Server can't find: SERVFAIL or REFUSE DNS - linux

I'm trying to setup a DNS Server using Debian but I keep getting errors when I do nslookup like SERVFAIL or REFUSED.
I want to use 3 virtual machines (VM1, VM2 and VM3) and call them that by those names in the DNS Server, I'm using VMWare Workstation 11.
Here is my configuration:
named.conf.options
options {
directory "/var/cache/bind";
additional-from-auth no;
additional-from-cache no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
192.168.207.2;
192.168.207.133;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation yes;
allow-recursion{127.0.0.1;};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
named.conf.local
zone "linux.local"{
type master;
file "etc/bind/db.linux.local";
};
zone "207.168.192-in-addr.arpa"{
type master;
file "etc/bind/db.207.168.192";
};
db.linux.local
;
; SOA
;
$TTL 1h
# IN SOA vm1.linux.local. root.linux.local. (
1 ; Serial number (YYYYMMDDnn)
1h ; Slave refresh
15m ; Slave retry
2w ; Slave expire
1h ; Cache TTL
)
;
; NS RECORDS
;
# IN NS vm1.linux.local.
;
; A RECORDS
;
linux.local. IN A 192.168.207.133
# IN A 192.168.207.133
vm1 IN A 192.168.207.133
vm3 IN A 192.168.207.135
vm2 IN A 192.168.207.130
vmware iN A 192.168.207.2
db.207.168.192
$TTL 1h
# IN SOA vm1.linux.local. root.linux.local. (
1;
1h;
15m;
2w;
1h;
)
IN NS vm1.linux.local.
133 IN PTR linux.local.
133 IN PTR vm1.linux.local.
135 IN PTR vm2.linux.local.
130 IN PTR vm3.linux.local.
2 IN PTR vmware.linux.local.
Here is the nslookup for VM1 and linux.local:
root#debian:/etc/bind# nslookup vm1
Server: 192.168.207.133
Address: 192.168.207.133#53
** server can't find vm1: REFUSED
root#debian:/etc/bind# nslookup linux.local
Server: 192.168.207.133
Address: 192.168.207.133#53
** server can't find linux.local.linux.local: SERVFAIL

maybe the access is limited. try edit the file named.conf, change or add options allow-query { any;};

run
rndc-confgen >> /etc/named.conf
This should fix the issue.

Related

SRV lookup request doesn't return an IP address

I am writing an XMPP client. The RFC says I need to connect to the server (like this one) using a SRV query.
When I use the trust_dns_resolver crate to do so, the query seems to be empty. Is this the normal behavior?
use trust_dns_resolver::Resolver;
use trust_dns_resolver::Name;
use std::str::FromStr;
fn main() {
let resolver = Resolver::from_system_conf().unwrap();
match resolver.srv_lookup(Name::from_str("_xmpp-client._tcp.xmpp.jp").unwrap()) {
Ok(response) => {
for ip in response.ip_iter() {
println!("{}", ip.to_string());
}
},
Err(e) => println!("{}", e),
}
}
The dig SRV _xmpp-client._tcp.xmpp.jp command line return the following:
; <<>> DiG 9.16.18 <<>> SRV _xmpp-client._tcp.xmpp.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16710
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2605a5d828b394e22ffbec3e61010461a668fc990570d859 (good)
;; QUESTION SECTION:
;_xmpp-client._tcp.xmpp.jp. IN SRV
;; ANSWER SECTION:
_xmpp-client._tcp.xmpp.jp. 23 IN SRV 20 10 5222 sapporo.xmpp.jp.
_xmpp-client._tcp.xmpp.jp. 23 IN SRV 30 10 5222 gw.lb.xmpp.jp.
_xmpp-client._tcp.xmpp.jp. 23 IN SRV 10 10 5222 tokyo.xmpp.jp.
;; Query time: 13 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: mer. juil. 28 09:16:49 CEST 2021
;; MSG SIZE rcvd: 183
I will have three IP addresses right ?
I think I'm misunderstanding something, but I don't know what.
It's ok if the SRV lookup return no IP address. in my case, the query return only few tuples composed of a domain name and a port number. After getting them, I have to resolve each one to get its IP address with its port number.
The trust_dns_proto crate is mandatory to deal with SRV lookup. So I add it to the Cargo.toml file, and the compiler stop crying...
Then I can write the following code to extract both port number and domain name:
use trust_dns_resolver::Resolver;
use trust_dns_resolver::Name;
use std::str::FromStr;
[...]
let resolver = Resolver::from_system_conf().unwrap();
match resolver.srv_lookup(Name::from_str("_xmpp-client._tcp.xmpp.jp.").unwrap()) {
Ok(response) => {
for srv in response.iter() {
println!("Port number:\t{}", srv.port());
println!("Domain name:\t{}\n", srv.target().to_utf8());
// have to resolve the domain name here
}
println!("{}", response.query().name());
},
Err(e) => println!("{}", e),
}
Thanks to Zeppi. His solution was far from perfect, but it put me on the right track to finding my own.

Bind9: limit query from subnet

I have a linux machine with a WiFi Hotspot assigning IP's in the 172.30.108.0/24 network.
I have bind 9 installed.
my named.conf only includes "include "/etc/bind/named.conf.local";", everything else is disabled.
My named.conf.local has:
options {
listen-on port 53 { 0.0.0.0; };
listen-on-v6 port 53 { ::1; };
directory "/var/cache/bind";
allow-query { localhost; };
recursion yes;
querylog yes;
};
acl clients {
172.30.108.0/24;
};
view "internal-view" {
match-clients { internal; };
allow-query { internal; };
allow-query-cache { internal; };
zone "limit.com." {
type master;
file "/etc/bind/db.limit.com";
};
# Mapping: Everything else to 127.0.0.1
zone "." {
type master;
file "/etc/bind/db.mapping";
};
};
view "external-view" {
match-clients { any; };
allow-query { any; };
allow-recursion { any; };
allow-query-cache { any; };
zone "wiincon.de." {
type master;
file "/etc/bind/db.limit.com";
};
include "/etc/bind/named.conf.default-zones";
};
My db.limit.com:
; BIND reverse data file for broadcast zone
;
$TTL 180
# IN SOA localhost. root.localhost. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS localhost.
# IN A 192.168.5.5
www IN A 192.168.5.5
and finally my db.mapping:
; BIND reverse data file for broadcast zone
;
$TTL 3600
# IN SOA localhost. root.localhost. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS localhost.
* IN A 127.0.0.1
My problem is now: the clients in 172.30.108.0/24 can query anything BUT www.limit.com
Actually: Clients from 172.30.108.0/24 should be able to resolve limit.com and www.limit.com, everything else should respond with 127.0.0.1.
When doing a nslookup I get
Non-authoraive answer:
*** can't find limit.com: no answer
I'm sure I'm missing something very obvious here. Any help is highly appreciated.
Found it. The problem was that the "SYSTEM" itself had 8.8.8.8 as the name server, hence bypassing everything local.

Bind9 Master zone has no address records (A or AAAA)

I've just installed Bind9 and Webmin on my VPS to manage a DNS server. Domain of the nameserver is ns1.primesystems.ch.
I created a new master zone (forward) for smartvend.ch through webmin. This works just fine, ip is resolved correctly. See configuration.
$ttl 38400
smartvend.ch. IN SOA ns1.primesystems.ch. john.doe.domain.ch. (
1399011114
10800
3600
604800
38400 )
smartvend.ch. IN NS ns1.primesystems.ch.
smartvend.ch. IN A 185.16.173.71
But when I create a new master zone for primesystems.ch (TLD of nameserver, maybe problem?) through webmin, an error occurs.
Config:
$ttl 38400
primesystems.ch. IN SOA ns1.primesystems.ch. john.doe.domain.ch. (
1399028931
10800
3600
604800
38400 )
primesystems.ch. IN NS ns1.primesystems.ch.
primesystems.ch. IN A 185.16.173.71
Error message:
The following errors were found in the records file /var/lib/bind/primesystems.ch.hosts ..
zone primesystems.ch/IN: NS 'ns1.primesystems.ch' has no address records (A or AAAA)
zone primesystems.ch/IN: not loaded due to errors.
The /etc/bin/named.conf.local looks like this:
zone "smartvend.ch" {
type master;
file "/var/lib/bind/smartvend.ch.hosts";
};
zone "primesystems.ch" {
type master;
file "/var/lib/bind/primesystems.ch.hosts";
};
So primesystems.ch can not be resolved by dig or host command - but smartvend.ch can.
So in my point of view, there must be a problem with primesystems.ch because it's also the nameserver. What i want is to route the url primesystems.ch to a webserver. Has anyone a idea?
UPDATE:
After adding 'ns1 IN A 185.16.173.70', the error disappeared. But when I run 'host primesystems.ch' no IP is returned. And 'dig primesystems.ch' returs this:
; <<>> DiG 9.8.3-P1 <<>> primesystems.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;primesystems.ch. IN A
;; AUTHORITY SECTION:
primesystems.ch. 424 IN SOA ns1.primesystems.ch. kevin\.kirn.kdsolutions.ch. 1399027394 10800 3600 604800 38400
;; Query time: 23 msec
;; SERVER: 62.2.17.61#53(62.2.17.61)
;; WHEN: Fri May 2 13:43:49 2014
;; MSG SIZE rcvd: 96

Internal dns server with bind + centos

I'm running bind 9 in a CentOS 6.3 machine and trying do setup and internal DNS server.
I'm really new to this and need to set this up for my company, the guy responsible for this just quited and I'm my own for a while. Thanks in advance.
I've tried a few tutorials and so far this is what I have:
named.conf file
options {
listen-on port 53 { 127.0.0.1; 192.168.0.24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "local.logits.me" IN {
type master;
file "fwd.local.logits.me";
allow-update {none;};
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "rev.local.logits.me";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
fwd.local.logits.me file
$TTL 86400
# IN SOA web.local.logits.me. root.local.logits.me. (
2013102113 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum Time to Lie (TTL)
)
# IN NS web.local.logits.me.
# IN A 192.168.0.24
web IN A 192.168.0.24
rev.local.logits.me file
$TTL 86400
# IN SOA web.local.logits.me. root.local.logits.me. (
2013102113 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum time to live (TTL)
)
# IN NS web.local.logits.me.
# IN PTR local.logits.me.
web IN A 192.168.0.24
24 IN PTR web.local.logits.me.
And this is what I get when I try nslookup
[root#localhost ~]# nslookup local.logits.me
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find local.logits.me: NXDOMAIN
[root#localhost ~]# nslookup web.local.logits.me
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find web.local.logits.me: NXDOMAIN
[root#localhost ~]# nslookup 192.168.0.24
Server: 192.168.0.24
Address: 192.168.0.24#53
** server can't find 24.0.168.192.in-addr.arpa.: NXDOMAIN
What is wrong?
I figured it out. Someone (either me or the guy before me) put the files on the wrong folder.
So I was editing files on '/' instead of the named root path given in '/etc/sysconfig/named'.
The root path is '/var/named/chroot', so I moved the config files there and everything works fine.

Bind9 configuration

I can't understand why my dns server won't work.
i get this, when i testing with "dig"
; <<>> DiG 9.7.3 <<>> connectioon.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54973
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;connectioon.eu. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.33#53(192.168.1.33)
;; WHEN: Fri Dec 9 20:14:07 2011
;; MSG SIZE rcvd: 32
named.conf.local:
zone "connectioon.eu" {
type master;
file "/etc/bind/zones/connectioon.eu";
};
zone "21.100.91.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
I have tried with:
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
and
zone "192.168.1.in-addr.arpa" {
type master;
file "/etc/bind/zones/192.168.1";
};
the connectioon.eu conf file:
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA connectioon.eu. voice12345678910.hotmail.com. (
09122011180545 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
# IN NS connectioon.eu.
# IN 91.100.21.28
the 192.168.1 file:
;
; BIND data file for local loopback interface
;
$TTL 604800
# IN SOA connectioon.eu. voice12345678910.hotmail.com. (
09122011184553 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
NS connectioon.eu.
28 PTR connectioon.eu.
my public ip is: 91.100.21.28 and local ip to dns: 192.168.1.33
ps. i using bind9 on ubuntu 11.04
This command :
dig connectioon.eu #91.100.21.28
shows
; <<>> DiG 9.7.3 <<>> connectioon.eu #91.100.21.28
;; global options: +cmd
;; connection timed out; no servers could be reached
Are you sure a name server is listening on port 53 (and is not restricted to local requests) ?
I assume 91.100.21.28 is where your DNS server is meant to be.
(edit: Actually a quick dig connectioon.eu +norecurse #x.nic.eu shows that the primary NS is 91.100.21.28.hostname-generic.arrownet.dk which resolves to 91.100.21.28)
PS: +1 for ziesemer's serverfault-related comment

Resources