6

I have a BIND server running on Ubuntu that is failing to lookup www.microsoft.com or any records at Microsoft. All other domains like google.com and yahoo.com seem to be working just fine. I am looking for some suggestions on how to improve logging to figure out why BIND is having problems with this domain.

I already am capturing the query channel into the default_syslog and see the queries coming to the server, but I don't see the result of the efforts of the BIND server in trying to find the IP address of these names.

Symptoms

> ping www.microsoft.com fails on lookup, indicates host is not found

> dig @A.B.C.D www.microsoft.com also times out, where A.B.C.D is the IP address of this internal DNS server.

other queries seem to work fine

At this time, I am using db.root for the root servers and have no forwarders setup in this configuration. I would expect this server to be determining the root servers of microsoft.com and then being able to find the records from there. Thank you for any suggestions on how to improve logging detail in BIND and where to look for the log messages.

Improve this question
2
  • 1
    I have run rndc trace 9 to open up debugging and I have found the default_debug file at /var/cache/bind/named.run which has detailed logging. When I look a little more closely at the DNS log entries, I see for microsoft.com queries, the log is showwing request failed: duplicate query. I don't know what this might be, but wanted to add more information. Commented Jan 2, 2012 at 16:35
  • What does "dig +trace www.microsoft.com" say? Commented Oct 23, 2012 at 18:56

2 Answers 2

Reset to default
14

How to see what's going on:

  • To view what the server is doing live, if you have rndc configured run rndc trace x (where x is the debugging level you want to view).

  • To view what the server is doing live without rndc you'll have to run the server in foreground mode named -g -d x (where x is again is the debug level).

  • To configure logging to a file, open named.conf and edit/add a logging section such as:

    logging { channel default_file { file "/var/log/named.log" size 10m; severity info; print-time yes; print-severity yes; print-category yes; }; category default{ default_file; }; };

    Note that this configures the logging for "info" level and higher. This dumps quite a bit of information for a live server. Possible values include "extra", "debug", "info", "error", "fatal", and "dynamic" (a value for -d must be provided on the command line for dynamic).

What's wrong with your server:

Your server is looping back to itself while trying to recursively resolve the domain. Since this is only happening for one domain that you know if, it's likely a problem in your hosts file or in your named.conf file (probably the latter).

Getting request failed: duplicate query is almost always a problem with a forwarders directive that loops back to the server or something similar.

Improve this answer
1

This may be a cache problem. Have you tried to flush cache?

rndc flush # all entries rndc flushname microsoft.com # all entries for microsoft.com supported from bind 9.3
Improve this answer
1
  • I had already tried this with no luck for this issue. I was not aware of the flushname option, but even this didn't help. The only thing that gets this domain working is to setup forwarders for this DNS server which then lets queries find microsoft.com resources. Commented Jan 3, 2012 at 18:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.