Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Dobryshin2019-11-11 14:56:16
Dmitry Dobryshin, 2019-11-11 14:56:16
Why is DNS not working on Debian 10?
Setting up a DNS server on Debian.
Here is the machine configuration:
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
sudo named -v
BIND 9.11.5-P4-5.1-Debian (Extended Support Version) <_id:998753c_>
hostname
srv-dc-0001
cat /etc/hosts
127.0.0.1 localhost
192.168.0.104 srv-dc-0001.mydomain.loc srv-dc-0001
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "mydomain.loc" {
type master;
file "/etc/bind/db.mydomain";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.0";
};
cat /etc/bind/db.mydomain
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-dc-0001.mydomain.loc. (
201911111133 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS srv-dc-0001.
@ IN A 192.168.0.104
@ IN AAAA ::1
srv-dc-0001 IN A 192.168.0.104
cat /etc/bind/db.192.168.0
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-dc-0001.mydomain.loc. (
201911111056 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS srv-dc-0001.
104 IN PTR srv-dc-0001.
ip address
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:a8:e8:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.104/24 brd 192.168.0.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::aeb7:f378:cf15:e0ea/64 scope link noprefixroute
valid_lft forever preferred_lft forever
sudo systemctl status bind9
bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-11-11 13:54:47 MSK; 8min ago
Docs: man:named(8)
Process: 555 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 578 (named)
Tasks: 4 (limit: 4689)
Memory: 23.0M
CGroup: /system.slice/bind9.service
└─578 /usr/sbin/named -u bind
ноя 11 14:00:36 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:1b::1#53
ноя 11 14:00:36 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:19::1#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2620:49:4::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns1.easydns.com/AAAA/IN': 2400:cb00:2049:1::a29f:1835#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns2.easydns.net/A/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns2.easydns.net/AAAA/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/A/IN': 2620:49:3::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/AAAA/IN': 2620:49:3::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/A/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/AAAA/IN': 2400:cb00:2049:1::c629:defe#53
cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search mydomain.loc
# Автоматически подставляется при поиске коротких имён хостов
domain mydomain.loc
# Список поиска для имён хостов. Обычно используется имя домена. При необходимости можно дополнить список
# именами доменов через пробел. Последовательность имеет значение.
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
netstat -lntup | grep ":53"
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 578/named
tcp6 0 0 :::53 :::* LISTEN 578/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 447/avahi-daemon: r
udp 0 0 192.168.0.104:53 0.0.0.0:* 578/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 578/named
udp6 0 0 :::5353 :::* 447/avahi-daemon: r
udp6 0 0 :::53 :::* 578/named
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
sudo named -v
BIND 9.11.5-P4-5.1-Debian (Extended Support Version) <_id:998753c_>
hostname
srv-dc-0001
cat /etc/hosts
127.0.0.1 localhost
192.168.0.104 srv-dc-0001.mydomain.loc srv-dc-0001
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "mydomain.loc" {
type master;
file "/etc/bind/db.mydomain";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.0";
};
cat /etc/bind/db.mydomain
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-dc-0001.mydomain.loc. (
201911111133 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS srv-dc-0001.
@ IN A 192.168.0.104
@ IN AAAA ::1
srv-dc-0001 IN A 192.168.0.104
cat /etc/bind/db.192.168.0
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA srv-dc-0001.mydomain.loc. (
201911111056 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS srv-dc-0001.
104 IN PTR srv-dc-0001.
ip address
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:a8:e8:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.0.104/24 brd 192.168.0.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::aeb7:f378:cf15:e0ea/64 scope link noprefixroute
valid_lft forever preferred_lft forever
sudo systemctl status bind9
bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-11-11 13:54:47 MSK; 8min ago
Docs: man:named(8)
Process: 555 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 578 (named)
Tasks: 4 (limit: 4689)
Memory: 23.0M
CGroup: /system.slice/bind9.service
└─578 /usr/sbin/named -u bind
ноя 11 14:00:36 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:1b::1#53
ноя 11 14:00:36 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/A/IN': 2001:500:19::1#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns4.easydns.info/AAAA/IN': 2620:49:4::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns1.easydns.com/AAAA/IN': 2400:cb00:2049:1::a29f:1835#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns2.easydns.net/A/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns2.easydns.net/AAAA/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/A/IN': 2620:49:3::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/AAAA/IN': 2620:49:3::10#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/A/IN': 2400:cb00:2049:1::c629:defe#53
ноя 11 14:00:37 srv-dc-0001 named[578]: network unreachable resolving 'dns3.easydns.org/AAAA/IN': 2400:cb00:2049:1::c629:defe#53
cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files dns mdns4_minimal [NOTFOUND=return]
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search mydomain.loc
# Автоматически подставляется при поиске коротких имён хостов
domain mydomain.loc
# Список поиска для имён хостов. Обычно используется имя домена. При необходимости можно дополнить список
# именами доменов через пробел. Последовательность имеет значение.
nameserver 192.168.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
netstat -lntup | grep ":53"
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 578/named
tcp6 0 0 :::53 :::* LISTEN 578/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 447/avahi-daemon: r
udp 0 0 192.168.0.104:53 0.0.0.0:* 578/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 578/named
udp6 0 0 :::5353 :::* 447/avahi-daemon: r
udp6 0 0 :::53 :::* 578/named
All settings are standard, however, even on the machine itself, the domain name is not resolved:
spoiler
dig mydomain.loc
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> mydomain.loc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20557
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4452b738672011a4325f28a35dc940e17a4e802091c64422 (good)
;; QUESTION SECTION:
;mydomain.loc. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Пн ноя 11 14:07:13 MSK 2019
;; MSG SIZE rcvd: 69
dig mydomain.loc
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> mydomain.loc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20557
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4452b738672011a4325f28a35dc940e17a4e802091c64422 (good)
;; QUESTION SECTION:
;mydomain.loc. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Пн ноя 11 14:07:13 MSK 2019
;; MSG SIZE rcvd: 69
Although name resolution is matched:
spoiler
getent ahosts
127.0.0.1 localhost
192.168.0.104 srv-dc-0001.mydomain.loc srv-dc-0001
127.0.0.1 localhost ip6-localhost ip6-loopback
Но при запросах из DNS ничего не возвращается, и не берётся из файлов настроек DNS
getent -s hosts:dns ahosts
getent ahosts
127.0.0.1 localhost
192.168.0.104 srv-dc-0001.mydomain.loc srv-dc-0001
127.0.0.1 localhost ip6-localhost ip6-loopback
Но при запросах из DNS ничего не возвращается, и не берётся из файлов настроек DNS
getent -s hosts:dns ahosts
The question is, what did I miss, and how can I fix it so that the server starts to resolve on itself, as well as on the network?
PS You don't need to talk about the proposal to remove parts of the "mdns4_minimal [NOTFOUND=return]" line from nsswitch.conf - I tried it in different ways, but the result is the same.
1 answer(s)
Similar questions
R
M
R
A
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question