HELP, domains not resolving

39 posts / 0 new
Last post
#1 Sat, 03/17/2012 - 11:43
Anonymous

HELP, domains not resolving

Hello I have installed WebMin and Virtualmin, I have created virtual servers, the BIND server is up and running without errors, I have the following DNS records $ttl 38400 @ IN SOA ns1.webmarketersclub.com. root.ns1.webmarketersclub.com. ( 1332001831 10800 3600 604800 38400 ) @ IN NS ns1.webmarketersclub.com. webmarketersclub.com. IN NS ns2.webmarketersclub.com. webmarketersclub.com. IN A 92.48.84.211 www.webmarketersclub.com. IN A 92.48.84.211 ftp.webmarketersclub.com. IN A 92.48.84.211 m.webmarketersclub.com. IN A 92.48.84.211 ns1.webmarketersclub.com. IN A 92.48.84.211 ns2.webmarketersclub.com. IN A 94.76.192.48 localhost.webmarketersclub.com. IN A 127.0.0.1 webmail.webmarketersclub.com. IN A 92.48.84.211 admin.webmarketersclub.com. IN A 92.48.84.211 webmarketersclub.com. IN TXT "v=spf1 a mx a:webmarketersclub.com ip4:92.48.84.211 ?all"

but the domain is not resolving I don't know what I am missing?

Any help will be GREATLY appreciated

Sat, 03/17/2012 - 14:17
andreychek

Howdy,

It looks like the nameservers for your domain are pointed to your registrar.

That's okay, but that means you would need to manually setup your DNS records at your registrar.

If you'd like to use your own server as a nameserver, there's some details on that here in the section named "How do I setup nameservers for my server":

http://www.virtualmin.com/documentation/dns/faq

Sat, 03/17/2012 - 17:16
marcolav

Hello and thank you for your comment, however the current setup is what I switched to after failing to use my own server as a nameserver. I did follow those steps, assigned IP's to the NS records, as you can see from the data I originally pasted above, edited template as per attachment (well seems attaching a file keeps timing out on me so no attachment) , but still it would not resolve, so I am wondering what could I possibly have done wrong?

Marco

Sat, 03/17/2012 - 18:42
andreychek

Well, it's difficult to say why your previous setup didn't work; and if you wanted to point your nameservers back to your Virtualmin server, we can certainly run some diagnostics and see if we can figure out what's awry.

However, what I can offer is that, with the setup you have now -- your domain's nameservers are pointing to your registrar, and your DNS records aren't setup there.

So if you wish to use your registrar as your nameserver, no problem, but you'd need to setup your records there.

If instead you wish to use your Virtualmin server, you're welcome to change your nameservers to point there, and we can do some troubleshooting to try and figure out why it's not working for you.

-Eric

Sat, 03/17/2012 - 19:29
Locutus

In addition to what Eric correctly said:

The authoritative nameservers for webmarketersclub.com indeed are configured to be dns1.registrar-servers.com thru dns5.... For me though, the domain (and subdomain www.) correctly resolves to the IP address you mentioned, as returned by all 5 authoritative servers.

Maybe a recently performed zone change needed time to propagate.

Sun, 03/18/2012 - 04:52
marcolav

Thanks all for your help

The point is that the NS may appear to resolve and point correctly, however when I create a new virtual server and try to use those NS records, the new domain won't resolve. Propagation should not be an issue as those domains have been using the very same DNS and very same IP on the very same machine for about 2 years, except I now decided to switch from CPanel to Virtualmin/Webmin and all at a sudden I am facing all those problems.

@andreychek , I have no problem in switching back the NS servers and have them point to the Virtualmin server to test, just let me know when would be a good time for you , as to reduce downtime

If acceptable I can even PM you the credentials?

Marco

Sun, 03/18/2012 - 06:52
marcolav

Check for example www.overfifty.co.uk it is correctly showing ns1.webmarketersclub.com and ns2.webmarketersclub.com as the assigned NS , it is showing the below in Virtualmin Server Configuration->DNS Records

$ttl Default Cache Time 38400
overfifty.co.uk SOA - Start Of Domain ns1.webmarketersclub.com. root.ns1.webmarketersclub.com. 1332066455 10800 3 ...
overfifty.co.uk NS - Name Server ns1.webmarketersclub.com.
overfifty.co.uk NS - Name Server ns2.webmarketersclub.com.
overfifty.co.uk A - IPv4 Address 92.48.84.211
www A - IPv4 Address 92.48.84.211
ftp A - IPv4 Address 92.48.84.211
m A - IPv4 Address 92.48.84.211
localhost A - IPv4 Address 127.0.0.1
webmail A - IPv4 Address 92.48.84.211
admin A - IPv4 Address 92.48.84.211
overfifty.co.uk SPF - Sender Permitted From v=spf1 a mx a:overfifty.co.uk ip4:92.48.84.211 ?all

I ran the validate virtual servers tool for BIND DNS domain on Virtualmin and no errors were returned

I am really at a loss here, I am sure it is something silly but it seems the only option I have is to uninstall and start form scratch?

Sun, 03/18/2012 - 08:40
ronald
ronald's picture

Why uninstall and restart from scratch? This is not how Linux works..on windows machines that would likely be applicable but not with Linux.
Linux is great because you can change some settings and then it will do as you expect.

Look
http://www.intodns.com/overfifty.co.uk
If you have no A records for your nameservers then you will have problems. So start with adding those.
If you do have A records, it might happen that your nameservers cant respond due to a setting in the BIND module.
You will have to overlook those settings and correct them until your nameservers will respond to outside queries.

Sun, 03/18/2012 - 08:44
marcolav

Thanks ronald, however I DO have glue records created for both ns1.webmarketersclub.com and ns2.webmarketersclub.com (I have had then since early 2010 and nothing changed since then..) and I have assigned an IP address to each one of them (same as the glue record of course ;) ) , but it seems they are not responding, so I think that , as you say there is some setting in the BIND module but that is eaxctly where my problem lies... WHAT exactly should I look for?

Sun, 03/18/2012 - 09:16
ronald
ronald's picture

so in webmin-servers-bind dns server look into "Miscellaneous Options" and set Do full recursive lookups for clients? to Yes. Also set "Fetch glue records?" to default or to yes
Then under "Addresses and Topology" set "Allow recursive queries from" to listed and then list in the box below: localhost and 127.0.0.1
127.0.0.1 must be listed as a nameserver in the Webmin - networking - Network configuration - Hostname and DNS Client
Then restart BIND

after retsrting BIND:
IF this is by any chance Centos 6, look inside the /etc/named.conf and see to it that it looks like below.
Important is the recursion yes and fetch-glue to yes under the options section..

options {
    listen-on port 53 {
        any;
        };
    listen-on-v6 port 53 {
        any;
        };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursion yes;
 
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
 
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    fetch-glue yes;
};
Sun, 03/18/2012 - 09:24
marcolav

Ok, I have done that and yes I have CenOS 6 and the only difference with the lines you posted seems to be the following:

/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; fetch-glue yes; allow-recursion { localhost; 127.0.0.1; };

Does it make any difference?

Thanks again for all your help!

Sun, 03/18/2012 - 09:45
ronald
ronald's picture

that seems right. Centos 6 is doing things a little bit different than previous editions.
Your nameservers still do not respond at this moment. I remember I had the same troubles when I started with Centos 6.

In the /etc/named.conf have your IP's listed

options {
   listen-on port 53 {
        127.0.0.1;
     94.76.192.48;
     92.48.84.211;
      };

Look in the webmin-networking-network configuration- host addresses and that you have entries there
94.76.192.48 ns2.webmarketersclub.com , ns2
92.48.84.211 ns1.webmarketersclub.com , ns1

Sun, 03/18/2012 - 10:02
marcolav

Allright, I have edited the /etc/named.conf as per your suggestion however I am not sure how to create the entries you suggested in webmin-networking-network configuration- host addresses ?

I enter 92.48.84.211 in the IP address box, then in the hostnames I type ns1.webmarketersclub.com , ns1 on one line but get an error message ',' is not a valid hostname

?

Sun, 03/18/2012 - 10:04
marcolav

Figured the part about adding hostnames, let's see what happens now, still not resolving

Sun, 03/18/2012 - 10:39
ronald
ronald's picture

Here is a thread that I contributed to. centos 6 and bind
http://www.virtualmin.com/node/20420

per haps it mentions some steps that you will need to do still..

Sun, 03/18/2012 - 10:54
marcolav

Thanks, I actually already have the situation suggested in post15 in that thread: http://www.virtualmin.com/node/20420#comment-96420 I had previosuly changed the Chroot directory to run BIND under from whatever it was there to / , however I have now modified it to 'None' as per your suggestion and edited the location of named.conf although from what I can see it was already the right file /etc/named.conf that was being used and edited

Now let's see what happens..

ronald maybe I could create and amin login for you if you would be so kind? possibly it is something encredibly easy and silly for somebody who knows where to look?

Thx a million again

Sun, 03/18/2012 - 11:30
marcolav

I just ran this check and it seems there is definitively something wrong with the NS setup? NS not responding?

http://www.intodns.com/webmarketersclub.com

Sun, 03/18/2012 - 13:55 (Reply to #17)
ronald
ronald's picture

this afternoon the error was: query timed out
this is no longer the case
now it gives the refused code which is 1 step forwards

50.0% of queries will end in failure at 92.48.84.211 (ns1.webmarketersclub.com) - returned REFUSED code
50.0% of queries will end in failure at 94.76.192.48 (ns2.webmarketersclub.com) - returned REFUSED code

it means there is one little step to take but I dont know this setting by heart.

Sun, 03/18/2012 - 11:59
marcolav

Well, I have been trying all possible combinations, reading forums, searching Google and then more yet my domains are note resolving, it looks like after all I may be better off spending money on Cpanel, I just wasted 2 days trying tofix something that is a basic essential function, so I am worried about what woudl happen with more sophisticated needs/requests.

Thanks ronald for all your help, but it looks like I am not the right person for Virtualmin, I am looking for something that would 'work' not force me to spend 2 days 'researching' it

Sun, 03/18/2012 - 13:38
ronald
ronald's picture

I dont think this is a virtualmin issue.
Centos 6 has some differences to previous editions that made me also dive into it deeper then I wanted.

If you want I can have a look and compare it to my Centos 6 installation. Once its running you will be glad you'd switch from cpanel to virtualmin.

Some stuff could be as easy as a firewall blocking port 53
anyway you can email me if you want at helpdesk @ stichtingizi . nl

I can probably look at it tomorrow evening as I am in transit at the moment and flying home tomorrow afternoon

Mon, 03/19/2012 - 16:01
marcolav

I want to publicly thank ronald for being so patient and helpful with me, despite my bad attitude about Virtualmin he contacted me personally and got my install up and running 100%!!

Thanks Ronald

Marco

Mon, 03/19/2012 - 18:40
ronald
ronald's picture

No problem Marco.

After resolving the "query time out" issue, there was a small "refuse" issue left.
The issue was that the allow-query (in named.conf) was set to localhost, this needed to change to either "any" or delete the entry all together.
After that the domains resolved immediately.

Tue, 03/20/2012 - 05:31
marcolav

Well the plot thickens now..

I have added 2 more domains using the template, all the data seems correct, the DNS has propagated and appears to show correctly however I get the following when running for example http://www.intodns.com/uniquefriendship.com

WARNING: One or more of your nameservers did not return any of your NS records.

What could be causing them? The domain has the exact same setup as dotcomprofit.com which is working and resolving, as you acn see at http://www.intodns.com/dotcomprofit.com

Tue, 03/20/2012 - 08:35
ronald
ronald's picture

ns3.webmarketersclub.com. ['92.48.84.211'] [TTL=172800] ns4.webmarketersclub.com. ['92.48.84.211'] [TTL=172800]

these are non existing nameservers, that is a problem at the registrar.

Also some sites have been created on different IP's which were not allowed in the /etc/named.conf
You can add all the IP's you are using or change it to 'any' like so

options {
    listen-on port 53 {
        any;
        };
Tue, 03/20/2012 - 09:02
marcolav

those 2 nameservers are actually existing at namecheap,, they have been created and are actually resolving to the right IP http://www.whatsmydns.net/#A/ns3.webmarketersclub.com http://www.whatsmydns.net/#A/ns4.webmarketersclub.com

Ok, so named.conf has to be edited manaully? I thought it would be enough to add the additional IP's from the Network Interfaces section of Network Configuration Module?

thanks for your help

Wed, 03/21/2012 - 03:22
marcolav

It seems that there is some fundamental bug/issue that it is most definitively beyond my very limited ability. Even with the help of Ronald, we can get a domain up and to resolve fine, then the next one that gets added again has the same issue. Just added blog-dating.com and again I have the issue of the 'refused' error the issue seemed to be named.conf so we added all individual ip's to listen to on port 53, that appeared to be the problem, but the next domain added got the same trouble again..

I am really at a loss here

Wed, 03/21/2012 - 10:00
marcolav

Any suggestions anybody?

Wed, 03/21/2012 - 10:23
Locutus

Without reading thru this lengthy thread (and retrace what you did, for which I lack the time at the moment), a hint: If existing domains work and new ones don't, there must be an issue with the config/zone of newly created domains. In the server template, section BIND DNS Domain, near the bottom you can add named.conf directives that are to be added for new domains, maybe that helps if you need to allow something specific for each domain.

If that does not help, I can try to help if you can summarize the problem and the solutions you implemented so far.

Wed, 03/21/2012 - 10:31
marcolav

Thnaks, essentially it was ronald who fixed ( we thought) the issue for me as the named.conf did not have all IP's on port 53 so he did the following edit as pasted below options { listen-on port 53 { 127.0.0.1; 92.48.84.211; 94.76.192.48; 94.76.192.49; 94.76.192.50; 94.76.192.51; 94.76.192.52; 94.76.192.53; 94.76.192.54; 94.76.192.55;

    };

we went ahead and created a new domain and it seemed to work. Then nothing was changed in the template or anywhere else, I proceeded to create an additional domain, same template, same IP, and it's getting the refused error ( if you would like to check, the domain is www.blog-dating.com ) So, while the same setup works on www.silver-news.net , it is getting the following for www.blog-dating.com... Error: ns1.webmarketersclub.com (92.48.84.211): Returned REFUSED error for blog-dating.com. (A). Error: ns2.webmarketersclub.com (94.76.192.48): Returned REFUSED error for blog-dating.com. (A).

Wed, 03/21/2012 - 10:45
Locutus

When I try to resolve those two domains at your ns1 and ns2, I get a SERVFAIL and not REFUSED. You might want to check your syslog (or wherever your BIND logs to) for details about what went wrong.

As for the IP addresses: It's probably not the best way, if you use private IP addresses for so many of your vservers, to add them all manually. Did you try the syntax listen-on { any; }; instead? That should cause BIND to listen on all addresses, and default port 53.

Actually, I don't have ANY listen-on directive in my config, and BIND works with any IP. That's because the default is, according to BIND manual:

If no listen-on is specified, the server will listen on port 53 on all interfaces.

Wed, 03/21/2012 - 11:12
marcolav

well, www.silver-news.net works fine and resolves fine according to all the tools I tried, ( I am using http://www.squish.net/dnscheck/v1.html as per suggestion from ronald and you may also see

Please understand I am by no means a sysadmin so it is possible I am doing something wrong, however ronald helped me and was able to get the www.silver-news.net to resolve after the initial virtual server creation was giving and told me he had found some errors and misconfigs that were now solved, like the named.conf not listening

I have now removed the listen-on directinve from named conf and the ones that were working are still working ok, however the blog-dating.com is still giving the refused error...

Wed, 03/21/2012 - 14:25
marcolav

If anybody can help I am more than happy to provide access to my Virtualmin install, I would like to get this sorted please

Wed, 03/21/2012 - 16:16
marcolav

Or if you could tell me what are the files /configs that could be causing this, I will post them here

Marco

Wed, 03/21/2012 - 16:16
marcolav

Or if you could tell me what are the files /configs that could be causing this, I will post them here

Marco

Wed, 03/21/2012 - 16:28
Locutus

I could take a look around on your system, sure. Are you using an instant messenger?

(I'm also getting a REFUSED now for blog-dating. The logs should contain information why the query was refused.)

Wed, 03/21/2012 - 16:32
marcolav

skype marcolavanna ICQ 7314031 Thanks!

Wed, 03/21/2012 - 17:34
Locutus

A little summary from me after a debugging session:

Reason for the REFUSED was that Virtualmin failed to restart/reload BIND to apply the newly created zone. After a manual restart, the zone resolved correctly.

We then changed the command Webmin uses to apply BIND changes from "Stop and restart" to "Command: rdnc reload", after setting up RNDC. With that change, Virtualmin then succeeded in applying BIND changes.

We also tried to find out why applying changes failed with the old setting, but unfortunately I could not find in the Webmin debug log which commands Webmin executes to apply changes. Virtualmin staff will probably need to take a look at this.

Wed, 03/21/2012 - 18:01
marcolav

And a big thank you from me to Locutus who solved my troubles!

Wed, 03/21/2012 - 18:16
andreychek

There is a bug report filed for this here:

https://www.virtualmin.com/node/21618

Topic locked