No servers found for DNS/BIND from dig

[thehl]

I have built a successful DNS before...

I'm trying to build a new one at my new location. I'm trying to set up a zone for my local LAN (never done this befor) read some howtos and DNS and Bind by O'Reilly and thought myself prepared.

I made all the changes as mandated and started my server and everything looked fine. I repointed the DNS on my workstation to look at my LAN DNS first and did a query. It went to the Internet DNS instead of the LAN one. I rechecked the logs on LAN DNS and found nothing. I ran dig on my client to force it to use that DNS to reolve the entry and it came back saying "No Servers Found".

I double checked on my LAN DNS. NAMED is running, is checked var/log/messages and what little I could find in the way of logs for named but could find no indication that something had tried and failed to resolve a name.

I'm kind of stumped at this point. Any ideas on what I can look at try just to diagnose the problem?
Thanks

[SilentRage]

Sure, let me work through your hands and we'll sniff it out.

Let me see the commandline and the results for the dig query that resulted in a problem and we'll go from there.

[thehl]

OK, here 'tis.

[ThomHehl@localhost ~]$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=0.436 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.364 ms

--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.364/0.400/0.436/0.036 ms, pipe 2
[ThomHehl@localhost ~]$ dig @10.0.0.2 www.w3c.org

; <<>> DiG 9.2.4 <<>> @10.0.0.2 www.w3c.org
;; global options: printcmd
;; connection timed out; no servers could be reached
[ThomHehl@localhost ~]$

[SilentRage]

ah, now that's something concrete I can wrap my brain around. Let's try these queries:

dig +tcp @10.0.0.2 www.w3c.org
dig +norec @10.0.0.2 www.w3c.org

Wondering what am I doing? Well, first I think to myself, ok, we sent a UDP packet to port 53 and got no reply. Is UDP packets being blocked? Not sure at this point, but we can try sending a TCP packet and see if that makes it through. But maybe neither UDP or TCP is being blocked, maybe the dns server is having troubles resolving the domain. Let's send a second query via UDP without recursion (+norec) just to see if we get a reply.

[thehl]

Your note got me to thinking. Redhat presses you to use a firewall on your box. I disabled the firewall and re-ran my query. My query ran just fine. How about that?

Thanks for helping out. Sometimes you just need a little tap on the back of the head.

[SilentRage]

Well I recommend that you use a firewall too. Need help with the iptables configuration?

[thehl]

No, thanks. Believe it or not I once wrote a book on iptables. Never got around to publishing it though.

Hey, my named is not spitting out any output. Even when I turn on debug and give it channels the output appears to be going nowhere. I'm on redhat. Any ideas?

[SilentRage]

Let's see your named.conf.

Or perhaps you can find your problem by looking at my example logging configuration:

http://www.dollardns.net/bind/named.conf

[thehl]

OK, I think this is configured right. My LAN domain name is ziklag.net.

Here goes:
--------------------------------
[root@poirot etc]# cat named.conf
//
// named.conf for Red Hat caching-nameserver
//

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
forwarders {
10.0.0.1;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// debug logging
//
logging {
//Syslog messages only contain info
channel sys_log {
syslog daemon;
severity info;
};
//Create log file for logging messages
channel log_file {
file "/var/log/named.msgs";
severity dynamic;
};

category default { sys_log; };
category statistics { sys_log; log_file; };
category queries { log_file; };
};

//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

//local DNS
zone "ziklag.net" IN {
type master;
file "/var/named/db.ziklag.net";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};

//local DNS
zone "10.in-addr.arpa" IN {
type master;
file "/var/named/db.10";
};

include "/etc/rndc.key";
--------------------------------

Then I ran /usr/sbin/rndc trace 10 because 1 wasn't producing anything. I do a couple of queries, then look around and can't find any file that's changed and named.msgs never gets created. Nothing in the statistics file or in /var/log/messages. I'm starting to worry that my version of bind wasn't compiled with -DEBUG option. I may need to re-compile or get a new one. Here's my db files:

---------db.ziklag.net--------------
$TTL 86400
ziklag.net. IN SOA poirot.ziklag.net. \
marples.ziklag.net. (
2005041922 ; Serial no., based on date
21600 ; Refresh after 6 hours
3600 ; Retry after 1 hour
604800 ; Expire after 7 days
3600 ; Minimum TTL of 1 hour
)
poirot IN A 10.0.0.2
@ IN NS poirot
@ IN MX 10 poirot
mail IN CNAME poirot

marples IN A 10.0.0.3

[SilentRage]

I've never heard of a statistics category. Maybe in some older version of BIND it exists, but not in my version of BIND at least. Let's make sure you don't have any syntax errors. Show me the results for the following commands:

dig @127.0.0.1 version.bind txt ch
ps -Af | grep 'named'
named-checkconf /etc/named.conf