Configuring DNS to see nameservers

Submitted by oneearth on Fri, 11/18/2016 - 07:09

I can't figure out why I'm not getting the correct DNS settings so that my domain name, harreson.com will be accessed.

  • i think that i set my domain registrar correctly
  • likewise i think that i set virtualmin properly

dig +trace harreson.com

;; Received 864 bytes from 193.0.14.129#53(k.root-servers.net) in 36 ms

harreson.com. 172800 IN NS ns1.harreson.com.
harreson.com. 172800 IN NS ns2.harreson.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20161122054942 20161115043942 6404 com. AwH+KmiAJUCW24qrFOG5rp+y3GkCTCxfZREwWlG/bgEpn2XrQDlKN3fe 91y15VlQMsFoTgjjg1WE/5t7TWFzomyvl07CocFH7p6tvjUwghF8JJZL HnNefcOpTxgrtAUZXxZT+wFVtiyOvoPocWAjLLG8JD3U+SO39ZTjy/+U UdI=
RR3IM1TOALS0PL4PNE0IQO9IFKGOBG9V.com. 86400 IN NSEC3 1 1 0 - RR3KDD2IQPO510GEOU7RQIH5JUP92131 NS DS RRSIG
RR3IM1TOALS0PL4PNE0IQO9IFKGOBG9V.com. 86400 IN RRSIG NSEC3 8 2 86400 20161123051941 20161116040941 6404 com. VxsDhREcnqKt8AbVeXEdwvyIe4VcAx/GNa0boC37TLw/FAeZWSh+gLFu LQuoSHs9fxGSs1KLI29DkX9kQYKY4qWxUGWFRlNvJ7SUwfeuNtHd9yqS d2dKOjpiuGwVEBnpzY7ceIUoDxTMlLBAo9IwUt6ev1DDsvrYbmtiCI2k ySg=
;; Received 594 bytes from 192.52.178.30#53(k.gtld-servers.net) in 50 ms

harreson.com. 400 IN A 104.255.229.120
harreson.com. 400 IN NS ns2.harreson.com.
harreson.com. 400 IN NS ns1.harreson.com.
;; Received 125 bytes from 104.255.229.120#53(ns2.harreson.com) in 1 ms [root@server ~]# nslookup -type=ns harreson.com
Server: 127.0.0.1
Address: 127.0.0.1#53

harreson.com nameserver = ns1.harreson.com.
harreson.com nameserver = ns2.harreson.com. vi /etc/resolv.conf
nameserver 127.0.0.1
nameserver 104.255.229.120
nameserver 8.8.8.8
nameserver 8.8.4.4

but intodns.com/harreson.com doesn't see any NS records.

i originally had ip addresses to harreson.com set to one vps, and then moved vps to another ip address (which most results show now).

but http://whois.domaintools.com/harreson.com shows the old ip address and old information. i don't know if their output is just a caching thing.

Registrar TUCOWS DOMAINS INC.
Registrar Status ok
Dates Created on 2007-08-15 - Expires on 2017-08-15 - Updated on 2016-11-05  
Name Server(s) NS1.HARRESON.COM (has 2 domains)
NS2.HARRESON.COM (has 2 domains)
 
IP Address 167.114.182.176 - 1 other site is hosted on this server  
IP Location Canada - Quebec

your suggestions would be appreciated.

Files: 
Image icon domain_registrar_private_nameserver.png
Image icon domain_registrar_NS.png
Image icon domain_registrar_A.png
Image icon virtualmin_dns.png
Status: 
Closed (fixed)

Comments

Submitted by andreychek on Fri, 11/18/2016 - 09:25

Howdy -- I believe the problem you're having, is that your DNS server doesn't appear to be answering queries.

Is there by chance a firewall running on your server that's blocking access to DNS ports? If there's a firewall, you may want to try temporarily disabling it to see if that helps.

Also, is your server running behind a NAT router?

If so, you'd want to ensure that port 53 UDP is being forwarded to your server.

Submitted by oneearth on Fri, 11/18/2016 - 11:30

hmm, don't think a firewall is running:

top top - 17:24:17 up 2 days, 11:00,  2 users,  load average: 0.05, 0.06, 0.05
Tasks:  41 total,   1 running,  40 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.1 sy,  0.0 ni, 99.9 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  4194304 total,  3631068 free,   363660 used,   199576 buff/cache
KiB Swap:        0 total,        0 free,        0 used.  3638604 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND   
24578 root      20   0  155544   2176   1516 R   0.3  0.1   0:01.08 top       
    1 root      20   0  192516   2556   1364 S   0.0  0.1   0:10.36 systemd   
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 kthreadd/2+
    3 root      20   0       0      0      0 S   0.0  0.0   0:00.00 khelper/28+
   84 root      20   0   61728   7460   5052 S   0.0  0.2   0:05.93 systemd-jo+
  124 root      20   0   26352   1060    740 S   0.0  0.0   0:02.51 systemd-lo+
  127 dbus      20   0   26568    912    476 S   0.0  0.0   0:04.96 dbus-daemon
  146 root      20   0    6408    116      4 S   0.0  0.0   0:00.00 agetty    
  148 root      20   0    6408    124      4 S   0.0  0.0   0:00.00 agetty    
  524 root      20   0   41336    400      4 S   0.0  0.0   0:00.00 systemd-ud+
  675 rpc       20   0   64860    876    332 S   0.0  0.0   0:01.17 rpcbind   
2896 root      20   0   82512   1036    172 S   0.0  0.0   0:04.15 sshd      
5036 root      20   0   91092   1196    160 S   0.0  0.0   0:00.72 master    
5038 postfix   20   0   91372   1596    556 S   0.0  0.0   0:00.15 qmgr      
7414 root      20   0  144548  66556   1780 S   0.0  1.6   0:03.80 perl      
8596 root      20   0   15604    464    172 S   0.0  0.0   0:00.02 dovecot   
8597 dovecot   20   0    9268    260     96 S   0.0  0.0   0:00.00 anvil     
8598 root      20   0    9396    556    252 S   0.0  0.0   0:00.00 log       
9877 root      20   0  171188  56836    592 S   0.0  1.4   0:45.65 /usr/bin/s+
9878 root      20   0  171188  56704    460 S   0.0  1.4   0:00.20 spamd child
9879 root      20   0  171188  56704    460 S   0.0  1.4   0:00.16 spamd child
10060 mysql     20   0    9468    292      4 S   0.0  0.0   0:00.02 mysqld_safe
10348 mysql     20   0 1448804 135392   2912 S   0.0  3.2   3:18.34 mysqld    
11829 nobody    20   0  196400   1992    200 S   0.0  0.0   0:04.45 proftpd   
24558 root      20   0  139384   5536   4236 S   0.0  0.1   0:00.13 sshd      
24562 root      20   0  115332   2020   1644 S   0.0  0.0   0:00.00 bash      
24692 root      20   0  139252   5524   4236 S   0.0  0.1   0:00.12 sshd      
24696 root      20   0  115332   2028   1648 S   0.0  0.0   0:00.03 bash      
24843 postfix   20   0   91196   3856   2860 S   0.0  0.1   0:00.00 pickup    
25281 root      20   0   94152  57172   1196 S   0.0  1.4   0:00.00 /usr/libex+
25315 named     20   0  401644  24392   3320 S   0.0  0.6   0:00.08 named     
25330 root      20   0  526748  20640  12508 S   0.0  0.5   0:00.20 httpd     
25331 apache    20   0  292308   4004    508 S   0.0  0.1   0:00.00 httpd     
25333 apache    20   0  526748   8956    804 S   0.0  0.2   0:00.00 httpd     
25334 apache    20   0  526748   8956    804 S   0.0  0.2   0:00.00 httpd     
25335 apache    20   0  526748   8956    804 S   0.0  0.2   0:00.00 httpd     
25336 apache    20   0  526748   8956    804 S   0.0  0.2   0:00.00 httpd     
25337 apache    20   0  526748   8956    804 S   0.0  0.2   0:00.00 httpd     
29337 root      20   0   12284   1512    524 S   0.0  0.0   0:00.00 config    
29338 dovecot   20   0   29876   1012    512 S   0.0  0.0   0:00.00 auth      
29339 root      20   0   15404    756    436 S   0.0  0.0   0:00.00 ssl-params

for the output of nslookup -type=ns harreson.com:

[root@server ~]# nslookup -type=ns harreson.com
Server: 127.0.0.1
Address: 127.0.0.1#53

harreson.com nameserver = ns2.harreson.com.
harreson.com nameserver = ns1.harreson.com.

if the telnet response to #telnet 104.255.229.120 53 is:

[root@server ~]# telnet 104.255.229.120 53
Trying 104.255.229.120...
Connected to 104.255.229.120.
Escape character is '^]'.

does this mean that port 53 is open?

Submitted by andreychek on Fri, 11/18/2016 - 12:09

Your command above shows that port 53 TCP is open, UDP works a little differently.

However, doing some additional testing it appears that port 53 UDP may be there too.

Just to test -- if you go into Edit Virtual Server for the harreson.com domain, is the BIND DNS Domain feature enabled?

Submitted by andreychek on Fri, 11/18/2016 - 12:57

Hmm, if you log into your server over SSH, what is the output of this command:

host harreson.com

Submitted by oneearth on Fri, 11/18/2016 - 13:07

[root@server ~]# host harreson.com
harreson.com has address 104.255.229.120
harreson.com mail is handled by 5 mail.harreson.com.

Submitted by andreychek on Fri, 11/18/2016 - 14:12

Thanks for the config info -- could you share what the full options section at the top of your named.conf file looks like though? I think some of that may have gotten cut off.

Submitted by andreychek on Fri, 11/18/2016 - 15:03

Hmm, those settings all look good!

What I might try is to comment out these two:

dnssec-enable yes;
dnssec-validation yes;

And then restart BIND.

If the time on your server were off by a little bit, those settings could cause some lookups to fail.

Submitted by andreychek on Fri, 11/18/2016 - 18:14

I don't recommend reinstalling.

It looks like you just have a setting somewhere that's awry... I'm not currently sure which that is, but reinstalling isn't likely to help that.

Also, I would recommend keeping recursion set to "yes" for the time being, that's a less restrictive setting.

And I wouldn't worry about Webmin's zone defaults quite yet, that wouldn't affect the issue you're seeing at the moment.

Is your server directly on the Internet? Or is it behind a NAT router?

Also, what is the output of this command:

dig a harreson.com

When run on your own server?

Submitted by andreychek on Thu, 11/24/2016 - 12:10

We're glad to hear things are working for you now, thanks for letting us know!