A few days ago my DNS servers, which I have sole control over and are not on the public internet, suddenly started denying DNS resolution for names that are within my local domain. They are running on old SUSE 9.2 machines. When this started to occur, I had no problem getting DNS for hosts outside my domain. I took down all the Windows machines on my network, thinking maybe one of them had a virus, but I still had the same problem. I disconnected the wireless, but still had the same problem. The named logs on my two DNS servers appeared to be getting the requests for all DNS requests, and I didn’t see a discernible difference between requests that passed and requests that failed. The only thing I saw was “Name or service not known” error messages when trying to slogin to different machines on the network.
Anyone have any idea at all why all of a sudden the DNS servers would stop returning IPs for my local domain?
I “solved” the problem by putting /etc/hosts files containing all the local machines on each machine, but I’ve been running for years without having to do that and can’t understand why all of a sudden I have to do it now. The problem isn’t technically solved because my thunderbird and evolution email clients are not agreeing with this change.
I got this type of situation from time to time (on SLES 9) when the lease files get corrupted (beats me why this happens - maybe a miss-comunication between bind and dhcpd).
To solve this I stop the services, delete the lease file and the dynamic records in bind file and restart the services. The fresh lease file is created and the records are created.
Thanks for the reply. It could be DHCP + BIND, since I do have both on this server. I have found the DHCP lease files in /var/lib/dhcp/db and deleted them, but I’m not sure where the dynamic records in bind file is. Can you tell me where that file would be?
>
> Thanks for the reply. It could be DHCP + BIND, since I do have both on
> this server. I have found the DHCP lease files in /var/lib/dhcp/db and
> deleted them, but I’m not sure where the dynamic records in bind file
> is. Can you tell me where that file would be?
>
> Thanks,
> -Ken
>
>
Ken;
By default they are in:
/var/lib/named/dyn
Since bind runs chroot in /var/lib/named, there is a second copy. The .jnl
files are the journals.
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
Thank you ghostintheruins and venzkep. Unfortunately this doesn’t appear to solve my problem. There were not any files in /var/lib/named/dyn to delete. I may have setup named to put them in a non-standard location, I’m not sure. I don’t see reference to these files in the named configuration files, but maybe I’m just not looking in the right place.
No. Time Source Destination Protocol Info
262 27.940210 192.168.10.219 192.168.10.50 DNS Standard query A neptune.mydomain.com
263 27.940313 192.168.10.50 192.168.10.219 DNS Standard query response, Server failure
which doesn’t seem all that useful, I mean I already knew that, just not sure why.
You will have to look into your named.conf (/etc/named.conf)
The lines:
options {
# The directory statement defines the name server's working directory
**directory "/var/lib/named"**;
This tells you what’s the working directory of your named.
And than from the zones sections in named.conf, e.g.:
zone "yourdomain.org" in {
....;
....;
**file "dyn/yourdomain.org.file";**
type master;
};
The file statement should tell you the location of the zone file. Notice that in this case the location is relative to named’s working directory - no trailing “/” before dyn, so the file location is indeed: /var/lib/named/dyn/yourdomain.org.file
Or you can do a file search for .jnl, e.g.: #locate .jnl
Also see whats the response in wireshark but the response you get its the RFC standard for “something is wrong with the dns server”.