IPv6 BIND DNS server problem!

**jedy** · 04-30-2005

# rndc stats
# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

# grep '^success' /var/named/named.stats
success 0
success 0 localhost
success 0 0.0.127.in-addr.arpa
success 0 dnstest.com
success 0 8.b.d.0.1.0.0.2.ip6.arpa
success 0
success 0 localhost
success 0 0.0.127.in-addr.arpa
success 0 dnstest.com
success 0 8.b.d.0.1.0.0.2.ip6.arpa
success 0
success 0 localhost
success 0 0.0.127.in-addr.arpa
success 0 dnstest.com
success 0 8.b.d.0.1.0.0.2.ip6.arpa

# rndc flush
# dig +norec @127.0.0.1 dnstest.com soa

; <<>> DiG 9.2.1 <<>> +norec @127.0.0.1 dnstest.com soa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29333
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;dnstest.com. IN SOA

;; ANSWER SECTION:
dnstest.com. 38400 IN SOA jedy.dnstest.com. root.jedy.dnstest.com. 2005042905 10800 3600 604800 38400

;; AUTHORITY SECTION:
dnstest.com. 38400 IN NS jedy.dnstest.com.

;; ADDITIONAL SECTION:
jedy.dnstest.com. 38400 IN AAAA 2001:db8:0:1:2e0:29ff:fe9e:eb29

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 30 09:42:18 2005
;; MSG SIZE rcvd: 117

**SilentRage** · 04-30-2005

That's what I'm talking about. Something HAD changed. It looks like it just might work. Let's do this thing:

dig jedy.dnstest.com aaaa

**jedy** · 05-01-2005

dig jedy.dnstest.com aaaa

; <<>> DiG 9.2.1 <<>> jedy.dnstest.com aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35885
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;jedy.dnstest.com. IN AAAA

;; AUTHORITY SECTION:
dnstest.com. 3600 IN SOA dnstest.com.dnstest.com. dnsrecord.dnstest.com. 504302229 172800 3600 1728000 3600

;; Query time: 203 msec
;; WHEN: Sun May 1 07:27:45 2005
;; MSG SIZE rcvd: 92

**SilentRage** · 05-01-2005

Ok, so nothing changed. This is fast looking like a bug in BIND. Your dns server is supposed to be authoritative for dnstest.com. We've confirmed that in more than one way. Let's explore this problem a bit by showing me the results for the following commands:

rndc flush
dig +norec jedy.dnstest.com aaaa
dig +norec jedy.dnstest.com any
dig +norec dnstest.com any
dig dnstest.com axfr

**jedy** · 05-01-2005

rndc flush
dig +norec jedy.dnstest.com aaaa

; <<>> DiG 9.2.1 <<>> +norec jedy.dnstest.com aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57856
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11

;; QUESTION SECTION:
;jedy.dnstest.com. IN AAAA

;; AUTHORITY SECTION:
com. 149454 IN NS H.GTLD-SERVERS.NET.
com. 149454 IN NS I.GTLD-SERVERS.NET.
com. 149454 IN NS J.GTLD-SERVERS.NET.
com. 149454 IN NS K.GTLD-SERVERS.NET.
com. 149454 IN NS L.GTLD-SERVERS.NET.
com. 149454 IN NS M.GTLD-SERVERS.NET.
com. 149454 IN NS A.GTLD-SERVERS.NET.
com. 149454 IN NS B.GTLD-SERVERS.NET.
com. 149454 IN NS C.GTLD-SERVERS.NET.
com. 149454 IN NS D.GTLD-SERVERS.NET.
com. 149454 IN NS E.GTLD-SERVERS.NET.
com. 149454 IN NS F.GTLD-SERVERS.NET.
com. 149454 IN NS G.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
C.GTLD-SERVERS.NET. 152788 IN A 192.26.92.30
D.GTLD-SERVERS.NET. 152788 IN A 192.31.80.30
E.GTLD-SERVERS.NET. 152788 IN A 192.12.94.30
F.GTLD-SERVERS.NET. 152689 IN A 192.35.51.30
G.GTLD-SERVERS.NET. 152788 IN A 192.42.93.30
H.GTLD-SERVERS.NET. 152788 IN A 192.54.112.30
I.GTLD-SERVERS.NET. 152788 IN A 192.43.172.30
J.GTLD-SERVERS.NET. 152788 IN A 192.48.79.30
K.GTLD-SERVERS.NET. 152788 IN A 192.52.178.30
L.GTLD-SERVERS.NET. 152788 IN A 192.41.162.30
M.GTLD-SERVERS.NET. 152788 IN A 192.55.83.30

;; Query time: 1 msec
;; WHEN: Mon May 2 00:47:02 2005
;; MSG SIZE rcvd: 434

dig +norec jedy.dnstest.com any

; <<>> DiG 9.2.1 <<>> +norec jedy.dnstest.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43582
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11

;; QUESTION SECTION:
;jedy.dnstest.com. IN ANY

;; AUTHORITY SECTION:
com. 149394 IN NS B.GTLD-SERVERS.NET.
com. 149394 IN NS C.GTLD-SERVERS.NET.
com. 149394 IN NS D.GTLD-SERVERS.NET.
com. 149394 IN NS E.GTLD-SERVERS.NET.
com. 149394 IN NS F.GTLD-SERVERS.NET.
com. 149394 IN NS G.GTLD-SERVERS.NET.
com. 149394 IN NS H.GTLD-SERVERS.NET.
com. 149394 IN NS I.GTLD-SERVERS.NET.
com. 149394 IN NS J.GTLD-SERVERS.NET.
com. 149394 IN NS K.GTLD-SERVERS.NET.
com. 149394 IN NS L.GTLD-SERVERS.NET.
com. 149394 IN NS M.GTLD-SERVERS.NET.
com. 149394 IN NS A.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
C.GTLD-SERVERS.NET. 152728 IN A 192.26.92.30
D.GTLD-SERVERS.NET. 152728 IN A 192.31.80.30
E.GTLD-SERVERS.NET. 152728 IN A 192.12.94.30
F.GTLD-SERVERS.NET. 152629 IN A 192.35.51.30
G.GTLD-SERVERS.NET. 152728 IN A 192.42.93.30
H.GTLD-SERVERS.NET. 152728 IN A 192.54.112.30
I.GTLD-SERVERS.NET. 152728 IN A 192.43.172.30
J.GTLD-SERVERS.NET. 152728 IN A 192.48.79.30
K.GTLD-SERVERS.NET. 152728 IN A 192.52.178.30
L.GTLD-SERVERS.NET. 152728 IN A 192.41.162.30
M.GTLD-SERVERS.NET. 152728 IN A 192.55.83.30

;; Query time: 2 msec
;; WHEN: Mon May 2 00:48:02 2005
;; MSG SIZE rcvd: 434

dig +norec dnstest.com any

; <<>> DiG 9.2.1 <<>> +norec dnstest.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58619
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 11

;; QUESTION SECTION:
;dnstest.com. IN ANY

;; AUTHORITY SECTION:
com. 149372 IN NS I.GTLD-SERVERS.NET.
com. 149372 IN NS J.GTLD-SERVERS.NET.
com. 149372 IN NS K.GTLD-SERVERS.NET.
com. 149372 IN NS L.GTLD-SERVERS.NET.
com. 149372 IN NS M.GTLD-SERVERS.NET.
com. 149372 IN NS A.GTLD-SERVERS.NET.
com. 149372 IN NS B.GTLD-SERVERS.NET.
com. 149372 IN NS C.GTLD-SERVERS.NET.
com. 149372 IN NS D.GTLD-SERVERS.NET.
com. 149372 IN NS E.GTLD-SERVERS.NET.
com. 149372 IN NS F.GTLD-SERVERS.NET.
com. 149372 IN NS G.GTLD-SERVERS.NET.
com. 149372 IN NS H.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
C.GTLD-SERVERS.NET. 152706 IN A 192.26.92.30
D.GTLD-SERVERS.NET. 152706 IN A 192.31.80.30
E.GTLD-SERVERS.NET. 152706 IN A 192.12.94.30
F.GTLD-SERVERS.NET. 152607 IN A 192.35.51.30
G.GTLD-SERVERS.NET. 152706 IN A 192.42.93.30
H.GTLD-SERVERS.NET. 152706 IN A 192.54.112.30
I.GTLD-SERVERS.NET. 152706 IN A 192.43.172.30
J.GTLD-SERVERS.NET. 152706 IN A 192.48.79.30
K.GTLD-SERVERS.NET. 152706 IN A 192.52.178.30
L.GTLD-SERVERS.NET. 152706 IN A 192.41.162.30
M.GTLD-SERVERS.NET. 152706 IN A 192.55.83.30

;; Query time: 1 msec
;; WHEN: Mon May 2 00:48:25 2005
;; MSG SIZE rcvd: 429

dig dnstest.com axfr

; <<>> DiG 9.2.1 <<>> dnstest.com axfr
;; global options: printcmd
; Transfer failed.

**SilentRage** · 05-01-2005

Well that wasn't nice. Total, absolute failure. Let's try querying the IPv4 loopback IP again.

dig +norec @127.0.0.1 jedy.dnstest.com aaaa

**jedy** · 05-01-2005

# dig +norec @127.0.0.1 jedy.dnstest.com aaaa

; <<>> DiG 9.2.1 <<>> +norec @127.0.0.1 jedy.dnstest.com aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3450
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;jedy.dnstest.com. IN AAAA

;; ANSWER SECTION:
jedy.dnstest.com. 38400 IN AAAA 2001:db8:0:1:2e0:29ff:fe9e:eb29

;; AUTHORITY SECTION:
dnstest.com. 38400 IN NS jedy.dnstest.com.

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 2 01:51:21 2005
;; MSG SIZE rcvd: 76

**SilentRage** · 05-01-2005

welp, it looks like we've isolated the problem. All queries to the loopback IPv4 work normally. BIND is listening on all IPv6 addresses, and responds to queries sent to those addresses, but somehow ignores the dnstest.com zone. My recommendation is to do 1 of two things.

1) Change the resolv.conf to use 127.0.0.1 as the nameserver IP.
2) Upgrade BIND to 9.3.1. If you need help upgrading or the problem persists, let me know.

**jedy** · 05-01-2005

I added nameserver 127.0.0.1 into /etc/resolve.conf , result is still the same:
# nslookup
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
> jedy.dnstest.com
Server: 2001:db8:0:1:2e0:29ff:fe9e:eb29
Address: 2001:db8:0:1:2e0:29ff:fe9e:eb29

** server can't find jedy.dnstest.com: NXDOMAIN

bind-9.2.1 is the lastest RPM file so far, although 9-3-1 is sourcefile.
I saw some websites that say bind8 already supports IPv6, like
http://www.isi.edu/~bmanning/v6DNS.html#Introduction
http://www.visc.vt.edu/ipv6/doc/dns.html

do you think my dnstest.com.zone file is correct by the way?

**SilentRage** · 05-02-2005

Depends on what you mean by asking if your zone file is fine. If fine means BIND is loading it without errors, then yes, that is the case. You can see this most easily by running the following command:

named-checkzone dnstest.com /var/named/dnstest.com.zone

It should say 'Ok, loaded serial #####' or something like that. Yes, your version of redhat probably doesn't have some of the requirements that the latest Redhat Development BIND RPM need. But, if you build an RPM from a source package then you can install BIND with dependancies that better fit your system. Here's the steps for building a BIND 9.3.1 rpm from the srpm.

cd /usr/src/redhat/SRPMS
wget ftp://rpmfind.net/linux/fedora/core/...-2_FC4.src.rpm
rpm -ivh bind-9.3.1-2_FC4.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb bind.spec
cd /usr/src/redhat/RPMS/i386
rpm -Uvh bind-9.3.1-2_FC4.i386.rpm bind-utils-9.3.1-2_FC4.i386.rpm

This is only a rough estimate of course. It may not be that simple for you.

Also, the nslookup isn't right. If you had changed your nameserver in /etc/resolv.conf, then it will be querying 127.0.0.1 instead of the IPv6 address. Maybe it's just a case of the system not having reloaded the /etc/resolv.conf file.

Thread Tools

Display

Posting Permissions