DNS Not Resolving (connection timed out; no servers could be reached)

Issues related to applications and software problems
Post Reply
sandunru
Posts: 4
Joined: 2018/08/18 17:17:28

DNS Not Resolving (connection timed out; no servers could be reached)

Post by sandunru » 2018/08/18 17:47:23

Hi,

I have configured BIND DNS server on a CentOS7.4 server and I have created two zones, one for forward lookup and other one for reverse lookup. I have verified the zones and started the DNS service successfully.

But when I query a hostname, it gives a connection timeout error. below is what I get'

[root@mlb-dc1-centos7 ~]# nslookup mlb-dc1-centos7
;; connection timed out; no servers could be reached

But when I query an IP address it gives the output correctly.

[root@mlb-dc1-centos7 ~]# nslookup 10.0.1.5
Server: 10.0.1.5
Address: 10.0.1.5#53

5.1.0.10.in-addr.arpa name = mlb-dc1-centos7.csa.lk.

But the dig command does not give any answer.

Below are my configuration file and zone files. Please give me a solution to get this work.

named.conf
--------------

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; 10.0.1.5; };
#listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.1.0/24; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

###Forward lookup zones########
zone "ns" IN {
type master;
file "forward.csa.lk";
allow-update { none; };
};

###Reverse lookup zones########
zone "1.0.10.in-addr.arpa" IN {
type master;
file "reverse.csa.lk";
allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

forward.csa.lk
----------------------

$TTL 86400
@ IN SOA mlb-dc1-centos7.csa.lk. root.csa.lk.(
2011071001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
@ IN NS mlb-dc1-centos7.csa.lk.
@ IN A 10.0.1.5
@ IN A 10.0.1.25
mlb-dc1-centos7 IN A 10.0.1.5
csa-cli-fedora28 IN A 10.0.1.25


reverse.csa.lk
------------------

$TTL 86400
@ IN SOA mlb-dc1-centos7.csa.lk. root.csa.lk.(
2011071001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
@ IN NS mlb-dc1-centos7.csa.lk.
@ IN PTR csa.lk.
mlb-dc1-centos7 IN A 10.0.1.5
csa-cli-fedora28 IN A 10.0.1.25
5 IN PTR mlb-dc1-centos7.csa.lk.
25 IN PTR csa-cli-fedora28.csa.lk.

mghe
Posts: 709
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: DNS Not Resolving (connection timed out; no servers could be reached)

Post by mghe » 2018/08/18 20:21:16

Did You tried? $ nslookup mlb-dc1-centos7.csa.lk mlb-dc1-centos7

sandunru
Posts: 4
Joined: 2018/08/18 17:17:28

Re: DNS Not Resolving (connection timed out; no servers could be reached)

Post by sandunru » 2018/08/19 12:45:51

Yes I tried several time.. The output was


[root@mlb-dc1-centos7 ~]# nslookup mlb-dc1-centos7.csa.lk
;; connection timed out; no servers could be reached

[root@mlb-dc1-centos7 ~]# nslookup mlb-dc1-centos7.csa.lk
;; connection timed out; no servers could be reached

[root@mlb-dc1-centos7 ~]# nslookup mlb-dc1-centos7.csa.lk
Server: 10.0.1.5
Address: 10.0.1.5#53

** server can't find mlb-dc1-centos7.csa.lk.csa.lk: SERVFAIL

In var/log/messages

root@mlb-dc1-centos7 ~]# tail -10 /var/log/messages
Aug 19 18:12:44 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk/A/IN': 2001:500:3::42#53
Aug 19 18:12:44 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving './NS/IN': 2001:500:3::42#53
Aug 19 18:12:51 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk.csa.lk/A/IN': 2001:dc3::35#53
Aug 19 18:12:51 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk.csa.lk/A/IN': 2001:503:ba3e::2:30#53
Aug 19 18:12:52 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk.csa.lk/A/IN': 2001:503:c27::2:30#53
Aug 19 18:12:52 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk.csa.lk/A/IN': 2001:7fd::1#53
Aug 19 18:12:52 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Aug 19 18:12:52 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving './NS/IN': 2001:7fd::1#53
Aug 19 18:12:55 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving 'mlb-dc1-centos7.csa.lk.csa.lk/A/IN': 2001:500:1::803f:235#53
Aug 19 18:12:55 mlb-dc1-centos7 named[2469]: error (network unreachable) resolving './NS/IN': 2001:500:1::803f:235#53

hunter86_bg
Posts: 1426
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: DNS Not Resolving (connection timed out; no servers could be reached)

Post by hunter86_bg » 2018/08/23 08:07:26

Any errors reported by

Code: Select all

named-checkconf

sandunru
Posts: 4
Joined: 2018/08/18 17:17:28

Re: DNS Not Resolving (connection timed out; no servers could be reached)

Post by sandunru » 2018/09/02 16:15:52

I found the error.

It was in the /etc/named.conf where forward lookup zone is misconfigured.

###Forward lookup zones########
zone "ns" IN {
type master;
file "forward.csa.lk";
allow-update { none; };
};

It has to be

###Forward lookup zones########
zone "csa.lk" IN {
type master;
file "forward.csa.lk";
allow-update { none; };
};

Post Reply