≡ Menu

How to: Troubleshoot UNIX / Linux BIND DNS server problems

BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:
$ telnet remote-server-ip 53
telnet ns1.nixcraft.org domain

Connected to ns1.nixcraft.org.
Escape character is '^]'.

If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:
$ netstat -tulpn | grep :53
# netstat -atve

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
tcp        0      0 ns1.nixcraft.org:domain *:*                     LISTEN      named      10386
tcp        0      0 rhx.test.com:domain     *:*                     LISTEN      named      10384
tcp        0      0 *:ssh                   *:*                     LISTEN      root       1785
tcp        0      0 rhx.test.com:rndc       *:*                     LISTEN      named      10388
tcp        0      0 rhx.test.com:smtp       *:*                     LISTEN      root       1873
tcp        0      0 ns1.nixcraft.org:ssh    w2k.nixcraft.org:1057   ESTABLISHED root       10501
tcp        0      0 rhx.test.com:32773      rhx.test.com:domain     TIME_WAIT   root       0
tcp        0      0 ns1.nixcraft.org:32775  ns1.nixcraft.org:domain TIME_WAIT   root       0
tcp        0      0 rhx.test.com:32774      rhx.test.com:domain     TIME_WAIT   root       0

Make sure iptables firewall is not blocking request on server:
# iptables -L -n
# iptables -L -n | less
Make sure named is running:
# /etc/init.d/named status
If not start named:
# chkconfig named on
# service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:
# tail –f /var/log/message

Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface lo,
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface eth0,
Nov 17 16:50:25 rhx named[3539]: command channel listening on
Nov 17 16:50:25 rhx named[3539]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Nov 17 16:50:25 rhx named[3539]: nixcraft.org.rev:1: no TTL specified; using SOA MINTTL instead
Nov 17 16:50:25 rhx named[3539]: zone 0.168.192.in-addr.arpa/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: zone localhost/IN: loaded serial 42
Nov 17 16:50:25 rhx named[3539]: zone nixcraft.org/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: running

Task: Check zone file for errors

You can check zone file syntax and /etc/named.conf file using following utilities. named-checkconf command is named (BIND) configuration file syntax checking tool.
# named-checkconf /etc/named.conf

/etc/named.conf:32: missing ';' before 'zone'

Plesse note that if named-checkconf did not find any errors it will not display in output on screen.

Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.
# named-checkzone localhost /var/named/localhost.zone
#named-checkzone nixcraft.org /var/named/nixcraft.org.zone

zone nixcraft.org/IN: loaded serial 12

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.

  • host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
  • dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

List IP address associated with host names:
# host nixcraft.org
# host www

www.nixcraft.org has address

Perform a zone transfer for zone name using -l option:
# host -l nixcraft.org

nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400
nixcraft.org name server ns1.nixcraft.org.
nixcraft.org mail is handled by 10 mail.nixcraft.org.
nixcraft.org has address
gw.nixcraft.org has address
mail.nixcraft.org has address
ns1.nixcraft.org has address
w2k.nixcraft.org has address
www.nixcraft.org has address
nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400

Other examples
# dig mail.nixcraft.org
# dig

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 14 comments… add one }
  • Anonymous December 24, 2004, 3:06 am

    Nice blog Vivek, Keep it up – JaY
    Need more technical oriented entries just like this one.

  • Eric April 28, 2005, 9:25 pm

    IT’s helped a newbie out a lot!!!

  • uwasemar May 21, 2008, 11:17 pm

    Thank’s this more enough help me to troubleshoot named

  • ami December 2, 2008, 9:17 am

    how to create zone entries in bulk in dns server.

    Is there any method to do so????
    plz help

  • Susi Ledermüller February 13, 2009, 8:09 pm

    Very great description to locate bugs in local bind configuration. Thank you. (for creating bulk zones ami I think you should use webmin. It allows to import and create bulk files)

  • DLBDS June 17, 2009, 6:29 am

    This is a great aritcal for administrators. this help me a lot to troubleshoot my DNS server. thanks.

  • neurosys October 11, 2009, 12:31 am

    very helpful…. i wasnt looking for this when I found it but I was delighted by the way it was presented and it is in fact some very good advice.

  • devesh soni November 7, 2010, 4:55 pm

    actually dns is working on my pc but from others i m trying but its not working on them,,,,,,edit /etc/resolv.conf on client,,,firewall off,,selinux off but then also not working…please help

  • Shkodenko V. Taras May 25, 2011, 6:01 pm

    devesh soni, I had the same problem.
    I have used bind-chroted.
    Chroot path was /var/named/chroot
    And config file has been located in /var/named/chroot/etc/named.conf
    All zone files was in /var/named/chroot/var/named/ folder
    Can you try this solution?

    • Hanif May 26, 2011, 1:56 pm

      Shkodenko V. Taras – it’s nothing to do with the chroot.. chroot is 1 way to secure the dns service..

      some troubleshooting step need to be done first..

      maybe dig result on the localhost, is there any reply ?

      and some more basic troubleshooting steps..



  • killer3d November 11, 2011, 7:42 am

    oooh thanks, you have helped me. thanks thanks thanks

  • Webster May 16, 2012, 11:47 am

    “BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.”

    I guess we need to tame it as well? ;-)

  • laxman January 30, 2014, 10:56 am

    Hi All,

    This is laxman veeramalla.Can you please some one guide how to create multiple instances in one web server.


  • Anuja March 4, 2014, 2:19 pm

    Hi All,

    Could you please someone give a solution for the below queries

    what type of processes from a Unix server will send queries to the DNS server?
    and why same queries are being sent from Unix server to the DNS server at many times?

Leave a Comment

   Tagged with: , , , , , , , , , , ,