steve_adams Posted July 28, 2021 Posted July 28, 2021 I've got a Froxlor install on Debian Buster configured with Bind9 as an authoritative nameserver and I'm experiencing missing information in the dig results. dig ns1.radicalcomputingconcepts.com ; <<>> DiG 9.10.6 <<>> ns2.radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27849 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;ns2.radicalcomputingconcepts.com. IN A ;; Query time: 94 msec ;; SERVER: 2001:558:feed::1#53(2001:558:feed::1) ;; WHEN: Wed Jul 28 17:35:38 MDT 2021 ;; MSG SIZE rcvd: 61 ============= Prior to installing Bind9 I had DjbDns installed and results looked like this: dig ns1.radicalcomputingconcepts.com ; <<>> DiG 9.10.6 <<>> ns1.radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17268 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.radicalcomputingconcepts.com. IN A ;; ANSWER SECTION: ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154 ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154 ;; Query time: 85 msec ;; SERVER: 2603:300b:7d6:1800:82b2:34ff:fe4b:1789#53(2603:300b:7d6:1800:82b2:34ff:fe4b:1789) ;; WHEN: Wed Jul 28 17:37:23 MDT 2021 ;; MSG SIZE rcvd: 82 =================== Further irregularities occur as the parent domain to the NS is not responsive to DNS lookups and ping attempts: ping radicalcomputingconcepts.com ping: cannot resolve radicalcomputingconcepts.com: Unknown host AND the domain of my froxlor server as set in the system settings also becomes unresponsive as well ping mail.radicalcomputingconcepts.com ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host There is nothing unusual about the Bind installation and all the services have been configured according to the tempates
0 steve_adams Posted July 30, 2021 Author Posted July 30, 2021 In the immortal words of Homer Simpson, "D'oh!" I think I found it! I was running Rspamd in order to supply DKIM and it was occupying port 53 with records for the NS1 and NS2. So when the named-checkzone ran it detected that there were pre-existing A records and refused to load the zone! Doop, vielen dank für deine geduld mit mir !
0 steve_adams Posted July 29, 2021 Author Posted July 29, 2021 It appears I still had ipv6 enabled. I disabled it by adding GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" GRUB_CMDLINE_LINUX="ipv6.disable=1" to /etc/default/grub and restarting. Upon restart, postfix is broken and cannot authenticate via SASL: warning: SASL: Connect to private/auth failed: Connection refused Jul 29 15:07:01 mail postfix/smtpd[1490]: fatal: no SASL authentication mechanisms Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1481 exit status 1 Jul 29 15:07:01 mail postfix/master[1147]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1482 exit status 1 Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1483 exit status 1 I appear to have a conflict with Bind9 and IPv6? Please advise
0 steve_adams Posted July 29, 2021 Author Posted July 29, 2021 I've installed ipv6 information into my network interfaces and eliminated the bind errors in syslog. From and external host name resolution fails for the primary domain, the domain specified in the system settings, and dig responses are missing answer sections: syslog: Restarting bind9 (via systemctl): bind9.service. root@mail:/home/steve# tail -f /var/log/syslog Jul 29 18:11:27 mail named[6374]: zone flatironscannabis.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone jaith.net/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone mailinglist.boulevardbread.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone ragustudio.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone oddballsinvitations.net/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone boulevardbread.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted Jul 29 18:11:27 mail named[6374]: resolver priming query complete external host resolution: ping mail.radicalcomputingconcepts.com ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host ping radicalcomputingconcepts.com ping: cannot resolve radicalcomputingconcepts.com: Unknown host zone files for hosts that are failing resolution: $TTL 600 $ORIGIN radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600 @ 600 IN A 149.56.97.154 www 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. $TTL 600 $ORIGIN mail.radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600 @ 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. @ 600 IN CAA 0 issue "letsencrypt.org" missing answer sections from dig: dig radicalcomputingconcepts.com ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31804 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: e05667de07e9c60614b1b8ed610328e82bba2257178535e9 (good) ;; QUESTION SECTION: ;radicalcomputingconcepts.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 29 18:17:12 EDT 2021 ;; MSG SIZE rcvd: 85
0 d00p Posted July 30, 2021 Posted July 30, 2021 What about the radicalcomputingconcepts.com zone? And do you have GLUE records for it?
0 steve_adams Posted July 30, 2021 Author Posted July 30, 2021 I added a domain in froxlor control panel for radicalcomputingconcepts.com. The zone file looks like this: $TTL 600 $ORIGIN radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021073002 3600 900 604800 600 @ 600 IN A 149.56.97.154 www 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. running named-checkzone yields: named-checkzone radicalcomputingconepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone /etc/bind/domains/radicalcomputingconcepts.com.zone:3: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:5: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:6: ignoring out-of-zone data (www.radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:7: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:8: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:12: ignoring out-of-zone data (mail.radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:13: ignoring out-of-zone data (mail.radicalcomputingconcepts.com) zone radicalcomputingconepts.com/IN: has 0 SOA records zone radicalcomputingconepts.com/IN: has no NS records zone radicalcomputingconepts.com/IN: not loaded due to errors. I can find no documentation on the Froxlor site nor in the forums on configuration of GLUE records...please advise
0 d00p Posted July 30, 2021 Posted July 30, 2021 Froxlor cannot create glue records. Please read the bind docs and general DNS docs
0 steve_adams Posted July 30, 2021 Author Posted July 30, 2021 HA! Please forgive me....I mistyped the domain in my named-checkzone query. Fat fingers and not enough coffee! root@mail:/etc/bind/domains# named-checkzone radicalcomputingconcepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone zone radicalcomputingconcepts.com/IN: NS 'ns1.radicalcomputingconcepts.com' has no address records (A or AAAA) zone radicalcomputingconcepts.com/IN: NS 'ns2.radicalcomputingconcepts.com' has no address records (A or AAAA) zone radicalcomputingconcepts.com/IN: not loaded due to errors. FYI, Glue records are in place at the registrar and have been for almost a decade or more... root@mail# dig ns com ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37906 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com. 86400 IN NS g.gtld-servers.net. com. 86400 IN NS a.gtld-servers.net. com. 86400 IN NS e.gtld-servers.net. com. 86400 IN NS d.gtld-servers.net. com. 86400 IN NS j.gtld-servers.net. com. 86400 IN NS k.gtld-servers.net. com. 86400 IN NS c.gtld-servers.net. com. 86400 IN NS f.gtld-servers.net. com. 86400 IN NS l.gtld-servers.net. com. 86400 IN NS b.gtld-servers.net. com. 86400 IN NS m.gtld-servers.net. com. 86400 IN NS i.gtld-servers.net. com. 86400 IN NS h.gtld-servers.net. ;; Query time: 88 msec ;; SERVER: 213.186.33.99#53(213.186.33.99) ;; WHEN: Fri Jul 30 12:43:11 EDT 2021 ;; MSG SIZE rcvd: 256 root@mail:/etc/bind# dig ns radicalcomputingconcepts.com @e.gtld-servers.net ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns radicalcomputingconcepts.com @e.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57187 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;radicalcomputingconcepts.com. IN NS ;; AUTHORITY SECTION: radicalcomputingconcepts.com. 172800 IN NS ns1.radicalcomputingconcepts.com. radicalcomputingconcepts.com. 172800 IN NS ns2.radicalcomputingconcepts.com. ;; ADDITIONAL SECTION: ns1.radicalcomputingconcepts.com. 172800 IN A 149.56.97.154 ns2.radicalcomputingconcepts.com. 172800 IN A 96.81.53.27 ;; Query time: 68 msec ;; SERVER: 2001:502:1ca1::30#53(2001:502:1ca1::30) ;; WHEN: Fri Jul 30 12:44:09 EDT 2021 ;; MSG SIZE rcvd: 125
Question
steve_adams
I've got a Froxlor install on Debian Buster configured with Bind9 as an authoritative nameserver and I'm experiencing missing information in the dig results.
dig ns1.radicalcomputingconcepts.com
; <<>> DiG 9.10.6 <<>> ns2.radicalcomputingconcepts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27849
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ns2.radicalcomputingconcepts.com. IN A
;; Query time: 94 msec
;; SERVER: 2001:558:feed::1#53(2001:558:feed::1)
;; WHEN: Wed Jul 28 17:35:38 MDT 2021
;; MSG SIZE rcvd: 61
=============
Prior to installing Bind9 I had DjbDns installed and results looked like this:
dig ns1.radicalcomputingconcepts.com
; <<>> DiG 9.10.6 <<>> ns1.radicalcomputingconcepts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17268
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.radicalcomputingconcepts.com. IN A
;; ANSWER SECTION:
ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154
ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154
;; Query time: 85 msec
;; SERVER: 2603:300b:7d6:1800:82b2:34ff:fe4b:1789#53(2603:300b:7d6:1800:82b2:34ff:fe4b:1789)
;; WHEN: Wed Jul 28 17:37:23 MDT 2021
;; MSG SIZE rcvd: 82
===================
Further irregularities occur as the parent domain to the NS is not responsive to DNS lookups and ping attempts:
ping radicalcomputingconcepts.com
ping: cannot resolve radicalcomputingconcepts.com: Unknown host
AND the domain of my froxlor server as set in the system settings also becomes unresponsive as well
ping mail.radicalcomputingconcepts.com
ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host
There is nothing unusual about the Bind installation and all the services have been configured according to the tempates
10 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now