dns woes

12 posts / 0 new
Last post
#1 Mon, 02/25/2008 - 15:55
dirtybird

dns woes

I transfered my dns service from my domain registrar to the dns service set up by VM pro and it doesn't work. Any suggestions??

dig example.com.

; <<>> DiG 9.5.0b1 <<>> example.com. ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29381 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ; example.com. IN A

;; Query time: 5023 msec ;; SERVER: 68.87.73.242#53(68.87.73.242) ;; WHEN: Mon Feb 25 20:53:35 2008 ;; MSG SIZE rcvd: 36

Sun, 02/17/2008 - 03:10
ronald
ronald's picture

when you create a domain, i.e. virtual server then the zone file is also created.
Per haps it is disabled in the servertemplate?

Mon, 02/18/2008 - 12:07
Joe
Joe's picture

Sounds like you're creating the zones in the BIND module and then creating virtual servers in Virtualmin?

If so, don't do that. Virtualmin creates everything, and if zones already exists it will refuse to deal with them. But maybe I'm misunderstanding you...you should be getting an error when trying to create the virtual server with existing zones (assuming DNS is enabled for the new virtual server when creating it).

--

Check out the forum guidelines!

Mon, 02/25/2008 - 17:27
DanLong

first, is the service running?

second, you don't say how long it's been. Could take up to 48 hours to propagate.

nslookup 68.87.73.242
Server: 207.230.202.28
Address: 207.230.202.28#53

Non-authoritative answer:
242.73.87.68.in-addr.arpa name = cns.manassaspr.va.dc02.comcast.net.

Wed, 02/27/2008 - 06:47 (Reply to #4)
dirtybird

.....more detail we can be more useful.

I have a domain with a registrar, example.com. It resolved fine with an A record on the registrar's dns servers pointing to my fixed ip address. I want to offer clients two dns severs, dns1.example.com and dns2.example.com to use for mail and dns, etc. if they wanted it. I changed the dns from my registrar's servers to dns1.example.com and dns2.example.com which were set up in virtualmin pro. Now I can't get to www.example.com, hosts and dig produce errors, and whois is correct. What do you think is wrong?

Wed, 02/27/2008 - 07:07 (Reply to #5)
WillSargent

Check out the tools at DNSstuff.com. They have a first-class DNS analyzer that is cheap to free, and will tell you exactly what is broken, and what is NOT broken.

There site has been invaluable to me in not only basic troubleshooting of DNS, but the fine tuning of my DNS servers.

Everything from are the TLD nameservers working right, to is my mailserver responding in the correct RFC manner.

[url]http://member.dnsstuff.com/amember/go.php?r=132325&amp;i=l0[/url]

Clicking the above this is an affiliate link that gives me an absolutely tiny atta boy if you like this tool. If that bugs you, go direct to: <a href='http://www.dnsstuff.com' target='_blank'>www.dnsstuff.com</a>

The initial diagnosis is that the SOA record for your domain is still pointing to the dns1.icann.org nameserver. This means one of two things: either the changing of the DNS record with the ISP did not go correctly, or enough time hasn't passed to update the glue .com servers.

When your DNS domain is hosted by servers that have names in that domain (DNS1.example.com, when the domain you want to host is example.com), the register has to register nameserver records in it's own glue database that permanently respond with the ip for DNS1.example.com. This is because the way DNS works, when a dns client looks up dns1.example.com to find the www.example.com record, it obviously has to find out the dns1.example.com address from somewhere besides your nameserver (see the circular loop here.) That's where the registrar's nameserver records come into play. By that I mean that you specifically tell your registrar to create a special server record (a - host record) that they host on the registration servers that says dns1.example.com is ip 192.0.0.2. Then everybody else uses that ip address to actually lookup every other bit of information about the zone that matters.

This is not a problem when your domain is hosted on somebody else's nameservers, because they have already done this. If you host other domains on your servers besides example.com, you will NOT need to redo this process, since the dns1.example.com name servers will be able to be resolved to get the information for your www.otherexample.com domain.

Lots of stuff here, but I hope that it helps!

Post edited by: WillSargent, at: 2008/02/27 07:23&lt;br&gt;&lt;br&gt;Post edited by: WillSargent, at: 2008/02/27 07:25

Wed, 02/27/2008 - 07:37 (Reply to #6)
DanLong

&quot;&quot;I have a domain with a registrar, example.com. It resolved fine with an A record on the registrar's dns servers pointing to my fixed ip address. I want to offer clients two dns severs, dns1.example.com and dns2.example.com to use for mail and dns, etc. if they wanted it. I changed the dns from my registrar's servers to dns1.example.com and dns2.example.com which were set up in virtualmin pro. Now I can't get to www.example.com, hosts and dig produce errors, and whois is correct. What do you think is wrong?&quot;&quot;

This is getting more confusing. Are you saying that you have a domain &quot;example.com&quot; that worked and that the two nameserver designations you provided don't work. It sounds to me like you set up your nameservers as virtual servers on the same box while BIND is operating on your arbitrary hostname. Don't confuse virtual servers with base servers. For ease, if you will, your nameservers should be base servers on two separate boxes. I say should, as other posts have touched on the nastiness of trying to run two nameservers on the same box.

Or maybe I'm reading you wrong.

Hope that helps,
Dan

Wed, 02/27/2008 - 11:25 (Reply to #7)
dirtybird

&quot;as other posts have touched on the nastiness of trying to run two nameservers on the same box.&quot;

They are running on two different server boxes, server1.example.com and server2.example.com

Wed, 02/27/2008 - 11:34 (Reply to #8)
dirtybird

For instance, if server1.example.com and server2.example.com are the actual name for my servers is this what you are calling &quot;base servers&quot;?

Wed, 02/27/2008 - 14:16 (Reply to #9)
DanLong

Hi,

You may need to check your IPs and make sure it actually is static and not simply assigned out of a dynamic IP pool. I called the actual box the base server ( your OS ) to differentiate from a virtual server. Unless I read wrong you can't run BIND as a virtual server.

In BIND you have to make sure you are actually running BIND as name based resolve. In your primary nameserver you should have a master zone set up for dns1.example.com and dns2.example.com and a master for example.com, something has to be the start of authority. Also, change your hostnames to dns1 and dns2, right now bind is running as server1 and server2 so where do you have dns1 and dns2?

Hope that helps,
Dan

Mon, 02/25/2008 - 19:45
Joe
Joe's picture

<div class='quote'>I transfered my dns service from my domain registrar to the dns service set up by VM pro and it doesn't work. Any suggestions??</div>

The basic process of debugging DNS is:

Does whois report correct glue records (i.e. do the NS fields point to your Virtualmin server)?

whois domain.tld

If incorrect...fix it at the registrar, or wait for propagation. If correct, does the DNS server actually respond?

host domain.tld name.server.address

If no, figure out why--is named running? is there a firewall blocking access to port 53 or the return traffic on high ports? is the result coming back but with incorrect data?

With more detail we can be more useful.

--

Check out the forum guidelines!

Tue, 02/26/2008 - 09:04 (Reply to #11)
dirtybird

whois returns the correct information. Bind is running and its been over 48 hrs since the changeover. host times out. Any port other than 53 involved??

Topic locked