The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bind Errors

Discussion in 'Bind / DNS / Nameserver Issues' started by rajesh_, Aug 27, 2007.

  1. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    When i restarted DNS Error. I am getting following error. Even my site went down.....please help me...i dont know how to fix this.

    DNS REPORTS ALSO HAVING ERRORS. I am newbie . Please help me to solve this.

    http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com



    named started ok Aug 27 20:14:47 fast named[4473]: shutting down: flushing changes Aug 27 20:14:47 fast named[4473]: stopping command channel on 127.0.0.1#953 Aug 27 20:14:47 fast named[4473]: no longer listening on 127.0.0.1#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 208.53.138.141#53 Aug 27 20:14:47 fast named[4473]: no longer listening on 66.90.76.162#53 Aug 27 20:14:47 fast named[4473]: exiting Aug 27 20:14:47 fast named[4708]: starting BIND 9.3.4-P1 -u named Aug 27 20:14:47 fast named[4708]: found 1 CPU, using 1 worker thread Aug 27 20:14:47 fast named[4708]: loading configuration from '/etc/named.conf' Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0, 208.53.138.141#53 Aug 27 20:14:47 fast named[4708]: listening on IPv4 interface eth0:1, 66.90.76.162#53 Aug 27 20:14:47 fast named[4708]: command channel listening on 127.0.0.1#953 Aug 27 20:14:47 fast named[4708]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700 Aug 27 20:14:47 fast named[4708]: zone localdomain/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone localhost/IN/localhost_resolver: loaded serial 42 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: loaded serial 2007082702 Aug 27 20:14:47 fast named[4708]: running Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/internal: sending notifies (serial 2007082702) Aug 27 20:14:47 fast named[4708]: zone mybox.makespossible.com/IN/external: sending notifies (serial 2007082702) Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 208.53.138.141#53 Aug 27 20:14:48 fast named[4708]: lame server resolving 'ns2.makespossible.com' (in 'makespossible.com'?): 66.90.76.162#53
     
  2. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Help Help!

    Please help :mad:
     
  3. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    this return:

    Retrieving DNS records for makespossible.com...

    DNS servers
    ns2.makespossible.com [66.90.76.162]
    ns1.makespossible.com [208.53.138.141]

    DNS server returned an error: Query refused

    would mean that either your named service isn't running or, for some reason, won't respond to requests.

    have you tried to login to the box via SSH and using
    /scripts/fixnamedviews --force

    you may have to mamually edit the external view statments in your /etc/named.conf. I understand several people have had this kind of problem lately
     
  4. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    mine

    include "/etc/rndc.key";

    controls {
    inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };


    options
    {
    /* make named use port 53 for the source of all queries, to allow
    * firewalls to block all ports except 53:
    */
    query-source port 53;

    // Put files that named is allowed to write in the data/ directory:
    directory "/var/named"; // the default
    dump-file "data/cache_dump.db";
    statistics-file "data/named_stats.txt";
    memstatistics-file "data/named_mem_stats.txt";
    };

    logging
    {
    /* If you want to enable debugging, eg. using the 'rndc trace' command,
    * named will try to write the 'named.run' file in the $directory (/var/named).
    * By default, SELinux policy does not allow named to modify the /var/named directory,
    * so put the default debug log file in data/ :
    */
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };


    // All BIND 9 zones are in a "view", which allow different zones to be served
    // to different types of client addresses, and for options to be set for groups
    // of zones.
    //
    // By default, if named.conf contains no "view" clauses, all zones are in the
    // "default" view, which matches all clients.
    //
    // If named.conf contains any "view" clause, then all zones MUST be in a view;
    // so it is recommended to start off using views to avoid having to restructure
    // your configuration files in the future.

    view "localhost_resolver"
    {
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
    * If all you want is a caching-only nameserver, then you need only define this view:
    */
    match-clients { localhost; };
    match-destinations { localhost; };
    recursion yes;

    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };

    /* these are zones that contain definitions for all the localhost
    * names and addresses, as recommended in RFC1912 - these names should
    * ONLY be served to localhost clients:
    */
    include "/var/named/named.rfc1912.zones";
    };

    view "internal"
    {
    /* This view will contain zones you want to serve only to "internal" clients
    that connect via your directly attached LAN interfaces - "localnets" .
    */
    match-clients { localnets; };
    match-destinations { localnets; };
    recursion yes;

    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };

    // include "/var/named/named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.

    // These are your "authoritative" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :

    zone "mybox.makespossible.com" {
    type master;
    file "/var/named/mybox.makespossible.com.db";
    };

    };

    view "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
    * that have addresses that are not on your directly attached LAN interface subnets:
    */
    match-clients { !localnets; !localhost; };
    match-destinations { !localnets; !localhost; };

    recursion no;
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // all views must contain the root hints zone:
    zone "." IN {
    type hint;
    file "/var/named/named.ca";
    };

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries

    zone "mybox.makespossible.com" {
    type master;
    file "/var/named/mybox.makespossible.com.db";
    };

    };



    This is my named.config . Can you please tell what to edit here.
     
  5. gribozavr

    gribozavr Member

    Joined:
    Aug 15, 2007
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    i had such a problem recently. The following worked for me:

    Edit

    Code:
    view "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
    * that have addresses that are not on your directly attached LAN interface subnets:
    */
    match-clients { !localnets; !localhost; };
    match-destinations { !localnets; !localhost; };
    To:

    Code:
    view "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
    * that have addresses that are not on your directly attached LAN interface subnets:
    */
        match-clients      { any; };
        match-destinations { any; };
     
  6. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    mine

    this is mine mybox.makespossible.com.db


    ----
    ; Modified by Web Host Manager
    ; Zone File for mybox.makespossible.com
    $TTL 14400
    @ 86400 IN SOA ns1.makespossible.com. rajesh.mukkala.gmail.com. (
    2007082702
    86400
    7200
    3600000
    86400
    )

    mybox.makespossible.com. 86400 IN NS ns1.makespossible.com.
    mybox.makespossible.com. 86400 IN NS ns2.makespossible.com.


    mybox.makespossible.com. 14400 IN A 208.53.138.141

    localhost.mybox.makespossible.com. 14400 IN A 127.0.0.1

    mybox.makespossible.com. 14400 IN MX 0 mybox.makespossible.com.
     
  7. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    thanks

    Thank you gribozavr and KoolCards my problem fixed with your help.

    I spent two days for this...

    Thank you so much...
     
  8. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    one more

    I have one more error in

    http://www.dnsstuff.com/tools/dnsreport.ch?domain=makespossible.com


    Single Point of Failure

    ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

    Can you help to fix this also..
     
  9. gribozavr

    gribozavr Member

    Joined:
    Aug 15, 2007
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    Are you running a fresh install of CPanel 11? maybe it is a bug in CPanel: default named.conf doesn't allow external clients to query DNS?
     
  10. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    yes i am using cpanel 11...its fresh install


    Any solution please
     
    #10 rajesh_, Aug 28, 2007
    Last edited: Aug 28, 2007
  11. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    help needed please
     
  12. gribozavr

    gribozavr Member

    Joined:
    Aug 15, 2007
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    It just says what it says. According to the RFC, you should have two separate DNS sersers in two separate locations, so that failure of one doesn't affect the accessibility of the domain. You have two IPs from different subnets assigned to a single server, right? If it is so, then you can only buy a second server and host it in another datacenter or buy some secondary dns service from a third-party company.

    But really it isn't a problem. Imagine that your server loses Internet connectivity, or goes down, or something else happens. Even if DNS would work, the website wouldn't work anyway.
     
    #12 gribozavr, Aug 28, 2007
    Last edited: Aug 28, 2007
  13. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The main people like remote DNS is in the case they have DNS pointing to other servers (such as MX entries pointing to Google for example), so a failure of the server doesn't result in an interruption of those services.
     
  14. rajesh_

    rajesh_ Active Member

    Joined:
    Oct 9, 2006
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    ok..thanks david.
     
  15. houseoftech

    houseoftech Member

    Joined:
    Aug 30, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    named.conf questions

    Hello, my BIND service, since upgrading to cPanel 11, has been using up a lot of memory and cpu resources.

    I was looking at these config file suggestions here and want to apply some of these changes to mine to see if it fixes my issues.

    I currently have no views specified. All the zones are just listed. Should I move them into the views? And do I put them in the internal or external view? Here are some of my zones:

    zone "localdomain" IN {
    type master;
    file "/var/named/localdomain.zone";
    allow-update { none; };
    };

    zone "domain.com" {
    type master;
    file "/var/named/domain.com.db";
    };
     
  16. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl

    "views" are useful if you are interfaced with both an internal intranet as well as the external internet. I use CentOS, RH, and Suse and none of their bind are configured with views.


    I don't think there's anything in an upgrade to cPanel11 that would affect your named service that way :cool:
    What else might have changed?
     
  17. houseoftech

    houseoftech Member

    Joined:
    Aug 30, 2007
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the response.

    I went ahead and modified my named.conf to include the views. I put all the zones in the "external" view.

    The named process is no longer using up 60% memory and high cpu. So it looks like adding the views solved my problem.

    The reason this all started was because my server froze a week ago and checking /var/log/messages showed a lot of "host unreachable" and "lame server" errors from named. At least 10 per second, and my server doesn't have that much traffic. These errors are pretty much gone now, "host unreachable" is down to twice per minute.

    Is there anything else I should check before calling the issue resolved?
     
Loading...

Share This Page