Many times when a website is not resolving, the first thing you must do is to check it in the dnsstuff.com or issue the command 'dig @ns1.domain.com domain.com'. If you are able to understand the response, it is easy to figure out where the problem lies..
Q: How do I find the nameservers of a domain, again use dig.
A : 'dig domain.com NS' will show a raw output of the output.
Now there are different responses one will get for a dig query. Here, I am talking about Redhat based OSes. Other OSes may slightly vary in the config locations. Currently I am telling about the response which has the key word, Server Failure in it's response. Here are a few checks which may help you in figuring out the issue, yourself.
Check #1
It means, the nameserver on which you are querying for the domain don't hold the domain zone. Create an entry in /etc/named.conf and put the zone file somewhere in /var/named, and do a 'rndc reload'. And then do a 'dig @127.0.0.1 domain.com' . Check the answer section, does it respond something along the lines,;; ANSWER SECTION:
domain.com 86400 IN A 192.168.1.12
Then it is all good and locally it is working fine. If it didn't work, then read on..
Check #2
In Redhat based OSes the named config options are stored at /etc/sysconfig/named , by default. If all the lines there are commented with # or there is no line at all, we can proceed. Otherwise , check for this setting in particular,
ROOTDIR="/var/named/run-root"
Value of ROOTDIR can be anything, another most commonly found value is /var/named/chroot. Once set, that value means the root (it's new home) directory for the named user is /var/named/run-root and it can't see /bin or /usr or not even /tmp. Poor named..isn't it..Well that is called chrooted environment for better security. More about that later..
Usually in such cases, /etc/named.conf will be a symbolic link to ROOTDIR_value/etc/named.conf (in this case it will be symlink to /var/named/run-root/etc/named.conf). And the domain.com zone file would need to be copied to /var/named/run-root/var or even in /var/named/run-root/var/named instead of /var/named and finally do a rndc reload
Check #3
Okay all done. Still not working ? Did you check the log messages. By default the log messages appears in /var/log/messages, unless mentioned otherwise in the file parameter of the logging directive. Open two ssh sessions, reload rndc in one shell, and do a tail -f /var/log/messages on the other and watch for any warning or errors. Correct them accordingly. There are two tools which can help in the process.
named-checkconf and named-checkzone
named-checkconf will parse /etc/named.conf and checks the file syntax. Nothing else. In case of servers where ROOTDIR is set use 'named-checkconf -t /var/named/run-root'.
named-checkzone is what is most handy for me. Command to be issued is
named-checkzone domainname.com /var/named/run-root/var/named/domainname.com
It will print out the errors, if there are any. Or else say loaded okay. See o/p below.
Bad Zone
[root@hackcity var]#named-checkzone domainname.com /var/named/run-root/var/named/domainname.com
dns_master_load: domainname.com:24: domainname.com: CNAME and other data
dns_master_load: domainname.com:26: domainname.com: CNAME and other data
zone domainname.com/IN: loading master file domainname.com: CNAME and other data
Good Zone
[root@hackcity var]#named-checkzone domainname.com /var/named/run-root/var/named/domainname.com
zone domainname.com/IN: loaded serial 1178542138
OK
Any idea on what was the error with the Bad Zone ?
It was CNAME entries like, in the lines 24-26. Removed them and they were all fine.
domainname.com. IN CNAME domainname.com
domainname.com. IN CNAME domainname.com
domainname.com. IN CNAME domainname.com
Check #4
Last but very important, do you know which is the most important character in a DNS zone file ? It is the period "." :-) If you miss one, none of the above steps will help you. If you forget that the comments in DNS are not marked using # and instead ; , it will remind you. But if you forget the period -> . <- then you have to figure it out yourself. It is something every newbie admins miss.
No comments:
Post a Comment