Looks like your DNS servers 192.243.130.42 and 192.243.160.18 are not responding to DNS queries (thus the SERFAIL message).
When trying this from my house, this is what I get: First, get the name servers for your domain osmre.gov from the DNS server at 4.2.2.2: $ dig @4.2.2.2 osmre.gov ns ; <<>> DiG 9.4.2-P2 <<>> @4.2.2.2 osmre.gov ns ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16977 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;osmre.gov. IN NS ;; ANSWER SECTION: osmre.gov. 28395 IN NS gb.osmre.gov. osmre.gov. 28395 IN NS nomad.osmre.gov. ;; Query time: 22 msec ;; SERVER: 4.2.2.2#53(4.2.2.2) ;; WHEN: Fri Jan 16 10:03:40 2009 ;; MSG SIZE rcvd: 64 Next, try to query each one of the two name servers about www.osmre.gov: (trying nomad.osmre.gov first, this failed): $ dig @nomad.osmre.gov www.osmre.gov. a ; <<>> DiG 9.4.2-P2 <<>> @nomad.osmre.gov www.osmre.gov. a ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50624 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.osmre.gov. IN A ;; Query time: 103 msec ;; SERVER: 192.243.130.42#53(192.243.130.42) ;; WHEN: Fri Jan 16 10:05:06 2009 ;; MSG SIZE rcvd: 31 Try the next name server gb.osmre.gov, this gave an answer: $ dig @gb.osmre.gov www.osmre.gov. a ; <<>> DiG 9.4.2-P2 <<>> @gb.osmre.gov www.osmre.gov. a ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17158 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.osmre.gov. IN A ;; ANSWER SECTION: www.osmre.gov. 28800 IN CNAME ismhdqf07a.osmre.gov. ismhdqf07a.osmre.gov. 28800 IN A 192.243.130.2 ;; AUTHORITY SECTION: osmre.gov. 28800 IN NS nomad.osmre.gov. osmre.gov. 28800 IN NS gb.osmre.gov. ;; ADDITIONAL SECTION: gb.osmre.gov. 28800 IN A 192.243.160.18 nomad.osmre.gov. 28800 IN A 192.243.130.42 ;; Query time: 82 msec ;; SERVER: 192.243.160.18#53(192.243.160.18) ;; WHEN: Fri Jan 16 10:05:46 2009 ;; MSG SIZE rcvd: 141 >From the above results, it looks like your name server nomad.osmre.gov (192.243.130.42) is not functioning correctly, but the server gb.osmre.gov (192.243.160.18) is giving back answers. I am not sure why when you try it from your location that even gb.osmre.gov will not respond. You can turn on query logging on BIND, and see if your queries are actually making it all the way to the DNS servers. Hope this helps. On Fri, Jan 16, 2009 at 9:33 AM, Mark A. Moore <mmo...@osmre.gov> wrote: > We are having a problem doing an nslookup locally from our BIND DNS Servers > (Master & Secondary) for our own domains. However we can run nslookup on > other domains (ie yahoo, google) with no problems. Even if we stop iptables > we still get the same error. We see no errors when BIND starts. Below is the > command output. Does this have anything to do with /etc/hosts or > /etc/resolv.conf files? We've verified permissions on the directory/files. > > > > nslookup www.osmre.gov > > ;; Got SERVFAIL reply from 192.243.130.42, trying next server > > Server: 192.243.160.18 > > Address: 192.243.160.18#53 > > > > ** server can't find www.osmre.gov: SERVFAIL > > > > Thanks for any help provided. > > Mark > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
