Re: ** server can't find barcelonamedia.org.barcelonamedia.org: SERVFAIL
Mark Andrews
In message <A55193C141A0254B8D28E...@FBMEC01.corp.barceloname
dia.org>, Marc Riera writes:
>
> Hello,
>
> O yeah. I think it was an underscore which was messing up all the config.
>
> I've managed to make it work adding two lines on the options
>
>
>
> check-names master ignore;
> check-names slave ignore;
You might want to consider that the underscore is the error and not
the check-names setting. check-names is there to catch configuration
errors in zone content.
Mark
> Many thanks.
>
> Joan Marc Riera Duocastella
> Barcelona Media - Centre d'Innovaci=F3
> Av. Diagonal, 177, planta 9 08018 - BARCELONA
> Tel=E8fon +34 93 238 14 00 Fax +34 93 309 31 88
> www.barcelonamedia.org<http://www.barcelonamedia.org>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Marc Riera
Thanks for your repply, still don't have any idea about where the logs should be.
I attatch my /etc/init.d/bind9 because of the strange behavior.
Also attatch my /etc/bind/named.conf to see if the logs should be somewhere.
I've already checked if there is something declared about logs in the config files with this result:
FBMNS01:/etc/bind# egrep log *
db.barcelonamedia.org:blogbm IN A 84.88.79.133
db.barcelonamedia.org:blogbm2 IN A 84.88.79.142
Thank you.
Joan Marc Riera Duocastella
Barcelona Media - Centre d'Innovació
Av. Diagonal, 177, planta 9 08018 - BARCELONA
Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
www.barcelonamedia.org
-----Mensaje original-----
De: bind-user...@lists.isc.org [mailto:bind-user...@lists.isc.org] En nombre de Kevin Darcy
Enviado el: miércoles, 04 de noviembre de 2009 19:15
Para: bind-...@lists.isc.org
Asunto: Re: ** server can't find barcelonamedia.org.barcelonamedia.org: SERVFAIL
a) without knowing the contents of your named.conf, it is difficult or
impossible to tell why the logs might not exist where you think they
should (it is somewhat unusual for logs to be written to a ${CHROOT}/dev
subdirectory, is it not? I would normally expect to see only device
nodes there)
b) without knowing the contents of your named.conf or logs, it is
difficult or impossible to tell why you might be getting a SERVFAIL for
this query while other investigators, making the exact same query of the
exact same nameserver, from remote locations, are resolving fine. Do you
use "views"? Maybe your "internal" view has a problem with it, yet your
"external" view is fine.
c) without knowing the contents of your /etc/init.d/bind9
program/script, it is difficult or impossible to tell why invoking that
script with a "status" operand causes it to claim that bind9 is not
running, even though the process exists in your system's process table.
If it is using rndc to collect status and rndc is not configured or
misconfigured, then why does a "force-reload" apparently work (at least,
there is no "failed!" message for that invocation of the
program/script)? Possibly "force-reload" uses kill -HUP and "status"
uses rndc (???) This would bear further investigation and/or testing.
- Kevin
Marc Riera wrote:
>
> Hello,
>
>
>
> I have a bind server (1:9.5.1.dfsg.P3-1) which manages my zone
> (barcelonamedia.org).
>
> I use debian lenny.
>
>
>
>
>
> *Bind server is running*, or it looks like so because *status returns
> failed.*
>
>
>
> FBMNS01:/etc/bind# /*etc/init.d/bind9 force-reload*
>
> Reloading domain name service...: bind9.
>
>
>
> FBMNS01:/etc/bind# */etc/init.d/bind9 status*
>
> bind9 is not running *failed*!
>
>
>
> *FBMNS01:/etc/bind# ps axu|grep bind*
>
> bind 11490 0.0 0.7 125776 15160 ? Ssl 09:53 0:00
> /usr/sbin/named -u bind -t /var/chroot/bind9
>
> root 11554 0.0 0.0 5160 780 pts/0 S+ 10:07 0:00 grep bind
>
>
>
>
>
>
>
> *In the bind server :*
>
>
>
> FBMNS01:/etc/bind# nslookup
>
> > server 84.88.79.190
>
> Default server: 84.88.79.190
>
> Address: 84.88.79.190#53
>
> > set ty=any
>
> > barcelonamedia.org
>
> Server: 84.88.79.190
>
> Address: 84.88.79.190#53
>
>
>
> ** server can't find barcelonamedia.org.barcelonamedia.org: *SERVFAIL*
>
>
>
>
>
> *And finally i do not manage to read logs because they are not there.
> I really do not understant. Help will be apreciated. *
>
>
>
> *FBMNS01:/etc/bind# locate bind |grep log*
>
> /etc/rsyslog.d/bind-chroot.conf
>
> /usr/lib/python2.5/idlelib/keybindingDialog.py
>
> /usr/lib/python2.5/idlelib/keybindingDialog.pyc
>
> /usr/share/doc/bind9/changelog.Debian.gz
>
> /usr/share/doc/bind9-doc/changelog.Debian.gz
>
> /usr/share/doc/bind9-doc/changelog.gz
>
> /usr/share/doc/bind9-host/changelog.Debian.gz
>
> /usr/share/doc/bind9utils/changelog.Debian.gz
>
> /usr/share/doc/libbind9-40/changelog.Debian.gz
>
> /usr/share/webmin/bind8/conf_logging.cgi
>
> /usr/share/webmin/bind8/log_parser.pl
>
> /usr/share/webmin/bind8/save_logging.cgi
>
> /usr/share/webmin/bind8/syslog_logs.pl
>
> /usr/share/webmin/bind8/images/logging.gif
>
> /usr/share/webmin/blue-theme/bind8/images/logging.gif
>
> /var/chroot/bind9/dev/log
>
>
>
> *FBMNS01:/etc/bind# tail -f /var/chroot/bind9/dev/log*
>
> tail: cannot open `/var/chroot/bind9/dev/log' for reading: No such
> device or address
>
> tail: no files remaining
>
>
>
> *The first lines of my zone file db.barcelonamedia.org look like this:*
>
>
>
> /@ IN SOA fbmns01.barcelonamedia.org.
> namemaster.barcelonamedia.org. (/
>
> / 2009110404/
>
> / 14400/
>
> / 3600/
>
> / 2419200/
>
> / 604800 )/
>
> /;/
>
> /@ IN NS fbmns01.barcelonamedia.org./
>
> /@ IN NS ns1.cesca.es./
>
> /@ IN NS ns2.cesca.es./
>
> /barcelonamedia.org. IN MX 10 mx01.barcelonamedia.org./
>
> /barcelonamedia.org. IN MX 20 mx02.barcelonamedia.org./
>
> /@ IN TXT "FBM"/
>
> /smtp IN A 217.116.0.156/
>
> /www IN A 217.116.20.166/
>
> /@ IN A 217.116.20.166/
>
> / /
>
> / /
>
> /llistes IN MX 10 llistes.barcelonamedia.org./
>
> /mailman IN MX 10 mailman.barcelonamedia.org./
>
> / /
>
> /;############### IPs Externas a Zona FBM ###################/
>
> /2020 IN A 217.116.20.166/
>
> /awebmail IN A 217.14.38.81/
>
> /graficos IN A 193.145.44.102/
>
>
>
>
>
> Thanks for reading.
>
>
>
>
>
>
>
>
>
>
>
> cid:part1.06060...@barcelonamedia.org
>
> *Joan Marc Riera Duocastella*
> *Barcelona Media - Centre d'Innovació*
> Av. Diagonal, 177, planta 9 08018 - BARCELONA
> Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
> www.barcelonamedia.org <http://www.barcelonamedia.org>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Gregory Hicks
> From: Marc Riera <marc....@barcelonamedia.org>
> To: Kevin Darcy <k...@chrysler.com>, "bind-...@lists.isc.org"
<bind-...@lists.isc.org>
> Date: Thu, 5 Nov 2009 09:08:53 +0100
> Subject: RE: ** server can't find
barcelonamedia.org.barcelonamedia.org: SERVFAIL
>
>
> Thanks for your repply, still don't have any idea about where the logs
should be.
>
> I attatch my /etc/init.d/bind9 because of the strange behavior.
> Also attatch my /etc/bind/named.conf to see if the logs should be
somewhere.
Marc:
What is in named.conf.options and named.conf.local?
Regards,
Gregory Hicks
---------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
| Direct: 408.569.7928
People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell
The price of freedom is eternal vigilance. -- Thomas Jefferson
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
Marc Riera
Thanks.
Joan Marc Riera Duocastella
Barcelona Media - Centre d'Innovació
Av. Diagonal, 177, planta 9 08018 - BARCELONA
Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
www.barcelonamedia.org
-----Mensaje original-----
De: Gregory Hicks [mailto:ghi...@hicks-net.net]
Enviado el: jueves, 05 de noviembre de 2009 9:26
Para: k...@chrysler.com; bind-...@lists.isc.org; Marc Riera
Asunto: RE: ** server can't find barcelonamedia.org.barcelonamedia.org: SERVFAIL
Matus UHLAR - fantomas
> Thanks for your repply, still don't have any idea about where the logs
> should be.
check /var/log/ files. bind uses to log to syslog.
(I have debian too but I use my own logging scheme)
> I attatch my /etc/init.d/bind9 because of the strange behavior.
> Also attatch my /etc/bind/named.conf to see if the logs should be somewhere.
not needed yet, until you have massively updated the init script or logging
in config file (in which case you _should_ know where logs are)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
Kevin Darcy
results of a "status_of_proc" call. status_of_proc appears to be a
Debian-ism, I can't easily find any info on it, but presumably there's
something misconfigured on your system, so that status_of_proc can't
find the "named" process. The "force-reload" operand, in contrast, uses
rndc, and that appears to be working fine. Talk to a Debian expert about
what might be wrong with status_of_proc.
"named.conf": there's nothing about logging in that named.conf, and the
zone definitions are totally generic (hints file, localhost,
127.in-addr.arpa, 0.in-addr.arpa and 255.in-addr.arpa). However, there
are a couple of subsidiary config files "include"d into this one --
named.conf.options (which might potentially contain your logging
configuration) and named.conf.local (which might contain zone definitions).
By the way, did you follow the advice in this comment:
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
?
- Kevin
Marc Riera wrote:
> Hello,
>
> Thanks for your repply, still don't have any idea about where the logs should be.
>
> I attatch my /etc/init.d/bind9 because of the strange behavior.
> Also attatch my /etc/bind/named.conf to see if the logs should be somewhere.
>
>
> I've already checked if there is something declared about logs in the config files with this result:
> FBMNS01:/etc/bind# egrep log *
> db.barcelonamedia.org:blogbm IN A 84.88.79.133
> db.barcelonamedia.org:blogbm2 IN A 84.88.79.142
>
>
> Thank you.
>
>
>
> Joan Marc Riera Duocastella
> Barcelona Media - Centre d'Innovaci�
> Av. Diagonal, 177, planta 9 08018 - BARCELONA
> Tel�fon +34 93 238 14 00 Fax +34 93 309 31 88
> www.barcelonamedia.org
>
> -----Mensaje original-----
> De: bind-user...@lists.isc.org [mailto:bind-user...@lists.isc.org] En nombre de Kevin Darcy
> Enviado el: mi�rcoles, 04 de noviembre de 2009 19:15
>> *Barcelona Media - Centre d'Innovaci�*
>> Av. Diagonal, 177, planta 9 08018 - BARCELONA
>> Tel�fon +34 93 238 14 00 Fax +34 93 309 31 88
Marc Riera
Finally solved. Thank to all of you, and specially Holger Honert.
I'm using bind with chroot, so there was some different stuff in where to put the logs.
Also there was a dot missing on my PTR.
Now I have this on my named.conf.options to let me have underscores:
check-names master ignore;
check-names slave ignore;
And I have this on my named.conf
logging {
channel named_log {
file "/var/log/named.log" versions 5 size 5m;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_log {
file "/var/log/security.log" versions 5 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
channel update_log {
file "/var/log/update.log" versions 5 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
channel notify_log {
file "/var/log/notify.log" versions 5 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "/var/log/query.log" versions 10 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
category default {named_log; };
category security {security_log; };
category update {update_log; };
category update-security {update_log; };
category notify {notify_log; };
category queries {query_log; };
category lame-servers { null; };
};
Thanks to all of you.
Joan Marc Riera Duocastella
Barcelona Media - Centre d'Innovació
Av. Diagonal, 177, planta 9 08018 - BARCELONA
Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
www.barcelonamedia.org
-----Mensaje original-----
De: bind-user...@lists.isc.org [mailto:bind-user...@lists.isc.org] En nombre de Kevin Darcy
Enviado el: jueves, 05 de noviembre de 2009 18:05
Para: bind-...@lists.isc.org
Asunto: Re: ** server can't find barcelonamedia.org.barcelonamedia.org: SERVFAIL
"bind9" script: the "status" operand basically just passes back the
?
- Kevin
> Barcelona Media - Centre d'Innovació
> Av. Diagonal, 177, planta 9 08018 - BARCELONA
> Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
> www.barcelonamedia.org
>
> -----Mensaje original-----
> De: bind-user...@lists.isc.org [mailto:bind-user...@lists.isc.org] En nombre de Kevin Darcy
> Enviado el: miércoles, 04 de noviembre de 2009 19:15
>> *Barcelona Media - Centre d'Innovació*
>> Av. Diagonal, 177, planta 9 08018 - BARCELONA
>> Telèfon +34 93 238 14 00 Fax +34 93 309 31 88
Sam Wilson
Marc Riera <marc....@barcelonamedia.org> wrote:
> Now I have this on my named.conf.options to let me have underscores:
>
> check-names master ignore;
> check-names slave ignore;
Not a good plan. Those checks are in there for a reason, namely that
underscores are invalid in host names. Whilst you can make your
nameservers accept them you can't legislate for other software which
might take a less liberal view. Better to eliminate the underscores.
Note that the restriction on underscores does not apply to the entries
in some special purpose domains such as SRV records and DKIM entries,
just to hostnames - mostly A and PTR records.
Sam