Name or Sevice not known

Maurizio Caloro

unread,

Jan 19, 2023, 2:00:07 PM1/19/23

to

hello
fighting little with bind9, on Debian 10.13, in my opinion appair right,
but arn't possible
to ping local/inside the Client that i have add to my config.
information this machine running
on a VPS envirment.

also the checks are positiv
# named-checkzone sternbild.m /var/cache/bind/db.sternbild.m
zone sternbild.m/IN: loaded serial 2023230217
OK

# named-checkzone sternbild.m /var/cache/bind/db.reverse.sternbild.m
zone sternbild.m/IN: loaded serial 2023230817
OK

-
# ping pluto.sternbild.m
ping: pluto.sternbild.m: Name or service not known

# ping ns1.sternbild.m
ping: ns1.sternbild.m: Name or service not known

# ping ns1
ping: ns1: Name or service not known

-
# cat /etc/resolv.conf
search sternbild.m
nameserver 127.0.0.1
nameserver A.B.C.D -> other Nameservers
nameserver A.B.C.D -> other Nameservers

-
# /var/cache/bind# cat db.sternbild.m
;
; BIND data file for broadcast zone
;
$TTL    3600
@       IN      SOA     ns1.sternbild.m. root.sternbild.m. (
                2023230217      ; Serial
                3600            ; Refresh
                600             ; Retry
                86400           ; Expire
                600 )           ; Negative Cache TTL

;
@               IN      NS      ns1.sternbild.m.
@               IN      A       127.0.0.1
@               IN      AAAA    ::1

ns1             IN      A       37.B.C.D
pluto           IN      A       37.B.C.D

-

# cat db.reverse.sternbild.m
;
; BIND reverse data file for broadcast zone
;
$TTL    3600
@       IN      SOA     ns1.sternbild.m. root.sternbild.m. (
                2023230817      ; Serial
                3600            ; Refresh
                600             ; Retry
                86400           ; Expire
                600 )           ; Negative Cache TTL

;
@               IN      NS      ns1.
188             IN      PTR     ns1.sternbild.m
; @             IN      A       127.0.0.1
; @             IN      AAAA    ::1

188        IN      PTR     ns1.sternbild.m.
188        IN      PTR     pluto.sternbild.m.

-

# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

zone "ns1.sternbild.m" {
        type master;
        file "/var/cache/bind/db.sternbild.m";
       };
zone "D.C.B.in-addr.arpa" {
        type master;
        file "/var/cache/bind/db.reverse.sternbild.m";
        allow-query { any; };
       };

include "/etc/bind/zones.rfc1918";

Greg Wooledge

unread,

Jan 19, 2023, 2:30:05 PM1/19/23

to

On Thu, Jan 19, 2023 at 07:45:34PM +0100, Maurizio Caloro wrote:
> fighting little with bind9, on Debian 10.13, in my opinion appair right, but

> # cat /etc/resolv.conf
> search sternbild.m
> nameserver 127.0.0.1
> nameserver A.B.C.D -> other Nameservers
> nameserver A.B.C.D -> other Nameservers

Let's start here. Why do you have multiple nameserver lines here?
Which one is the bind9 server that you're configuring? That should be
the only line.

If the bind9 server is 127.0.0.1 then just keep that line, and remove
the other two (or comment them out with semicolons).

When you've got multiple nameserver lines, the resolver library will use
whichever one it wants to use first. If that one returns NXDOMAIN, then
it stops there. It doesn't look at the other lines.

It will only look at the other lines if there's no response at all from
the first nameserver it tries.

> # ping pluto.sternbild.m
> ping: pluto.sternbild.m: Name or service not known

The ping command is not the best choice for debugging DNS server setups.
The major issue here is that you don't know which nameserver was used
to get this result.

There are dedicated tools for debugging DNS, including "host" and "dig"
in the dnsutils package (on Debian 10 which you're using, or in bind9-host
in Debian 11). Start with those.

dig @127.0.0.1 A pluto.sternbild.m
host -t A pluto.sternbild.m 127.0.0.1

Either of these commands will request the "A" record for pluto.sternbild.m
from the DNS resolver at 127.0.0.1. I'm guessing that's the one you're
trying to use and debug. You can try both and see which one you like
better. Of the two commands, dig is the more feature-rich one, should you
need to go into more detail.

> # ping ns1.sternbild.m
> ping: ns1.sternbild.m: Name or service not known
>
> # ping ns1
> ping: ns1: Name or service not known

Since you have two other nameserver lines, you don't know which one(s)
are returning the NXDOMAIN error, you might want to probe all three with
dig or host.

Maurizio Caloro

unread,

Jan 19, 2023, 3:20:05 PM1/19/23

to

Am 19.01.2023 um 20:24 schrieb Greg Wooledge:
> On Thu, Jan 19, 2023 at 07:45:34PM +0100, Maurizio Caloro wrote:
> Let's start here. Why do you have multiple nameserver lines here?
> Which one is the bind9 server that you're configuring? That should be
> the only line.
>
> If the bind9 server is 127.0.0.1 then just keep that line, and remove
> the other two (or comment them out with semicolons).
>
> When you've got multiple nameserver lines, the resolver library will use
> whichever one it wants to use first. If that one returns NXDOMAIN, then
> it stops there. It doesn't look at the other lines.
>
> It will only look at the other lines if there's no response at all from
> the first nameserver it tries.

> The ping command is not the best choice for debugging DNS server setups.
> The major issue here is that you don't know which nameserver was used
> to get this result.
>
> There are dedicated tools for debugging DNS, including "host" and "dig"
> in the dnsutils package (on Debian 10 which you're using, or in bind9-host
> in Debian 11). Start with those.
>
> dig @127.0.0.1 A pluto.sternbild.m
> host -t A pluto.sternbild.m 127.0.0.1
>
> Either of these commands will request the "A" record for pluto.sternbild.m
> from the DNS resolver at 127.0.0.1. I'm guessing that's the one you're
> trying to use and debug. You can try both and see which one you like
> better. Of the two commands, dig is the more feature-rich one, should you
> need to go into more detail.

> Since you have two other nameserver lines, you don't know which one(s)
> are returning the NXDOMAIN error, you might want to probe all three with
> dig or host.

first let me thanks for you quick answer, thanks!
i see and understod, i have now only search sternbild.m, and 127.0.0.1,
on resolv.conf

please see me result

# dig @127.0.0.1 A pluto.sternbild.m
; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> @127.0.0.1 A pluto.sternbild.m
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7559
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 46f08b6124e3fe216e3fe97663c99d8e691938f0921a7d42 (good)
;; QUESTION SECTION:
;pluto.sternbild.m. IN A

;; AUTHORITY SECTION:
. 10699 IN SOA a.root-servers.net.
nstld.verisign-grs.com. 2023011901 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 19 20:44:14 CET 2023
;; MSG SIZE rcvd: 146

-

# host -t A pluto.sternbild.m 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host pluto.sternbild.m not found: 3(NXDOMAIN)

-

# cat /etc/resolv.conf
search sternbild.m
nameserver 127.0.0.1

-

ok see that systemd-resolveconf are running, ok stoped!

# netstat -plnt | grep ':53'
tcp        0      0 0.0.0.0:5355            0.0.0.0:* LISTEN
32075/systemd-resol
tcp        0      0 127.0.0.1:53            0.0.0.0:* LISTEN
17207/named
tcp        0      0 127.0.0.53:53           0.0.0.0:* LISTEN
32075/systemd-resol
tcp6       0      0 :::5355                 :::* LISTEN
32075/systemd-resol
tcp6       0      0 :::53                   :::* LISTEN      17207/named

# systemctl stop systemd-resolved.service
# netstat -plnt | grep ':53'
tcp        0      0 127.0.0.1:53 0.0.0.0:*               LISTEN
17207/named
tcp6       0      0 :::53 :::*                    LISTEN      17207/named

-

bind are restarted and running

# systemctl status bind9
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
   Active: active (running) since Thu 2023-01-19 21:09:12 CET; 4s ago
     Docs: man:named(8)
Process: 17455 ExecStart=/usr/sbin/named $OPTIONS (code=exited,
status=0/SUCCESS)
Main PID: 17456 (named)
    Tasks: 5 (limit: 2358)
   Memory: 12.3M

-

but no answer

# ping pluto
ping: pluto: Name or service not known

# ping pluto.sternbild.m
ping: pluto.sternbild.m: Name or service not known

--

Greg Wooledge

unread,

Jan 19, 2023, 4:20:06 PM1/19/23

to

On Thu, Jan 19, 2023 at 09:12:19PM +0100, Maurizio Caloro wrote:
> # host -t A pluto.sternbild.m 127.0.0.1
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
>
> Host pluto.sternbild.m not found: 3(NXDOMAIN)

Hmm. In your previous message, you have:

> # cat /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
>
> zone "ns1.sternbild.m" {
> type master;
> file "/var/cache/bind/db.sternbild.m";
> };
> zone "D.C.B.in-addr.arpa" {
> type master;
> file "/var/cache/bind/db.reverse.sternbild.m";
> allow-query { any; };
> };

The most obvious issue here is that you don't have a "sternbild.m" zone
definition here. You've got "ns1.sternbild.m" as a zone, but that's
a hostname. Try changing that to zone "sternbild.m".

Other issues:

It seems strange that one zone has the "allow-query { any; };" line
while the other does not. Either both zones should need it, or neither
one should need it, I would think.

Your "master" zones should be in /etc/bind/ rather than /var/cache/bind/
according to the README.Debian file. The /var/cache/bind/ directory
should only contain information that can be recreated (e.g. secondary
zones that can be re-pulled from the primary server). I doubt that's
actually causing a problem, but it's something you should probably clean
up eventually.

Name or Sevice not known - bind

Maurizio Caloro

Greg Wooledge

Maurizio Caloro

Greg Wooledge