Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 20:15
Hi Guys, I have watched and read through lots of tutorials for Binding my DNS on our azure server. We want to host multiple domains on the one server. I have turned on personal DNS on our domain host and configured the Bind DNS service and its not working correctly. I have port 53 open on the firewall could I please get help.
Status:
Active
Comments
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 20:17 Comment #1
Submitted by andreychek on Thu, 09/01/2016 - 20:38 Comment #2
Howdy -- according to this here, it looks like your DNS server may not be responding:
http://www.intodns.com/fabiomarafioti.tk
What is the output of these commands on your server:
netstat -an | grep :53
iptables -L -n
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 20:49 Comment #3
tcp 0 0 100.76.40.28:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN tcp 0 0 100.76.40.28:22 210.5.32.118:53883 ESTABLISHED tcp6 0 0 :::53 :::* LISTEN udp 0 0 192.168.122.1:53 0.0.0.0:* udp 0 0 100.76.40.28:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 192.168.122.1:53 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp6 0 0 :::53 :::*
and
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination
Chain FORWARD_direct (1 references) target prot opt source destination
Chain FWDI_public (2 references) target prot opt source destination FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references) target prot opt source destination
Chain FWDI_public_deny (1 references) target prot opt source destination
Chain FWDI_public_log (1 references) target prot opt source destination
Chain FWDO_public (2 references) target prot opt source destination FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references) target prot opt source destination
Chain FWDO_public_deny (1 references) target prot opt source destination
Chain FWDO_public_log (1 references) target prot opt source destination
Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination
Chain INPUT_direct (1 references) target prot opt source destination
Chain IN_public (2 references) target prot opt source destination IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5903 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10004 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10002 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10005 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10003 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW
Chain IN_public_deny (1 references) target prot opt source destination
Chain IN_public_log (1 references) target prot opt source destination
Chain OUTPUT_direct (1 references) target prot opt source destination
Submitted by andreychek on Thu, 09/01/2016 - 22:19 Comment #4
Hmm, so what is the IP address of your server?
I see in the netstat output above, that it's listening on the IP "100.76.40.28".
However, in the DNS records above, it's a different IP address that's defined.
Actually, this would help -- what is the output of the command "/sbin/ifconfig"?
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 22:38 Comment #5
External 13.77.4.124 INTERNAL IP ADDRESS 100.76.40.28
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 22:47 Comment #6
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 100.76.40.28 netmask 255.255.252.0 broadcast 100.76.43.255 inet6 fe80::20d:3aff:fee0:2c25 prefixlen 64 scopeid 0x20 ether 00:0d:3a:e0:2c:25 txqueuelen 1000 (Ethernet) RX packets 93826 bytes 14893507 (14.2 MiB) RX errors 0 dropped 4 overruns 0 frame 0 TX packets 97568 bytes 109089903 (104.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 568 bytes 632026 (617.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 568 bytes 632026 (617.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 00:00:00:00:00:00 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Submitted by andreychek on Thu, 09/01/2016 - 23:06 Comment #7
Ah, I see.
It does appear that BIND is listening on your internal IP addresses.
The setup you're describing typically means that there is some sort of NAT router in front of your server, is that correct?
In that case, you would need to make sure that it is configured to port forward the necessary ports into your server, and that there isn't a firewall in front of your server that is blocking traffic.
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 23:11 Comment #8
Am i meant to set the dns to the internal IP address on the server.
there is a firewall but i have port 53 open for that too
Submitted by andreychek on Thu, 09/01/2016 - 23:21 Comment #9
When I try to perform a DNS lookup against the IP 13.77.4.124, I'm receiving a connection timed out error.
If BIND were configured in a way that was rejecting connections, it would generate a different error, such as connection refused.
The connection timed out error is what would typically be seen if there's an issue with port forwarding, or also possibly if your provider were blocking port 53.
My suggestion would be to double-check that the router port forwarding port 53 to the server, and if that doesn't help, to contact your provider to verify that they aren't restricting traffic on that port.
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 23:30 Comment #10
It is on the Azure Platform and i have and endpoint for port 53 and i had support from microsoft and they support it.
Did set my bind up incorrectly?
Submitted by matt@paytec.com.au on Thu, 09/01/2016 - 23:44 Comment #11
if you go this this site http://www.yougetsignal.com/tools/open-ports/
using the external ipaddress : 13.77.4.124 and lookup port 53
its open
Submitted by andreychek on Fri, 09/02/2016 - 08:20 Comment #12
We can look at your BIND config to ensure that there's nothing in there preventing access from the outside world.
Can you either attach, or paste in the contents, of your /etc/named.conf file?
Submitted by matt@paytec.com.au on Sun, 09/04/2016 - 17:41 Comment #13
vi /etc/named.conf also-notify { }; };
logging { channel default_debug { file "data/named.run"; severity dynamic; }; };
zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
zone "fabiomarafioti.tech" { type master; file "/var/named/fabiomarafioti.tech.hosts"; };
Submitted by matt@paytec.com.au on Sun, 09/04/2016 - 19:22 Comment #14
fabiomarafioti.tech. IN SOA fabiomarafioti.tech. fabio.paytec.com.au. ( 1472788448 10800 3600 604800 38400 ) fabiomarafioti.tech. IN NS fabiomarafioti.tech. fabiomarafioti.tech. IN A 100.76.40.28 www.fabiomarafioti.tech. IN A 13.77.4.124 ftp.fabiomarafioti.tech. IN A 13.77.4.124 ns1.fabiomarafioti.tech. IN A 13.77.4.124 ns2.fabiomarafioti.tech. IN A 13.77.4.124 ts3.fabiomarafioti.tech. IN A 13.77.4.124 server.fabiomarafioti.tech. IN A 13.77.4.124 webmail.fabiomarafioti.tech. IN A 13.77.4.124 fabiomarafioti.tech. IN NS ns1.fabiomarafioti.tech. fabiomarafioti.tech. IN NS ns2.fabiomarafioti.tech.
Submitted by andreychek on Sun, 09/04/2016 - 19:33 Comment #15
I don't see anything in your BIND config that would be restricting traffic.
Just to be super-sure it's not interfering, you may want to stop your firewall. Also, if you're running CSF or LFD, I'd recommend shutting those off to see if that helps.
Also, it's possible that there could be changes in the BIND config that aren't currently active in the running service.
What we can do to correct that is restart BIND. To that, you can run this command:
service named restart
After trying the above, are you able to access it?
Submitted by matt@paytec.com.au on Sun, 09/04/2016 - 20:19 Comment #16
am i able to give you remote access to help?
Submitted by matt@paytec.com.au on Sun, 09/04/2016 - 20:20 Comment #17
i did pay for a licence
Submitted by andreychek on Sun, 09/04/2016 - 23:21 Comment #18
Yup, we understand you paid for a license -- we appreciate that!
If BIND is listening for connections, and there aren't any configuration options listed there that are preventing incoming BIND requests -- it begins looking like a networking/firewall issue.
That's unfortunately not something we can fix.
Let's try this though -- have you disabled the firewall on your server, and restarted BIND? If not, can you try doing that first? And then let us know when that's completed.
If that doesn't help, I will gladly log in to take a look -- but all I can really do is test that BIND is accepting connections, and that the firewall on your server is off.
I'm certainly happy to do that to rule that out though.
I've marked your request as private, so you can leave login credentials here where only the staff can see them.
Oh, and something that'll help in the troubleshooting -- Which IP address would your router be forwarding the incoming connections to, is that 100.76.40.28 or 192.168.122.1?
Submitted by matt@paytec.com.au on Sun, 09/04/2016 - 23:43 Comment #19
I have restarted bind and tried to play around with all the settings on the firewall and it should be open for the required port 53.
Im not to sure if the Bind is setup correctly but in theory it should work but everything is ready for you to have a look.
The internal IP is 100.76.40.28 The external IP is 13.77.4.124
I have set up the dns to bind like the following:
$ttl 38400 fabiomarafioti.tech. IN SOA fabiomarafioti.tech. fabio.paytec.com.au. ( 1472788449 10800 3600 604800 38400 ) fabiomarafioti.tech. IN NS fabiomarafioti.tech. fabiomarafioti.tech. IN A 13.77.4.124 www.fabiomarafioti.tech. IN A 13.77.4.124 ftp.fabiomarafioti.tech. IN A 13.77.4.124 ns1.fabiomarafioti.tech. IN A 13.77.4.124 ns2.fabiomarafioti.tech. IN A 13.77.4.124 ts3.fabiomarafioti.tech. IN A 13.77.4.124 server.fabiomarafioti.tech. IN A 13.77.4.124 webmail.fabiomarafioti.tech. IN A 13.77.4.124 fabiomarafioti.tech. IN NS ns1.fabiomarafioti.tech. fabiomarafioti.tech. IN NS ns2.fabiomarafioti.tech.
So the router should forward to 100.76.40.28.
If you just have alook and see if its all correct would help me alot
"Adding Virtualmin SSH keys to /root/.ssh/authorized_keys .. ssh-dss AAAAB3NzaC1kc3MAAACBALPtrQgus8wMeTrxiQREVKNGK1b8S9MLcsVngXsaNL2IpzHzajjDxEhkxARlpREFdvhPB9XEMa8IYVRmScyYaAMoespibzq1A24kcBQ3iLDrgoTb/UiRxv7c84WhQud1YpbteKpcpfG582wste+3FqkzvQ6pbNcI0Kkuruhb0s+HAAAAFQDDRVRFXdmNFNR+N3D/XwkIAb7hhQAAAIB0GN+AIuA9OonKbJpgoKz3TKhWNf6DAm39y8Zb//zMaK8/Lc1FMpOsNI/R4Y6LPvCJeAyDXuf/5OT3+613xu70bSSUi2g4UXA6RM/PlSUhdEH4XmG8SoB9abaIObU2AkH84Dkf25qVlSRAL/5aU/R7InXk7jJYFD+cz7vau/4jKAAAAIA1keU19UdRAzUKpbHFotBso8UnQzurcoFWNq8YtjkV9x32sjHuatab+mSXvjjSV9VDZ1Ru+6h5q/Vf6tr4yUuAYIo9s9LGA/MQgOVl7k+Dsn6N9UCta8/yoDXPMBbYQoiUJ2sOQ0pCaPeYXH6WTbB9edgxRow8WFQjGW26t6cF5Q== dsa-key-20031024 # Virtualmin: Jamie ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxQo7LkOSG0Su/r3MXvvTm7kQ9o7HTkUkdbKJzeEoK3s4jdrP++NmsWx+nb2EOZaNKvugrEUBq5jUjcv6koW5LtVQHZuxGlZMfHsUA7S2aj5AB4qGQVGGv4E7vZ94mCTizgMix9kOeAaDD66DSQwV9wzQ98efW3wsFM0gtaplyXaXtQov/JfZIPDKFgsD1RJdJOkq0AFOnYzWUsp/nEkDYIvRcneGakQOsdjhjXWdJmDrE9vAgNFRLXPTvBK0ZUYu4Ici9o8C2UIj5yMwHI/76V53AT5hJVgci/nMvys8HodPtJuXnVmQoYLvJY3UT7pc8Cuxa/agYNRjSKtMBFV50w== joe@delilah.swell # Virtualmin: Joe ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0xsh0K9ZFzSV5JpdZ16OnwVg0uNVbebW6vBnZ8T+UYKpvLac0xx5QQRPdyBWO9dahFrFwbKbMFjZ+01RfbBi0SpJesL4LN9H7sqKYnatqFTVQek0IvJqHicHcySOjWjZMEX1ovc63cYIXEYNoS3CVMcYhWMFhig1ANuUQwoG7fFcjy2It9XeaP+AmIb7LvUEZr5zqeUV03sXoV2CmtpkpbQ8Gn5KyyNKjI/AwZpAZdkkJLCvvhKZz15W8bdK27Q89HW3g6IGwS604p8aLGszYH6e9eAfFzZ8hVa6hHEe7cJE6I14GhDiByYwNsLblv9A+zb/HdO19Miokj9kTgemew== eric@openthought.net # Virtualmin: Eric .. done. Scheduling removal of keys at 08/Sep/2016 23:59 .. .. done.
Creating master administrator Webmin login virtualmin-support .. .. done.
Sending notification of remote access to remote@virtualmin.com .. .. sent"
Submitted by andreychek on Mon, 09/05/2016 - 00:20 Comment #20
Ah, I think I see the problem -- it looks like an alternate DNS server, dnsmasq, had been installed, which is conflicting with BIND.
My suggestion would be to remove or disable dnsmasq, and then restart BIND.
After doing that, then test if your DNS queries are working properly.
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 00:36 Comment #21
I have removed it but still no luck
Submitted by andreychek on Mon, 09/05/2016 - 11:01 Comment #22
Thanks, now BIND is indeed listening on port 53 now; previously it was dnsmasq.
We'll look into why there's still an issue.
Submitted by andreychek on Mon, 09/05/2016 - 17:34 Comment #23
Okay, I did some testing -- using netcat, I can see that port 53 TCP is indeed open, and being accepted.
However, I'm having some trouble with port 53 UDP, which is what would be needed for DNS to work properly.
Can you verify that both protocols are indeed being forward into this server?
Submitted by andreychek on Mon, 09/05/2016 - 17:38 Comment #24
Oh, I wanted to add, I did a variety of poking around with your BIND config, and it does look great.
I tried commenting out a few things that could have potentially caused a problem, but that didn't help either.
I only began looking at the ports after not seeing anything in the BIND config that might be causing that.
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 18:26 Comment #25
53UDP was blocked so i did unblock it. seems like we are getting somewhere now as on the report i am getting now DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 13.77.4.124
I changed the bind ipadress from the internal to external address and that didnt help either
Submitted by andreychek on Mon, 09/05/2016 - 18:37 Comment #26
There we go!
I'm able to perform remote DNS lookups using your server now. I tested several different addresses and they all worked.
The error you shared above -- that may just be cached from an earlier result, as we can see the DNS is working on your server now. I tested that remotely using dig, but that's also apparent with a tool such as this one:
http://mxtoolbox.com/SuperTool.aspx?action=a%3afabiomarafioti.tech&run=t...
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 18:57 Comment #27
you have to use the lookup for ns1.fabiomarafioti.tech not fabiomarafioti. tech as that is going though another dns.
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 19:02 Comment #28
How come my dns doent point to my virtual server are you able to help me with that?
Submitted by andreychek on Mon, 09/05/2016 - 19:27 Comment #29
We're happy to help, but I'm not sure I understand.
What problem is it that you're experiencing there?
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 19:30 Comment #30
When i type fabiomarafioti.tk in the browser it doesnt show the webpage now i get an error ERR_NAME_RESOLUTION_FAILED even when i type it on the local computer no display
Submitted by andreychek on Mon, 09/05/2016 - 20:08 Comment #31
Well, unfortunately intodns.com is erroring out when I try to input that domain, so we can't get one of their DNS reports at the moment.
But one thing I can offer, is that when using "dig" to perform a lookup, it shows the following information:
;; ANSWER SECTION:
fabiomarafioti.tech. 38400 IN A 100.76.40.28
;; AUTHORITY SECTION:
fabiomarafioti.tech. 38400 IN NS ns1.fabiomarafioti.tech.
fabiomarafioti.tech. 38400 IN NS fabiomarafioti.tech.
fabiomarafioti.tech. 38400 IN NS ns2.fabiomarafioti.tech.
;; ADDITIONAL SECTION:
ns1.fabiomarafioti.tech. 38400 IN A 100.76.40.28
ns2.fabiomarafioti.tech. 38400 IN A 100.76.40.28
It looks like some DNS records are setup pointing to the internal IP address, rather than the external IP address.
I'd recommend reviewing all your DNS records for any domain added to your server, and ensuring that the IP address listed in it is your external IP address.
Submitted by andreychek on Mon, 09/05/2016 - 20:11 Comment #32
Actually, I take back the above.
While I would recommend fixing that, I don't think that's the issue here.
Looking at your named.conf file, fabiomarafioti.tk isn't added as a DNS zone.
Has that domain been added as a Virtual Server to your system yet? If so, you'd want to make sure the BIND DNS feature is enabled.
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 20:17 Comment #33
I did have that domain as a virtual server and just removed it.. it doesnt seem that the bind dns feature is available
Submitted by andreychek on Mon, 09/05/2016 - 20:35 Comment #34
If you look in System Settings -> Features and Plugins, is the BIND DNS Domain feature enabled there?
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 20:49 Comment #35
No it wasnt on and when it tried to enable it i got this error: Failed to save enabled features : Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the module config page. It appears that DHCP is being used to dynamically configure your network interfaces, which can cause the DNS servers to be set based on settings provided by the DHCP server. Using a static IP address is strongly recommended with Virtualmin.
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 21:14 Comment #36
I Just added 127.0.0.1 to dns servers and that enabled me to add that feature
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 21:17 Comment #37
Now that its added a zone the follow config was added to dns zone with the name fabiomarafioti.tk
$ttl 38400 @ IN SOA fabiomarafioti.tech. root.fabiomarafioti.tech. ( 1473128023 10800 3600 604800 38400 ) @ IN NS fabiomarafioti.tech. fabiomarafioti.tk. IN A 13.77.4.124 www.fabiomarafioti.tk. IN A 13.77.4.124 ftp.fabiomarafioti.tk. IN A 13.77.4.124 m.fabiomarafioti.tk. IN A 13.77.4.124 localhost.fabiomarafioti.tk. IN A 127.0.0.1 webmail.fabiomarafioti.tk. IN A 13.77.4.124 admin.fabiomarafioti.tk. IN A 13.77.4.124 mail.fabiomarafioti.tk. IN A 13.77.4.124 fabiomarafioti.tk. IN MX 5 mail.fabiomarafioti.tk. fabiomarafioti.tk. IN TXT "v=spf1 a mx a:fabiomarafioti.tk a:fabiomarafioti.tech ip4:100.76.40.28 ip4:13.77.4.124 ?all" fabiomarafioti.tech
still no bananas though
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 21:19 Comment #38
The following errors were found in the records file /var/named/fabiomarafioti.tk.hosts .. dns_master_load: /var/named/fabiomarafioti.tk.hosts:20: unexpected end of line dns_master_load: /var/named/fabiomarafioti.tk.hosts:19: unexpected end of input /var/named/fabiomarafioti.tk.hosts: file does not end with newline zone fabiomarafioti.tk/IN: loading from master file /var/named/fabiomarafioti.tk.hosts failed: unexpected end of input zone fabiomarafioti.tk/IN: not loaded due to errors.
Submitted by andreychek on Mon, 09/05/2016 - 21:44 Comment #39
It looks like that particular DNS zone file ends with the following line:
fabiomarafioti.tech
That's not actually a valid DNS record though.
My suggestion would be to remove that entry, and then apply the configuration (or restart BIND).
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 21:57 Comment #40
Ok Thank you thats working fine now at last :)
however got an issue with You don't have permission to access / on this server. and also when trying to add mysql feature i got this error.
Creating MySQL login ..
.. MySQL database failed! : SQL insert into user (host, user, ssl_type, ssl_cipher, x509_issuer, x509_subject) values ('localhost', 'fabiomarafioti', '', '', '', '') failed : Field 'authentication_string' doesn't have a default value at /usr/libexec/webmin/web-lib-funcs.pl line 1427.
Submitted by andreychek on Mon, 09/05/2016 - 22:08 Comment #41
The permission error might be due to not having a website uploaded into the public_html folder.
The MySQL issue sounds like a problem with using a MySQL version from a third party... we frequently see problems when using non-standard MySQL versions, as the upgrade process they use doesn't always work properly.
If using the default MySQL version is an option, that might be the simplest way to fix that.
However, it also may be worth posting a new support request regarding that, where it would be easier to get Jamie's input (as a whole, it's generally better to open new requests for new topics, but I'm letting things here go as I know you're just working to get things initially setup).
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 22:13 Comment #42
Never mind about the permission problem i fixed that .. just the sql problem
Submitted by matt@paytec.com.au on Mon, 09/05/2016 - 22:35 Comment #43
Thank you for your help I got everything working even the sql i just followed a ticket that someone else had
Submitted by andreychek on Mon, 09/05/2016 - 22:41 Comment #44
That's fantastic, thanks for letting us know!
For future reference, do you happen to have a link to the ticket you used to correct that?