Bind Errors

rajesh_ · Aug 27, 2007

Hi,
When i restarted DNS Error. I am getting following error. Even my site went down.....please help me...i dont know how to fix this.

DNS REPORTS ALSO HAVING ERRORS. I am newbie . Please help me to solve this.

http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com

named started ok Aug 27 20:14:47 fast named[4473]: shutting down: flushing changes Aug 27 20:14:47 fast named[4473]: stopping command channel on 127.0.0.1#953 Aug 27 20:14:47 fast named[4473]: no longer listening on 127.0.0.1#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 208.53.138.141#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 66.90.76.162#53 Aug 27 20:14:47 fast named[4473]: exiting Aug 27 20:14:47 fast named[4708]: starting BIND 9.3.4-P1 -u named Aug 27 20:14:47 fast named[4708]: found 1 CPU, using 1 worker thread Aug 27 20:14:47 fast named[4708]: loading configuration from '/etc/named.conf' Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0, 208.53.138.141#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0:1, 66.90.76.162#53 Aug 27 20:14:47 fast named[4708]: command channel listening on 127.0.0.1#953 Aug 27 20:14:47 fast named[4708]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone localdomain/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone localhost/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: running Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: sending notifies (serial 2007082702) Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: sending notifies (serial 2007082702) Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53

rajesh_ · Aug 28, 2007

Help Help!

Please help

koolcards · Aug 28, 2007

this return:

Retrieving DNS records for makespossible.com...

DNS servers
ns2.makespossible.com [66.90.76.162]
ns1.makespossible.com [208.53.138.141]

DNS server returned an error: Query refused

would mean that either your named service isn't running or, for some reason, won't respond to requests.

have you tried to login to the box via SSH and using
/scripts/fixnamedviews --force

you may have to mamually edit the external view statments in your /etc/named.conf. I understand several people have had this kind of problem lately

rajesh_ · Aug 28, 2007

mine

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

options
{
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};

logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};

view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "mybox.makespossible.com" {
type master;
file "/var/named/mybox.makespossible.com.db";
};

};

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

zone "mybox.makespossible.com" {
type master;
file "/var/named/mybox.makespossible.com.db";
};

};

This is my named.config . Can you please tell what to edit here.

gribozavr · Aug 28, 2007

i had such a problem recently. The following worked for me:

Edit

Code:

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

To:

Code:

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
    match-clients      { any; };
    match-destinations { any; };

rajesh_ · Aug 28, 2007

mine

this is mine mybox.makespossible.com.db

----
; Modified by Web Host Manager
; Zone File for mybox.makespossible.com
$TTL 14400
@ 86400 IN SOA ns1.makespossible.com. rajesh.mukkala.gmail.com. (
2007082702
86400
7200
3600000
86400
)

mybox.makespossible.com. 86400 IN NS ns1.makespossible.com.
mybox.makespossible.com. 86400 IN NS ns2.makespossible.com.

mybox.makespossible.com. 14400 IN A 208.53.138.141

localhost.mybox.makespossible.com. 14400 IN A 127.0.0.1

mybox.makespossible.com. 14400 IN MX 0 mybox.makespossible.com.

rajesh_ · Aug 28, 2007

thanks

Thank you gribozavr and KoolCards my problem fixed with your help.

I spent two days for this...

Thank you so much...

rajesh_ · Aug 28, 2007

one more

I have one more error in

http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com

Single Point of Failure

ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

Can you help to fix this also..

gribozavr · Aug 28, 2007

Are you running a fresh install of CPanel 11? maybe it is a bug in CPanel: default named.conf doesn't allow external clients to query DNS?

rajesh_ · Aug 28, 2007

yes i am using cpanel 11...its fresh install

Any solution please

rajesh_ · Aug 28, 2007

help needed please

gribozavr · Aug 28, 2007

It just says what it says. According to the RFC, you should have two separate DNS sersers in two separate locations, so that failure of one doesn't affect the accessibility of the domain. You have two IPs from different subnets assigned to a single server, right? If it is so, then you can only buy a second server and host it in another datacenter or buy some secondary dns service from a third-party company.

But really it isn't a problem. Imagine that your server loses Internet connectivity, or goes down, or something else happens. Even if DNS would work, the website wouldn't work anyway.

cPanelDavidG · Aug 28, 2007

gribozavr said: ↑

...
But really it isn't a problem. Imagine that your server loses Internet connectivity, or goes down, or something else happens. Even if DNS would work, the website wouldn't work anyway.
Click to expand...

The main people like remote DNS is in the case they have DNS pointing to other servers (such as MX entries pointing to Google for example), so a failure of the server doesn't result in an interruption of those services.

rajesh_ · Aug 28, 2007

ok..thanks david.

houseoftech · Aug 30, 2007

named.conf questions

Hello, my BIND service, since upgrading to cPanel 11, has been using up a lot of memory and cpu resources.

I was looking at these config file suggestions here and want to apply some of these changes to mine to see if it fixes my issues.

I currently have no views specified. All the zones are just listed. Should I move them into the views? And do I put them in the internal or external view? Here are some of my zones:

zone "localdomain" IN {
type master;
file "/var/named/localdomain.zone";
allow-update { none; };
};

zone "domain.com" {
type master;
file "/var/named/domain.com.db";
};

koolcards · Aug 30, 2007

houseoftech said: ↑

Hello, my BIND service, since upgrading to cPanel 11, has been using up a lot of memory and cpu resources.

I was looking at these config file suggestions here and want to apply some of these changes to mine to see if it fixes my issues.

I currently have no views specified. All the zones are just listed. Should I move them into the views? And do I put them in the internal or external view? Here are some of my zones:

zone "localdomain" IN {
type master;
file "/var/named/localdomain.zone";
allow-update { none; };
};

zone "domain.com" {
type master;
file "/var/named/domain.com.db";
};
Click to expand...

"views" are useful if you are interfaced with both an internal intranet as well as the external internet. I use CentOS, RH, and Suse and none of their bind are configured with views.

// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
Click to expand...

I don't think there's anything in an upgrade to cPanel11 that would affect your named service that way
What else might have changed?

houseoftech · Aug 31, 2007

Thanks for the response.

I went ahead and modified my named.conf to include the views. I put all the zones in the "external" view.

The named process is no longer using up 60% memory and high cpu. So it looks like adding the views solved my problem.

The reason this all started was because my server froze a week ago and checking /var/log/messages showed a lot of "host unreachable" and "lame server" errors from named. At least 10 per second, and my server doesn't have that much traffic. These errors are pretty much gone now, "host unreachable" is down to twice per minute.

Is there anything else I should check before calling the issue resolved?

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bind Errors

rajesh_ Active Member

rajesh_ Active Member

koolcards Well-Known Member

rajesh_ Active Member

gribozavr Member

rajesh_ Active Member

rajesh_ Active Member

rajesh_ Active Member

gribozavr Member

rajesh_ Active Member

rajesh_ Active Member

gribozavr Member

cPanelDavidG Technical Product Specialist

rajesh_ Active Member

houseoftech Member

koolcards Well-Known Member

houseoftech Member

BIND-chroot question

Configure bind-address

How can change Ptr RDNS on WHM BIND

Can't bind to an ephemeral port

Help securing rpcbind

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bind Errors

rajesh_ Active Member

rajesh_ Active Member

koolcards Well-Known Member

rajesh_ Active Member

gribozavr Member

rajesh_ Active Member

rajesh_ Active Member

rajesh_ Active Member

gribozavr Member

rajesh_ Active Member

rajesh_ Active Member

gribozavr Member

cPanelDavidG Technical Product Specialist

rajesh_ Active Member

houseoftech Member

koolcards Well-Known Member

houseoftech Member

BIND-chroot question

Configure bind-address

How can change Ptr RDNS on WHM BIND

Can't bind to an ephemeral port

Help securing rpcbind

Share This Page