Subdomains not working (again)

20 posts / 0 new
Last post
#1 Sun, 05/17/2009 - 23:48
wattaman

Subdomains not working (again)

I know I've asked about this before and it was my fault then, but unfortunatelly I must ask for help on the same issue; now I think is something wrong with webmin or virtualmin, I'm not sure.

So, I made a couple of updates in the Virtualmin Package Updates and after that I've noticed the subdomains are not working (again). Trust me, is not my computer or my ruter this time, though I wish it would be 'cause it would be easier for me to fix. Is something wrong with the server. I, again, have no ideea where to look and what to search to fix it so I'm asking again for help. The domains are working, only the subdomains don't. I've created not the mandinga.atat.ro, to test, and it seems that newly created subdomains don't work, either. Also, to test them, I've tried to browse through the proxies of proxy.org but they won't load. Finally, I've tried to run a cronjob for one subdomain, and the message is:

curl: (6) Couldn't resolve host 'stiri.atat.ro'

To end this, please help me find the issue! I have no idea why the subdomains are not working. For what it matters, I have Ubuntu 8.04.1, Bind DNS 9.4.2, Apache 2.2.8 Thank you!<br><br>Post edited by: wattaman, at: 2009/05/17 23:48

Mon, 05/18/2009 - 00:05
Joe
Joe's picture

You don't have DNS configured correctly.

When I look up atat.ro, I see that the DNS servers that are authoritative are:

ns2.everydns.net.
ns3.everydns.net.
ns4.everydns.net.
ns1.everydns.net.

Since you've chosen to use those are your DNS servers, you need to configure all host records with everydns.net. It's not something Virtualmin can have any control over. If you want the Virtualmin server to be authoritative for your domaine, you'll need to configure it at your registrar (again, Virtualmin can't control that; except in special cases where you use the Virtualmin Domain Registration plugin to register your domain).

--

Check out the forum guidelines!

Mon, 05/18/2009 - 00:23 (Reply to #2)
wattaman

But the atat.ro site is working properly, only the subdomains won't.
Besides, at my registrar I've added all these NS:
ns1.atat.ro, ns1.everydns.net, ns2.server.lu, ns2.atat.ro, f031.server.lu, ns1.server.lu ... these are all the NS, not only everydns.
I'm not 100% I did it right, however what I know is that before the updates everything worked... and now are working only the domains.

Mon, 05/18/2009 - 00:28 (Reply to #3)
wattaman

BTW, I do suspect something about Bind DNS, I think it was on the list of updates virtualmin suggested

Mon, 05/18/2009 - 00:50 (Reply to #4)
Joe
Joe's picture

<div class='quote'>But the atat.ro site is working properly, only the subdomains won't.</div>

What's that got to do with anything? They're two different names. One could be configured correctly, while another might not.

<div class='quote'>ns1.atat.ro, ns1.everydns.net, ns2.server.lu, ns2.atat.ro, f031.server.lu, ns1.server.lu ... these are all the NS, not only everydns.</div>

Then you need to configure every single one of those servers correctly (stiri needs to exist on every one of them).

<div class='quote'>BTW, I do suspect something about Bind DNS, I think it was on the list of updates virtualmin suggested </div>

Your suspicions are unfounded. You have a bunch of nameservers that don't have a record for that name. Everything is behaving exactly as designed.

I would suggest you reduce your number of name servers to two, and you focus on getting those two name servers configured correctly and including records for all of the names you want to resolve.

--

Check out the forum guidelines!

Mon, 05/18/2009 - 01:26 (Reply to #5)
wattaman

<div class='quote'>Then you need to configure every single one of those servers correctly (stiri needs to exist on every one of them).</div>
I have no idea what you've just said. On the registrar's page I can point only domain names to name servers, not subdomains.
Let me put it other way:
Atat.ro has, in the Bind's configuration, these NS: f031.server.lu, ns1.atat.ro and ns2.atat.ro. All the subdomains have only f031.server.lu. All the newly created have only f031.server.lu in the name server records page.
They <u>all</u> used to work, until 3 days ago.

<i>Additional info: on the registrar's page, ns1.atat.ro and ns2.atat.ro are pointing to the server's IP. The server is f031.server.lu, as you probably know now.</i>

Mon, 05/18/2009 - 08:20 (Reply to #6)
Joe
Joe's picture

<div class='quote'>I have no idea what you've just said. On the registrar's page I can point only domain names to name servers, not subdomains.</div>

You have a basic misunderstanding of DNS that is causing all of your troubles.

Your registrar is not a DNS server. It is only responsible for delegating a zone to another DNS server. The DNS servers it delegates authority for your zone to need to be able to answer requests for those zones. Yours do not.

You should start by reading up on DNS. The Webmin docs have quite a bit of coverage:

http://doxfer.com/Webmin/BINDDNSServer

There's also some troubleshooting docs here:

http://doxfer.com/Webmin/BINDTroubleshootingTools

--

Check out the forum guidelines!

Mon, 05/18/2009 - 01:29 (Reply to #7)
wattaman

All the newly created subdomains by the virtualmin, more exactly...

Mon, 05/18/2009 - 05:50 (Reply to #8)
andreychek

Howdy,

<div class='quote'>
I have no idea what you've just said. On the registrar's page I can point only domain names to name servers, not subdomains.
</div>

I believe what Joe is saying, is that you have 6 nameservers configured at your registrar:

ns1.atat.ro
ns1.everydns.net
ns2.server.lu
ns2.atat.ro
f031.server.lu
ns1.server.lu

I looked those up with a &quot;whois&quot;.

Each and every one of those nameservers must be configured to know about all the domains (and sub-domains) running on your Virtualmin server.

So, all 6 of those need to be capable of resolving the &quot;stiri.atat.ro&quot; domain.

If any fail, it'll prevent people from accessing your site.

For example, from what I can tell at a quick glance, f031.server.lu isn't responding to DNS queries, the ns1.atat.ro and ns2.atat.ro don't resolve at all, and the remainder don't know what &quot;stiri.atat.ro&quot; is.

So that's the issue ;-)

You have to make sure every name server listed in your registrar can resolve, and that it knows about the domains on your server.
-Eric

Mon, 05/18/2009 - 06:14 (Reply to #9)
ronald
ronald's picture

One can say your DNS is somewhat troublesome..

http://www.squish.net/dnscheck/

Results for stiri.atat.ro
50.0% of queries will end in failure at 212.117.164.110 (f031.server.lu) - query timed out
16.7% of queries will end in failure at 208.76.56.56 (ns1.everydns.net) - no such domain
16.7% of queries will end in failure at 195.26.4.90 (ns1.server.lu) - no such domain
16.7% of queries will end in failure at 83.243.8.90 (ns2.server.lu) - no such domain
---------

http://www.intodns.com/

Results for atat.ro

ERROR: One or more of your nameservers did not respond:
The ones that did not responded are:
212.117.164.110

FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
ns4.everydns.net
ns2.everydns.net
ns3.everydns.net

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.atat.ro
f031.server.lu
ns2.atat.ro

Looks like your nameservers do not agree on the SOA serial. Ths SOA records as reported by your nameservers:
83.243.8.90 -&gt; 1242651721
208.76.56.56 -&gt; 1242658007
195.26.4.90 -&gt; 1242651721

ERROR: I could not get any A records for www.atat.ro!

Mon, 05/18/2009 - 14:41 (Reply to #10)
ronald
ronald's picture

what's keeping it up?
That is just luck half of the time and you are on the good side (probably cache or an ip in the host file locally).

50% of the queries are leading to your site. the other half is a no go.

Results

50.0% of queries will end in failure at 212.117.164.110 (f031.server.lu) - query timed out

16.7% of queries will be returned by 208.76.56.56 (ns1.everydns.net)

atat.ro. 360 IN SOA ns1.everydns.net. hostmaster.atat.ro. (
1242689007 ; Serial
3600 ; Refresh
900 ; Retry
1209600 ; Expire
3600 ) ; Minimum TTL
atat.ro. 86400 IN NS ns1.everydns.net.
atat.ro. 86400 IN NS ns2.everydns.net.
atat.ro. 86400 IN NS ns3.everydns.net.
atat.ro. 86400 IN NS ns4.everydns.net.
atat.ro. 3600 IN A 212.117.164.110

16.7% of queries will be returned by 195.26.4.90 (ns1.server.lu)

atat.ro. 3600 IN SOA ns1.server.lu. admin.server.lu. (
1242651721 ; Serial
10800 ; Refresh
1800 ; Retry
3024000 ; Expire
3600 ) ; Minimum TTL
atat.ro. 3600 IN NS ns1.server.lu.
atat.ro. 3600 IN NS ns2.server.lu.

16.7% of queries will be returned by 83.243.8.90 (ns2.server.lu)

atat.ro. 3600 IN SOA ns1.server.lu. admin.server.lu. (
1242651721 ; Serial
10800 ; Refresh
1800 ; Retry
3024000 ; Expire
3600 ) ; Minimum TTL
atat.ro. 3600 IN NS ns2.server.lu.
atat.ro. 3600 IN NS ns1.server.lu.

Tue, 05/19/2009 - 07:13 (Reply to #11)
ronald
ronald's picture

you are setting your servers hostname as a nameserver. This is not wrong but it is confusing as you also set 2 ns nameservers.

I would change the hostname of the server to &quot;whatever.atat.ro&quot;
then at your registrar for atat.ro I would point all A records to the server
(In fact one of my servers is running like this)
You'll be using the nameservers of the registrar. Then use A records like so:

*.atat.ro 123.123.123.123
www.atat.ro 123.123.123.123
mail.atat.ro 123.123.123.123
whatever.atat.ro 123.123.123.123
ns1.atat.ro 123.123.123.123
ns2.atat.ro 123.123.123.123 (if you have multiple IP's on your box, change this one to it)
ftp.atat.ro 123.123.123.123
m.atat.ro 123.123.123.123

Now you can use ns1.atat.ro, ns2.atat.ro as nameservers on your box and for all other domains hosted on it. You' can add two virtual ifaces to your eth0 under Networking and add the ns1 and ns2 to your hostaddress (same module)

There is an easier way provided you do have multiple IP's to your server, but I don't know your situation exactly.
The problem you can encounter with this set up is that most registrars don't allow 2 nameserver s on the same IP for CC domains.
A cheap VPS somewhere would solve that though.

note that the nameserver of your hoster/isp is meant to find your box and has nothing to do with domains hosted on your box.

Tue, 05/19/2009 - 22:43 (Reply to #12)
wattaman

Thank you for all your support. This is even more confusing; my registrar (that's different the my host) says the ns*.atat.ro nameservers are the ones bad and it would be better not to use them.

Listen, I realise I'm not even talking about webmin or virtualmin anymore and I really appreciate your help. I'll try to understand all this Bind&amp;DNS business by myself.
One question I still have and this is related to virtualmin. Please answer me on this and I promise not to bug you anymore with this :)

- So, supposing all the nameservers registered at the registrar are working fine and also those nameservers are entered in the Bind DNS config., for one particular domain.
Now: I create a new subdomain in virtualmin, then I go to Bind DNS config. for that subdomain and I see it added as nameserver only the server's address (Fo31.server.lu in my case). <i>Question: all the subdomains of a particular domain must have all the nameservers as their domain? Should I add the NS of the domain in every subdomain Name Server Records page?</i>
Thanks again!

Wed, 05/20/2009 - 00:48 (Reply to #13)
Joe
Joe's picture

You're still misunderstanding the basic architecture of DNS.

You keep conflating name servers, zones, and domain names. They are not the same thing.

Here's what needs to happen:

You need to pick two name servers. Stop trying to put a dozen name servers into your registrar. It's nonsensical. Pick two name servers. Two. That's it. Your registrar needs to have TWO name servers listed for your zones. If you want them to be ns1.atat.ro and ns2.atat.ro, then use those. Stop trying to randomly pick name servers until one magically works, as though it is a lottery. Pick two names. Those will be your name servers for all zones.

Now, make them work for your zones. If they are controlled by Virtualmin, they should just automatically be configured correctly; though you do need to make the A record for them in the atat.ro zone in the BIND DNS module. And, you'll need to configure what name Virtualmin uses in the NS records for your zones (this can be found in Server Templates-&gt;BIND DNS Domain, the options are &quot;Master DNS server hostname&quot; and &quot;Additional manually configured nameservers&quot;). You may also want to correct the NS records to point to ns1/ns2.

Once these are correct, you can stop fretting about subdomains and domains as though they are different things. They are all just names. When DNS is configured correctly, domain and subdomain is an irrelevant distinction.

Your registrar doesn't need to know about every name you have. They need to know about TWO name servers for each zone (each second level domain, like virtualmin.com). Once your glue records at the registrar are correct, and the A and NS records for your name servers are correct on those servers, DNS will all Just Work.

--

Check out the forum guidelines!

Wed, 05/20/2009 - 06:33 (Reply to #14)
wattaman

<div class='quote'>You're still misunderstanding the basic architecture of DNS.
</div>
Well, obviously!!!
And it seems nobody can explain it step-by-step so every dumb noob can understand it; everybody's talking technical, like if I don't undestand the basics I should understand this: <i>&quot;though you do need to make the A record for them in the atat.ro zone in the BIND DNS module&quot;</i>

Anyway, don't bother anymore, I'll just hire someone to do this.
Thanks, anyway!

Wed, 05/20/2009 - 13:45 (Reply to #15)
Joe
Joe's picture

<div class='quote'>everybody's talking technical, like if I don't undestand the basics I should understand this: &quot;though you do need to make the A record for them in the atat.ro zone in the BIND DNS module&quot;</div>

An A record is an Address record. Look in the BIND DNS module, and click on the atat.ro zone. Click Address records. Add a record for each of ns1.atat.ro and ns2.atat.ro pointing to two of your IP addresses. That's your A records. Done.

An NS record is a pointer to an A or CNAME record that says, &quot;The name server this name points to is authoritative for this zone.&quot; I've already explained how to configure these so that they are correct (Server Templates). Since you've already created atat.ro, you'll need to add them manually using the BIND DNS module. Once again, click on the zone (atat.ro), and then click on Name Server Records. Add ns1.atat.ro and ns2.atat.ro. Remove the one that was created by the default Virtualmin configuration (the hostname of the system), since that's not the name you want to use for your name servers.

From there, all that has to happen is you have to configure your registrar to use those two name servers as authoritative for your zone. (This gets tricky with some registrars that insist on your name servers already being in a &quot;live&quot; zone. Which means you can't bootstrap a new domain into existence from scratch. You have to stop over briefly with an existing set of nameservers--can be free ones or cheap ones online--so that you can make the name servers &quot;exist&quot; to the world. If your registrar allows you to enter a name <i>and</i> and IP, this won't be a problem for you.)

--

Check out the forum guidelines!

Wed, 05/20/2009 - 13:50 (Reply to #16)
Joe
Joe's picture

I don't recall if I pointed out the Webmin BIND docs, but they're a reasonable start on the subject:

http://doxfer.com/Webmin/BINDDNSServer

And the O'Reilly book on the subject (titled simply <i>DNS and BIND</i>) is a fantastic book. One of the best O'Reilly has ever published.

Ronald is quite right...DNS can be very confusing at first, but once it clicks, it becomes really incredibly simple (for the most part). It's just mapping names to IPs. The only confusing thing is understanding how the world knows to ask your server for the information, which is where the registrar and the TLD (Top Level Domain) name servers come into play (the registrar acts as your agent to the TLD servers; you and I can't directly add records to the TLD zones, but accredited registrars can, so we pay them to represent us).

--

Check out the forum guidelines!

Wed, 05/20/2009 - 06:54 (Reply to #17)
ronald
ronald's picture

no need for aggrevation though.
DNS is confusing to comprehend although once you see how it works it is quite simple. Took me long enough for sure.

<div class='quote'>And it seems nobody can explain it step-by-step so every dumb noob can understand it; </div>
It is difficult to explain without some technicality. It also depends on your system, if you have at least 2 IP's and for country domains 2 IP's in a different complete range, else the registrar will complain and will not allow you to add the nameservers.

So it is hard to outline 1 simple instruction for specific situations.
The howto that Joe wrote and I wrote are two different scenario's and both feasible.

you can drop me a line at tech [at] izicart [dot] com and I'll try to help you more directly.

Mon, 05/18/2009 - 10:08
wattaman

Ronald, I understand what you said... far more explicit then Joe ... and Joe, I've already start reading :)
What I still don't understand is why, in the name of God, <u>all of them worked until the updates</u>!?!
And if is all so messed up, what exactly keeps the main domain online all the time?!

Mon, 05/18/2009 - 19:42
wattaman

I see.
Well, I was confused because the subdomains virtualmin creates have, as nameserver, in the Bind DNS settings, only the server's name - so I thought this is the right thing.

Anyway, please stay with me a little more and tell me if this is good now, want to know if I got it right; I'll make it simple to read :)

1. I create site.com from virtualmin (by default it has F031.server.lu set as nameserver in Bind);
2. I go to the registrar's page and set ns1.site.com and ns2.site.com pointing to the server's (F031.server.lu) IP;
3. I go back to my bind and also add the two ns1.site.com and ns2.site.com as nameservers;
4. I the create subdomain sub.site.com (default it has F031.server.lu set as NS in Bind);
5. I add to this, also, in its master zone the nameservers ns1.site.com and ns2.site.com
Theoretically, if I understood right, everything should work now.
6. Besides these, I can also use the everydns.net as a nameserver or the hoster's nameservers (ns1.everydns.net or ns1.server.lu)
7. I can safely delete the server's address from the Bind (F031.server.lu)
8. If other domains created by virtualmin share the same IP as atat.ro, I can also use ns1.atat.ro or ns2.atat.ro as nameservers for them, too.

Thanks!

Topic locked