LinuxSay - A Discussion Forum for Linux Enthusiasts

DNS not working, all zones OK, conf OK, server can't find abc.i: NXDOMAIN


#1

Hi,

Im trying to understand why my DNS is not working as its supposed to, I have a DNS server with the IP 192.168.102.159 (A Cent OS as VM) the DNS is configured with a zone abc.i. I tried nslookup with client it shows ** server can’t find abc.i: NXDOMAIN

[root@localhost ~]# nslookup 192.168.102.159
Server: 192.168.102.2
Address: 192.168.102.2#53
** server can't find 159.102.168.192.in-addr.arpa.: NXDOMAIN

[root@localhost ~]# nslookup abc.i
Server: 192.168.102.2
Address: 192.168.102.2#53
** server can't find abc.i: NXDOMAIN

Zone files check…
[root@localhost ~]# named-checkzone abc.i /var/named/abc.db
zone abc.i/IN: loaded serial 0
OK
[root@localhost ~]# named-checkzone 102.168.192.in-addr.arpa /var/named/cba.db
zone 102.168.192.in-addr.arpa/IN: loaded serial 0
OK

ifcfg-ens33 configuration
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=c39a3132-fecb-4688-aa6a-b83e4d8f09a3
DEVICE=ens33
HOSTNAME=ns2
IPADDR=192.168.102.159
SUBNETMASK=255.255.255.0
ADAPTER=ens33
GATEWAY=192.168.102.2
DNS1="192.168.102.2
NM_CONTROLLED=no
ONBOOT=yes

named.conf
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator’s Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

acl internals { 192.168.102.0/24;  };

options {
        listen-on port 53 { 127.0.0.1; 192.168.102.159; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { localhost; internals; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "abc.i" { type master; file "abc.db"; };

zone "102.168.192.IN-ADDR.ARPA" { type master; file "cba.db"; };

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

abc.db
$TTL 3H
$ORIGIN abc.i.

@ IN SOA ns1.abc.i. admin.abc.i. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.i.

ns1 IN A 192.168.102.159

cba.db
$TTL 3H
$ORIGIN 102.168.192.IN-ADDR.ARPA.

@ IN SOA ns1.abc.i. admin.abc.i. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.abc.i.

100 IN PTR ns1.abc.i.

Thank You


#2

This issue is resolved, apparently, I was so into it that I even forgot I was using a client machine that is not configured properly to check the DNS, even though the client was in the NAT network as the Cent OS, it was not issued a DHCP by the Cent OS Server and thus it did not have any DNS configuration either, I was testing through the client by manually adding DNS entries.

Finally I tested it through putty as before and both forward and reverse lookups are resolving.

Thank you all for your time, appreciate it.