[Techtalk] Bind DNS issues...

Mary Gardiner mary-linuxchix at puzzling.org
Sat Jul 29 22:15:31 UTC 2006

On Sat, Jul 29, 2006, Walt wrote:
> Okay, so I go home Friday night from work and everything is working
> fine with the DNS on two servers at our office. Come in this morning,
> and find that domains hosted on those servers are no longer resolving.
> The named process appears to be up and running without problems, but
> dig/nslookup won't even give results about the domains on the machines
> and I cannot ping the domains from inside or outside the network! I
> have no clue what has changed! This seems crazy and I have no errors
> anywhere to try to trace to some kind of source!

You don't specifiy whether or not you specifically asked those machines
via dig or not. If not, here's what I'd do first, assuming your domain
is example.com.

1. Find out what the com nameservers are:

$ dig -t NS com

; <<>> DiG 9.3.2 <<>> -t NS com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32140
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;com.                           IN      NS

com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
[snip the other lot]

2. Find out what they think *your* nameservers are:

$ dig -t NS example.com @g.gtld-servers.net.

; <<>> DiG 9.3.2 <<>> -t NS example.com @g.gtld-servers.net.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8225
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;example.com.                   IN      NS

example.com.            172800  IN      NS      a.iana-servers.net.
example.com.            172800  IN      NS      b.iana-servers.net.

a.iana-servers.net.     172800  IN      A
b.iana-servers.net.     172800  IN      A

Check that both the ANSWER section and the ADDITIONAL SECTION to make
sure that they contain the right info.

3. That will check that people are being sent to the right place. If
that's not true, you need to look at your parent nameserver, possibly
through your registrar.

4. If the parent nameserver is all good (you'd be surprised how many
people do this and find out that their domain names have expired, for
example), I'd first:

5. Log into the machines themseves and check what they're thinking:

$ dig example.com @localhost

6. Restart bind on the machines in question and at the same time see
what /var/log/syslog is saying by way of errors.

I'd need info from 5 and 6 to make any further suggestions.

> Any thoughts/suggestions? Also, what about using djbdns? Anyone
> recommend that over Bind?

I found the config files easier when I was using it, and it *gasp*
updates the serial number automatically. But I tend to dislike
installing stuff that isn't packaged and doesn't have security support
provided by my distro (eventually people seem to get bitten by not
getting updates), and at the time Debian didn't support it for licencing
reasons. I haven't looked recently.


More information about the Techtalk mailing list