Hi there, On Tue, 21 Nov 2017, Ron Wingfield wrote:
... our registered domain, archaxis.net, is not resolving ...
As has been mentioned, you don't have a nameserver listening on IP 162.202.233.81. At a guess, you need to restart it.
We run BIND version 9.10.2 ...
Upgrade. See for example http://www.cvedetails.com/cve/CVE-2016-2776/
... This has worked for past months until 3 NOV 2017 ...
It depends on your definition of 'worked'. I'd say that it has never worked, it's just sort of limped along in spite of all your mistakes.
Again, I emphasize that this configuration has been working since modified Thr Aug 6 2015 following conversion to AT&T U-verse, and has not changed since Jan 12 2017 when added an SPF TXT RR for archaxis.net. [...] Can any of you list members see any thing wrong with the previously included zone file?
Your configuration has probably never been correct. At some stage, something you wanted to happen might have happened, but that was just blind luck. Your zone file is a mess. Most importantly the four names ns1, ns2, alpha and bravo all have the same IP address which is ridiculous in this context. There are two SPF TXT records when only one is allowed by the RFCs, and I suspect that neither of them will do what's required. The simplest thing you can do with those is delete them. The address for localhost (127.0.0.1) should be in /etc/hosts, not in your zone file, and very probably it already is. When you've got the rest of your DNS mess sorted out, and when you've ensured your site is secure (upgrade BIND - and keep it up to date; did you know that you have servers listening to the entire Internet on ports 22, 110, 8080 and 60443?; are *they* patched up to date? this includes firmware updates for your Linksys router ...) then you might drop by the SPF users' mailing list for advice on your SPF TXT record.
After reporting this continuing unsatisfactory fail to AT&T, they have yet again responded "As was stated, it shows that we are correctly delegating the records. The issue still persists that your nameservers A records are not resolving. That is wholly outside our control or access. PTR requests will continue to fail as the ns1.archaxis.net and ns2.archaxis.net are not responding to requests."
AT&T is correct. You have told them that you are running your own name servers, which is a lie - you've only ever had one, and that's not acceptable. Your name service is not running on the one server which you do have.
Who is to blame?
You are.
I am at my wit?s end. This was working ? why did it just stop?
I don't know why it stopped. You *might* have suffered from the DOS attack mentioned in the above CVE, but I think it's much more likely that you broke something. It might be that that something was your nameserver configuration, or perhaps you've broken the server's boot scripts, or perhaps you've changed your router or its configuration and it isn't forwarding DNS requests to your internal server. These are all your responsibilities. There are many free DNS services available. I suggest you pick one of them, and many of your problems will be, er, resolved. The services from he.net have always been very good for my purposes, and extend to areas beyond simple IPv4 DNS. They will keep their servers patched. They offer educational material too. As a general observation, not knowing what you're doing is dangerous on the Internet. Please take some time out of your undoubtedly busy life to try to ensure that you aren't a menace to the rest of us. A good start might be to read the famous "DNS and BIND". -- 73, Ged. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
