bind9 - dig -x returns

eliufoo · 05-19-2008, 03:46 AM

Hi All,

I've been working our local DNS server, setting up reverse delegation to increase security on blocking SPAM email and also bringing up the server to standard.

I have loaded up the reverse zone file with no errors /var/log/messages but, when i run dig -x 1.2.3.3, I get the below status: SERVFAIL.

I initial thought the error was caused by a misconfigured zone file. And made several changes on it and even used another reverse zone file, but still got the same error.

Can some tell me what going and how can i increase the log severity on named.conf?

Thanks
Elly

Quote:

; <<>> DiG 9.2.4 <<>> -x 1.2.3.4
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28122
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;3.212.233.84.in-addr.arpa. IN PTR

;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Mon May 19 11:30:44 2008
;; MSG SIZE rcvd: 43

Zone File

Quote:

$TTL 1D

@ IN SOA dns1.example.co.tz. hostmaster.example.co.tz. (
2008051601 ; serial
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds

;Name server(s)
IN NS dns1.example.co.tz. ; Primary Server

3 PTR example.co.tz. ;IP: 1.2.3.3

bathory · 05-19-2008, 05:32 AM

Quote:

Can some tell me what going and how can i increase the log severity on named.conf?

You should at least post the relevant part of named.conf, where you define your reverse zone.
You can look at /var/log/messages, or /var/log/syslog for errors, or you can setup logging for more detailed logs.

Regards

eliufoo · 05-19-2008, 07:36 AM

Quote:

You should at least post the relevant part of named.conf,

zone "3.2.1.in-addr.arpa" IN {
type master;
file "1-2-3.revzone";
};

Quote:

you can setup logging for more detailed logs.

Which option will provide more details on the mentioned problem?

I have the below settings but, i don't get detailed logs.

Quote:

logging
{
channel custom {
file "/var/log/bindlog" versions 5 size 5m;
print-time yes; # timestamps
print-category yes;
};

category config { custom; };
category notify { custom; };
category dnssec { custom; };
category general { custom; };
category security { custom; };
category xfer-out { custom; }; # zone transfers
category lame-servers { custom; };
};

bathory · 05-19-2008, 09:03 AM

Quote:

I have the below settings but, i don't get detailed logs.

You should add under the line: "file "/var/log/bindlog" versions 5 size 5m; "
the following 2 lines:

Code:

severity debug 3;
print-severity yes;

You can change the "3" in the debug level above, up to "9" if you want.
Now for the SERVFAIL problem, you should try to add $ORIGIN in the beginning of the zone file to see if it helps:

Code:

$TTL 1D
$ORIGIN 3.2.1.in-addr.arpa.
@ IN SOA dns1.example.co.tz. hostmaster.example.co.tz. (
2008051601 ; serial
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds

;Name server(s)
IN NS dns1.example.co.tz. ; Primary Server

3 PTR example.co.tz. ;IP: 1.2.3.3

eliufoo · 05-19-2008, 10:29 AM

Quote:

Now for the SERVFAIL problem, you should try to add $ORIGIN in the beginning of the zone file to see if it helps:

It worked after adding $ORIGIN. I need to do further reading on $ORIGIN directive

Thanks,
Elly