≡ Menu

How to: Troubleshoot UNIX / Linux BIND DNS server problems

BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:
$ telnet remote-server-ip 53
OR
telnet ns1.nixcraft.org domain
Output:

Trying 192.168.0.5...
Connected to ns1.nixcraft.org.
Escape character is '^]'.

If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:
$ netstat -tulpn | grep :53
OR
# netstat -atve
Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
tcp        0      0 ns1.nixcraft.org:domain *:*                     LISTEN      named      10386
tcp        0      0 rhx.test.com:domain     *:*                     LISTEN      named      10384
tcp        0      0 *:ssh                   *:*                     LISTEN      root       1785
tcp        0      0 rhx.test.com:rndc       *:*                     LISTEN      named      10388
tcp        0      0 rhx.test.com:smtp       *:*                     LISTEN      root       1873
tcp        0      0 ns1.nixcraft.org:ssh    w2k.nixcraft.org:1057   ESTABLISHED root       10501
tcp        0      0 rhx.test.com:32773      rhx.test.com:domain     TIME_WAIT   root       0
tcp        0      0 ns1.nixcraft.org:32775  ns1.nixcraft.org:domain TIME_WAIT   root       0
tcp        0      0 rhx.test.com:32774      rhx.test.com:domain     TIME_WAIT   root       0

Make sure iptables firewall is not blocking request on server:
# iptables -L -n
OR
# iptables -L -n | less
Make sure named is running:
# /etc/init.d/named status
If not start named:
# chkconfig named on
# service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:
# tail –f /var/log/message
Output:

Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface eth0, 192.168.0.5#53
Nov 17 16:50:25 rhx named[3539]: command channel listening on 127.0.0.1#953
Nov 17 16:50:25 rhx named[3539]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Nov 17 16:50:25 rhx named[3539]: nixcraft.org.rev:1: no TTL specified; using SOA MINTTL instead
Nov 17 16:50:25 rhx named[3539]: zone 0.168.192.in-addr.arpa/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: zone localhost/IN: loaded serial 42
Nov 17 16:50:25 rhx named[3539]: zone nixcraft.org/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: running

Task: Check zone file for errors

You can check zone file syntax and /etc/named.conf file using following utilities. named-checkconf command is named (BIND) configuration file syntax checking tool.
# named-checkconf /etc/named.conf
Output:

/etc/named.conf:32: missing ';' before 'zone'

Plesse note that if named-checkconf did not find any errors it will not display in output on screen.

Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.
# named-checkzone localhost /var/named/localhost.zone
OR
#named-checkzone nixcraft.org /var/named/nixcraft.org.zone
Output:

zone nixcraft.org/IN: loaded serial 12
OK

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.

  • host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
  • dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

List IP address associated with host names:
# host nixcraft.org
OR
# host www
Output:

www.nixcraft.org has address 192.168.0.6

Perform a zone transfer for zone name using -l option:
# host -l nixcraft.org

nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400
nixcraft.org name server ns1.nixcraft.org.
nixcraft.org mail is handled by 10 mail.nixcraft.org.
nixcraft.org has address 192.168.0.5
gw.nixcraft.org has address 192.168.0.254
mail.nixcraft.org has address 192.168.0.7
ns1.nixcraft.org has address 192.168.0.5
w2k.nixcraft.org has address 192.168.0.1
www.nixcraft.org has address 192.168.0.6
nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400

Other examples
# dig mail.nixcraft.org
# dig 192.168.0.5

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

Comments on this entry are closed.

  • Anonymous December 24, 2004, 3:06 am

    Nice blog Vivek, Keep it up – JaY
    Need more technical oriented entries just like this one.

  • Eric April 28, 2005, 9:25 pm

    IT’s helped a newbie out a lot!!!

  • uwasemar May 21, 2008, 11:17 pm

    Thank’s this more enough help me to troubleshoot named

  • ami December 2, 2008, 9:17 am

    how to create zone entries in bulk in dns server.

    Is there any method to do so????
    plz help

  • Susi Ledermüller February 13, 2009, 8:09 pm

    Very great description to locate bugs in local bind configuration. Thank you. (for creating bulk zones ami I think you should use webmin. It allows to import and create bulk files)

  • DLBDS June 17, 2009, 6:29 am

    This is a great aritcal for administrators. this help me a lot to troubleshoot my DNS server. thanks.

  • neurosys October 11, 2009, 12:31 am

    very helpful…. i wasnt looking for this when I found it but I was delighted by the way it was presented and it is in fact some very good advice.

  • devesh soni November 7, 2010, 4:55 pm

    actually dns is working on my pc but from others i m trying but its not working on them,,,,,,edit /etc/resolv.conf on client,,,firewall off,,selinux off but then also not working…please help

  • Shkodenko V. Taras May 25, 2011, 6:01 pm

    devesh soni, I had the same problem.
    I have used bind-chroted.
    Chroot path was /var/named/chroot
    And config file has been located in /var/named/chroot/etc/named.conf
    All zone files was in /var/named/chroot/var/named/ folder
    Can you try this solution?

    • Hanif May 26, 2011, 1:56 pm

      Shkodenko V. Taras – it’s nothing to do with the chroot.. chroot is 1 way to secure the dns service..

      some troubleshooting step need to be done first..

      maybe dig result on the localhost, is there any reply ?

      and some more basic troubleshooting steps..

      regards

      Hanif

  • killer3d November 11, 2011, 7:42 am

    oooh thanks, you have helped me. thanks thanks thanks

  • Webster May 16, 2012, 11:47 am

    “BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.”

    I guess we need to tame it as well? ;-)

  • laxman January 30, 2014, 10:56 am

    Hi All,

    This is laxman veeramalla.Can you please some one guide how to create multiple instances in one web server.

    Thanks,
    Laxman

  • Anuja March 4, 2014, 2:19 pm

    Hi All,

    Could you please someone give a solution for the below queries

    what type of processes from a Unix server will send queries to the DNS server?
    and why same queries are being sent from Unix server to the DNS server at many times?