domain dns nslookup fail

Question

I'am using OpenSuse Harlequin, and yast DNS (named) for my domain DNS server, and got something that i don't understand = nslookup or dig resolve server.zone.domaine and don't resolve zone.domaine.

 edserv:~ # dig edserv.nobugg.fr

    ; <<>> DiG 9.9.6-P1 <<>> edserv.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;edserv.nobugg.fr.              IN      A

;; ANSWER SECTION:
edserv.nobugg.fr.       172800  IN      A       192.168.0.3
edserv.nobugg.fr.       172800  IN      A       82.234.159.172

;; AUTHORITY SECTION:
nobugg.fr.              172800  IN      NS      edserv.
nobugg.fr.              172800  IN      NS      slv2.1and1.fr.
nobugg.fr.              172800  IN      NS      edserv.nobugg.fr.

;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:21:52 CEST 2016
;; MSG SIZE  rcvd: 136

and for the zone

edserv:~ # dig nobugg.fr 

    ; <<>> DiG 9.9.6-P1 <<>> nobugg.fr
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55706
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;nobugg.fr.                     IN      A

    ;; AUTHORITY SECTION:
    nobugg.fr.              86400   IN      SOA     edserv. root.edserv. 2016051107 10800 3600 604800 86400

    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Wed May 11 17:22:13 CEST 2016
    ;; MSG SIZE  rcvd: 85

there is no answers.
the same with nslookup

    edserv:~ # nslookup nobugg.fr
    Server:         192.168.0.3
    Address:        192.168.0.3#53

    ***** Can't find nobugg.fr: No answer**

    edserv:~ # nslookup edserv.nobugg.fr
    Server:         192.168.0.3
    Address:        192.168.0.3#53

    Name:   edserv.nobugg.fr
    Address: 192.168.0.3
    Name:   edserv.nobugg.fr
    Address: 82.234.159.172

When there is the servername it is ok. When there is only the zone it doesn't worK

edserv:~ # dig www.nobugg.fr 

; <<>> DiG 9.9.6-P1 <<>> www.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nobugg.fr.                 IN      A

;; ANSWER SECTION:
www.nobugg.fr.          172800  IN      A       82.234.159.172

;; AUTHORITY SECTION:
nobugg.fr.              172800  IN      NS      edserv.
nobugg.fr.              172800  IN      NS      slv2.1and1.fr.
nobugg.fr.              172800  IN      NS      edserv.nobugg.fr.

;; ADDITIONAL SECTION:
edserv.nobugg.fr.       172800  IN      A       192.168.0.3
edserv.nobugg.fr.       172800  IN      A       82.234.159.172

;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:38:24 CEST 2016
;; MSG SIZE  rcvd: 156

I think nobugg.fr should be resolved by nslookup normally, but it is not the case.

here my named.conf

options {directory "/var/lib/named/";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";
listen-on port 53 { 127.0.0.1;192.168.0.3 ;};
notify no;

    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
    include "/etc/named.d/forwarders.conf";
    listen-on-v6 { any;};
    allow-query {any;};
    allow-recursion {any;};
    hostname "edserv.nobugg.fr";
};

zone "." in {
    type hint;
    file "root.hint";
};

zone "localhost" in {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "127.0.0.zone";
};
include "/etc/named.conf.include";
logging {
    category default { log_syslog; };
    channel log_syslog { syslog; };
};
zone "nobugg.fr" in {
    file "dyn/nobugg.frXXX";
    type master;
    allow-transfer { any; localhost; localnets; };
    allow-update { key 1; };
};
zone "nobugg.fr.in-addr.arpa" in {
    file "dyn/nobugg.fr.in-addr.arpaXX";
    type master;
    allow-transfer { any; localhost; localnets; };
    allow-update { key 1; };
};

/var/lib/named/dyn/nobugg.frXXX

$TTL 172800
@   IN  SOA edserv. root.edserv. (
            2016051107
            10800
            3600
            604800
            86400)
    IN  NS  edserv.nobugg.fr.
    IN  NS  slv2.1and1.fr.
    IN  NS  edserv
    IN  NS  edserv.
    IN  MX  0 mx00.1and1.fr.
www.nobugg.fr.  IN  A   82.234.159.172
nobugg.fr   IN  NS  edserv.nobugg.fr.
nobugg.fr   IN  A   192.168.0.3
nobugg.fr   IN  A   82.234.159.172
localhost   IN  A   127.0.0.1
slv2    IN  NS  slv2.1and1.fr.
edserv.nobugg.fr.   IN  A   192.168.0.3
edserv.nobugg.fr.   IN  A   82.234.159.172

/var/lib/named/dyn/nobugg.fr.in-addr.arpaXX

$TTL 172800
@   IN  SOA edserv. root.edserv. (
            2016051105
            10800
            3600
            604800
            86400)
    IN  NS  edserv.nobugg.fr.
    IN  NS  slv2.1and1.fr.
3.0.168.192 IN  PTR edserv.nobugg.fr.
172.159.234.82  IN  PTR edserv.nobugg.fr.
172.159.234.82  IN  PTR www.nobugg.fr.
172.159.234.82  IN  PTR nobugg.fr.
nobugg.fr   IN  NS  edserv.
slv2    IN  NS  slv2.1and1.fr.

resolv.conf

search nobugg.fr free.fr
nameserver 192.168.0.3
nameserver 212.27.40.240
nameserver 212.27.40.241

172.159.234.82 is my public IP. The domain come from 1and1, where i have declared first server name = 172.159.234.82 and second server slv2.1and1.fr. 212.27.40.240 is the dns of my provider (free.fr)

Thanks for any help. I'am looking for this problem since a week every days, i spended a lot of hours and don't found what happen.

Dusan Bajic Dusan Bajic · Accepted Answer · 2016-05-12T09:36:30

OK, let's investigate :):

Check which name servers are responsible for .fr TLD:

[vagrant@localhost ~]$ dig fr ns @a.root-servers.net +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> fr ns @a.root-servers.net +noall +answer +authority
;; global options: +cmd
fr.                     172800  IN      NS      e.ext.nic.fr.
fr.                     172800  IN      NS      f.ext.nic.fr.
fr.                     172800  IN      NS      g.ext.nic.fr.
fr.                     172800  IN      NS      d.nic.fr.
fr.                     172800  IN      NS      d.ext.nic.fr.

Let's pick the d.nic.fr and use it to find authoritative name servers for nobugg.fr:

[vagrant@localhost ~]$ dig nobugg.fr ns @d.nic.fr +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr ns @d.nic.fr +noall +answer +authority
;; global options: +cmd
nobugg.fr.              172800  IN      NS      slv2.1and1.fr.
nobugg.fr.              172800  IN      NS      edserv.nobugg.fr.

Next, let's what the first one, slv2.1and1.fr., has to say about your zone:

[vagrant@localhost ~]$ dig nobugg.fr @slv2.1and1.fr

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr @slv2.1and1.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59911
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

Query refused, which probably means that slv2.1and1.fr has no idea about your domain! You should either remove this name server (using your domain registrar console - and provide another one since two is the minimum) or have them host your zone (since 1nd1 is your domain's registrar it should probably be doable but you need to check with their support hw to do it)

Until you fix that, we nned to check if at least edserv.nobugg.fr provides some sensible info about nobugg.fr domain:

[vagrant@localhost ~]$ dig nobugg.fr @edserv.nobugg.fr

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr @edserv.nobugg.fr
;; global options: +cmd
;; connection timed out; no servers could be reached

If you take a closer look, we are trying to query server edserv.nobug.fr, and we still don't have any info about the nobugg.fr. That is not unusual but glue record is than needed at upstream nameserver, let's see if there is one at d.nic.fr:

[vagrant@localhost ~]$ dig @d.nic.fr nobugg.fr +noall +additional

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @d.nic.fr nobugg.fr +noall +additional
; (2 servers found)
;; global options: +cmd
edserv.nobugg.fr.       172800  IN      A       82.234.159.172
edserv.nobugg.fr.       172800  IN      AAAA    2002::52ea:9fac

OK, we know that we should query @82.234.159.172 .But then it is a bit strange why our previous dog timed out, it should also be able to come with this info. Maybe the next steps will shed some light, let's check what 82.234.159.172 knows:

[vagrant@localhost ~]$ dig nobug.fr @82.234.159.172

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobug.fr @82.234.159.172
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35302
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nobug.fr.                      IN      A

;; ANSWER SECTION:
nobug.fr.               1800    IN      A       151.80.186.210

;; AUTHORITY SECTION:
nobug.fr.               1800    IN      NS      dns1.kalitys.com.
nobug.fr.               1800    IN      NS      dns2.kalitys.com.

;; Query time: 88 msec
;; SERVER: 82.234.159.172#53(82.234.159.172)
;; WHEN: Thu May 12 11:34:23 CEST 2016
;; MSG SIZE  rcvd: 102

Well. It is either all f*cked up or OP is changing it as I write. Let's make a break :)

domain dns nslookup fail

1 Answers