Error fetching SOA

michael peters mdpeters67 at gmail.com
Sun Mar 21 21:09:08 UTC 2010


Part of this fixed itself when I power cycled the darn gateway router. I
have no idea what happened there. I feel like a dog chasing my tail today.
Thank you Warren and Alan for helping me out.

On Sun, Mar 21, 2010 at 3:47 PM, Warren Kumari <warren at kumari.net> wrote:

> wkumari at lisa:~$ ping 71.12.99.115
> PING 71.12.99.115 (71.12.99.115) 56(84) bytes of data.
>
> --- 71.12.99.115 ping statistics ---
> 5 packets transmitted, 0 received, 100% packet loss, time 4016ms
>
> wkumari at lisa:~$ dig SOA castor.lazarusalliance.com @71.12.99.115
>
> ; <<>> DiG 9.7.0-P1 <<>> SOA castor.lazarusalliance.com @71.12.99.115
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> wkumari at lisa:~$
>
>
> Cannot get there?
>
> route-views>sho ip route 71.12.99.115
> % Network not in table
> route-views>sho ip bgp 71.12.99.115
> BGP routing table entry for 71.12.96.0/20, version 4184824908
> Paths: (34 available, no best path)
> Flag: 0x820
>  Not advertised to any peer
>  701 3356 20115, (aggregated by 20115 172.31.148.182)
>    157.130.10.233 (inaccessible) from 157.130.10.233 (137.39.3.60)
>      Origin IGP, localpref 100, valid, external, atomic-aggregate
>  3277 3216 19151 20115, (aggregated by 20115 172.31.148.182)
>    194.85.102.33 (inaccessible) from 194.85.102.33 (194.85.4.16)
>      Origin IGP, localpref 100, valid, external, atomic-aggregate
>      Community: 210766776 210766877 214764688 1255080936 1255140942
> 1255144956 1318259640 1318319642
>  7500 2516 19151 20115, (aggregated by 20115 172.31.148.182)
>    202.249.2.86 (inaccessible) from 202.249.2.86 (203.178.133.115)
>      Origin IGP, localpref 100, valid, external, atomic-aggregate
>  1239 19151 20115, (aggregated by 20115 172.31.148.182)
>    144.228.241.130 (inaccessible) from 144.228.241.130 (144.228.241.130)
>      Origin IGP, localpref 100, valid, external, atomic-aggregate
>  3333 3356 20115, (aggregated by 20115 172.31.148.182)
> [SNIP]
>
> W
>
>
>
>
>
> On Mar 21, 2010, at 12:41 PM, michael peters wrote:
>
>  Here is more information.
>>
>> I'm testing my external BIND 9.6.1 systems with
>> http://www.checkdns.net/powercheck.aspx. Outbound resolution is fine.
>> Internal resolution is fine. External resolution seems to be the problem. My
>> firewall allows port 53 UDP and TCP.
>>
>> The messages I get are:
>>
>> Found NS record: castor.lazarusalliance.com[71.
>> 12.99.115], was resolved to IP address by G.GTLD-SERVERS.NET
>> Found NS record: pollux.lazarusalliance.com[71.12.99.116], was resolved
>> to IP address by G.GTLD-SERVERS.NET
>> Domain has 2 DNS server(s)
>>
>> CheckDNS.NET is verifying if NS are alive
>> Error fetching SOA from castor.lazarusalliance.com [71.12.99.115],
>> request timed out. Probably DNS server is offline.
>> Error fetching SOA from pollux.lazarusalliance.com [71.12.99.116],
>> request timed out. Probably DNS server is offline.
>> 0 server(s) are alive
>> No DNS servers alive, tests stopped
>>
>> What other information should I provide to be helpful in getting this
>> solved?
>>
>>
>> - Show quoted text -
>> On Sun, Mar 21, 2010 at 2:03 PM, Alan Clegg <aclegg at isc.org> wrote:
>> - Show quoted text -
>> michael peters wrote:
>> > Is it a problem to get a message from a DNS checking tool that indicates
>> > "Error fetching SOA from ns1.example.com <http://ns1.example.com>?"
>> Both
>> > of my external BIND 9.6.1 servers respond the same way and I'm assuming
>> > that I need to add something to my configuration.
>>
>> We know nothing about your configuration, nothing about the zone that
>> you are trying to serve, and nothing about the "checking tool" that you
>> are using to test.
>>
>> Not much to go on.  Feel free to post configuration information and we
>> might be able to help.
>>
>> AlanC
>>
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>  Reply
>>  Reply to all
>>  Forward
>>
>>
>>
>>
>>
>> Reply
>>
>> |
>>
>>  michael peters ✆ to Alan, Bind
>> show details 2:40 PM (0 minutes ago)
>>
>> Here are the configuration files.
>>
>>
>> # more named.conf
>> include "/etc/bind/named.conf.options"
>> ;
>>
>> // prime the server with knowledge of the root servers
>> zone "." {
>>        type hint;
>>        file "/etc/bind/db.root";
>> };
>>
>> // be authoritative for the localhost forward and reverse zones, and for
>> // broadcast zones as per RFC 1912
>>
>> zone "localhost" {
>>        type master;
>>        file "/etc/bind/db.local";
>> };
>>
>> zone "127.in-addr.arpa" {
>>        type master;
>>        file "/etc/bind/db.127";
>> };
>>
>> zone "0.in-addr.arpa" {
>>        type master;
>>        file "/etc/bind/db.0";
>> };
>>
>> zone "255.in-addr.arpa" {
>>        type master;
>>        file "/etc/bind/db.255";
>> };
>>
>>
>> zone "lazarusalliance.com" {
>>        type master;
>>        file "/etc/bind/db.lazarusalliance.com.hosts";
>>        allow-update {
>>                any;
>>                };
>>        allow-transfer {
>>                any;
>>                };
>>        allow-query {
>>                any;
>>                };
>> };
>>
>> zone "99.12.71.in-addr.arpa" {
>>        type master;
>>        file "/etc/bind/71.12.99.rev";
>> };
>>
>> include "/etc/bind/named.conf.local";
>> logging {
>>        category lame-servers {
>>                null;
>>                };
>>        };
>> key rndc-key {
>>        algorithm hmac-md5;
>>        secret "********************************************";
>>        };
>> controls {
>>        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
>>        };
>> ++++++++++++++++++++++++++++++
>>
>> # more named.conf.local
>> //
>> // Do any local configuration here
>> //
>>
>> // Consider adding the 1918 zones here, if they are not used in your
>> // organization
>> //include "/etc/bind/zones.rfc1918";
>>
>> ++++++++++++++++++++++++++++++
>>
>> # more named.conf.options
>> options {
>>        directory "/var/cache/bind";
>>
>>        // If there is a firewall between you and nameservers you want
>>        // to talk to, you might need to uncomment the query-source
>>        // directive below.  Previous versions of BIND always asked
>>        // questions using port 53, but BIND 8.1 and later use an
>> unprivileged
>>        // port by default.
>>
>> query-source address * port 53;
>>
>>        // If your ISP provided one or more IP addresses for stable
>>        // nameservers, you probably want to use them as forwarders.
>>        // Uncomment the following block, and insert the addresses
>> replacing
>>        // the all-0's placeholder.
>>
>>        // forwarders {
>>        //      0.0.0.0;
>>        // };
>>
>>        auth-nxdomain no;    # conform to RFC1035
>>        listen-on-v6 { any; };
>>        allow-transfer {
>>                any;
>>                };
>>        allow-query {
>>                any;
>>                };
>> };
>>
>> ++++++++++++++++++++++++++++++
>>
>> # more db.lazarusalliance.com.hosts
>> $ttl 3600
>> @       IN      SOA     castor.lazarusalliance.com.
>> postmaster.lazarusalliance.com. (
>>                        2010022604
>>                        1200
>>                        3600
>>                        1209600
>>                        3600 )
>> ;
>> @       3600                            IN      NS
>> castor.lazarusalliance.com.
>> @       3600                            IN      NS
>> pollux.lazarusalliance.com.
>> ;
>> castor.lazarusalliance.com.     IN      A       71.12.99.115
>> pollux.lazarusalliance.com.     IN      A       71.12.99.116
>> lazarusalliance.com.    IN      A       71.12.99.118
>> ;
>> lazarusalliance.com.    IN      MX      5 castor.lazarusalliance.com.
>>
>>
>> ++++++++++++++++++++++++++++++
>>
>> # more 71.12.99.rev
>> $TTL    38400
>> @      IN      SOA     castor.lazarusalliance.com.
>> postmaster.lazarusalliance.com. (
>>                        2010032007
>>                        10800
>>                        3600
>>                        604800
>>                        38400 )
>> @         IN      NS      castor.lazarusalliance.com.
>> 115       IN      PTR     castor.lazarusalliance.com.
>> 116       IN      PTR     pollux.lazarusalliance.com.
>> 118       IN      PTR     lazarusalliance.com.
>>
>>
>> On Sun, Mar 21, 2010 at 2:02 PM, Warren Kumari <warren at kumari.net> wrote:
>> On Mar 21, 2010, at 11:21 AM, michael peters wrote:
>>
>> Is it a problem to get a message from a DNS checking tool that indicates
>> "Error fetching SOA from ns1.example.com?" Both of my external BIND 9.6.1
>> servers respond the same way and I'm assuming that I need to add something
>> to my configuration.
>>
>>
>> In order for us to be able to provide you with useful answers, please
>> provide us with the domain name, the name of the checking tool and the name
>> of the server it is grumpy about.
>>
>> From a FAQ: http://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
>>
>> W
>>
>> P.S:
>>
>> dig SOA ns1.example.com
>>
>> ; <<>> DiG 9.7.0-P1 <<>> SOA ns1.example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51889
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;ns1.example.com.               IN      SOA
>>
>> ;; AUTHORITY SECTION:
>> example.com.            10800   IN      SOA     dns1.icann.org.
>> hostmaster.icann.org. 2009100600 7200 3600 1209600 86400
>>
>> ;; Query time: 76 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Sun Mar 21 14:59:42 2010
>> ;; MSG SIZE  rcvd: 94
>>
>>
>> :-P
>>
>>
>>
>> Please advise.
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100321/0e5f332f/attachment.html>


More information about the bind-users mailing list