Named problem when changing external ip

General support questions
Post Reply
Maico
Posts: 2
Joined: 2021/04/08 17:57:31

Named problem when changing external ip

Post by Maico » 2021/04/08 18:52:14

Hello I am new here so take into account :D .

I have a server where a dns was running, but I had to change his extended ip to a new one but even changing ns1 he doesn't find it in dig and nslookup.

What I did was change the ip that was on the go-ch.com.zone for my new ip, I did the release of port 53 of the dns, and even then it is giving the error SERVFAIL, and no and it does not update the domain for the new ip.

CentOS release 5.5
Below is the configuration of the files.

/etc/named.conf
=================================================================
options {
# recursion no;
allow-query { any; };
allow-recursion { clientes; };


# additional-from-auth no;
# additional-from-cache no;

directory "/var/named/";
# pid-file "/var/run/named/named.pid";
# statistics-file "/var/run/named/named.stats";
# dump-file "/var/run/named/named.db";
# transfer-format many-answers;
#hide our "real" version number
version "[secured]";
forwarders {
1.1.1.1;
8.8.8.8;
208.67.222.222;
};
forward only;
#ssec-enable no;


};
# Use with the following in named.conf, adjusting the allow list as needed:

key "server" {
algorithm HMAC-MD5;
secret "";
};


#controls {
# inet 127.0.0.1 port 953
# allow-update { key server; };
#};


# The root nameservers
zone "." in {
type hint;
file "db.cache";
};

# localhost - forward zone
zone "localhost" in {
type master;
file "db.localhost";
notify yes;
};

# localhost - inverse zone
zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0.0";
notify no;
};

zone "go-ch.com" in {
type master;
file "go-ch.com.zone";
allow-update { key server; };
notify yes;

};


logging{
channel log_dns {
file "dns.log" versions 6 size 10m;
severity notice; #(critical | error | warning | notice | info | debug [ level ] | dynamic )
print-time yes;
print-severity yes;
print-category yes;
};
channel log_queries {
file "/var/named/queries.log" versions 6 size 10m;
severity warning; #(critical | error | warning | notice | info | debug [ level ] | dynamic )
print-time yes;
print-severity yes;
print-category yes;
};
category default{ log_dns; };
category queries { log_queries; };
};

acl clientes {
localhost;
10.10.10.0/24;
10.9.9.0/24;
};

====================================================
go-ch.com.zone

$ORIGIN .
$TTL 86400 ; 1 day
go-ch.com. IN SOA ns1.go-ch.com. ddns.go-ch.com. (
2015691841 ; serial
7200 ; refresh (2 hours)
300 ; retry (5 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
NS ns1.go-ch.com.
NS ns2.go-ch.com.
$ORIGIN go-ch.com.
$TTL 300 ; 5 minutes
ns1 A 187.xxx.xxx.xxx
========================================================
result of dig
[root@ServidorDNS named]# dig ns1.go-ch.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> ns1.go-ch.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3736
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.go-ch.com. IN A

;; Query time: 2067 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 8 15:28:47 2021
;; MSG SIZE rcvd: 31

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Named problem when changing external ip

Post by TrevorH » 2021/04/08 19:20:08

CentOS release 5.5
Stop trying to patch the holes in the Titanic and start over. CentOS 5.5 is from March 2010 so is 11 YEARS out of date. The latest and last version of CentOS 5 was 5.11 and that came out in 2014 and died in 2017. It is not a safe thing to run. There are numerous exploitable bugs in it that mean that it could be compromised.

Runnning a DNS server is a complicated thing to do and needs expertise to keep it secure and available. You might do better to investigate migrating your DNS entries to a managed service who will do it all for you and give you a web UI to create and modify entries. They do that for a living so they know how to keep it running. They also have failover servers in different subnets and different data centres so that they are always available. My $dayjob uses dnsmadeeasy, dnssimple and someone else whose name I forget (who are the least reliable!).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Maico
Posts: 2
Joined: 2021/04/08 17:57:31

Re: Named problem when changing external ip

Post by Maico » 2021/04/08 19:37:39

Unfortunately this was already a server that was already running before so I'm just trying to make it still functional until I have time to change it definitively.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Named problem when changing external ip

Post by TrevorH » 2021/04/08 23:00:55

If this is exposed to the internet then you should probably assume that it is compromised and no longer belongs to you at all. It's running a version of linux that is 11 years old and there are numerous, possibly hundreds of exploits that have been found and fixed in the 11 years since then. Why put effort into fixing something that you need to throw away anyway? It'll be easier to either set up from scratch and migrate to it or, as I suggested, use a third party to do the hard work for you.

I know that's not an answer you were hoping to get but the system is trash and needs to die ASAP.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply