Author Topic: BIND DNS / Nameservers are unreachable  (Read 7421 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
BIND DNS / Nameservers are unreachable
« on: December 29, 2018, 11:41:46 PM »
Hello,

While trying to rollback an update using yum history undo, I accidentally rolled back the wrong update and it broke bind. I'm not sure which one. It would not start, but I was able to fix it by reinstalling BIND with
Code: [Select]
yum install bind bind-utils. At this time BIND will start and run normally, however, none of the domains using my custom name servers will resolve. Leaf DNS returns the following error:

"FAIL: Nameserver is unreachable."

http://leafdns.com/index.cgi?testid=F7EE7A65

Here are zone files for the two domains that will not load:

Code: [Select]
; Generated by CWP
; Zone file for gaiabithia.org
$TTL 14400
@    86400        IN      SOA     s3ns1.bentsea.net. brokenmind.gmail.com. (
2018071600      ; serial, todays date+todays
3600            ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds

@ 86400 IN NS s3ns1.bentsea.net.
@ 86400 IN NS s3ns2.bentsea.net.
@ IN A 172.93.54.122
localhost.gaiabithia.org. IN A 127.0.0.1
@ IN MX 0 gaiabithia.org.
mail 14400 IN CNAME gaiabithia.org.
smtp 14400 IN CNAME gaiabithia.org.
pop  14400 IN CNAME gaiabithia.org.
pop3 14400 IN CNAME gaiabithia.org.
imap 14400 IN CNAME gaiabithia.org.
webmail 14400 IN A 172.93.54.122
cpanel 14400 IN A 172.93.54.122
cwp 14400 IN A 172.93.54.122
www 14400 IN CNAME gaiabithia.org.
ftp 14400 IN CNAME gaiabithia.org.
_dmarc 14400 IN TXT "v=DMARC1; p=none"
@ 14400 IN TXT "v=spf1 +a +mx +ip4:172.93.54.122 ~all"

default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeyZLcuYMlLXr2kN0C6q/aSK8WltaHIzoGgGed1yrc2BlQmpmvb6fU5PtPtHxDXhVRK5xNH8xe6gJSeVqoUDcMZGICY5VMjrS0b4RCZ7NlPl1MWY9hCoke09iDe7khzNE8UEQyf+Yu+5lKCgRyRUNZGdABrFE3h7N0ALtO95tkywIDAQAB"

Code: [Select]
; Generated by CWP
; Zone file for oaknutbrewing.com
$TTL 14400
oaknutbrewing.com.      86400        IN      SOA     s3ns1.bentsea.net. matthew.e.newman.gmail.com. (
2013071600      ; serial, todays date+todays
86400           ; refresh, seconds
7200            ; retry, seconds
3600000         ; expire, seconds
86400 )         ; minimum, seconds

oaknutbrewing.com. 86400 IN NS s3ns1.bentsea.net.
oaknutbrewing.com. 86400 IN NS s3ns2.bentsea.net.

oaknutbrewing.com. IN A 172.93.54.122

localhost.oaknutbrewing.com. IN A 127.0.0.1

oaknutbrewing.com. IN MX 0 oaknutbrewing.com.

mail IN CNAME oaknutbrewing.com.
www IN CNAME oaknutbrewing.com.
ftp IN CNAME oaknutbrewing.com.
; Add additional settings below this line
_dmarc 14400 IN TXT "v=DMARC1; p=none"

I've tried recreating the name servers, removing and re-adding the domains. All the records appear to be correct to me. BIND service is running... I'm at a complete loss for why the name servers are not responding and for what can resolve this.

Offline
***
Re: BIND DNS / Nameservers are unreachable
« Reply #1 on: December 30, 2018, 05:33:32 AM »
Try to use the "named-compilezone" tool from named.
The more simplified syntax, to send a zone file to standard output is:
Code: [Select]
# named-compilezone -s relative -o - [zone] [zonefile]
(You can replace the parameter "-o - " by a file "-o [outputfile]", but redirecting to standard output makes it easy to view it)

Executing this command to your domain:
Code: [Select]
# named-compilezone -s relative -o - gaiabithia.org gaiabithia.org.db

.. results in the "reformated" zone in this output:
Code: [Select]
$ORIGIN .
$TTL 86400 ; 1 day
gaiabithia.org IN SOA s3ns1.bentsea.net. brokenmind.gmail.com. (
2018071600 ; serial
3600       ; refresh (1 hour)
7200       ; retry (2 hours)
1209600    ; expire (2 weeks)
86400      ; minimum (1 day)
)
NS s3ns1.bentsea.net.
NS s3ns2.bentsea.net.
$TTL 14400 ; 4 hours
A 172.93.54.122
MX 0 gaiabithia.org.
TXT "v=spf1 +a +mx +ip4:172.93.54.122 ~all"
$ORIGIN gaiabithia.org.
_dmarc TXT "v=DMARC1\; p=none"
default._domainkey TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeyZLcuYMlLXr2kN0C6q/aSK8WltaHIzoGgGed1yrc2BlQmpmvb6fU5PtPtHxDXhVRK5xNH8xe6gJSeVqoUDcMZGICY5VMjrS0b4RCZ7NlPl1MWY9hCoke09iDe7khzNE8UEQyf+Yu+5lKCgRyRUNZGdABrFE3h7N0ALtO95tkywIDAQAB"
cpanel A 172.93.54.122
cwp A 172.93.54.122
ftp CNAME gaiabithia.org.
imap CNAME gaiabithia.org.
localhost A 127.0.0.1
mail CNAME gaiabithia.org.
pop CNAME gaiabithia.org.
pop3 CNAME gaiabithia.org.
smtp CNAME gaiabithia.org.
webmail A 172.93.54.122
www CNAME gaiabithia.org.

So, you must redirect the standar output to a file(p.ex. 'gaiabithia.org.db.new'):
# named-compilezone -s relative -o - gaiabithia.org gaiabithia.org.db > gaiabithia.org.db.new

And after that, replace it in the real zone file (backup it first):
# cp -p gaiabithia.org.db gaiabithia.org.db.backup
# mv gaiabithia.org.db.new gaiabithia.org.db

Strangely, CWP have a mix from "relative" and "full" style zones, and should be simplified in one or other style.
But You can make a script to mix them in a unique file, if you want to.

And do everything the same for the other domain as well.

Regards,
Netino

Offline
*
Re: BIND DNS / Nameservers are unreachable
« Reply #2 on: January 05, 2019, 03:10:44 AM »
I found the issue and I want to be sure to post the answer here for anyone else who experiences this issue:

When I reinstalled BIND DNS, it installed with a default config file that didn't contain any of the zone file paths that had been added up to date, additionally, it was configured to only server for local DNS queries and was not configured to listen to or respond to external DNS queries which made it impossible for it to act as a name server host.

By editing /etc/named.conf I was able to add the previously existing zone files as well as update the configuration to listen externally and disable recursive lookup.

Afer performing both of these changes to named.conf and restarting BIND, DNS began to work correctly on the server.