Results 1 to 3 of 3

Thread: ;;Got SERVFAIL reply of DNS

  1. #1

    ;;Got SERVFAIL reply of DNS

    Dear all,

    under SLES 11 SP2 we have set up a DNS zone and here are the contents
    of the respective files:

    named.conf
    =========
    options {


    directory "/var/lib/named";

    dump-file "/var/log/named_dump.db";

    statistics-file "/var/log/named.stats";



    listen-on port 53 { any; };

    listen-on-v6 { any; };



    allow-query { any; };



    include "/etc/named.d/forwarders.conf";

    };



    zone "." in {

    type hint;

    file "root.hint";

    };



    zone "localhost" in {

    type master;

    file "localhost.zone";

    };



    zone "0.0.127.in-addr.arpa" in {

    type master;

    file "127.0.0.zone";

    };




    include "/etc/named.conf.include";

    zone "example.com" in {

    file "master/example.com";

    type master;

    allow-transfer { any; };

    };

    logging {

    category queries { log_file; };

    category default { log_file; };

    channel log_file { file "/var/log/DNS_log" versions 2 size 50M; };

    };

    zone "3.2.1.in-addr.arpa" in {

    file "master/3.2.1.in-addr.arpa";

    type master;

    allow-transfer { any; };

    };


    forwarders.conf
    ============
    forwarders {

    1.2.3.1;

    1.2.3.2;

    };


    example.com
    ===========
    $TTL 2d

    @ IN SOA mail-s.example.com. root.mail-s.example.com. (

    2012103104 ; serial

    3h ; refresh

    1h ; retry

    1w ; expiry

    1d ) ; minimum



    example.com. IN MX 5 mail-s.example.com.

    example.com. IN NS mail-s.example.com.

    mail-s IN A 1.2.3.10

    ; IN Address (A) records

    localhost IN A 127.0.0.1

    fw1 IN A 1.2.3.11

    dc1 IN A 1.2.3.12

    dc2 IN A 1.2.3.13

    3.2.1.in-addr.arpa
    =============
    $TTL 2d

    @ IN SOA mail-s.example.com. root.mail-s.example.com. (

    2011121405 ; serial

    3h ; refresh

    1h ; retry

    1w ; expiry

    1d ) ; minimum



    @ IN NS mail-s.example.com.

    ; IN Reverse Map

    10 IN PTR mail-s.example.com.

    11 IN PTR fw1.example.com.

    12 IN PTR dc1.example.com.

    13 IN PTR dc2.example.com.


    /etc/resolv.conf
    ============
    search example.com

    nameserver 1.2.3.10



    For instance when we try to resolve fw1.example.com using
    mail-s: nslookup fw1.example.com
    we see this ";;Got SERVFAIL reply from 1.2.3.10" message.
    mail-s: dig any example.com @mail-s.example.com
    tells us
    ; <<>> DiG 9.6-ESV-R5-P1 <<>> any example.com @mail-s.eixample.com

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47307

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0



    ;; QUESTION SECTION:

    ;example.com. IN ANY



    ;; Query time: 0 msec

    ;; SERVER: 1.2.3.10#53(1.2.3.10)

    ;; WHEN: Wed Nov 14 10:04:15 2012

    ;; MSG SIZE rcvd: 28



    Further informations:
    1. there is no firewall on mail-s (nameserver)
    2. mail-s: netstat -an | grep :53 | grep udp
    looks like this:
    udp 0 0 1.2.3.10:53 0.0.0.0:*
    udp 0 0 127.0.0.2:53 0.0.0.0:*
    udp 0 0 127.0.0.1:53 0.0.0.0:*

    Any idea what's wrong here?
    Many thanks in advance for any hint!

    Regards, Rainer














    example.com
    ==========

  2. Re: ;;Got SERVFAIL reply of DNS

    Hi Rainer,

    are there any helpful messages in syslog on the server running named, during named's startup? Syntax errors and alike would be reported there...

    (Edit) Are you running your named in a chroot jail? Maybe not all files / directories are where they are expected to be... but that ought to lead to messages during named startup, too.

    Regards,
    Jens

    (Edit: hit the reply button too early...)
    Last edited by jmozdzen; 14-Nov-2012 at 12:38.

  3. #3

    Re: ;;Got SERVFAIL reply of DNS

    BINGO!!!!!!!!!!!
    Log file pointed out "Multiple RRs records of singleton type" in the zone "example.com"
    ie there were these 2 entries:
    ftp IN CNAME www.domain.com.
    ftp IN CNAME www1.domain.com.
    After removing one of these lines everything is running now like a charm.

    Thanks, Jens!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •