Error fetching SOA
Warren Kumari
warren at kumari.net
Sun Mar 21 20:47:14 UTC 2010
wkumari at lisa:~$ ping 71.12.99.115
PING 71.12.99.115 (71.12.99.115) 56(84) bytes of data.
--- 71.12.99.115 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4016ms
wkumari at lisa:~$ dig SOA castor.lazarusalliance.com @71.12.99.115
; <<>> DiG 9.7.0-P1 <<>> SOA castor.lazarusalliance.com @71.12.99.115
;; global options: +cmd
;; connection timed out; no servers could be reached
wkumari at lisa:~$
Cannot get there?
route-views>sho ip route 71.12.99.115
% Network not in table
route-views>sho ip bgp 71.12.99.115
BGP routing table entry for 71.12.96.0/20, version 4184824908
Paths: (34 available, no best path)
Flag: 0x820
Not advertised to any peer
701 3356 20115, (aggregated by 20115 172.31.148.182)
157.130.10.233 (inaccessible) from 157.130.10.233 (137.39.3.60)
Origin IGP, localpref 100, valid, external, atomic-aggregate
3277 3216 19151 20115, (aggregated by 20115 172.31.148.182)
194.85.102.33 (inaccessible) from 194.85.102.33 (194.85.4.16)
Origin IGP, localpref 100, valid, external, atomic-aggregate
Community: 210766776 210766877 214764688 1255080936 1255140942
1255144956 1318259640 1318319642
7500 2516 19151 20115, (aggregated by 20115 172.31.148.182)
202.249.2.86 (inaccessible) from 202.249.2.86 (203.178.133.115)
Origin IGP, localpref 100, valid, external, atomic-aggregate
1239 19151 20115, (aggregated by 20115 172.31.148.182)
144.228.241.130 (inaccessible) from 144.228.241.130
(144.228.241.130)
Origin IGP, localpref 100, valid, external, atomic-aggregate
3333 3356 20115, (aggregated by 20115 172.31.148.182)
[SNIP]
W
On Mar 21, 2010, at 12:41 PM, michael peters wrote:
> Here is more information.
>
> I'm testing my external BIND 9.6.1 systems with http://www.checkdns.net/powercheck.aspx
> . Outbound resolution is fine. Internal resolution is fine. External
> resolution seems to be the problem. My firewall allows port 53 UDP
> and TCP.
>
> The messages I get are:
>
> Found NS record: castor.lazarusalliance.com[71.
> 12.99.115], was resolved to IP address by G.GTLD-SERVERS.NET
> Found NS record: pollux.lazarusalliance.com[71.12.99.116], was
> resolved to IP address by G.GTLD-SERVERS.NET
> Domain has 2 DNS server(s)
>
> CheckDNS.NET is verifying if NS are alive
> Error fetching SOA from castor.lazarusalliance.com [71.12.99.115],
> request timed out. Probably DNS server is offline.
> Error fetching SOA from pollux.lazarusalliance.com [71.12.99.116],
> request timed out. Probably DNS server is offline.
> 0 server(s) are alive
> No DNS servers alive, tests stopped
>
> What other information should I provide to be helpful in getting
> this solved?
>
>
> - Show quoted text -
> On Sun, Mar 21, 2010 at 2:03 PM, Alan Clegg <aclegg at isc.org> wrote:
> - Show quoted text -
> michael peters wrote:
> > Is it a problem to get a message from a DNS checking tool that
> indicates
> > "Error fetching SOA from ns1.example.com <http://
> ns1.example.com>?" Both
> > of my external BIND 9.6.1 servers respond the same way and I'm
> assuming
> > that I need to add something to my configuration.
>
> We know nothing about your configuration, nothing about the zone that
> you are trying to serve, and nothing about the "checking tool" that
> you
> are using to test.
>
> Not much to go on. Feel free to post configuration information and we
> might be able to help.
>
> AlanC
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> Reply
> Reply to all
> Forward
>
>
>
>
>
> Reply
>
> |
>
> michael peters ✆ to Alan, Bind
> show details 2:40 PM (0 minutes ago)
>
> Here are the configuration files.
>
>
> # more named.conf
> include "/etc/bind/named.conf.options"
> ;
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse zones, and
> for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
>
> zone "lazarusalliance.com" {
> type master;
> file "/etc/bind/db.lazarusalliance.com.hosts";
> allow-update {
> any;
> };
> allow-transfer {
> any;
> };
> allow-query {
> any;
> };
> };
>
> zone "99.12.71.in-addr.arpa" {
> type master;
> file "/etc/bind/71.12.99.rev";
> };
>
> include "/etc/bind/named.conf.local";
> logging {
> category lame-servers {
> null;
> };
> };
> key rndc-key {
> algorithm hmac-md5;
> secret "********************************************";
> };
> controls {
> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-
> key; };
> };
> ++++++++++++++++++++++++++++++
>
> # more named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> //include "/etc/bind/zones.rfc1918";
>
> ++++++++++++++++++++++++++++++
>
> # more named.conf.options
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you might need to uncomment the query-source
> // directive below. Previous versions of BIND always asked
> // questions using port 53, but BIND 8.1 and later use an
> unprivileged
> // port by default.
>
> query-source address * port 53;
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses
> replacing
> // the all-0's placeholder.
>
> // forwarders {
> // 0.0.0.0;
> // };
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
> allow-transfer {
> any;
> };
> allow-query {
> any;
> };
> };
>
> ++++++++++++++++++++++++++++++
>
> # more db.lazarusalliance.com.hosts
> $ttl 3600
> @ IN SOA castor.lazarusalliance.com.
> postmaster.lazarusalliance.com. (
> 2010022604
> 1200
> 3600
> 1209600
> 3600 )
> ;
> @ 3600 IN NS
> castor.lazarusalliance.com.
> @ 3600 IN NS
> pollux.lazarusalliance.com.
> ;
> castor.lazarusalliance.com. IN A 71.12.99.115
> pollux.lazarusalliance.com. IN A 71.12.99.116
> lazarusalliance.com. IN A 71.12.99.118
> ;
> lazarusalliance.com. IN MX 5 castor.lazarusalliance.com.
>
>
> ++++++++++++++++++++++++++++++
>
> # more 71.12.99.rev
> $TTL 38400
> @ IN SOA castor.lazarusalliance.com.
> postmaster.lazarusalliance.com. (
> 2010032007
> 10800
> 3600
> 604800
> 38400 )
> @ IN NS castor.lazarusalliance.com.
> 115 IN PTR castor.lazarusalliance.com.
> 116 IN PTR pollux.lazarusalliance.com.
> 118 IN PTR lazarusalliance.com.
>
>
> On Sun, Mar 21, 2010 at 2:02 PM, Warren Kumari <warren at kumari.net>
> wrote:
> On Mar 21, 2010, at 11:21 AM, michael peters wrote:
>
> Is it a problem to get a message from a DNS checking tool that
> indicates "Error fetching SOA from ns1.example.com?" Both of my
> external BIND 9.6.1 servers respond the same way and I'm assuming
> that I need to add something to my configuration.
>
>
> In order for us to be able to provide you with useful answers,
> please provide us with the domain name, the name of the checking
> tool and the name of the server it is grumpy about.
>
> From a FAQ: http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
>
> W
>
> P.S:
>
> dig SOA ns1.example.com
>
> ; <<>> DiG 9.7.0-P1 <<>> SOA ns1.example.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51889
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ns1.example.com. IN SOA
>
> ;; AUTHORITY SECTION:
> example.com. 10800 IN SOA dns1.icann.org.
> hostmaster.icann.org. 2009100600 7200 3600 1209600 86400
>
> ;; Query time: 76 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Sun Mar 21 14:59:42 2010
> ;; MSG SIZE rcvd: 94
>
>
> :-P
>
>
>
> Please advise.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2173 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100321/5cadec74/attachment.bin>
More information about the bind-users
mailing list