Hello

I ran my own DNS server (Posadis) on a Windows XP box with no problems for months and have had no problems with doing the same thing on my Fedora Linux box except that when I go to http://www.dnsreport.com and type in my domain name, I get the following...

Lame nameservers
ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
32.18.212.109

What does this mean and how do I correct it?. I am using BIND/Named in Fedora and have everything installed correctly, the service turned on, port 53 opened, zone file looks good, etc. Will updating my SOA serial number help at all or is there something else I need to do?.

Thank you kindly!

Could it be the nameservers you have defined in /etc/resolv.conf?

See if any of these G4L search results for 'lame nameserver' (http://www.google.com/linux?q=lame+nameserver&btnG=Google+Search&hl=en&lr=&ie=UTF-8&oe=UTF-8) help to explain. I don't remember ever seeing a question posted here at JL on 'lame nameserver', but you could try a JL forum search just in case.

Anyone else ever run into this?

I was'nt aware of this file but I went into etc/ and looked at the file you mentioned and it contained the following...

nameserver 32.63.68.21
nameserver 32.63.68.22

Should'nt the "nameserver" be something like "mydomain.com" or "ns1", etc?

lame (http://www.acmebw.com/askmrdns/archive.php?category=83&question=383) server, this is very common, there are even scripts to parse your logs for lame querys and try to email the admins of thoes dns servers to try to get them fixed but the interent if full of lame nameservers no doubt

That's very interesting but is there a specific way to fix this and if you know, how?

At first I though you just saw a lame server in your logs, I see now this is your server, sorry about that.

You need to confirm what nameservers are setup for your domain in your registars database (you can use 'whois <domain.tld>' to do this if you don't want to log in) and then make sure your SOA record and NS records match these. That should work if that is the problem, I could check more if I knew the doman, but I'm no DNS expert (but I manage somehow :P )

This (http://www.dollardns.net/cgi-bin/dnscrawler/index.pl) is a nice tool to help out with DNS problems.

In /var/named/ and also /var/named/chroot/var/named I have the following file ("mydomain.zone")...

-----------------------------------------------------------------
$ORIGIN mydomain.com
$TTL 86400

@ IN SOA ns1.mydomain.com. support.mydomain.com. (
2004042411 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day

IN NS ns1.mydomain.com.
IN NS ns2.mydyndns.org.
IN NS ns3.mydyndns.org.
IN NS ns4.mydyndns.org.
IN NS ns5.mydyndns.org.

IN MX 10 mail.mydomain.com.

ns1 IN A 61.24.26.212
ns2 IN A 229.29.35.128
ns3 IN A 65.29.14.1
ns4 IN A 223.125.151.26
ns5 IN A 60.218.197.93

ftp IN CNAME 61.24.26.212

mail IN CNAME 61.24.26.212

ns1 IN CNAME 61.24.26.212

www IN CNAME 61.24.26.212

smtp IN CNAME 61.24.26.212

nntp IN CNAME 61.24.26.212

@ IN CNAME 61.24.26.212
--------------------------------------------------------------

I did not change anything else (do I need to?). I also have these same nameservers listed with my registrar and have been using the Posadis DNS server (successfully) on Windows XP for over a month now. However, now I'm using BIND with Fedora Linux so it's a bit different and I may not have the format/syntax exactly right. I also have the DNS service turned on. Thank's again for your help!

PS: I am the primary master for my domain and am using a secondary DNS service (dyndns) as a fallback.

$ORIGIN mydomain.com
$TTL 86400

@ IN SOA ns1.mydomain.com. support.mydomain.com. (
2004042411 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day

@ IN NS ns1.mydomain.com.
@ IN NS ns2.mydyndns.org.
@ IN NS ns3.mydyndns.org.
@ IN NS ns4.mydyndns.org.
@ IN NS ns5.mydyndns.org.

@ IN MX 10 mail.mydomain.com.

ns1 IN A 61.24.26.212
ns2 IN A 229.29.35.128 ; why are you hosting this record?
ns3 IN A 65.29.14.1 ; why are you hosting this record?
ns4 IN A 223.125.151.26 ; why are you hosting this record?
ns5 IN A 60.218.197.93 ; why are you hosting this record?

ftp IN CNAME 61.24.26.212

mail IN CNAME 61.24.26.212

ns1 IN CNAME 61.24.26.212

www IN CNAME 61.24.26.212

smtp IN CNAME 61.24.26.212

nntp IN CNAME 61.24.26.212

@ IN CNAME 61.24.26.212


I don't get the ns2 - ns5 A records, what your saying is ns2.mydomain.com has an A record of 229.29.35.128

I also explicitlly added the mydomain.com to the NS and MX records with the @, not sure if that will mess you up but it's IMO a good practice.

Where is the A record for for mydomain.com? You may want to uese an A record over a CNAME for anything that sendmail may use. Sendmail may replace the aliases in the mail header with the canonical name.

I would remove the ns1 CNAME record. BTW the CNAME entrys are wrong. You should always use the conocical name in the data portion of the CNAME record:

smtp IN CNAME ns1.mydomain.com.

I think you can get your zone straightened out now.

BTW does your registers DNS records for mydomain.com match your NS records?

Hi Stiles.

You seem to know exactly what your talking about and not only that but you even made some improvements:).

I have to be honest with you and tell you that I am about 85% clueless when it comes to DNS servers, zone files, etc, and what you saw in my zone file up there was more or less an amatuerish attempt at my doing this in a Linux environment . I did great in Windows XP but this is quite a bit different and even intimidating for me.

Yes, my nameservers in the zone file are the same ones my registrar has on file for my domain. registrarLet me ask you something and I don't want you to think that I'm just trying to get someone to do all of the work for me but would it at all be possable for you to more or less re-do my zone file and then re-post it here and I will just copy it to my var/named folder and it should work. I feel like such a toad asking you to do that for me but I figure the least you can do is say no and I have been fighting with this thing until my brain can't even think straight anymore. I had one other person tell me that for whatever reason, my nameserver is not loading the zone.

Anyway, for what it's worth, thank's and I greatly appreciate your help and any extra help you can provide with what I just mentioned.

Whoops sorry...the other four NS's are just nameservers that belong to an online service I'm using that provides secondary (backup) DNS.

Oh also, I see a whole bunch of files and folders below "var/named". Do I need to do anything with these or just leave them alone?.

$ORIGIN mydomain.com
$TTL 86400

@ IN SOA ns1.mydomain.com. support.mydomain.com. (
2004042411 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day


; Nameservers

@ IN NS ns1.mydomain.com.
@ IN NS ns2.mydyndns.org.
@ IN NS ns3.mydyndns.org.
@ IN NS ns4.mydyndns.org.
@ IN NS ns5.mydyndns.org.


; MX records

@ IN MX 10 mail.mydomain.com.


; Host addresses

@ IN A 61.24.26.212
ns1 IN A 61.24.26.212
mail IN A 61.24.26.212 ; could use CNAME if desired for
; sendmail to replace the aliases
; with the canonical name

smtp IN A 61.24.26.212 ; could use CNAME if desired for
; sendmail to replace the aliases
; with the canonical name


; Aliases

ftp IN CNAME mydomain.com. ; could be an A record
www IN CNAME mydomain.com. ; could be an A record
nntp IN CNAME mydomain.com. ; could be an A record


That's what I would start with, the coments give a little bit more structure and makes things easier to understand.

What files are in /var/named? I would guess there is local host, loopback, broadcast and network number zones which is good. You should also have a root hints zone. These are pretty standard but you may want to get an updated root hints zone file via ftp every once and a while from ftp.rs.internic.com (named.root), if you do so make sure you rename it to whatever your name is in your named.conf file for the root hint zone and then reload the name server (can use 'rndc reload')

Hey thank's Stiles! :cool:

Well, first of all I want to say that I have been posting at another message board asking similar questions and have gotten no meaningful help at all to speak of and the MOD over there keeps moving my posts around and repremanding people for the most trivial things. He must be new on the job or something:rolleyes: . I guess I've decided to hang my hat here:D .

Ok, I used the zone file replacement that you were kind enough to create for me, updated my old root file (which was from November of 2002!) and then restarted the DNS server. I hate to say it but I still got a message on the DNS Stuff site telling me that my nameserver was lame.

I was wondering though, I see a file in var/named called "named.local" and it just has a bunch of "localhost this" and "local host that" in it. Do I need to make any changes there or to the "Chroot" folder under var/named?. Maybe even make a few changes in my Apache httpd.conf file or even use apt/synaptic to download something I'm missing?. I'm just wondering if perhaps there's a broader picture here and I'm missing a file or don't have a service running that I need or something. What do you think?.

Thank's again for all your help...I really appreciate it!!

did you do a 'whois mydomain.com' to check the Name Servers entries with your registrar? This has to match the SOA record and the NS records if you don't want to be lame. Also are you doing zone transfers to your slave DNS servers? If the second, third, etc.... name servers do not have the zone data then your going to be lame.

Ok, as it turns out, I am showing up as the primary and the secondary on my registrar account and yet I am NOT the secondary (dyndns.org is). I called tech support and the lady at Network Solutions told me that this was the reason I was receiving the "lame nameserver" error and that she went ahead and corrected it. She said to just wait 24 hours and the problem should be fixed but that in the interum, everything would still work fine with or without the "lame nameserver" issue. This information is'nt on WHOIS...I had to log into my account to see the conflict but this was definately causing the problem.

Also, under var/named/ I have these files...

* named.ca (my root servers which I just updated)
* mydomain.zone (everything appears fine here)
* named.local (do I need to do anything with this?)

Then, under var/named/ I have the folowing folders...

* var/named/chroot (lots of duplicate files & folders)
* var/named/slaves (is completely empty)

The "chroot" folder contains other folders (and files), many of which appear to be just duplicates (and even triplicates) of what is already in the main var/named/ folder. Do I need to do anything with these?.

Also are you doing zone transfers to your slave DNS servers? If the second, third, etc.... name servers do not have the zone data then your going to be lame.

Hmm...I'm not sure what you mean by this or where I need to go to add the zone data for them but I'm assuming that what I/you added to the zone file will suffice(?)....or do I need to add this information somewhere else and where?

Anyway, I'll have to see how it goes. Thank's again for your help!!:)

Originally posted by MrCheese
Ok, as it turns out, I am showing up as the primary and the secondary on my registrar account and yet I am NOT the secondary (dyndns.org is).

That will do it, ok you should be good.

Originally posted by MrCheese
Also, under var/named/ I have these files...

* named.ca (my root servers which I just updated)
* mydomain.zone (everything appears fine here)
* named.local (do I need to do anything with this?)

Then, under var/named/ I have the folowing folders...

* var/named/chroot (lots of duplicate files & folders)
* var/named/slaves (is completely empty)

The "chroot" folder contains other folders (and files), many of which appear to be just duplicates (and even triplicates) of what is already in the main var/named/ folder. Do I need to do anything with these?.

Take a look into named.local if your want to, and yea you need that. The chroot is a replication of all the bind related files so you could run bind in a chroot enviroment, think of it as a jail for a daemon in case someone got a root shell by exploiting it. You can leave it around and if you get the urge to run bind in a chroot jail you have a starting point. slaves is where your slave zone files would be stored if you were a slave, I'd leave it, it doesn't hurt anyting.


Originally posted by MrCheese
Hmm...I'm not sure what you mean by this or where I need to go to add the zone data for them but I'm assuming that what I/you added to the zone file will suffice(?)....or do I need to add this information somewhere else and where?


It's all good, I was just thinking that maybe the slave(s) wasn't doing it's job but the problem was with the nameservers registered with your registrar.