Forward zone giving SERVFAIL

[Neil Aggarwal]

Hello:

I set up a forward zone in the internal view of my named.conf:

view internal {
match-clients {
127.0.0.1;
};
recursion yes;
allow-query-cache { any; };
zone "dnsbl" {
type forward;
forwarders {
127.0.0.1 port 54;
};
forward only;
};
};

When I run dig against the forward zone:
dig -p 54 @127.0.0.1 2.0.0.127.zen.dnsbl

It gives me the expected output:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -p 54 @127.0.0.1
2.0.0.127.zen.dnsbl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57571
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;2.0.0.127.zen.dnsbl.   IN  A

;; ANSWER SECTION:
2.0.0.127.zen.dnsbl.300 IN  A   127.0.0.2
2.0.0.127.zen.dnsbl.300 IN  A   127.0.0.10
2.0.0.127.zen.dnsbl.300 IN  A   127.0.0.4

;; Query time: 1 msec
;; SERVER: 127.0.0.1#54(127.0.0.1)
;; WHEN: Wed Nov 27 21:24:45 2013
;; MSG SIZE  rcvd: 85

But, when I run dig against bind:
dig -p 53 @127.0.0.1 2.0.0.127.zen.dnsbl

I get a SERVFAIL response:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> -p 53 @127.0.0.1
2.0.0.127.zen.dnsbl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46895
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;2.0.0.127.zen.dnsbl.   IN  A

;; Query time: 144 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Nov 27 21:25:50 2013
;; MSG SIZE  rcvd: 37

Taking a look at /var/named/data/named.run, I see these lines:
error (chase DS servers) resolving 'zen.dnsbl/DS/IN': 127.0.0.1#54
error (unexpected RCODE REFUSED) resolving 'dnsbl/NS/IN': 127.0.0.1#54
error (no valid DS) resolving '2.0.0.127.zen.dnsbl/A/IN': 127.0.0.1#54

I am not sure what to make of this.

Anyone have any ideas?

Thanks,
  Neil

--
Neil Aggarwal, (972) 834-1565
We lend money to investors to buy or refinance single family rent houses.
No origination fees, quick approval, no credit check.



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Forward zone giving SERVFAIL

[Neil Aggarwal]

Dave:

> This is a shot in the dark, but is your server carrying a root zone or 
> using hints? I vaguely recall running into similar a few weeks back when

Bind complained about the pre-defined zones not being in a view when
I added my views so I removed them.

I added the following to my /var/named/named.zones file:

zone "." in{
  type hint;
  file "named.ca";
};

include "/etc/named.rfc1912.zones";

I restarted named and I am still getting the SERVFAIL error.

It looks like having those zones is not making a difference.

Thanks,
  Neil

--
Neil Aggarwal, (972)834-1565, http://UnmeteredVPS.net/centos
Virtual private server with CentOS 6 preinstalled
Unmetered bandwidth = no overage charges

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users