Bind Errors

[rajesh_]

Hi,
When i restarted DNS Error. I am getting following error. Even my site went down.....please help me...i dont know how to fix this.

DNS REPORTS ALSO HAVING ERRORS. I am newbie . Please help me to solve this.

http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com



named started ok Aug 27 20:14:47 fast named[4473]: shutting down: flushing changes Aug 27 20:14:47 fast named[4473]: stopping command channel on 127.0.0.1#953 Aug 27 20:14:47 fast named[4473]: no longer listening on 127.0.0.1#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 208.53.138.141#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 66.90.76.162#53 Aug 27 20:14:47 fast named[4473]: exiting Aug 27 20:14:47 fast named[4708]: starting BIND 9.3.4-P1 -u named Aug 27 20:14:47 fast named[4708]: found 1 CPU, using 1 worker thread Aug 27 20:14:47 fast named[4708]: loading configuration from '/etc/named.conf' Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0, 208.53.138.141#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0:1, 66.90.76.162#53 Aug 27 20:14:47 fast named[4708]: command channel listening on 127.0.0.1#953 Aug 27 20:14:47 fast named[4708]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone localdomain/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone localhost/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: running Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: sending notifies (serial 2007082702) Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: sending notifies (serial 2007082702) Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53

 

[rajesh_]

Help Help!

Please help

 

[koolcards]

this return:

Retrieving DNS records for makespossible.com...

DNS servers
ns2.makespossible.com [66.90.76.162]
ns1.makespossible.com [208.53.138.141]

DNS server returned an error: Query refused

would mean that either your named service isn't running or, for some reason, won't respond to requests.

have you tried to login to the box via SSH and using
/scripts/fixnamedviews --force

you may have to mamually edit the external view statments in your /etc/named.conf. I understand several people have had this kind of problem lately

 

[rajesh_]

mine

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


options
{
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
};

logging
{
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};


// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};

view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
that connect via your directly attached LAN interfaces - "localnets" .
*/
match-clients { localnets; };
match-destinations { localnets; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritative" internal zones, and would probably
// also be included in the "localhost_resolver" view above :

zone "mybox.makespossible.com" {
type master;
file "/var/named/mybox.makespossible.com.db";
};

};

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

zone "mybox.makespossible.com" {
type master;
file "/var/named/mybox.makespossible.com.db";
};

};



This is my named.config . Can you please tell what to edit here.

 

[gribozavr]

i had such a problem recently. The following worked for me:

Edit

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };

To:

view "external"
{
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/
    match-clients      { any; };
    match-destinations { any; };

 

[rajesh_]

mine

this is mine mybox.makespossible.com.db


----
; Modified by Web Host Manager
; Zone File for mybox.makespossible.com
$TTL 14400
@ 86400 IN SOA ns1.makespossible.com. rajesh.mukkala.gmail.com. (
2007082702
86400
7200
3600000
86400
)

mybox.makespossible.com. 86400 IN NS ns1.makespossible.com.
mybox.makespossible.com. 86400 IN NS ns2.makespossible.com.


mybox.makespossible.com. 14400 IN A 208.53.138.141

localhost.mybox.makespossible.com. 14400 IN A 127.0.0.1

mybox.makespossible.com. 14400 IN MX 0 mybox.makespossible.com.

 

[rajesh_]

thanks

Thank you gribozavr and KoolCards my problem fixed with your help.

I spent two days for this...

Thank you so much...

 

[rajesh_]

one more

I have one more error in

http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com


Single Point of Failure

ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

Can you help to fix this also..

 

[gribozavr]

Are you running a fresh install of CPanel 11? maybe it is a bug in CPanel: default named.conf doesn't allow external clients to query DNS?

 

[rajesh_]

yes i am using cpanel 11...its fresh install


Any solution please

 

[rajesh_]

help needed please

 

[gribozavr]

It just says what it says. According to the RFC, you should have two separate DNS sersers in two separate locations, so that failure of one doesn't affect the accessibility of the domain. You have two IPs from different subnets assigned to a single server, right? If it is so, then you can only buy a second server and host it in another datacenter or buy some secondary dns service from a third-party company.

But really it isn't a problem. Imagine that your server loses Internet connectivity, or goes down, or something else happens. Even if DNS would work, the website wouldn't work anyway.

 

[cPanelDavidG]

...
But really it isn't a problem. Imagine that your server loses Internet connectivity, or goes down, or something else happens. Even if DNS would work, the website wouldn't work anyway.

The main people like remote DNS is in the case they have DNS pointing to other servers (such as MX entries pointing to Google for example), so a failure of the server doesn't result in an interruption of those services.

 

[rajesh_]

ok..thanks david.

 

[houseoftech]

named.conf questions

Hello, my BIND service, since upgrading to cPanel 11, has been using up a lot of memory and cpu resources.

I was looking at these config file suggestions here and want to apply some of these changes to mine to see if it fixes my issues.

I currently have no views specified. All the zones are just listed. Should I move them into the views? And do I put them in the internal or external view? Here are some of my zones:

zone "localdomain" IN {
type master;
file "/var/named/localdomain.zone";
allow-update { none; };
};

zone "domain.com" {
type master;
file "/var/named/domain.com.db";
};

 

[koolcards]

Hello, my BIND service, since upgrading to cPanel 11, has been using up a lot of memory and cpu resources.

I was looking at these config file suggestions here and want to apply some of these changes to mine to see if it fixes my issues.

I currently have no views specified. All the zones are just listed. Should I move them into the views? And do I put them in the internal or external view? Here are some of my zones:

zone "localdomain" IN {
type master;
file "/var/named/localdomain.zone";
allow-update { none; };
};

zone "domain.com" {
type master;
file "/var/named/domain.com.db";
};

"views" are useful if you are interfaced with both an internal intranet as well as the external internet. I use CentOS, RH, and Suse and none of their bind are configured with views.

// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.

I don't think there's anything in an upgrade to cPanel11 that would affect your named service that way
What else might have changed?

 

[houseoftech]

Thanks for the response.

I went ahead and modified my named.conf to include the views. I put all the zones in the "external" view.

The named process is no longer using up 60% memory and high cpu. So it looks like adding the views solved my problem.

The reason this all started was because my server froze a week ago and checking /var/log/messages showed a lot of "host unreachable" and "lame server" errors from named. At least 10 per second, and my server doesn't have that much traffic. These errors are pretty much gone now, "host unreachable" is down to twice per minute.

Is there anything else I should check before calling the issue resolved?