July 28, 20214 yr I've got a Froxlor install on Debian Buster configured with Bind9 as an authoritative nameserver and I'm experiencing missing information in the dig results. dig ns1.radicalcomputingconcepts.com ; <<>> DiG 9.10.6 <<>> ns2.radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27849 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;ns2.radicalcomputingconcepts.com. IN A ;; Query time: 94 msec ;; SERVER: 2001:558:feed::1#53(2001:558:feed::1) ;; WHEN: Wed Jul 28 17:35:38 MDT 2021 ;; MSG SIZE rcvd: 61 ============= Prior to installing Bind9 I had DjbDns installed and results looked like this: dig ns1.radicalcomputingconcepts.com ; <<>> DiG 9.10.6 <<>> ns1.radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17268 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.radicalcomputingconcepts.com. IN A ;; ANSWER SECTION: ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154 ns1.radicalcomputingconcepts.com. 86339 IN A 149.56.97.154 ;; Query time: 85 msec ;; SERVER: 2603:300b:7d6:1800:82b2:34ff:fe4b:1789#53(2603:300b:7d6:1800:82b2:34ff:fe4b:1789) ;; WHEN: Wed Jul 28 17:37:23 MDT 2021 ;; MSG SIZE rcvd: 82 =================== Further irregularities occur as the parent domain to the NS is not responsive to DNS lookups and ping attempts: ping radicalcomputingconcepts.com ping: cannot resolve radicalcomputingconcepts.com: Unknown host AND the domain of my froxlor server as set in the system settings also becomes unresponsive as well ping mail.radicalcomputingconcepts.com ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host There is nothing unusual about the Bind installation and all the services have been configured according to the tempates
July 29, 20214 yr Author It appears I still had ipv6 enabled. I disabled it by adding GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" GRUB_CMDLINE_LINUX="ipv6.disable=1" to /etc/default/grub and restarting. Upon restart, postfix is broken and cannot authenticate via SASL: warning: SASL: Connect to private/auth failed: Connection refused Jul 29 15:07:01 mail postfix/smtpd[1490]: fatal: no SASL authentication mechanisms Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1481 exit status 1 Jul 29 15:07:01 mail postfix/master[1147]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1482 exit status 1 Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1483 exit status 1 I appear to have a conflict with Bind9 and IPv6? Please advise
July 29, 20214 yr Author I've installed ipv6 information into my network interfaces and eliminated the bind errors in syslog. From and external host name resolution fails for the primary domain, the domain specified in the system settings, and dig responses are missing answer sections: syslog: Restarting bind9 (via systemctl): bind9.service. root@mail:/home/steve# tail -f /var/log/syslog Jul 29 18:11:27 mail named[6374]: zone flatironscannabis.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone jaith.net/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone mailinglist.boulevardbread.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone ragustudio.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone oddballsinvitations.net/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: zone boulevardbread.com/IN: sending notifies (serial 2021072900) Jul 29 18:11:27 mail named[6374]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted Jul 29 18:11:27 mail named[6374]: resolver priming query complete external host resolution: ping mail.radicalcomputingconcepts.com ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host ping radicalcomputingconcepts.com ping: cannot resolve radicalcomputingconcepts.com: Unknown host zone files for hosts that are failing resolution: $TTL 600 $ORIGIN radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600 @ 600 IN A 149.56.97.154 www 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. $TTL 600 $ORIGIN mail.radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600 @ 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. @ 600 IN CAA 0 issue "letsencrypt.org" missing answer sections from dig: dig radicalcomputingconcepts.com ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> radicalcomputingconcepts.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31804 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: e05667de07e9c60614b1b8ed610328e82bba2257178535e9 (good) ;; QUESTION SECTION: ;radicalcomputingconcepts.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 29 18:17:12 EDT 2021 ;; MSG SIZE rcvd: 85
July 30, 20214 yr What about the radicalcomputingconcepts.com zone? And do you have GLUE records for it?
July 30, 20214 yr Author I added a domain in froxlor control panel for radicalcomputingconcepts.com. The zone file looks like this: $TTL 600 $ORIGIN radicalcomputingconcepts.com. @ 600 IN SOA ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021073002 3600 900 604800 600 @ 600 IN A 149.56.97.154 www 600 IN A 149.56.97.154 @ 600 IN NS ns1.radicalcomputingconcepts.com. @ 600 IN NS ns2.radicalcomputingconcepts.com. running named-checkzone yields: named-checkzone radicalcomputingconepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone /etc/bind/domains/radicalcomputingconcepts.com.zone:3: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:5: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:6: ignoring out-of-zone data (www.radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:7: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:8: ignoring out-of-zone data (radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:12: ignoring out-of-zone data (mail.radicalcomputingconcepts.com) /etc/bind/domains/radicalcomputingconcepts.com.zone:13: ignoring out-of-zone data (mail.radicalcomputingconcepts.com) zone radicalcomputingconepts.com/IN: has 0 SOA records zone radicalcomputingconepts.com/IN: has no NS records zone radicalcomputingconepts.com/IN: not loaded due to errors. I can find no documentation on the Froxlor site nor in the forums on configuration of GLUE records...please advise
July 30, 20214 yr Author HA! Please forgive me....I mistyped the domain in my named-checkzone query. Fat fingers and not enough coffee! root@mail:/etc/bind/domains# named-checkzone radicalcomputingconcepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone zone radicalcomputingconcepts.com/IN: NS 'ns1.radicalcomputingconcepts.com' has no address records (A or AAAA) zone radicalcomputingconcepts.com/IN: NS 'ns2.radicalcomputingconcepts.com' has no address records (A or AAAA) zone radicalcomputingconcepts.com/IN: not loaded due to errors. FYI, Glue records are in place at the registrar and have been for almost a decade or more... root@mail# dig ns com ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37906 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;com. IN NS ;; ANSWER SECTION: com. 86400 IN NS g.gtld-servers.net. com. 86400 IN NS a.gtld-servers.net. com. 86400 IN NS e.gtld-servers.net. com. 86400 IN NS d.gtld-servers.net. com. 86400 IN NS j.gtld-servers.net. com. 86400 IN NS k.gtld-servers.net. com. 86400 IN NS c.gtld-servers.net. com. 86400 IN NS f.gtld-servers.net. com. 86400 IN NS l.gtld-servers.net. com. 86400 IN NS b.gtld-servers.net. com. 86400 IN NS m.gtld-servers.net. com. 86400 IN NS i.gtld-servers.net. com. 86400 IN NS h.gtld-servers.net. ;; Query time: 88 msec ;; SERVER: 213.186.33.99#53(213.186.33.99) ;; WHEN: Fri Jul 30 12:43:11 EDT 2021 ;; MSG SIZE rcvd: 256 root@mail:/etc/bind# dig ns radicalcomputingconcepts.com @e.gtld-servers.net ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns radicalcomputingconcepts.com @e.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57187 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;radicalcomputingconcepts.com. IN NS ;; AUTHORITY SECTION: radicalcomputingconcepts.com. 172800 IN NS ns1.radicalcomputingconcepts.com. radicalcomputingconcepts.com. 172800 IN NS ns2.radicalcomputingconcepts.com. ;; ADDITIONAL SECTION: ns1.radicalcomputingconcepts.com. 172800 IN A 149.56.97.154 ns2.radicalcomputingconcepts.com. 172800 IN A 96.81.53.27 ;; Query time: 68 msec ;; SERVER: 2001:502:1ca1::30#53(2001:502:1ca1::30) ;; WHEN: Fri Jul 30 12:44:09 EDT 2021 ;; MSG SIZE rcvd: 125
July 30, 20214 yr Author Solution In the immortal words of Homer Simpson, "D'oh!" I think I found it! I was running Rspamd in order to supply DKIM and it was occupying port 53 with records for the NS1 and NS2. So when the named-checkzone ran it detected that there were pre-existing A records and refused to load the zone! Doop, vielen dank für deine geduld mit mir !
Create an account or sign in to comment