# DNS SERVER WITH ERROR: "Server Can't Find : SERVFAIL"

## am02

I've set up bind for my mailserver and did the configuration of the zones and created the files in the directory / etc / bind. Domain name is example.com and the domain name servers are man1.example.com.

After the process I typed the following command to test my DNS but it gives me error 'SERVFAIL'

This is the output when I tried to dig,nslookup and find host of my server:

```
man1 ~ # host -l example.com

;; communications error to 150.151.20.209#53: end of file

man1 ~ # nslookup man1

Server:      150.151.20.209

Address:   150.151.20.209#53

** server can't find man1: REFUSED

man1 ~ # nslookup man1.example.com

Server:      150.151.20.209

Address:   150.151.20.209#53

** server can't find man1: REFUSED

man1 ~ # dig example.com

; <<>> DiG 9.9.4 <<>> man1

;; global options:  +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9038

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp:4096

;; QUESTION SECTION:

;man1.example.com.         IN      A

;; Query time: 0 msec

;; SERVER: 150.151.20.209#53 (150.151.20.209)

;; WHEN: Tue Apr  29 15:45:38 MYT 2014

;; MSG SIZE  rcvd: 48

man1 ~ # dig man1

; <<>> DiG 9.9.4 <<>> man1

;; global options:  +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21842

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp:4096

;; QUESTION SECTION:

;man1               IN      A

;; Query time: 0 msec

;; SERVER: 150.151.20.209#53 (150.151.20.209)

;; WHEN: Tue Apr  29 15:45:44 MYT 2014

;; MSG SIZE  rcvd: 48
```

This is my named.conf file: 

```
acl "xfer" {

   none;

};

acl "trusted" {

   127.0.0.0/8;

   ::1/128;

};

options {

        directory "/var/bind";

     pid-file "/var/run/named/named.pid";

   auth-nxdomain no;

   

        listen-on-v6 { none; };

        listen-on port 53 { 127.0.0.1; 150.151.20.209; }; 

   allow-query { trusted;}

   allow-query-cache { trusted; }

   allow-recursion { trusted; }

   allow-transfer { none; }

     

   allow-update { none; }

/*   

   forward first;

   forwarders {

      150.151.20.209;

   }

*/

};

logging {

        channel default_syslog {

                file "/var/log/named/named.log" versions 5 size 50M;

                severity debug;

                print-time yes;

                print-severity yes;

                print-category yes;

        };

          category default { default_syslog; };

   category general { default_syslog; };

};

zone "." IN {

   type hint;

   file "/var/bind/named.cache";

};

 

zone "localhost" IN {

   type hint;

   file "pri/localhost.zone";

   notify no;

};

zone "example.com" {

   type master;

   file "pri/example.com.zone";

   allow-query { any; };

   #allow-transfer { SLAVE_DNS_SERVER; };

};

zone "127.in-addr.arpa" IN {

   type master;

   file "pri/127.zone";

   allow-update { none; };

   notify no;

};

zone "20.151.150.in-addr.arpa" IN {

   type master;

   file "pri/127.zone";

   allow-update { none; };

   notify no;

};
```

example.com.zone file: 

```
$ORIGIN example.com.

$TTL 1W

@   IN   SOA   man1.example.com. mailuserserver.example.com. (

         2008122601      ; Serial

         28800      ; Refresh

         14400      ; Retry

         604800      ; Expire -1 week

         86400 )      ; Minimum

example.com.   IN   NS   man1.example.com.

example.com.   IN   A   150.151.20.209

@   IN   A   127.0.0.1

@   IN   AAAA   ::1

client         IN   A   150.151.20.210

gateway      IN   A   150.151.20.209

man1      IN   A   150.151.20.209

FaxOut      IN   CNAME   asterisk.

www      IN   CNAME   example.com.
```

20.151.150.zone file: 

```
$ORIGIN 20.151.150.in-addr.arpa.

$TTL 1W

@   1D   IN   SOA   man1.example.com. mailuserserver.example.com. (

         2008122601   ; Serial

         3H      ; Refresh

         15M      ; Retry

         1W      ; Expire -1 week

         1D )      ; Minimum

@      IN   NS   man1.

1      IN   PTR   gateway.example.com.

209      IN   PTR   man1.example.com.

210      IN   PTR   client.example.com.

asterisk   IN   PTR   FaxOut.
```

Maybe someone with experience can help me out?

Any help would be great.

----------

## desultory

You mostly just need to work through what the scripts tell you to fix your configuration.

 *am02 wrote:*   

> 
> 
> ```
> acl "xfer" {
> 
> ...

 

First, we need to clean up the named.conf just a bit:

```
# /etc/init.d/named checkconfig

 * Checking named configuration ...

/etc/bind/named.conf:21: missing ';' before 'allow-query-cache'

/etc/bind/named.conf:23: missing ';' before 'allow-recursion'

/etc/bind/named.conf:25: missing ';' before 'allow-transfer'

/etc/bind/named.conf:27: missing ';' before 'allow-update'

/etc/bind/named.conf:34: missing ';' before '}'

 * named-checkconf failed! Please fix your config first.

```

Which just means the allow-foo blocks need semicolons after their closing curly braces.

Adding them leads to:

```
# /etc/init.d/named checkconfig

 * Checking named configuration ...

/etc/bind/named.conf:56: option 'notify' is not allowed in 'hint' zone 'localhost'

 * named-checkconf failed! Please fix your config first.

```

Which is just the subtle manner of the script telling you that having localhost as a hint zone is perhaps not the best of ideas. 

Setting that zone to master and pointing the "20.151.150.in-addr.arpa" zone at the correct zone file produces:

```
acl "xfer" {

   none;

};

acl "trusted" {

   127.0.0.0/8;

   ::1/128;

};

options {

   directory "/var/bind";

   pid-file "/var/run/named/named.pid";

   auth-nxdomain no;

   listen-on-v6 { none; };

   listen-on port 53 { 127.0.0.1; 150.151.20.209; };

   allow-query { trusted; };

   allow-query-cache { trusted; };

   allow-recursion { trusted; };

   allow-transfer { none; };

   allow-update { none; };

/*   

   forward first;

   forwarders {

      150.151.20.209;

   }

*/

};

logging {

        channel default_syslog {

                file "/var/log/named/named.log" versions 5 size 50M;

                severity debug;

                print-time yes;

                print-severity yes;

                print-category yes;

        };

          category default { default_syslog; };

   category general { default_syslog; };

};

zone "." IN {

   type hint;

   file "/var/bind/named.cache";

};

zone "localhost" IN {

   type master;

   file "pri/localhost.zone";

   notify no;

};

zone "example.com" {

   type master;

   file "pri/example.com.zone";

   allow-query { any; };

   #allow-transfer { SLAVE_DNS_SERVER; };

};

zone "127.in-addr.arpa" IN {

   type master;

   file "pri/127.zone";

   allow-update { none; };

   notify no;

};

zone "20.151.150.in-addr.arpa" IN {

   type master;

   file "pri/20.151.150.zone";

   allow-update { none; };

   notify no;

};

```

Which results in:

```
# /etc/init.d/named checkconfig

 * Checking named configuration ...                                       [ ok ]

```

On to the zones:

```
 # /etc/init.d/named checkzones

 * Checking named configuration and zones ...

zone localhost/IN: loaded serial 2008122601

zone example.com/IN: loaded serial 2008122601

zone 127.in-addr.arpa/IN: loaded serial 2008122601

zone 20.151.150.in-addr.arpa/IN: loaded serial 2008122601                 [ ok ]

```

Which tells us that you are reusing the serial numbers from the default zone files, better to use serial numbers which actually reflect when the file was most recently changed as that helps to preserve sanity when the DNS weevils come. Aside from that, they are well formed, modulo the missing entry for asterisk which the FaxOut CNAME entry points to.

----------

## am02

Yeah noted, ty. I made mistake in the conf. file. 

Anyway, I've corrected the file including zones file, but when I tried to nslookup and dig my name server it still gives me SERVFAIL.

I've also tried host -l example.com which gives me communication error.

I've also tried to check whether my zones file are loaded or not. But only example.com.zone file are loaded correctly but 20.151.150.zone are not.

```
# named-checkzone example.com /etc/bind/pri/example.com.zone

zone example.com/IN: loaded serial 2008122601

OK
```

```
# named-checkzone 20.151.150  /etc/bind/pri/20.151.150.zone

/etc/bind/pri/20.151.150.zone:3: ignoring out-of-zone data (20.151.150.in-addr.arpa)

/etc/bind/pri/20.151.150.zone:12: ignoring out-of-zone data (20.151.150.in-addr.arpa)

/etc/bind/pri/20.151.150.zone:13: ignoring out-of-zone data (20.151.150.in-addr.arpa)

/etc/bind/pri/20.151.150.zone:14: ignoring out-of-zone data (20.151.150.in-addr.arpa)

zone 20.151.150/IN: has 0 SOA records

zone 20.151.150/IN: has no NS records

zone 20.151.150/IN: no loaded due to errors.
```

20.151.150.zone file:

```
$ORIGIN 20.151.150.in-addr.arpa.

$TTL 1W

@   1D   IN   SOA   man1.example.com. mailuserserver.example.com. (

                                                     2008122601   ; Serial

                                                     3H                   ; Refresh

                                                     15M                 ; Retry

                                                     1W                   ; Expire -1 week

                                                     1D )                 ; Minimum

            IN   NS   man1.

209      IN   PTR   gateway.example.com.

209      IN   PTR   man1.example.com.

210      IN   PTR   client.example.com.
```

----------

## freke

 *am02 wrote:*   

> 
> 
> Yeah noted, ty. I made mistake in the conf. file. 
> 
> Anyway, I've corrected the file including zones file, but when I tried to nslookup and dig my name server it still gives me SERVFAIL. 
> ...

 

Dumb question - but you did restart bind after correction the conf?

 *am02 wrote:*   

> 
> 
> I've also tried to check whether my zones file are loaded or not. But only example.com.zone file are loaded correctly but 20.151.150.zone are not.
> 
> ```
> ...

 

I believe this should be:

```
named-checkzone 20.151.150.in-addr.arpa /etc/bind/pri/20.151.150.zone
```

----------

## am02

 *Quote:*   

> Dumb question - but you did restart bind after correction the conf?

 

Already done that before running nslookup and dig.

 *Quote:*   

> I believe this should be:
> 
> Code:	
> 
> named-checkzone 20.151.150.in-addr.arpa /etc/bind/pri/20.151.150.zone 

 

Noted. Now its loaded. But nslookup and dig still gives me SERVFAIL.

----------

