zeus A 192.168.1.231
and
# cat /var/named/external/dafaces.com.fw
$ORIGIN .
$TTL 3600
dafaces.com IN SOA ns.dafaces.com. postmaster.dafaces.com. (
2011032405; serial
28800; refresh
7200; retry
2419200; expire
3600; minimum
)
NS ns.dafaces.com.
NS ns0.xname.org.
NS ns1.xname.org.
NS ns2.xname.org.
A 89.135.129.37
MX 10 mail.dafaces.com.
$ORIGIN dafaces.com.
;Szolgaltatasok
_ssh._tcp SRV 0 5 22 tressis
_http._tcp SRV 0 5 80 www
ns A 89.135.129.37
hoth A 89.135.129.37
www A 89.135.129.37
mail A 89.135.129.37
db A 89.135.129.37
torrent A 89.135.129.37
tracker A 89.135.129.37
Edit:
Ohh, hell I almost forgot. Since the node is connected to the internet via a residential connection, there is a possibility, that the public ipv4 address will change(but thank god, it is a very rare case), so I daily update the external IP address in the zone file with a shellscript:
# cat /etc/cron.daily/dnsupdate
#!/bin/sh
FILE="/var/named/external/dafaces.com.fw"
SERIAL=$(date +%Y%m%d05)
PUBLIC_IP=$(ifconfig internet |sed -n "/inet addr:.*255.255.255.255/{s/.*inet addr://; s/ .*//; p}")
cat $FILE | sed --posix 's/^.* serial$/\t\t\t\t\t'$SERIAL'; serial/' | sed --posix 's/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/'$PUBLIC_IP'/' > /tmp/ujzona
mv /tmp/ujzona $FILE
/etc/rc.d/named reload
