dns problem - nslookup stops intermittently

[roncento]

Appreciate if someone can help me out this serious problem. Could this be a configuration issue or a poetential bug?

I find my dns doesn't resolve and answer back to "nfslookup hostname or ipaddress".

Here are my error messages from /var/log/messages:


May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns1.centos.org/AAAA/IN': 2001:dc3::35#53
May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns3.centos.org/AAAA/IN': 2001:500:2f::f#53
May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns1.centos.org/AAAA/IN': 2001:500:3::42#53
May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns3.centos.org/AAAA/IN': 2001:dc3::35#53
May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns3.centos.org/AAAA/IN': 2001:500:3::42#53
May 16 06:30:34 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns4.centos.org/AAAA/IN': 2001:500:2f::f#53
May 16 06:30:34 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns4.centos.org/AAAA/IN': 2001:500:3::42#53
May 16 06:30:34 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns4.centos.org/AAAA/IN': 2001:dc3::35#53
May 16 06:30:34 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns1.centos.org/AAAA/IN': 2001:500:2f::f#53
May 16 06:30:34 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns1.centos.org/AAAA/IN': 2001:503:ba3e::2:3


I have installed the following binds:

bind-9.7.3-8.P3.el6_2.2.x86_64
bind-sdb-9.7.3-8.P3.el6_2.2.x86_64
bind-utils-9.7.3-8.P3.el6_2.2.x86_64
PackageKit-device-rebind-0.5.8-19.el6.centos.x86_64
samba-winbind-clients-3.5.10-116.el6_2.x86_64
bind-libs-9.7.3-8.P3.el6_2.2.x86_64
bind-chroot-9.7.3-8.P3.el6_2.2.x86_64
bind-devel-9.7.3-8.P3.el6_2.2.x86_64

1. Here is my 'named.conf':

[code]//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 192.168.16.121; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {any; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
<snip>

2. Here is my "named.rfc1912.zones":
<snip>
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localdomain" IN {
type master;
file "forward.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "16.168.192.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
<snip>


3. Here is my "forward.zones":
<snip>
$TTL 1D
@ IN SOA centossys1.localdomain. root.centossys1.localdomain. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS centossys1.localdomain.
centossys1 IN A 192.168.16.121
redhatsys2 IN A 192.168.16.157
redhatsys1 IN A 192.168.16.133
<snip>

4. Here is my "reverse.zones":
<snip>
$TTL 1D
@ IN SOA centossys1.localdomain. root.centossys1.localdomain. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS centossys1.localdomain.
# IN NS redhatsys2.localdomain.
121 IN PTR centossys1.localdomain.
157 IN PTR redhatsys2.localdomain.
133 IN PTR redhatsys1.localdomain.[/code][Moderator edit: Added [i]code[/i] tags to preserve formatting.]

Hope someone can enlighten me with my dns issue. Appreciate your interest.

[pschaff]

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

[quote]
roncento wrote:
...
May 16 06:30:32 centossys1 named-sdb[3491]: error (network unreachable) resolving 'ns1.centos.org/AAAA/IN': 2001:dc3::35#53
...
Hope someone can enlighten me with my dns issue. Appreciate your interest.[/quote]
It does not matter what your DNS configuration is if the network is unreachable, but why are you using CentOS' nameservers rather than those from your ISP and why do you need to run your own nameserver?.

Please [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=28723&forum=54]provide more information about your system[/url] by running "./getinfo.sh network" and showing us the output file.

[TrevorH]

Since those are all ipv6 addresses I am going to assume that you do not have ipv6 connectivity on your machine - is that correct?

If so you probably want to add "listen-on-v6 { none; };" to your named.conf where you currently have a similar line commented out. You'll also need to add a line to /etc/sysconfig/named that says

[code]
OPTIONS="-4"
[/code]

and restart named afterwards.

[roncento]

Thanks for the feedback. I needed to have a my own dns to resolv hosts in my private network.
BTW I am finding out the this version of bind in CentOS has a bug. It would be great if others try out so that it could be benefitted the community. Same configuration works without any problem in redhat.

[pschaff]

So, have you resolved the issues that were making the network unreachable?

If you can demonstrate that CentOS bind works differently than the comparable RHEL version, then that merits a [url=http://bugs.centos.org/main_page.php]bug report[/url]. Are you up to date with all released errata packages?

[hawkmage]

[quote]
roncento wrote:
Thanks for the feedback. I needed to have a my own dns to resolv hosts in my private network.
BTW I am finding out the this version of bind in CentOS has a bug. It would be great if others try out so that it could be benefitted the community. Same configuration works without any problem in redhat.[/quote]
Actually what you are runing into is not a bug in the CentOS version of bind but the fact that the version of bind now defaulted to enabling resolution via IPv6. Since you do not have IPv6 access to the outside world it is throwong errors about not being able to reach various name server via their IPv6 addresses.

TrevorH has already posted the recommended method to confine bind to using IPv4.

I duplicated your setup and I do not get errors but then again I have IPv6 access to the internet.

[roigkerwin]

Having same issues. Tried suggestions but no changes...
Not sure where to look into. I guess I will give RedHat 6.X a try.
So far, with last update on Centos 5.8 800 plus packages and New Centos 6.3 install bare bones at about 400 packages they behave in same manner. There is a 3 to 8 second lag while a valid response is obtained. However, once cached, it is very fast..
I worry I might have to swim in deeper murkier waters in the MS world.. :-?

Any help, tips or hints, will be rewarded in OS realm..

TY..