Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BIND9 - dig server fail

209 views
Skip to first unread message

alike

unread,
Jan 15, 2012, 2:42:55 PM1/15/12
to
I have finally completed the main bind configuration.
Now when i run the gadmin tool i get status OK.
The zones are reloaded OK, resolv works but there i one problem.
When i dig my registered address i get servfail.

Google:
SERVFAIL means that the domain does exist and the root name servers have
information on this domain, but that the authoritative name servers are
not answering queries for this domain.

How to solve this ?

Pascal Hambourg

unread,
Jan 15, 2012, 4:16:38 PM1/15/12
to
Hello,

alike a écrit :
> I have finally completed the main bind configuration.
> Now when i run the gadmin tool i get status OK.
> The zones are reloaded OK, resolv works but there i one problem.
> When i dig my registered address i get servfail.

What do you mean by your "registered address" ?
Is it supposed to be served authoritatively by your server ?

Chris Davies

unread,
Jan 15, 2012, 4:18:25 PM1/15/12
to
alike <al...@ahgsa.com> wrote:
> How to solve this ?

Provide some detail. For example, tell us what domain are you talking
about, so we can try it from "out here".

Chris

alike

unread,
Jan 16, 2012, 4:33:52 AM1/16/12
to
This are the main ones:

Named.conf.local
--------------------------------
zone "aisnet.com.hr" {
type master;
file "/etc/bind/db.aisnet.com.hr";
};
controls {
inet 127.0.0.1 {localhost;} keys {rndc_key;};
};


acl internals {
127.0.0.0/8;
10.0.0.0/24;
};
---------------------------------
db.aisnet.com.hr
---------------------------------
; aisnet.com.hr
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;
@ IN NS ns1
IN A 192.168.1.110
ns1 IN A dns1.aisnet.com.hr
www IN A 192.168.1.110
---------------------------------
dns1.aisnet.com.hr --> 85.114.42.51
Local IP of my computer: 192.168.1.110

Chris Davies

unread,
Jan 16, 2012, 6:34:08 AM1/16/12
to
alike <al...@asas.net> wrote:
> I have finally completed the main bind configuration.
> Now when i run the gadmin tool i get status OK.
> The zones are reloaded OK, resolv works but there i one problem.
> When i dig my registered address i get servfail.

> Named.conf.local
> --------------------------------
> zone "aisnet.com.hr" {
> type master;
> file "/etc/bind/db.aisnet.com.hr";
> };

> db.aisnet.com.hr
> ---------------------------------
> ; aisnet.com.hr
> $TTL 604800
> $ORIGIN aisnet.com.hr
> @ IN SOA ns1.aisnet.com.hr. (
> 2006020201 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800); Negative Cache TTL
> ;
> @ IN NS ns1
> IN A 192.168.1.110
> ns1 IN A dns1.aisnet.com.hr
> www IN A 192.168.1.110


Firstly, there are two errors in this file.

1. An "A" record cannot resolve to a name, so your ns1 record is
invalid. Frankly, I'm amazed that bind9 will even run with this error.

2. Your SOA label should be an email address in dotted notation,
not what I assume is your NS hostname. So you might have @ IN SOA
hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
aisnet.com.hr).

While you're experimenting I'd suggest you reduce the negative cache
ttl to something like 600 (10 minutes) and the retry down to 3600. Not
essential but can be helpful while you're changing the domain entries
around.


> dns1.aisnet.com.hr --> 85.114.42.51

Agreed. I can find that delegation, but there seems to be nothing
listening on that address.

* Have you allowed both UDP/53 and TCP/53 through your firewall?
* Is bind *really* running?

Chris

alike

unread,
Jan 16, 2012, 10:01:47 AM1/16/12
to
-------------------
I changed the resolv.conf file and reload the configuration.
Now i can get noerror when i run dig but when i check it at intodns.com
i get some errors. Please chek it out:
http://www.intodns.com/aisnet.com.hr ( it takes some time to load )

Pascal Hambourg

unread,
Jan 16, 2012, 2:18:47 PM1/16/12
to
Chris Davies a écrit :
> alike <al...@asas.net> wrote:
>> $TTL 604800
>> $ORIGIN aisnet.com.hr
>> @ IN SOA ns1.aisnet.com.hr. (
>> 2006020201 ; Serial
>> 604800 ; Refresh
>> 86400 ; Retry
>> 2419200 ; Expire
>> 604800); Negative Cache TTL
>> ;
>> @ IN NS ns1
>> IN A 192.168.1.110
>> ns1 IN A dns1.aisnet.com.hr
>> www IN A 192.168.1.110
>
>
> Firstly, there are two errors in this file.
>
> 1. An "A" record cannot resolve to a name, so your ns1 record is
> invalid. Frankly, I'm amazed that bind9 will even run with this error.
>
> 2. Your SOA label should be an email address in dotted notation,
> not what I assume is your NS hostname. So you might have @ IN SOA
> hostmaster.aisnet.com.hr (implying a valid email address hostmaster *at*
> aisnet.com.hr).

Actually an SOA record contains *both* a hostname and an e-mail addresse
in dotted notation. Here the address is missing.

3. The NS record(s) in the zone do not match the delegation in the
parent zone.

;; AUTHORITY SECTION:
aisnet.com.hr. 14400 IN NS dns2.aisnet.com.hr.
aisnet.com.hr. 14400 IN NS dns1.aisnet.com.hr.

;; ADDITIONAL SECTION:
dns1.aisnet.com.hr. 14400 IN A 85.114.42.51
dns2.aisnet.com.hr. 14400 IN A 85.114.42.52

4. A publicly accessible zone should not advertise private addresses
(192.168.1.110).

Chris Davies

unread,
Jan 16, 2012, 5:15:13 PM1/16/12
to
Pascal Hambourg <boite-...@plouf.fr.eu.org> wrote:
> Actually an SOA record contains *both* a hostname and an e-mail addresse
> in dotted notation. Here the address is missing.

Thank you Pascal. Once again I've leaped too quickly and you've had to
correct me. (I do know what I'm doing. Really!)

Cheers
Chris

alike

unread,
Jan 17, 2012, 2:53:08 AM1/17/12
to
---------------------
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. (
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;

aisnet.com.hr 14400 IN NS dns2.aisnet.com.hr
aisnet.com.hr 14400 IN NS dns1.aisnet.com.hr

dns2.aisnet.com.hr 14400 IN A 85.114.42.51
dns1.aisnet.com.hr 14400 IN A 85.114.42.52
------------------
Is this correct ?

When i make bind restart it will load ok but when i look at syslog i get
error:

automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: 0.1.1.0.0.2.IP6.ARPA
command channel listening on 127.0.0.1#953
command channel listening on ::1#953
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
dns_rdata_fromtext: /etc/bind/db.aisnet.com.hr:8: near eol: unexpected
end of input
zone aisnet.com.hr/IN: loading from master file
/etc/bind/db.aisnet.com.hr failed: unexpected end of input
zone aisnet.com.hr/IN: not loaded due to errors.
zone localhost/IN: loaded serial 2
managed-keys-zone ./IN: loading from master file managed-keys.bind
failed: file not found
managed-keys-zone ./IN: loaded serial 0
named[10130]: running
---------------------------------------

Pascal Hambourg

unread,
Jan 17, 2012, 3:16:15 AM1/17/12
to
alike a écrit :
> On 01/16/2012 08:18 PM, Pascal Hambourg wrote:
>> Actually an SOA record contains *both* a hostname and an e-mail addresse
>> in dotted notation. Here the address is missing.
>
> $TTL 604800
> $ORIGIN aisnet.com.hr
> @ IN SOA ns1.aisnet.com.hr. (
> 2006020201 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800); Negative Cache TTL
> ;
>
> aisnet.com.hr 14400 IN NS dns2.aisnet.com.hr
> aisnet.com.hr 14400 IN NS dns1.aisnet.com.hr
>
> dns2.aisnet.com.hr 14400 IN A 85.114.42.51
> dns1.aisnet.com.hr 14400 IN A 85.114.42.52
> ------------------
> Is this correct ?

Not yet, but almost.
The SOA record is still incomplete, see my comment above. Also you need
to add a final dot at the end of fully qualified domain names, otherwise
the base domain (origin) is appended.

dns2.aisnet.com.hr -> dns2.aisnet.com.hr.aisnet.com.hr.
dns2.aisnet.com.hr. -> ok

alike

unread,
Jan 18, 2012, 2:03:06 AM1/18/12
to
-----------------------------------------
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
/etc/bind/db.aisnet.com.hr:3: SOA record not at top of zone
(aisnet.com.hr.aisnet.com.hr)
zone aisnet.com.hr/IN: loading from master file
/etc/bind/db.aisnet.com.hr failed: not at top of zone

zone aisnet.com.hr/IN: not loaded due to errors.
zone localhost/IN: loaded serial 2
managed-keys-zone ./IN: loading from master file managed-keys.bind
failed: file not found
managed-keys-zone ./IN: loaded serial 0
named[10797]: running
//---------------------------------------------
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. hostmaster.aisnet.com.hr.(
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;

aisnet.com.hr 14400 IN NS dns2.aisnet.com.hr.
aisnet.com.hr 14400 IN NS dns1.aisnet.com.hr.

dns2.aisnet.com.hr 14400 IN A 85.114.42.51
dns1.aisnet.com.hr 14400 IN A 85.114.42.52
//--------------------------------------------------------------------------
SOA not at top of zone - how is bind reading this part ?
The line where SOA is defined should be OK. Do i need to add some
additional part int db.aisnet.com.hr file ?

alike

unread,
Jan 18, 2012, 2:06:43 AM1/18/12
to
On 01/17/2012 09:16 AM, Pascal Hambourg wrote:
**************************************
-----------------------------------------
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
/etc/bind/db.aisnet.com.hr:3: SOA record not at top of zone
(aisnet.com.hr.aisnet.com.hr)
zone aisnet.com.hr/IN: loading from master file
/etc/bind/db.aisnet.com.hr failed: not at top of zone

zone aisnet.com.hr/IN: not loaded due to errors.
zone localhost/IN: loaded serial 2
managed-keys-zone ./IN: loading from master file managed-keys.bind
failed: file not found
managed-keys-zone ./IN: loaded serial 0
named[10797]: running
//---------------------------------------------
$TTL 604800
$ORIGIN aisnet.com.hr
@ IN SOA ns1.aisnet.com.hr. hostmaster.aisnet.com.hr.(
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;

dns2.aisnet.com.hr 14400 IN A 85.114.42.51
dns1.aisnet.com.hr 14400 IN A 85.114.42.52
//--------------------------------------------------------------------------
SOA not at top of zone - how is bind reading this part ?
The line where SOA is defined should be OK. Do i need to add some
additional part int db.aisnet.com.hr file ?

Btw. when i run www.intodns.com/aisnet.com.hr i get errors that
nameservers did not respond. Can this be just because SOA record ?

alike

unread,
Jan 18, 2012, 2:09:29 AM1/18/12
to
---------------------
server kernel: [599187.896924] type=1400 audit(1326782359.143:613):
apparmor="DENIED" operation="mknod" parent=10006
profile="/usr/sbin/named" name="/etc/bind/etc/named.run" pid=10008
comm="named" requested_mask="c" denied_mask="c" fsuid=116 ouid=116 ? Can
this block the respond from nameservers ?

Pascal Hambourg

unread,
Jan 18, 2012, 9:10:42 AM1/18/12
to
alike a écrit :
> /etc/bind/db.aisnet.com.hr:3: SOA record not at top of zone
> (aisnet.com.hr.aisnet.com.hr)
> zone aisnet.com.hr/IN: loading from master file
> /etc/bind/db.aisnet.com.hr failed: not at top of zone

As I wrote, you must add a dot at the end of all instances of full domain
names, including in the $ORIGIN primitive, SOA and NS records. In short,
after all instances of aisnet.com.hr.

alike

unread,
Jan 18, 2012, 9:55:32 AM1/18/12
to
Sorry i didnt know i have to put dots after all names.

Ok, now it has passed this part and this is the log file:

loading configuration from '/etc/bind/named.conf'
reading built-in trusted keys from file '/etc/bind/bind.keys'
using default UDP/IPv4 port range: [1024, 65535]
using default UDP/IPv6 port range: [1024, 65535]
listening on IPv6 interfaces, port 53
listening on IPv4 interface lo, 127.0.0.1#53
listening on IPv4 interface eth0, 192.168.1.110#53
generating session key for dynamic DNS
set up managed keys zone for view _default, file 'managed-keys.bind'
automatic empty zone: 254.169.IN-ADDR.ARPA
automatic empty zone: 2.0.192.IN-ADDR.ARPA
automatic empty zone: 100.51.198.IN-ADDR.ARPA
automatic empty zone: 113.0.203.IN-ADDR.ARPA
automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
automatic empty zone: 0.1.1.0.0.2.IP6.ARPA
command channel listening on 127.0.0.1#953
command channel listening on ::1#953
zone 0.in-addr.arpa/IN: loaded serial 1
zone 127.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1
zone aisnet.com.hr/IN: loaded serial 2006020201
zone localhost/IN: loaded serial 2
managed-keys-zone ./IN: loading from master file managed-keys.bind
failed: file not found
managed-keys-zone ./IN: loaded serial 0
zone aisnet.com.hr/IN: sending notifies (serial 2006020201)
running
----------------------------------------------
Its interesting that intodns still doesn't find the nameservers

Pascal Hambourg

unread,
Jan 18, 2012, 2:34:41 PM1/18/12
to
alike a écrit :
>
> Ok, now it has passed this part and this is the log file:
>
> loading configuration from '/etc/bind/named.conf'
> reading built-in trusted keys from file '/etc/bind/bind.keys'
> using default UDP/IPv4 port range: [1024, 65535]
> using default UDP/IPv6 port range: [1024, 65535]
> listening on IPv6 interfaces, port 53
> listening on IPv4 interface lo, 127.0.0.1#53
> listening on IPv4 interface eth0, 192.168.1.110#53
[...]
> zone aisnet.com.hr/IN: loaded serial 2006020201
[...]
> Its interesting that intodns still doesn't find the nameservers

The two declared nameserver addresses, 85.114.42.51 and 85.114.42.52,
are unreachable. No reply to ICMP echo (ping), traceroute, DNS request.
What are these adresses ? From the above log your DNS server address has
a private address, 192.168.1.110. How are they related ?

alike

unread,
Jan 19, 2012, 2:17:04 AM1/19/12
to
----------------------------------
The main idea is to set something like dyndns.com because this is
exactly what i need. I must be able to offer dynamic domain to my user.
Something like user.aisnet.com.hr.

Therefore i have registered aisnet.com.hr domain and two nameservers:
85.114.42.51 and 52. Those nameservers are registered by one domain
provider.
---------------------------------
192.168.1.110 is the local ip of my computer and
this computer should act as dns server.
In my local network i have 5 computers and just one should act like dns
server.
--------------------------------
db.aisnet.com.hr
****************
$TTL 604800
$ORIGIN aisnet.com.hr.
@ IN SOA ns1.aisnet.com.hr. hostmaster.aisnet.com.hr.(
2006020201 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800); Negative Cache TTL
;

dns2.aisnet.com.hr. 14400 IN A 85.114.42.51
dns1.aisnet.com.hr. 14400 IN A 85.114.42.52

@ IN A 85.114.42.51 --> changed
--------------------------------------------
zone aisnet.com.hr/IN: loaded serial 2006020201

Pascal Hambourg

unread,
Jan 19, 2012, 3:08:03 AM1/19/12
to
alike a écrit :
>
> Therefore i have registered aisnet.com.hr domain and two nameservers:
> 85.114.42.51 and 52. Those nameservers are registered by one domain
> provider.

What do you mean by "registered" ?
Who is operating those two nameservers ?

> ---------------------------------
> 192.168.1.110 is the local ip of my computer and
> this computer should act as dns server.

How is this nameserver related to the two others above ?
Private addresses are unreachable from the public internet.
Did you set up port forwarding from 85.114.42.51 or 85.114.42.52 to
192.168.1.110 ? Or is 192.168.1.110 used as a master (primary)
nameserver by 85.114.42.51 and 85.114.42.52 ?

alike

unread,
Jan 20, 2012, 2:43:45 AM1/20/12
to
On 01/19/2012 09:08 AM, Pascal Hambourg wrote:
> alike a écrit :
>>
>> Therefore i have registered aisnet.com.hr domain and two nameservers:
>> 85.114.42.51 and 52. Those nameservers are registered by one domain
>> provider.
>
> What do you mean by "registered" ?
> Who is operating those two nameservers ?
>
>> ---------------------------------------------------------
> 192.168.1.110 is the local ip of my computer and
> this computer should act as dns server.

> How is this nameserver related to the two others above ?
> Private addresses are unreachable from the public internet.
> Did you set up port forwarding from 85.114.42.51 or 85.114.42.52 to
> 192.168.1.110 ? Or is 192.168.1.110 used as a master (primary)
> nameserver by 85.114.42.51 and 85.114.42.52 ?

-------------------------------------------------------------
My local network is in range for 1.90 - 1.110.
The 192.168.1.110 is just local IP of my computer.
This computer should act as dns server.

85.114.42.51 and 52 are static IP addresses from my ISP and this
addresses are registered as dns1.aisnet.com.hr, dns2.aisnet.com.hr


> Who is operating those two nameservers ?
The "carnet" has put this two IP addresses into they dns server zones.
The carnet is research network: http://www.carnet.hr/en
------------------------------------------

alike

unread,
Jan 20, 2012, 3:05:37 AM1/20/12
to
I have contacted the carnet and my register and they both think that
there is a problem in configuration. I got answer that
dns1.aisnet.com.hr is in the NS and that aisnet.com.hr domain is active.

So, it look like something is blocking the dns1.aisnet.com.hr or we have
to change the configuration.

As far as i understand... my computer (dns server) is set to
192.168.1.110 . In bind configuration we have set the dns1.aisnet.com.hr
and dns2.aisnet.com.hr as two addresses of the name servers. So now we
have to find a way how to combine/process local IP and dns ip's .

Pascal Hambourg

unread,
Jan 20, 2012, 4:38:29 PM1/20/12
to
alike a écrit :
>
> My local network is in range for 1.90 - 1.110.
> The 192.168.1.110 is just local IP of my computer.
> This computer should act as dns server.
>
> 85.114.42.51 and 52 are static IP addresses from my ISP and this
> addresses are registered as dns1.aisnet.com.hr, dns2.aisnet.com.hr
>
>> Who is operating those two nameservers ?
> The "carnet" has put this two IP addresses into they dns server zones.
> The carnet is research network: http://www.carnet.hr/en

This is just the delegation and does not answer my question : who is
operating the two hosts at addresses 85.114.42.51 and 52 and how are
they (supposed to be) related to your private DNS server ?

Allodoxaphobia

unread,
Jan 21, 2012, 11:32:07 AM1/21/12
to
What was revealed when you did a `whois` on either of those IPs?


[quoting and attribution was mangled before I showed up.]

alike

unread,
Jan 22, 2012, 1:49:48 PM1/22/12
to
-------------
Firstly I want to thank you for your time and help ( and to all other ).
Can I send you email so we can faster and simpler solve this problem.
Afterwards, I will send the final solution to the forum.



alike

unread,
Jan 22, 2012, 2:08:54 PM1/22/12
to
****
The name of the compay was OK.
The person ( registered ) is absolute. For like.. 6 years.
The name of the ISP is correct.

My ISP has granted my 4 free IP addresses. This addresses are in range
from 85.114.42.50 - 54. I can use this addresses for any purpose.
So I took 51 and 52 as addresses for my DNS servers.

btw. Pascal, is this the information that you need ?

Pascal Hambourg

unread,
Jan 22, 2012, 4:46:29 PM1/22/12
to
alike a écrit :
> Can I send you email so we can faster and simpler solve this problem.
> Afterwards, I will send the final solution to the forum.

Of course you can send me e-mail, but I cannot guarantee that it will
solve the problem faster than continue posting here.

Pascal Hambourg

unread,
Jan 22, 2012, 4:52:41 PM1/22/12
to
alike a écrit :
>
> My ISP has granted my 4 free IP addresses. This addresses are in range
> from 85.114.42.50 - 54.

That is five addresses. ;-)
From the whois data it seems that you have a /29 block (8 addresses,
85.114.42.48 - 85.114.42.55). The first and last are reserved for subnet
and broadcast, one is used by the access router (probably 85.114.42.49)
and the rest (five addresses) is available for you. Is this correct ?

> I can use this addresses for any purpose.
> So I took 51 and 52 as addresses for my DNS servers.

Did you set up two hosts with these adresses and set them up as DNS
servers ?

alike

unread,
Jan 23, 2012, 1:50:19 AM1/23/12
to
On 01/22/2012 10:52 PM, Pascal Hambourg wrote:
> alike a écrit :
>>
>> My ISP has granted my 4 free IP addresses. This addresses are in range
>> from 85.114.42.50 - 54.
>
> That is five addresses. ;-)
> From the whois data it seems that you have a /29 block (8 addresses,
> 85.114.42.48 - 85.114.42.55). The first and last are reserved for subnet
> and broadcast, one is used by the access router (probably 85.114.42.49)
> and the rest (five addresses) is available for you. Is this correct ?
** Yes, this is correct.

> Did you set up two hosts with these adresses and set them up as DNS
> servers ?
** I have set just one computer (85.114.42.51) and the configuration is
as you have described in post before.

Of course you can send me e-mail, but I cannot guarantee that it will
solve the problem faster than continue posting here
** no problem :-). I send you mail....


Pascal Hambourg

unread,
Jan 23, 2012, 3:06:59 PM1/23/12
to
alike a écrit :
>
>> Did you set up two hosts with these adresses and set them up as DNS
>> servers ?
> ** I have set just one computer (85.114.42.51) and the configuration is
> as you have described in post before.

However this address does not appear to reply to DNS queries (nor
anything else I tried such as ICMP echo request aka ping and UDP
traceroute) from here. Maybe it has a firewall that requires to open TCP
and UDP port 53 ?

alike

unread,
Jan 24, 2012, 1:17:08 AM1/24/12
to
sudo netstat -anltp|grep :53
---------------------
tcp 0 0 192.168.1.110:53 0.0.0.0:* LISTEN 4885/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4885/named
tcp6 0 0 :::53 ::* LISTEN 4885/named
-----------------------------
when i stop the bind server i get no reply.
( the command is passed in terminal but no data is displayed )

alike

unread,
Jan 24, 2012, 1:54:47 AM1/24/12
to
--------------------
when i make dig:
http://geektools.com/digtool.php
Domain: aisnet.com,hr
NS. 85.114.42.51

; <<>> DiG 8.2 <<>> @85.114.42.51 aisnet.com.hr ANY
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 85.114.42.51: Connection timed out

Your host (85.114.42.50) has visited 3 times today.
-----------------------

Pascal Hambourg

unread,
Jan 24, 2012, 3:09:22 AM1/24/12
to
alike a écrit :
> On 01/23/2012 09:06 PM, Pascal Hambourg wrote:
>> alike a écrit :
>>>
>>> ** I have set just one computer (85.114.42.51) and the configuration is
>>> as you have described in post before.
>>
>> However this address does not appear to reply to DNS queries (nor
>> anything else I tried such as ICMP echo request aka ping and UDP
>> traceroute) from here. Maybe it has a firewall that requires to open TCP
>> and UDP port 53 ?
>
> sudo netstat -anltp|grep :53
> ---------------------
> tcp 0 0 192.168.1.110:53 0.0.0.0:* LISTEN 4885/named
> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4885/named
> tcp6 0 0 :::53 ::* LISTEN 4885/named

Ok but this is 192.168.1.110, not 85.114.42.51. How is 85.114.42.51
supposed to translate into 192.168.1.110 ?

alike

unread,
Jan 24, 2012, 1:25:49 PM1/24/12
to
------------
I understand what you are pointing to but please look at email.

alike

unread,
Jan 26, 2012, 1:21:14 AM1/26/12
to
----------------------------
I dont know. As in photo that i send you in email, the "dns server" is
in Lan network at address 192.168.1.XX.
The 85.114.42.51-52 are addresses that i got from my isp.
This addresses are registered in Carnet DNS zone.

The computer must be in local network address....

alike

unread,
Jan 26, 2012, 2:10:12 AM1/26/12
to
-----------------------------
Dig from the local computer (dns server ) shows noerror.
dig dns2.aisnet.com.hr
dig dns1.aisnet.com.hr
dig aisnet.com.hr
----------------------
If i dig from other computer ( in the same lan ) i get:
serverfail for each test.
----------------------
If the router would have port 53 blocked,the dig should pass anyway ?
It should give no error, because it in the same domain and it doesn't
goes out.

alike

unread,
Jan 27, 2012, 8:34:26 AM1/27/12
to
------------
Hi Pascal and others.
Did someone find some solution for my situation.
Am bit confused, because i can not find solution..
0 new messages