mi DNS bind-9 no resuelve ningun dominio de microsoft.

Imagen de jmorallo

Forums: 

Estimados:

Tengo un problema al cual aun no le encuentro ni pies ni cabeza, ya que nunca habia escuchado o leido algo similar, he preguntado, buscado, pero no he encontrado nada.
Tengo mi DNS en un Centos 5 con todas sus actualizaciones uso bind9, especificamente bind-9.3.4-6.0.2.P1.el5_2, funcionaba todo bien, resolvia todo sin problemas hasta un mes atras mas o menos, ahora tiene problemas para resolver los sitios de microsoft, NO RESUELVE NINGUN SITIO QUE TENGA QUE VER CON MICROSOFT y pasa especificamente con ellos, ya que con todos los demas dominios no hay problemas.
Lo mas raro aun es que por lo general en las mañanas resuelve bien, pero durante el transcurso de la tarde deja de hacerlo, de hecho el dia jueves y viernes recien pasado funciono perfecto, pero ayer y los dias anteriores no funcionaba.

Por favor ayuda, ya que este error ya me esta causando dolores de cabeza jajajja.
Gracias.

De pronto has probado con

Imagen de jcyepez

De pronto has probado con caching-nameserver????

Yo tengo bind 9.3.4-6.02.P1.el5_2 y no tengo inconvenientes.

Pienso que el error está en tus archivos de configuración, pero no podemos saberlo sin no indicas los mensajes que te reporta en el /var/log/messages.

Saludos

Juan Yépez
093681879

Saludos

Juan Yépez
0993681879
Dj - Discomovil Quito

aca dejo un extracto del log

Imagen de jmorallo

aca dejo un extracto del log /var/log/messages.


Aug 6 15:59:08 r2d named[23663]: client 192.168.1.114#3533: view internal: updating zone 'dominio.com/IN': update unsuccessful: JUNIOR9.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 15:59:08 r2d named[23663]: client 192.168.1.114#3536: view internal: update 'dominio.com/IN' denied
Aug 6 15:59:42 r2d named[23663]: client 192.168.1.144#58698: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa27.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 15:59:42 r2d named[23663]: client 192.168.1.144#64365: view internal: update 'dominio.com/IN' denied
Aug 6 16:00:39 r2d named[23663]: client 192.168.1.126#2447: view internal: update 'dominio.com/IN' denied
Aug 6 16:00:41 r2d named[23663]: client 192.168.1.145#1307: view internal: update 'dominio.com/IN' denied
Aug 6 16:00:50 r2d named[23663]: client 192.168.1.128#55074: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa17.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:00:50 r2d named[23663]: client 192.168.1.128#59928: view internal: update 'dominio.com/IN' denied
Aug 6 16:00:52 r2d named[23663]: client 192.168.1.124#4807: view internal: updating zone 'dominio.com/IN': update unsuccessful: junior10.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:00:52 r2d named[23663]: client 192.168.1.124#4810: view internal: update 'dominio.com/IN' denied
Aug 6 16:01:16 r2d named[23663]: client 192.168.1.131#1949: view internal: update 'dominio.com/IN' denied
Aug 6 16:01:16 r2d named[23663]: client 192.168.1.102#2602: view internal: update 'dominio.com/IN' denied
Aug 6 16:01:44 r2d named[23663]: client 192.168.1.202#1026: view internal: update 'dominio.com/IN' denied
Aug 6 16:01:54 r2d named[23663]: client 192.168.1.117#3662: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:09 r2d named[23663]: client 192.168.1.112#1069: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:18 r2d named[23663]: client 192.168.1.121#1672: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa01.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:02:18 r2d named[23663]: client 192.168.1.121#1675: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:23 r2d named[23663]: client 192.168.1.111#4665: view internal: updating zone 'dominio.com/IN': update unsuccessful: junior2.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:02:23 r2d named[23663]: client 192.168.1.111#4668: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:24 r2d named[23663]: client 192.168.1.125#64385: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa15.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:02:24 r2d named[23663]: client 192.168.1.125#50192: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:25 r2d named[23663]: client 192.168.1.148#4765: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:26 r2d named[23663]: client 192.168.1.122#3587: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:27 r2d named[23663]: client 192.168.1.101#1470: view internal: update 'dominio.com/IN' denied
Aug 6 16:02:38 r2d named[23663]: unexpected RCODE (SERVFAIL) resolving 'dipromet.cl.multi.surbl.org/A/IN': 202.106.182.244#53
Aug 6 16:02:38 r2d named[23663]: unexpected RCODE (SERVFAIL) resolving 'nod32.com.multi.surbl.org/A/IN': 202.106.182.244#53
Aug 6 16:02:47 r2d named[23663]: client 192.168.1.105#2120: view internal: update 'dominio.com/IN' denied
Aug 6 16:03:34 r2d named[23663]: client 192.168.1.139#4116: view internal: updating zone 'dominio.com/IN': update unsuccessful: DESA12.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:03:34 r2d named[23663]: client 192.168.1.139#4119: view internal: update 'dominio.com/IN' denied
Aug 6 16:03:46 r2d named[23663]: client 192.168.1.113#4326: view internal: update 'dominio.com/IN' denied
Aug 6 16:04:00 r2d named[23663]: client 192.168.1.149#54592: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa23.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:04:00 r2d named[23663]: client 192.168.1.149#54645: view internal: update 'dominio.com/IN' denied
Aug 6 16:04:08 r2d named[23663]: client 192.168.1.114#3620: view internal: updating zone 'dominio.com/IN': update unsuccessful: JUNIOR9.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:04:08 r2d named[23663]: client 192.168.1.114#3623: view internal: update 'dominio.com/IN' denied
Aug 6 16:04:43 r2d named[23663]: client 192.168.1.144#57519: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa27.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:04:43 r2d named[23663]: client 192.168.1.144#64372: view internal: update 'dominio.com/IN' denied
Aug 6 16:05:39 r2d named[23663]: client 192.168.1.126#2464: view internal: update 'dominio.com/IN' denied
Aug 6 16:05:41 r2d named[23663]: client 192.168.1.145#1408: view internal: update 'dominio.com/IN' denied
Aug 6 16:05:50 r2d named[23663]: client 192.168.1.128#54818: view internal: updating zone 'dominio.com/IN': update unsuccessful: desa17.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:05:50 r2d named[23663]: client 192.168.1.128#61617: view internal: update 'dominio.com/IN' denied
Aug 6 16:05:52 r2d named[23663]: client 192.168.1.124#4888: view internal: updating zone 'dominio.com/IN': update unsuccessful: junior10.dominio.com/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Aug 6 16:05:52 r2d named[23663]: client 192.168.1.124#4891: view internal: update 'dominio.com/IN' denied

ya tengo unstalado el caching-nameserver

[root@r2d ~]# rpm -qa |grep bind
bind-chroot-9.3.4-6.0.2.P1.el5_2
bind-utils-9.3.4-6.0.2.P1.el5_2
ypbind-1.19-8.el5
bind-libs-9.3.4-6.0.2.P1.el5_2
bind-9.3.4-6.0.2.P1.el5_2

al hacer un dig me arroja este resultado


[root@r2d2 ~]# dig www.hotmail.com +trace

; <<>> DiG 9.3.4-P1 <<>> www.hotmail.com +trace
;; global options: printcmd
. 518301 IN NS M.ROOT-SERVERS.NET.
. 518301 IN NS A.ROOT-SERVERS.NET.
. 518301 IN NS B.ROOT-SERVERS.NET.
. 518301 IN NS C.ROOT-SERVERS.NET.
. 518301 IN NS D.ROOT-SERVERS.NET.
. 518301 IN NS E.ROOT-SERVERS.NET.
. 518301 IN NS F.ROOT-SERVERS.NET.
. 518301 IN NS G.ROOT-SERVERS.NET.
. 518301 IN NS H.ROOT-SERVERS.NET.
. 518301 IN NS I.ROOT-SERVERS.NET.
. 518301 IN NS J.ROOT-SERVERS.NET.
. 518301 IN NS K.ROOT-SERVERS.NET.
. 518301 IN NS L.ROOT-SERVERS.NET.
;; Received 500 bytes from 192.168.1.235#53(192.168.1.235) in 1 ms

com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 493 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 278 ms

hotmail.com. 172800 IN NS ns1.msft.net.
hotmail.com. 172800 IN NS ns2.msft.net.
hotmail.com. 172800 IN NS ns3.msft.net.
hotmail.com. 172800 IN NS ns4.msft.net.
hotmail.com. 172800 IN NS ns5.msft.net.
;; Received 211 bytes from 192.42.93.30#53(G.GTLD-SERVERS.NET) in 570 ms

dig: couldn't get address for 'ns1.msft.net': failure

pruebas de ping


[root@r2d ~]# ping www.hotmail.com
ping: unknown host www.hotmail.com
[root@r2d ~]# ping www.google.com
PING www.l.google.com (209.85.193.99) 56(84) bytes of data.
64 bytes from br-in-f99.google.com (209.85.193.99): icmp_seq=1 ttl=247 time=107 ms
64 bytes from br-in-f99.google.com (209.85.193.99): icmp_seq=2 ttl=247 time=94.3 ms
64 bytes from br-in-f99.google.com (209.85.193.99): icmp_seq=3 ttl=247 time=99.8 ms
64 bytes from br-in-f99.google.com (209.85.193.99): icmp_seq=4 ttl=247 time=98.2 ms
64 bytes from br-in-f99.google.com (209.85.193.99): icmp_seq=5 ttl=247 time=97.5 ms

--- www.l.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4163ms
rtt min/avg/max/mdev = 94.308/99.422/107.192/4.297 ms
[root@r2d2 ~]#


como se pueden dar cuenta en el log anterior, imposible hacer un ping a hotmail o cualquir sitio de microsoft, pero funciona perfecto para los otros dominios como google

hoy en la mañana podia resolver a hotmail, pero hace unos minutos atras dejo de ser asi

como ven el log???????
Gracias....helpppppppppppppppppppppp :?

Tu dig con trace falla al

Imagen de acl

Tu dig con trace falla al resolver ns1.msft.net, ¿puedes hacerle el mismo dig detallado a ese nombre de host para ver donde falla?
--
haber != a ver
ha != a

Encontre un sitio donde

Imagen de jmorallo

Encontre un sitio donde alguien menciona que le pasa lo mismo, pero no puedo ver los comentarios. :(:( alguien tiene una cuenta.
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_22899346.html

A mi me ha pasado con

Imagen de antares

A mi me ha pasado con dominios en específico que a ratos funciona y a ratos no... después de varias pruebas verifiqué que es el dns de mi proveedor es el que se fuma a veces y no resuelve bien.

Cambié a opendns y no he tenido problemas.

Saludos

Saludos,

antares

Este es mi named.conf, se

Imagen de jmorallo

Este es mi named.conf, se los muestro para que me den su opinion y me digan si esta bien configurado o no


//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.255; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
recursion no;
allow-query { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

acl internos {
127.0.0.1;
192.168.1.0/24;
192.168.2.0/24;
localhost;
};

view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
};

view "internal" {
match-clients { internos; };
recursion yes;
notify no;
include "/etc/named.rfc1912.zones";

# Zonas
zone "dominio.com" IN {
type master;
file "int/dominio.com.zone";
};

// zone "1.168.192.in-addr.arpa" IN {
// type master;
// file "1.168.192.in-addr.arpa.zone";
// };

};

view "external" {
match-clients {!localnets; any; };
recursion no;
notify no;
include "/etc/named.rfc1912.zones";

# Zonas
zone "dominio.com" IN {
type master;
allow-transfer {
200.1.123.7;
};
file "dominio.com.zone";
};

// zone "xxx.xxx.201.in-addr.arpa" IN {
// type master;
// file "xxx.xxx.xxx.201.in-addr.arpa.zone";
// };

};

a todo esto solucione el problema que tenia comentando estas lineas

//query-source port 53;
//query-source-v6 port 53;

pero ahora en que influyen esas dos lineas que he comentado, me interesa mucho que el dns quede seguro, me podrian ayudar comentandome que hacen estas dos lineas por favor y en general como ven mi configuracion?..
Gracias.