;;Got SERVFAIL reply of DNS

SUSE Linux Enterprise Server SLES Networking
1

Dear all,

under SLES 11 SP2 we have set up a DNS zone and here are the contents
of the respective files:

named.conf

options {

    directory "/var/lib/named";

dump-file "/var/log/named_dump.db";

statistics-file "/var/log/named.stats";



listen-on port 53 { any; };

listen-on-v6 { any; };



allow-query { any; };



include "/etc/named.d/forwarders.conf";

};

zone “.” in {

type hint;

file "root.hint";

};

zone “localhost” in {

type master;

file "localhost.zone";

};

zone “0.0.127.in-addr.arpa” in {

type master;

file "127.0.0.zone";

};

include “/etc/named.conf.include”;

zone “example.com” in {

file "master/example.com";

type master;

allow-transfer { any; };

};

logging {

category queries { log_file; };

category default { log_file; };

channel log_file { file "/var/log/DNS_log" versions 2 size 50M; };

};

zone “3.2.1.in-addr.arpa” in {

file "master/3.2.1.in-addr.arpa";

type master;

allow-transfer { any; };

};

forwarders.conf

forwarders {

1.2.3.1;

1.2.3.2;

};

example.com

$TTL 2d

@ IN SOA mail-s.example.com. root.mail-s.example.com. (

			2012103104	; serial

			3h		; refresh

			1h		; retry

			1w		; expiry

			1d )		; minimum

example.com. IN MX 5 mail-s.example.com.

example.com. IN NS mail-s.example.com.

mail-s IN A 1.2.3.10

; IN Address (A) records

localhost IN A 127.0.0.1

fw1 IN A 1.2.3.11

dc1 IN A 1.2.3.12

dc2 IN A 1.2.3.13

3.2.1.in-addr.arpa

$TTL 2d

@ IN SOA mail-s.example.com. root.mail-s.example.com. (

			2011121405	; serial

			3h		; refresh

			1h		; retry

			1w		; expiry

			1d )		; minimum

@ IN NS mail-s.example.com.

; IN Reverse Map

10 IN PTR mail-s.example.com.

11 IN PTR fw1.example.com.

12 IN PTR dc1.example.com.

13 IN PTR dc2.example.com.

/etc/resolv.conf

search example.com

nameserver 1.2.3.10

For instance when we try to resolve fw1.example.com using
mail-s: nslookup fw1.example.com
we see this “;;Got SERVFAIL reply from 1.2.3.10” message.
mail-s: dig any example.com @mail-s.example.com
tells us
; <<>> DiG 9.6-ESV-R5-P1 <<>> any example.com @mail-s.eixample.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47307

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;example.com. IN ANY

;; Query time: 0 msec

;; SERVER: 1.2.3.10#53(1.2.3.10)

;; WHEN: Wed Nov 14 10:04:15 2012

;; MSG SIZE rcvd: 28

Further informations:

  1. there is no firewall on mail-s (nameserver)
  2. mail-s: netstat -an | grep :53 | grep udp
    looks like this:
    udp 0 0 1.2.3.10:53 0.0.0.0:*
    udp 0 0 127.0.0.2:53 0.0.0.0:*
    udp 0 0 127.0.0.1:53 0.0.0.0:*

Any idea what’s wrong here?
Many thanks in advance for any hint!

Regards, Rainer

example.com

2

Hi Rainer,

are there any helpful messages in syslog on the server running named, during named’s startup? Syntax errors and alike would be reported there…

(Edit) Are you running your named in a chroot jail? Maybe not all files / directories are where they are expected to be… but that ought to lead to messages during named startup, too.

Regards,
Jens

(Edit: hit the reply button too early…)

3

BINGO!!!
Log file pointed out “Multiple RRs records of singleton type” in the zone “example.com
ie there were these 2 entries:
ftp IN CNAME www.domain.com.
ftp IN CNAME www1.domain.com.
After removing one of these lines everything is running now like a charm.

Thanks, Jens!