Author Topic: BIND DNS / Nameservers are unreachable  (Read 171 times)

0 Members and 1 Guest are viewing this topic.

BIND DNS / Nameservers are unreachable
« on: December 29, 2018, 11:41:46 PM »

While trying to rollback an update using yum history undo, I accidentally rolled back the wrong update and it broke bind. I'm not sure which one. It would not start, but I was able to fix it by reinstalling BIND with
Code: [Select]
yum install bind bind-utils. At this time BIND will start and run normally, however, none of the domains using my custom name servers will resolve. Leaf DNS returns the following error:

"FAIL: Nameserver is unreachable."

Here are zone files for the two domains that will not load:

Code: [Select]
; Generated by CWP
; Zone file for
$TTL 14400
@    86400        IN      SOA (
2018071600      ; serial, todays date+todays
3600            ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds

@ 86400 IN NS
@ 86400 IN NS
@ IN MX 0
mail 14400 IN CNAME
smtp 14400 IN CNAME
pop  14400 IN CNAME
pop3 14400 IN CNAME
imap 14400 IN CNAME
webmail 14400 IN A
cpanel 14400 IN A
cwp 14400 IN A
www 14400 IN CNAME
ftp 14400 IN CNAME
_dmarc 14400 IN TXT "v=DMARC1; p=none"
@ 14400 IN TXT "v=spf1 +a +mx +ip4: ~all"

default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeyZLcuYMlLXr2kN0C6q/aSK8WltaHIzoGgGed1yrc2BlQmpmvb6fU5PtPtHxDXhVRK5xNH8xe6gJSeVqoUDcMZGICY5VMjrS0b4RCZ7NlPl1MWY9hCoke09iDe7khzNE8UEQyf+Yu+5lKCgRyRUNZGdABrFE3h7N0ALtO95tkywIDAQAB"

Code: [Select]
; Generated by CWP
; Zone file for
$TTL 14400      86400        IN      SOA (
2013071600      ; serial, todays date+todays
86400           ; refresh, seconds
7200            ; retry, seconds
3600000         ; expire, seconds
86400 )         ; minimum, seconds 86400 IN NS 86400 IN NS IN A IN A IN MX 0

; Add additional settings below this line
_dmarc 14400 IN TXT "v=DMARC1; p=none"

I've tried recreating the name servers, removing and re-adding the domains. All the records appear to be correct to me. BIND service is running... I'm at a complete loss for why the name servers are not responding and for what can resolve this.

Re: BIND DNS / Nameservers are unreachable
« Reply #1 on: December 30, 2018, 05:33:32 AM »
Try to use the "named-compilezone" tool from named.
The more simplified syntax, to send a zone file to standard output is:
Code: [Select]
# named-compilezone -s relative -o - [zone] [zonefile]
(You can replace the parameter "-o - " by a file "-o [outputfile]", but redirecting to standard output makes it easy to view it)

Executing this command to your domain:
Code: [Select]
# named-compilezone -s relative -o -

.. results in the "reformated" zone in this output:
Code: [Select]
$TTL 86400 ; 1 day IN SOA (
2018071600 ; serial
3600       ; refresh (1 hour)
7200       ; retry (2 hours)
1209600    ; expire (2 weeks)
86400      ; minimum (1 day)
$TTL 14400 ; 4 hours
MX 0
TXT "v=spf1 +a +mx +ip4: ~all"
_dmarc TXT "v=DMARC1\; p=none"
default._domainkey TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeyZLcuYMlLXr2kN0C6q/aSK8WltaHIzoGgGed1yrc2BlQmpmvb6fU5PtPtHxDXhVRK5xNH8xe6gJSeVqoUDcMZGICY5VMjrS0b4RCZ7NlPl1MWY9hCoke09iDe7khzNE8UEQyf+Yu+5lKCgRyRUNZGdABrFE3h7N0ALtO95tkywIDAQAB"
cpanel A
cwp A
imap CNAME
localhost A
mail CNAME
pop3 CNAME
smtp CNAME
webmail A

So, you must redirect the standar output to a file(p.ex. ''):
# named-compilezone -s relative -o - >

And after that, replace it in the real zone file (backup it first):
# cp -p
# mv

Strangely, CWP have a mix from "relative" and "full" style zones, and should be simplified in one or other style.
But You can make a script to mix them in a unique file, if you want to.

And do everything the same for the other domain as well.


Re: BIND DNS / Nameservers are unreachable
« Reply #2 on: January 05, 2019, 03:10:44 AM »
I found the issue and I want to be sure to post the answer here for anyone else who experiences this issue:

When I reinstalled BIND DNS, it installed with a default config file that didn't contain any of the zone file paths that had been added up to date, additionally, it was configured to only server for local DNS queries and was not configured to listen to or respond to external DNS queries which made it impossible for it to act as a name server host.

By editing /etc/named.conf I was able to add the previously existing zone files as well as update the configuration to listen externally and disable recursive lookup.

Afer performing both of these changes to named.conf and restarting BIND, DNS began to work correctly on the server.