DNS Bind server intermittent issues

Question

We have a Bind server sitting on Ubuntu. It's a pretty basic setup. However we're having a silly issue that I am not sure is the server incorrectly configured, or if it's a problem on the interwebs. It's worth mentioning that the image below is after weeks and in some cases months.

Here is an example of what we see on What's my DNS:

Here is an example of the config file for said site:

$ttl 38400
somewebsite.net.                       IN          SOA      ns1.ourserver.com. email.somewebsite.com. (
                            1486765992
                            10800
                            3600
                            604800
                            38400 )
somewebsite.net.                       IN       NS      ns1.ourserver.com.
somewebsite.net.                       IN       A       xxx.xxx.xxx.34
www.somewebsite.net.                   IN       A       xxx.xxx.xxx.34
mail.somewebsite.net.                  IN       A       xxx.xxx.xxx.14
webmail.somewebsite.net.               IN       A       xxx.xxx.xxx.14
somewebsite.net.                       IN       MX      10 mx1.ourmxserver.com.
somewebsite.net.                       IN       MX      20 mx2.ourmxserver.com.

Now I can see requests come in watching the server using the following command

tcpdump -vvv -s 0 -l -n port 53

which leads me to believe the problem is elsewhere? Can some areas work and not others with a bad config file?

A tidbit of info .. We changed the servers we had our NS1 and NS2 pointed to a few months ago, and it seems that some of the sites never "followed" completely IE the image. Could this be a bind server related issue? Is my configuration wrong/incomplete?

EDIT I've also checked the named-checkconf -z and checkzone -- And they check out:

zone somesite.com/IN: loaded serial 1486765992
OK

I'm assuming appropriate info in named.conf (or named.conf.local) that says you are a master server for your domain. Check the zone file with `named-checkzone somewebsite.net /path/to/zone/file` — ivanivan, May 11 '17 at 23:08
Yes .. HOWEVER I did notice that the serials on all the sites are the same .. Could this affect things?? — Zak, May 11 '17 at 23:12
No, the serial doesn't matter - AS LONG AS it always increments when you make changes/updates to the zone file. Looks like you are using a unix time stamp which works fine, I like YYYMMDDVV format where VV is 01 to 99 for the revision that day. Figure if I mess up 99 times in a day, it is time to quit... — ivanivan, May 11 '17 at 23:34
OK .. What happens if it doesn't change when changes to the zone occur?? — Zak, May 11 '17 at 23:37
then when your server sends out notifies to the slaves they wont update, they think you are sending the same data — ivanivan, May 12 '17 at 00:29
Yes, our serials were being generated but weren't "updating" -- This seems to be the issue, I updated a few tests and things seem to be moving along ... If you'll answer as to the basics of how serials work, I'll gladly accept and vote up. — Zak, May 12 '17 at 03:03
Provide the domain name and you should get far better diagnostics and help. Why hiding it? Especially since your description does not match the screenshots... — Patrick Mevzek, May 12 '17 at 19:44

score 2 · Answer 1 · answered May 12 '17 at 03:08

Your zone file only shows a single nameserver, but the What's My DNS shows two.

A common DNS error is for slaves to have more / different NS records than the master, with their NS records actually pointing to "lame" servers (those that are not authoritative for the zone). This is particularly common when changing nameservers, as the slaves will need to be reconfigured to know the new master (and the new master must be configured to allow zone transfer to the new slaves).

score 1 · Accepted Answer · answered May 12 '17 at 12:36

I'm assuming appropriate info in named.conf (or named.conf.local) that says you are a master server for your domain. Check the zone file with named-checkzone somewebsite.net /path/to/zone/file

Assuming that all checks out as OK, check the serial numbers for each domain's zone file info. Now, what you use for a serial doesn't really matter - AS LONG AS it is numeric and always increments when you make changes/updates to the zone file. Looks like you are using a unix time stamp which works fine, I like YYYMMDDVV format where VV is 01 to 99 for the revision that day. Figure if I mess up 99 times in a day, it is time to quit...

Serials are important because when your DNS server sends out notifies OR is queried by a slave server/secondary server for your domain, the serial is examined. If the value isn't larger than the serial that secondary server has cached, it won't update its store of data - it figures it hasn't changed since there isn't a new serial.

DNS Bind server intermittent issues

2 Answers2