Lame nameserver - centos5, cpanel11

ddcarnage

Member
Mar 1, 2006
21
0
151
Hello,

I really hope someone here can help me cause I've spent so many hours trying to solve this and it just doesn't seem to want to work.

Domain is vizfx.ca. This is a brand new server with centos5 and cpanel 11. When I start named, I get :

Code:
Jun 29 23:35:34 server2 named[8745]: zone vizfx.ca/IN/external: loaded serial 2007063001 
Jun 29 23:35:34 server2 named[8745]: running 
Jun 29 23:35:34 server2 named[8745]: zone vizfx.ca/IN/external: sending notifies (serial 2007063001)
Jun 29 23:35:34 server2 named[8745]: client 72.55.138.161#32817: view [B]localhost_resolver: received notify for zone 
'vizfx.ca': not authoritative[/B]
Naturally, dns stuff tells me I've got lame nameservers.

At first I had a DNS cluster setup with a second server because I was actually transferring the vizfx.ca domain from another server. (Is this the source of this nightmare??) So I tried syncing dns, cleaning dns, running scripts/fixnamed and fixrndc... I even completely erased named.conf and /var/named/* and reinstalled it from scratch. There seems to be something else that I can't think of...

Anyways here are the current config :

Code:
include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


options
{
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
    query-source    port 53;

    directory "/var/named"; // the default
    dump-file             "data/cache_dump.db";
    statistics-file     "data/named_stats.txt";
    memstatistics-file     "data/named_mem_stats.txt";
};

logging
{
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};


view "localhost_resolver"
{
    match-clients         { localhost; };
    match-destinations    { localhost; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    include "/var/named/named.rfc1912.zones";
};

view "internal"
{
    match-clients        { localnets; };
    match-destinations    { localnets; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };
};

view    "external"
{
   match-clients        { !localnets; !localhost; };
    match-destinations    { !localnets; !localhost; };

    recursion no;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

        zone "vizfx.ca" {
                type master;
                file "/var/named/vizfx.ca.db";
        };
};
Here is /var/named/vizfx.ca.db :

Code:
; cPanel 11.4.19-RELEASE_14379
; Zone file for vizfx.ca
$TTL 14400
@      43200    IN      SOA     ns1.vizfx.ca. fmaillet.11h11.net. (
                2007063001      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

vizfx.ca. 43200 IN NS ns1.vizfx.ca.
vizfx.ca. 43200 IN NS ns2.vizfx.ca.

ns2.vizfx.ca. IN A 72.55.138.161
ns1.vizfx.ca. IN A 72.55.164.22

vizfx.ca. IN A 72.55.164.22

localhost.vizfx.ca. IN A 127.0.0.1

vizfx.ca. IN MX 0 vizfx.ca.

mail IN CNAME vizfx.ca.
www IN CNAME vizfx.ca.
ftp IN CNAME vizfx.ca.
I don't know if this would have anything to do with it but after each reboot, only my main IP (72.55.164.22) seems to be active in cpanel. My two additional ips (72.55.138.161 and 72.55.138.162) are red in the add/remove IP list and bind will not use 72.55.138.161 until I remove and readd the ip.


Any help greatly appreciated cause I'm about to jump out the window... :confused:
 

hostmedic

Well-Known Member
Apr 30, 2003
543
0
166
Washington Court House, Ohio, United States
cPanel Access Level
DataCenter Provider
possible ip issues

In your post you stated your ip's loose their place when you reboot...
I am wondering if either 2 things are happening


1. is someone else using your IP addresses ? (reboot your box - then from your machine ping - and see if you can get there... or use dns stuff - )

while its rebooting - if they answer - and the box is off - you know someone has your ips

> vizfx.ca
Server: ns1.vizfx.ca
Address: 72.55.164.22

*** ns1.vizfx.ca can't find vizfx.ca: Query refused


You may also have port 53 blocked in your firewall and/or something else going on ...

if stuck - i will be around a little bit longer

skype = vinehosting
 

ddcarnage

Member
Mar 1, 2006
21
0
151
Hi,

Thanks for you answer. I tried rebooting the server and ping didn't work on all my IPs.

I just switch my firewall off and the problem persists... I'll keep looking.

Any ideas welcome...
 

ddcarnage

Member
Mar 1, 2006
21
0
151
Ok I seem to have fixed the lame nameserver problem.

What I did was change the following in named.conf from :

Code:
view    "external"
{
    match-clients        { !localnets; !localhost; };
    match-destinations    { !localnets; !localhost; };
for :

Code:
view    "external"
{
        match-clients { any; };
        match-destinations { any; };

I'm not an expert so I'm not sure if this is a good thing but I really really don't understand why the default configuration is this way and cpanel can't fix this with any of the different scripts and automatic reconfiguration I've tried...
 
Last edited:

felosi

Active Member
Aug 27, 2006
39
0
156
THANK YOU!!!!!!!!
I just setup a server for a client and been up all damn night trying to find a solution, feel like such a noob,
 

php-dawg

Active Member
Jul 9, 2003
31
0
156
Atlanta, GA
Found the issue with mine. The cluster was not updating and it set the name server is cache only. Copied the named.conf from the working server to the non-working server and all is ok.
 

NNNils

Well-Known Member
Sep 17, 2002
580
0
166
This fixed my issue too.

Be sure not to make this change for internal view.

In my zonefile external view was hidden a bit, you might need to scroll down some time in named.conf before you find it.
 

gribozavr

Member
Aug 15, 2007
23
1
53
I had the same problem a few days ago. CentOS 5, CPanel 11, fresh installation. The solution was the same.
 

jeroman8

Well-Known Member
Mar 14, 2003
410
0
166
Thanks - works for me but, I removed those lines instead of changing them.

Delete:

match-clients { !localnets; !localhost; };
match-destinations { !localnets; !localhost; };


Note, there's 3 places with match-clients.
Delete only the last one where it say both "localnets; and !localhost"
 

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Solved??

I just wanted to quickly let people know that I solved this problem by doing a manual sync from within the WHM. But I had to choose the "v1 slow" method even though my 3 clustered machines are all compelely up-to-date and using the exact same version of cPanel.

I choose to "Sync All" (bottom left option).

After that all name servers received all zones, perfectly in sync. v2 method used to work and then just doesn't seem to work for me now. I have not tried to to figure out why yet. After 8 stright hours I'm just happy to have it working...

If somebody can clue me in as to why v1 method would work and v2 would not that would be nice to know.

vikins
 

Humbrol

Member
Mar 16, 2008
10
0
51
Help

Ok here is my named.conf file and dns test results. I cannot get the nameservers working for the life of me. =/ new to this so trying to learn whats going on but in over my head atm.

Code:
include "/etc/rndc.key";

controls {
	inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


options {
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
    query-source    port 53;    
    
    // Put files that named is allowed to write in the data/ directory:
    directory "/var/named"; // the default
    dump-file             "data/cache_dump.db";
    statistics-file     "data/named_stats.txt";
    memstatistics-file     "data/named_mem_stats.txt";
};

logging {
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };    
};


// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// 
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
    match-clients         { 127.0.0.0/24; };
    match-destinations    { localhost; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    /* these are zones that contain definitions for all the localhost
     * names and addresses, as recommended in RFC1912 - these names should
     * ONLY be served to localhost clients:
     */
    include "/var/named/named.rfc1912.zones";
};

view "internal" {
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
    match-clients        { localnets; };
    match-destinations    { localnets; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    // include "/var/named/named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.
 
    // These are your "authoritative" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :
	
	zone "bumblebee.thegeekhosting.com" {
		type master;
		file "/var/named/bumblebee.thegeekhosting.com.db";
	};
	
	zone "ns1.thegeekhosting.com" {
		type master;
		file "/var/named/ns1.thegeekhosting.com.db";
	};
	
	zone "ns2.thegeekhosting.com" {
		type master;
		file "/var/named/ns2.thegeekhosting.com.db";
	};
};

view    "external" {
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */

    recursion no;
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // all views must contain the root hints zone:
    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries
		
		zone "bumblebee.thegeekhosting.com" {
			type master;
			file "/var/named/bumblebee.thegeekhosting.com.db";
		};
		
		zone "ns1.thegeekhosting.com" {
			type master;
			file "/var/named/ns1.thegeekhosting.com.db";
		};
		
		zone "ns2.thegeekhosting.com" {
			type master;
			file "/var/named/ns2.thegeekhosting.com.db";
		};
};
Code:
Error: Nameserver test failed
Info: Nameserver test for domain thegeekhosting.com
Note: Nameserver ns1.thegeekhosting.com at 74.xx.xxx.188 (provided)
Note: Nameserver ns2.thegeekhosting.com at 74.xx.xxx.189 (provided)
Error: No answer from ns2.thegeekhosting.com at address 74.xx.xxx.189
Error: No working authoritative nameserver found
Error: At least 2 nameservers required
Error: Answer for NS query from ns1.thegeekhosting.com at address 74.xx.xxx.188 contains no answer
Error: Answer for SOA query from ns1.thegeekhosting.com at address 74.xx.xxx.188 contains no answer