Author Topic: Zentyal-powered LAN DNS not working?  (Read 11565 times)

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #15 on: September 28, 2011, 10:51:59 am »
I was googling around and found this:

Quote
SERVFAIL means that the domain does exist and the root name servers have information on this domain, but that the authoritative name servers are not answering queries for this domain.

Given that in my case Zentyal is both the root name server and the authoritative name server for that domain, this seems weird. The Zentyal DNS knows the domain exists but isn't answering queries for it?

Are there logs somewhere on the Zentyal box I can check to see what problem it's encountering that causes the SERVFAIL packet?

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #16 on: September 28, 2011, 10:53:30 am »
Strange isn't it?
and what's about "dig wifia.hartman" ? or faster for investigation "dig hartman AXFR"...
I suspect DNS issue...

"dig wifia.hartman" gives the same SERVFAIL message.

"dig hartman AXFR" gives a different error:

; <<>> DiG 9.7.3 <<>> hartman AXFR
;; global options: +cmd
; Transfer failed.

christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #17 on: September 28, 2011, 11:14:42 am »
Definitely there is something wrong with DNS...

dig hartman AXFR should have returned all your DNS content: A records, MX, CNAMES etc..
Is your DNS service running?  ;D

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #18 on: September 28, 2011, 11:22:13 am »
The DNS module says it's running...

And it was working (at least the FQDN) when it was running as dynamic instead of static.

christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #19 on: September 28, 2011, 11:34:30 am »
Would you mind sharing your DNS settings (especially NS record)?

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #20 on: September 28, 2011, 11:39:40 am »
It hasn't changed much since my first post:

DNS->List of Domains
  "hartman"
    hostnames
      "ns" - 127.0.0.1  // whether this is here or not seems to make no difference
      "wifia" - 192.168.1.30
      "wifib" - 192.168.1.31
  Dynamic? - no

christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #21 on: September 28, 2011, 11:57:41 am »
how is this reflected in "/var/lib/bind/db.hartman" ? (on Zentyal server)

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #22 on: September 28, 2011, 12:02:48 pm »
There's nothing in /var/lib/bind. But the DNS module says it's running in the web interface. Is there something else I need to do to force it to run?

christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #23 on: September 28, 2011, 12:09:05 pm »
I don't know...  :-[
You may try to stop/start DNS module, stop/start Zentyal or wait for some guru to intervene here because I'm at the very limit of what I can (try to) do for you  ::)

If you look at /etc/named.conf.local, it should show you where you "hartman" DB is stored (file parameter in "hartman" zone).
It's supposed to be in /var/lib/bind...

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #24 on: September 28, 2011, 12:16:09 pm »
Yep, I've tried restarting the DNS module and the Zentyal box itself several times. No dice.

I have no /etc/named.conf.local. However, I think I found my db files in /etc/bind.

cat /etc/bind/db.hartman
$TTL 3D
@   IN   SOA   .hartman.   hostmaster (
         2011092806   ;serial number
         8H      ;refresh
         2H      ;retry
         4W      ;expiration
         1D )      ;
;
@      A   192.168.1.1
@               NS     
@               NS      ns
wifia      A   192.168.1.30
wifib      A   192.168.1.31
ns      A   127.0.0.1



christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #25 on: September 28, 2011, 12:22:11 pm »
but is you "named.conf.local" using THIS file?

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #26 on: September 28, 2011, 12:32:43 pm »
My named.conf.local is also in /etc/bind and looks like:

Quote
acl "trusted" {
   localhost;
   localnets;
};

zone "hartman" {
   type master;
   file "/etc/bind/db.hartman";
};

zone "1.168.192.in-addr.arpa" {
   type master;
        file "/etc/bind/db.1.168.192";           
};
zone "0.0.127.in-addr.arpa" {
   type master;
        file "/etc/bind/db.0.0.127";           
};

/etc/bind/db.1.168.192 contains:

Quote

$TTL 3D
$ORIGIN 1.168.192.in-addr.arpa.
@   IN   SOA   ns.hartman.   hostmaster.hartman. (
         2011092806   ;serial number
         8H      ;refresh
         2H      ;retry
         4W      ;expiration
         1D )      ;
;
      NS   ns.hartman.   ;nameserver
;
2   PTR   wifia.hartman.
1   PTR   hartman.


and /etc/bind/db.0.0.127 contains:

Quote
$TTL 3D
$ORIGIN 0.0.127.in-addr.arpa.
@   IN   SOA   ns.hartman.   hostmaster.hartman. (
         2011092806   ;serial number
         8H      ;refresh
         2H      ;retry
         4W      ;expiration
         1D )      ;
;
      NS   ns.hartman.   ;nameserver
;
1   PTR   ns.hartman.

I also tried watching the logs on the Zentyal system, but doing an nslookup on "wifia" or "wifia.hartman" from the laptop didn't trigger any activity in /var/log or /var/log/ebox. I don't see a separate log anywhere for bind.

christian

  • Guest
Re: Zentyal-powered LAN DNS not working?
« Reply #27 on: September 28, 2011, 12:38:45 pm »
OK, so everything looks ok but it also looks like DNS doesn't work  ;D

when you typed "dig hartman AXFR", did you try it from Zentyal server itself or from machine used to test? You could comapre both...
You should compare both and also ensure, something just crossing my mind now, that firewall doesn't prevent you for performing DNS request from LAN to Zentyal (port is 53)

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #28 on: September 28, 2011, 12:45:33 pm »
On the Zentyal server:

dig hartman AXFR

; <<>> DiG 9.7.0-P1 <<>> hartman AXFR
;; global options: +cmd
; Transfer failed.

Looks the same as it did from the laptop. Nslookups don't look any better from there either:

nslookup wifia
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server:      127.0.0.1
Address:   127.0.0.1#53

** server can't find wifia: NXDOMAIN

nslookup wifia.hartman
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server:      4.2.2.2
Address:   4.2.2.2#53

** server can't find wifia.hartman: NXDOMAIN

Plus the DNS was at least partially working (FQDN only) when it was set up as dynamic, so I guess the firewall was letting it through on that port at one point.

MikeHartman

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal-powered LAN DNS not working?
« Reply #29 on: September 28, 2011, 12:51:09 pm »
Although interestingly, doing an nslookup on a completely fake domain looks a little different:

nslookup monkey.monkey
;; Got SERVFAIL reply from 127.0.0.1, trying next server
Server:      4.2.2.2
Address:   4.2.2.2#53

** server can't find monkey.monkey: NXDOMAIN

There's one less line that looks like ";; Got SERVFAIL reply from 127.0.0.1, trying next server". The hartman lookup had two of those.

I wonder if the first line is Zentyal (127.0.0.1) saying "yes, I've heard of the "hartman" domain. Try asking 127.0.0.1" and then the second line is (a different piece of?) Zentyal saying "I don't know what you're talking about". Is that possible? Are the different db files in /etc/bind representative of different hops along the resolution path? Or different sub-processes of bind?

Anyway, it's almost 7am here and I've been up all night so I'm heading to bed. Keep the suggestions coming by all means though. This is driving me crazy.