Domain no longer resolving

Hello. My domain is no longer resolving. It appears to have happened on October 5th and I have replaced the only changed file in /etc/bind which was named.conf and replaced the pi.hcp.com.db files to October 4th.

I have also used
v-rebuild-dns-domain pi3 pi.hcp.com

This server has a remote dns sync server at ps.hcp.com .

Blockquote
169…1 is VPN server.
root@pi:~# netstat -antp | grep named
tcp 0 0 169.254.193.1:53 0.0.0.0:* LISTEN 30738/named
tcp 0 0 192.3.00.000:53 0.0.0.0:* LISTEN 30738/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 30738/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 30738/named
tcp6 0 0 :::53 :::* LISTEN 30738/named
tcp6 0 0 ::1:953 :::* LISTEN 30738/named

Blockquote
C:\Users\owner>nslookup pi.hcp.com 192.3.00.000
Server: UnKnown
Address: 192.3.00.000
*** UnKnown can’t find pi.hcp.com: Server failed

Blockquote
C:\Users\owner>nslookup pi.hcp.com 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
*** one.one.one.one can’t find pi.hcp.com: Server failed

Blockquote
C:\Users\owner>nslookup -type=ns pi.hcp.com
Server: UnKnown
Address: 1.1.1.3
*** UnKnown can’t find pi.hcp.com: Server failed

Blockquote
$TTL 14400
@ IN SOA ns1.pi.hcp.com. root.pi.hcp.com. (
2021091603
7200
3600
1209600
180 )
(empty line)
@ 14400 IN NS ns1.pi.hcp.com.
@ 14400 IN NS ns1.ps.hcp.com.
@ 14400 IN A 192.3.00.000
ns1 14400 IN A 192.3.00.000
ns2 14400 IN A 192.3.00.000
www 14400 IN A 192.3.00.000
ftp 14400 IN A 192.3.00.000
mail 14400 IN A 192.3.00.000
smtp 14400 IN A 192.3.00.000
pop 14400 IN A 192.3.00.000
imap 14400 IN A 192.3.00.000
webmail 14400 IN A 192.3.00.000
@ 14400 IN MX 0 mail.pi.hcp.com.
@ 14400 IN TXT “v=spf1 a mx ip4:192.3.00.000 -all”
_dmarc 14400 IN TXT “v=DMARC1; p=quarantine; pct=100”
_domainkey 14400 IN TXT “t=y; o=~;”
mail._domainkey 14400 IN TXT “v=DKIM1; k=rsa; p=removed”
@ 14400 IN NS ns5.dnsmadeeasy.com.
@ 14400 IN NS ns6.dnsmadeeasy.com.
@ 14400 IN NS ns7.dnsmadeeasy.com.
@ 14400 IN CAA 0 issue “letsencrypt.org”
webmailpi 14400 IN A 192.3.00.000

Even the records are missing from AXFR zone.

Blockquote
C:\Users\owner>nslookup -type=ns pi.hcp.com ns6.dnsmadeeasy.com
Server: UnKnown
Address: 208.80.124.13
*** UnKnown can’t find pi.hcp.com: Server failed

Blockquote
C:\Users\owner>telnet 192.3.00.000 53
It connects and goes to the blank screen as it should

Blockquote
C:\Users\owner>nslookup -type=ns pi.hcp.com ns1.dnsmadeeasy.com
Server: ns1.dnsmadeeasy.com
Address: 208.80.124.2

pi.hcp.com nameserver = ns1.pi.hcp.com
pi.hcp.com nameserver = ns7.dnsmadeeasy.com
pi.hcp.com nameserver = ns6.dnsmadeeasy.com
pi.hcp.com nameserver = ns1.ps.hcp.com
pi.hcp.com nameserver = ns5.dnsmadeeasy.com
ns1.ps.hcp.com internet address = 192.241.000.00
ns1.pi.hcp.com internet address = 192.3.00.000

doesnt look “that bad”: intoDNS: hcp.com - check DNS server and mail server health

I chose hcp.com instead of example.com and forgot to mention that. Apologies.

There are not much options, check your syslog/bind-log why the zone isnt loading.

Blockquote
Oct 10 00:27:44 pi named[837]: network unreachable resolving ‘./DNSKEY/IN’: 2001:503:ba3e::2:30#53
Oct 10 00:27:44 pi named[837]: network unreachable resolving ‘./DNSKEY/IN’: 2001:500:2f::f#53
Oct 10 00:27:44 pi named[837]: zone pi.example.com/IN: loading from master file /home/pi3/conf/dns/pi.example.com.db failed: permission denied
Oct 10 00:27:44 pi named[837]: zone pi.example.com/IN: not loaded due to errors.
Oct 10 00:27:44 pi kernel: [30162.660606] audit: type=1400 audit(1633843664.462:24): apparmor=“DENIED” operation=“open” profile=“/usr/sbin/named” name=“/home/pi3/conf/dns/pi.example.com.db” pid=837 comm=“isc-worker0000” requested_mask=“r” denied_mask=“r” fsuid=112 ouid=0

… and whats the permission of your file? You see the error there, so please proceed with further debugging.

-rw-r----- 1 root bind … the same as on other vesta based server.

Sounds good, have the same permission on my systems. Probaly the issue is here:

Seems like your apparmor is blocking named/bind.

I rebooted before I posted, but I rebooted again this morning and it magically started working. Who knows.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.