DNS Server resolving issues. Not accepting queries.

HI

I need some help please.
I am trying to set a local DNS for my local LAN.

DNS Server on opensuse42.1.

The problem is that the server is not responding to queries …

Can anyone review my configurations and give me a tip ???

Thank s

The configurations files are like this :

Named.conf

# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.



options {

    # The directory statement defines the name server's working directory

    directory "/var/lib/named";

    # enable DNSSEC validation
    #
    # If BIND logs error messages about the root key being expired, you
    # will need to update your keys. See https://www.isc.org/bind-keys
    #
    # dnssec-enable yes (default), indicates that a secure DNS service
    # is being used which may be one, or more, of TSIG
    # (for securing zone transfers or DDNS updates), SIG(0)
    # (for securing DDNS updates) or DNSSEC.

    #dnssec-enable yes;

    # dnssec-validation yes (default), indicates that a resolver
    # (a caching or caching-only name server) will attempt to validate
    # replies from DNSSEC enabled (signed) zones. To perform this task
    # the server also needs either a valid trusted-keys clause
    # (containing one or more trusted-anchors or a managed-keys clause.

    #dnssec-validation auto;
    managed-keys-directory "/var/lib/named/dyn/";

    # Write dump and statistics file to the log subdirectory.  The
    # pathenames are relative to the chroot jail.

    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";

    # The forwarders record contains a list of servers to which queries
    # should be forwarded.  Enable this line and modify the IP address to
    # your provider's name server.  Up to three servers may be listed.

    forwarders {8.8.8.8; 8.8.4.4; };

    # Enable the next entry to prefer usage of the name server declared in
    # the forwarders section.

    #forward first;

    # The listen-on record contains a list of local network interfaces to
    # listen on.  Optionally the port can be specified.  Default is to
    # listen on all interfaces found on your system.  The default port is
    # 53.

    listen-on port 53 {127.0.0.1;192.168.1.1; };

    # The listen-on-v6 record enables or disables listening on IPv6
    # interfaces.  Allowed values are 'any' and 'none' or a list of
    # addresses.

    listen-on-v6 { any; };

    # The next three statements may be needed if a firewall stands between
    # the local server and the internet.

    query-source address * port 53;
    transfer-source * port 53;
    notify-source * port 53;

    # The allow-query record contains a list of networks or IP addresses
    # to accept and deny queries from. The default is to allow queries
    # from all hosts.

    allow-query { 127.0.0.1;192.168.1.0/24; };

    # If notify is set to yes (default), notify messages are sent to other
    # name servers when the the zone data is changed.  Instead of setting
    # a global 'notify' statement in the 'options' section, a separate
    # 'notify' can be added to each zone definition.

    notify no;

    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
logging {
    # Log queries to a file limited to a size of 100 MB.
    channel query_logging {
        file "/var/log/named_querylog"
            versions 3 size 100M;
        print-time yes;            // timestamp log entries
    };

    category queries {
        query_logging;
    };

    # Or log this kind alternatively to syslog.
    channel syslog_queries {
        syslog user;
        severity info;
    };
    category queries { syslog_queries; };

    # Log general name server errors to syslog.
    channel syslog_errors {
        syslog user;
        severity error;
    };
    category default { syslog_errors;  };

    # Don't log lame server messages.
    category lame-servers { null; };
};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
    type hint;
    file "root.hint";
};

zone "localhost" in {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "127.0.0.zone";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
    type master;
    file "127.0.0.zone";
};


zone "umbrella-fw.local" in {
    type master;
    file "master/umbrella-internal-lan-fw.zone";
};

zone "umbrella-rev.zone" in {
    type master;
    file "master/umbrella-internal-lan-fw.zone";
};



# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.

My zone files are like this :

$TTL 1W
@        IN SOA    ns1.umbrella.local.   root.umbrella.local. (
                2016103019    ; serial (d. adams)
                2D        ; refresh
                4H        ; retry
                6W        ; expiry
                1W )        ; minimum

@        NS    ns1.umbrella.local.
@        NS    ns2.umbrella.local.
@            IN   A     127.0.0.1
@            IN   AAAA  ::1


;##############################################################
;##                 Phisical / Local Hosts                   ##
;##############################################################



hades    IN    A    192.168.1.8
hv    IN    A    192.168.1.252
hv-ilo    IN    A    192.168.1.250


;##############################################################
;##                 Virtual  / Local Hosts                   ##
;##############################################################

ns1.umbrella.local    IN     A     192.168.1.1
;ns1            CNAME        ns1.umbrella.local.
ns2.umbrella.local    IN    A    192.168.1.2
;ns2            CNAME        ns2.umbrella.local.
dc    IN    A    192.168.1.230

The reverse zone file

$TTL 1W
@        IN SOA        ns1.umbrella.local.   root.umbrella.local. (
                2016103019    ; serial (d. adams)
                2D        ; refresh
                4H        ; retry
                6W        ; expiry
                1W )        ; minimum


    IN    NS    ns1.umbrella.local.
    IN    NS    ns2.umbrella.local.


;##############################################################
;##                 Phisical / Local Hosts                   ##
;##############################################################

8    IN    PTR    hades.umbrella.local.
9    IN    PTR    srv.umbrella.local.
250    IN    PTR    ilo-hv.umbrella.local.
252    IN    PTR    hv.umbrella.local.


;##############################################################
;##                 Virtual  / Local Hosts                   ##
;##############################################################


1    IN    PTR    ns1.umbrella.local.
2    IN    PTR    ns2.umbrella.local.
230    IN    PTR    dc.umbrella.local.

resolv.conf

### /etc/resolv.conf file autogenerated by netconfig!
#
# Before you change this file manually, consider to define the
# static DNS configuration using the following variables in the
# /etc/sysconfig/network/config file:
#     NETCONFIG_DNS_STATIC_SEARCHLIST
#     NETCONFIG_DNS_STATIC_SERVERS
#     NETCONFIG_DNS_FORWARDER
# or disable DNS configuration updates via netconfig by setting:
#     NETCONFIG_DNS_POLICY=''
#
# See also the netconfig(8) manual page and other documentation.
#
# Note: Manual change of this file disables netconfig too, but
# may get lost when this file contains comments or empty lines
# only, the netconfig settings are same with settings in this
# file and in case of a "netconfig update -f" call.
#
### Please remove (at least) this line when you modify the file!
search umbrella
nameserver 127.0.0.1

ns1:~ # netstat -tapnl | grep named
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN      12794/named         
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      12794/named         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      12794/named         
tcp        0      0 :::53                   :::*                    LISTEN      12794/named         
tcp        0      0 ::1:953                 :::*                    LISTEN      12794/named         
ns1:~ # 

ifconfig

ns1:~ # ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:57:1F:0E  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe57:1f0e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:268 errors:0 dropped:7 overruns:0 frame:0
          TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:21212 (20.7 Kb)  TX bytes:41497 (40.5 Kb)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:30654 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30654 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2693228 (2.5 Mb)  TX bytes:2693228 (2.5 Mb)

ns1:~ # 

result of a dig

ns1:~ # dig hades.umbrella.local 127.0.0.1

; <<>> DiG 9.9.9-P1 <<>> hades.umbrella.local 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63411
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hades.umbrella.local.        IN    A

;; AUTHORITY SECTION:
.            1423    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016103101 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 31 20:43:13 WET 2016
;; MSG SIZE  rcvd: 124

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46840
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;127.0.0.1.            IN    A

;; AUTHORITY SECTION:
.            896    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016103101 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 31 20:43:13 WET 2016
;; MSG SIZE  rcvd: 113

ns1:~ # 

ns1:~ # dig hades

; <<>> DiG 9.9.9-P1 <<>> hades
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7224
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hades.                IN    A

;; AUTHORITY SECTION:
.            1772    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016103101 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 31 20:36:11 WET 2016
;; MSG SIZE  rcvd: 109

ns1:~ # dig hades 192.168.1.1

; <<>> DiG 9.9.9-P1 <<>> hades 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14901
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hades.                IN    A

;; AUTHORITY SECTION:
.            1317    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016103101 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 31 20:43:46 WET 2016
;; MSG SIZE  rcvd: 109

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56746
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.168.1.1.            IN    A

;; AUTHORITY SECTION:
.            1796    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2016103101 1800 900 604800 86400

;; Query time: 62 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 31 20:43:46 WET 2016
;; MSG SIZE  rcvd: 115

Status of the named process

ns1:~ # ps -ax | grep named
12794 ?        Ssl    0:00 /usr/sbin/named -t /var/lib/named -u named
18058 pts/0    S+     0:00 grep --color=auto named
ns1:~ # 

Wow, it’s been a long time since I’ve seen someone use dig, for me that harkens back to days before modern search engines, tools and name resolution services…

There are a number of things you should be aware of, updating the tools and methods troubleshooting this kind of thing…

• On openSUSE, we uniquely have a tool called YAST, for which modules can be installed that make management, configuration and inspection of numerous system and services easier. When you installed DNS, it probably also installed a YAST DNS module, open that to inspect and manage your DNS server. The following installs the DNS management module if it’s not already installed

zypper in yast2-dns-server

If you are running a graphical Desktop, you should be able to find it as an application launcher menu option.
Or, run the following from a console

sudo yast2

• Ordinarily, a full DNS server is bound to an “external” network interface, not the loopback interface although could be bound to “all interfaces” on the machine. So, when you test your DNS server, you should probe your loopback (127.0.0.1) interface, you should probe whatever IP address is used to communicate with other machines (eg 192.168.0.1).

• Today’s openSUSE implements a subsystem architecture called “systemd” which among various features standardizes a number of commands to interrogate and manage your services. So, for example the following will return a considerable amount of information including state (stopped/started), any errors if not running, whether it is started automatically on its own, the location of its configuration file and a lot more

systemctl status named.service

• The standard tool used today to interrogate and test DNS servers and services is nslookup. You can specify the server you wish to interrogate, display results, query for configuration and a lot more

nslookup

• Although ifconfig is still supported and probably won’t absolutely disappear for a very long time(Too much code has been written that calls ifconfig), it’s been deprecated, so today you might want to take a look at the various “ip” tools, in particular “ip config” which returns information similar to ifconfig

ip addr

So,
Step through each item I described which should help, which ranges from possible outright mistakes on your part (don’t know if querying 127.0.0.1 will return anything, depends on how your DNS server is configured) to using a superior DNS Server management tool (YAST) to updating the tools you use to understand your situation.

HTH,
TSU

HI

Thanks you for your feedback, but I have some questions please.

I know yast for a long time. And I know that even on shell.

I have yast but i don t want !
I have dns server option on yast, but I don t want !

To build a DNS Server on Suse I have almost 100% sure that I am not forced to use YAST.

Even for install I always used zypper that is wonderful !!

I tested all my configs with “named-checkconf named-checkzone” and no errors were found…

Another thing. If you look at my named.conf you will see that I have the bind listening on both (127.0… and 192.168…)

I appreciate your tips but what i really want is some one that look to my configuration files and see if is missing something …

Please don t understand bad but i only want pure shell and Opensuse kernel ! No extra tools.

So I ask again can you look at my configs and tell me if you find errors or mistakes ?

Regards

here some logs that i made just now …

ns1:~ # named-checkconf /etc/named.conf
ns1:~ # nslookup hades 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can’t find hades: NXDOMAIN

ns1:~ # nslookup hades.umbrella.local 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can’t find hades.umbrella.local: NXDOMAIN

ns1:~ # systemctl status named.service
named.service - LSB: Domain Name System (DNS) server, named
Loaded: loaded (/etc/init.d/named)
Active: active (running) since Tue 2016-11-01 00:07:39 WET; 16min ago
Process: 19086 ExecStop=/etc/init.d/named stop (code=exited, status=0/SUCCESS)
Process: 19128 ExecStart=/etc/init.d/named start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/named.service
└─19177 /usr/sbin/named -t /var/lib/named -u named

Nov 01 00:17:56 ns1 named[19177]: client 127.0.0.1#56215 (opensuse.mirrors.ovh.net): query: opensuse.mirrors.ovh.net IN AAAA + (127.0.0.1)
Nov 01 00:20:45 ns1 named[19177]: client 127.0.0.1#59693 (widehat.opensuse.org): query: widehat.opensuse.org IN A + (127.0.0.1)
Nov 01 00:20:45 ns1 named[19177]: client 127.0.0.1#59693 (widehat.opensuse.org): query: widehat.opensuse.org IN AAAA + (127.0.0.1)
Nov 01 00:21:24 ns1 named[19177]: client 127.0.0.1#57862 (opensuse.mirrors.ovh.net): query: opensuse.mirrors.ovh.net IN A + (127.0.0.1)
Nov 01 00:21:24 ns1 named[19177]: client 127.0.0.1#57862 (opensuse.mirrors.ovh.net): query: opensuse.mirrors.ovh.net IN AAAA + (127.0.0.1)
Nov 01 00:21:57 ns1 named[19177]: client 127.0.0.1#39934 (download.opensuse.org): query: download.opensuse.org IN A + (127.0.0.1)
Nov 01 00:21:57 ns1 named[19177]: client 127.0.0.1#39934 (download.opensuse.org): query: download.opensuse.org IN AAAA + (127.0.0.1)
Nov 01 00:23:39 ns1 named[19177]: client 192.168.1.1#60917 (hades.umbrella): query: hades.umbrella IN A + (192.168.1.1)
Nov 01 00:23:39 ns1 named[19177]: client 192.168.1.1#46623 (hades): query: hades IN A + (192.168.1.1)
Nov 01 00:23:56 ns1 named[19177]: client 192.168.1.1#52200 (hades.umbrella.local): query: hades.umbrella.local IN A + (192.168.1.1)
ns1:~ #

Been awhile since I’ve tried to troubleshoot DNS zone files directly… Creating these files manually can be subject to making all sorts of mistakes, and using a generator that creates the files is next to brain-dead easy if you understand DNS zone concepts…

For starters,
I’m pretty sure your reverse lookup zone is created all wrong, it should specify the names in reverse hierarchical order ending in “in-addr-arpa”.
The last stanzas in your server config file describe the proper format configuring your localhost zone for you(both forward and reverse), and your reverse lookup zone record should look similar.

Hard to say what might be wrong with your direct lookup, but it can be a difficult exercise to find the problem which might be very easy to overlook.
That’s why it just doesn’t make a lot of sense to create these files manually… If you want to keep this particular machine as minimal as possible, then create your DNS zone files on another machine and copy the files to this machine. Or, set up zone replication between this machine and a Primary DNS Server.

Also,
Although your use of a compound statement for nslookup can be done, I find that it’s a lot less problematic to execute each command separately to make sure you’re doing things correctly.

For instance, the following one line at a time

nslookup
server 127.0.0.1
hades.umbrella.local

HTH,
TSU

I did not read any further, because at this point, you need to test (and to prove here in your post) that the system is listening on port 53 (the well known port for DNS) with e.g.

netstat -tulp

And next step to see if that port is reachable from a client (e.g. not blocked by a firewall). From another Linux system::

telnet <IPaddress-of-the-DNS-server>:53

As long as no client-server connection can be made, discussion of the results of such a connection is useless imho.

netstat -tulp

ns1:~ # netstat -tulp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 ns1:domain              *:*                     LISTEN      19177/named         
tcp        0      0 localhost:domain        *:*                     LISTEN      19177/named         
tcp        0      0 *:ssh                   *:*                     LISTEN      5500/sshd           
tcp        0      0 localhost:953           *:*                     LISTEN      19177/named         
tcp        0      0 localhost:smtp          *:*                     LISTEN      8210/master         
tcp        0      0 *:domain                *:*                     LISTEN      19177/named         
tcp        0      0 *:ssh                   *:*                     LISTEN      5500/sshd           
tcp        0      0 localhost:953           *:*                     LISTEN      19177/named         
tcp        0      0 localhost:smtp          *:*                     LISTEN      8210/master         
udp        0      0 *:domain                *:*                                 19177/named         
udp        0      0 ns1:domain              *:*                                 19177/named         
udp        0      0 localhost:domain        *:*                                 19177/named         
udp     4352      0 *:bootpc                *:*                                 818/wickedd-dhcp4   
udp        0      0 ns1:ntp                 *:*                                 8123/ntpd           
udp        0      0 localhost:ntp           *:*                                 8123/ntpd           
udp        0      0 *:ntp                   *:*                                 8123/ntpd           
udp        0      0 *:domain                *:*                                 19177/named         
udp        0      0 fe80::20c:29ff:fe57:ntp *:*                                 8123/ntpd           
udp        0      0 localhost:ntp           *:*                                 8123/ntpd           
udp        0      0 *:ntp                   *:*                                 8123/ntpd           
ns1:~ # 

I know you want telnet … but i prefer nmap

Starting Nmap 5.00 ( http://nmap.org ) at 2016-11-01 09:36 WET
NSE: Loaded 0 scripts for scanning.
Initiating ARP Ping Scan at 09:36
Scanning 192.168.1.1 [1 port]
Completed ARP Ping Scan at 09:36, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 09:36
Completed Parallel DNS resolution of 1 host. at 09:36, 0.05s elapsed
Initiating SYN Stealth Scan at 09:36
Scanning 192.168.1.1 [1000 ports]
Discovered open port 53/tcp on 192.168.1.1
Discovered open port 22/tcp on 192.168.1.1
Completed SYN Stealth Scan at 09:36, 4.63s elapsed (1000 total ports)
Host 192.168.1.1 is up (0.00050s latency).
Interesting ports on 192.168.1.1:
Not shown: 998 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
MAC Address: 00:0C:29:57:1F:0E (VMware)

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.96 seconds
           Raw packets sent: 2002 (88.086KB) | Rcvd: 6 (262B)
root@srv:~#

OK, thanks. That was what was missing in the path of basic things to check imho.

Before going too deep on this, how, exactly, do you know that DNS is not
working correctly? All of the queries I see via dig appear to be invalid,
which would explain a lack of response.

As you seem to be aware, you can tell dig to query a specific server on
the command line, but your syntax is (afaict) wrong. The right way to do
this follows, where 8.8.8.8 is the DNS server I’m querying (Google’s
public DNS service) and a2btech.com is the address I want to resolve:

dig @8.8.8.8 a2btech.com

The dig commands you are attempting have two addresses without anything
indicating whether one is to be sought and the other is a name server,
which is probably just causing dig to pass the entire thing to the name
service, which then is justifiably confused. In your case, from your name
server, I’d try one of the following:

dig @127.0.0.1 hades.umbrella.local
dig hades.umbrella.local
dig +search hades  #Probably fails anyway; see below

Also, I believe your resolv.conf file is incorrect as it just lists
‘hades’ as the search context, when you should probably have
‘hades.local’. Keep in mind that dig, by default, does NOT use these,
thus the ‘+search’ option shown above.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

hcvv
OP ran nslookup tests as I suggested which suggest in combination with his earlier netstat, and he is probing localhost (127.0.0.1) whcih should not be blocked by a firewall… so probing using another app like telnet or nmap aren’t likely going to reveal anything new.

ab
Your observations about possibly using dig incorrectly may be true, and should be corrected with the nslookup commands I suggested in my most recent post before this one.

TSU

Thanks for the tip.
Unfortunately the right way to use dig is not my biggest concern …

BUT ATTENTION !!!
Using the diagnose tools correctly is essential …

And will like to thank you for the correction.

The problem that I m having is not with DNS files that I made.
If you look at my debugs you will see that the local DNS is not responding correct. The queries are being followed to the root servers…

I finally found the solution. …rotfl!

I will post the same in the next posts …lol!

Cheers :brb: …

SOLVED!!

The problem is that when the queries were made who responded were the root servers

$TTL 1W
@        IN SOA    ns1.umbrella.local.   root.umbrella.local. (
                2016113021    ; serial (d. adams)
                2D        ; refresh
                4H        ; retry
                6W        ; expiry
                1W )        ; minimum

@        NS    ns1.umbrella.local.
@        NS    ns2.umbrella.local.
@            IN   A     192.168.1.1
@            IN   AAAA  ::1


;##############################################################
;##                 Phisical / Local Hosts                   ##
;##############################################################



hades    IN    A    192.168.1.8
hv    IN    A    192.168.1.252
hv-ilo    IN    A    192.168.1.250


;##############################################################
;##                 Virtual  / Local Hosts                   ##
;##############################################################

ns1.umbrella.local    IN     A     192.168.1.1
;ns1            CNAME        ns1.umbrella.local.
ns2.umbrella.local    IN    A    192.168.1.2
;ns2            CNAME        ns2.umbrella.local.
dc    IN    A    192.168.1.230 

ns1:~ # dig @192.168.1.1 hades.umbrella.local

; <<>> DiG 9.9.9-P1 <<>> @192.168.1.1 hades.umbrella.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43127
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hades.umbrella.local.        IN    A

;; ANSWER SECTION:
hades.umbrella.local.    604800    IN    A    192.168.1.8

;; AUTHORITY SECTION:
umbrella.local.        604800    IN    NS    ns1.umbrella.local.

;; ADDITIONAL SECTION:
ns1.umbrella.local.    604800    IN    A    192.168.1.1

;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Nov 01 17:34:54 WET 2016
;; MSG SIZE  rcvd: 99

As I noted, your reverse lookup may still not be configured correctly (if a reverse lookup is important to you), test that as well.

TSU