I have installed ispconfig 3.1 and it is up and running , I made a tiny mistake in making a dns server and instead of " F " I typed " T " in my domain name , and realized that , once I deleted the dns zone from Ispconfig , the zone is not created it named.conf.local , instead of a file pri.mydomain.ltd a new file with a same name but different ending " pri.mydomain.ltd.err" is created , every new dns zone works with my bind server and the result of dig @@127.0.0.1 newdomain.ltd shows my ns perfectly explicitly , yet I noticed for every dns zone that is deleted , the file with extension .err is made and that I am not able to nslookup it locally , this is my result for dig for a new zone : Code: ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 testnumber2.dd ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29727 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;testnumber2.dd. IN A ;; ANSWER SECTION: testnumber2.dd. 3600 IN A 94.177.255.169 ;; AUTHORITY SECTION: testnumber2.dd. 3600 IN NS ns77.test.dd. testnumber2.dd. 3600 IN NS ns3.test.dd. but the same domain when is deleted and created once again becomes : Code: root@Shahab:/etc/bind# dig @127.0.0.1 testnumber2.dd ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 testnumber2.dd ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54294 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;hfp.co.ir. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Feb 18 22:15:41 CET 2017 ;; MSG SIZE rcvd: 38 which the ns are missing , I thought I should be smart and add the zone manually in my named.conf.local and I did Code: zone "testnumber2.dd" { type master; allow-transfer {none;}; file "/etc/bind/pri.testnumber2.dd"; }; zone "hfp.co.ir" { type master; allow-transfer {none;}; file "/etc/bind/pri.hfp.co.ir"; }; and restarted the service of bind , same result , I even renamed the file a few times to see if it reads it from .err or not and I got to the bottom of it that in fact it doesn't matter. please grace me with your wisdom
A file with .err extension is created when your dns zone is incomplete or rejected by bind. Incomplete zones don't get added in named.conf.local as they won't work anyway, that's why your zone is not added there. The most common error is that you might have missed to add A Records for the NS records if the ns records are subdomains of the same zone. You can also use the script named-checkzone to get the error message or take a look at the syslog file to see the error that caused the file to be saved with .err extension.
In my syslog : Code: Feb 19 11:01:06 Shahab named[22982]: client 173.252.115.145#22561 (ns1.hfp.co.ir): query (cache) 'ns1.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 173.252.115.145#39965 (hfp.co.ir): query (cache) 'hfp.co.ir/MX/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 173.252.115.145#53931 (ns2.hfp.co.ir): query (cache) 'ns2.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.195#57187 (ns2.hfp.co.ir): query (cache) 'ns2.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.195#22979 (hfp.co.ir): query (cache) 'hfp.co.ir/MX/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.195#43893 (ns1.hfp.co.ir): query (cache) 'ns1.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.194#36342 (ns2.hfp.co.ir): query (cache) 'ns2.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.194#11331 (ns1.hfp.co.ir): query (cache) 'ns1.hfp.co.ir/AAAA/IN' denied Feb 19 11:01:06 Shahab named[22982]: client 69.63.188.194#63958 (hfp.co.ir): query (cache) 'hfp.co.ir/MX/IN' denied there are so many of them , at least 3000 lines of the rejected domain , my resolve.conf also is Code: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver 62.149.128.4 nameserver 62.149.132.4 I tried to Code: options { ... allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; ... }; in my bind options and restarted the service , same result , stuck with that .err file , now in fact every new zone is created with .err file , which is weird , because yesterday I actually could make new zones that actually work
Do not edit resolv.conf or named.options, your problem s not related to them. Use the named-checkzone command and test one pf the .err files to see what you are missing.
This is my result of the named-checkzone Code: root@hfp:/etc/bind# named-checkzone hfp.co.ir /etc/bind/pri.hfp.co.ir.err zone hfp.co.ir/IN: NS 'ns1.hfp.co.ir' has no address records (A or AAAA) zone hfp.co.ir/IN: NS 'ns2.hfp.co.ir' has no address records (A or AAAA) zone hfp.co.ir/IN: not loaded due to errors. This is for the record that is created correctly without .err file Code: named-checkzone thenewtest.dd /etc/bind/pri.thenewtest.dd zone thenewtest.dd/IN: loaded serial 2017021902 OK What you said initially was correct , yet , I have no idea why Ispconfig can not make the file correctly , in the .err file I have : Code: $TTL 3600 @ IN SOA ns1.hfp.co.ir. kkd.ads.dd. ( 2017021902 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; hfp.co.ir. 3600 A 94.177.255.169 ns1.hfp.co.ir 3600 A 94.177.255.169 ns2.hfp.co.ir 3600 A 94.177.255.169 mail 3600 A 94.177.255.169 www 3600 A 94.177.255.169 hfp.co.ir. 3600 MX 10 mail.hfp.co.ir. hfp.co.ir. 3600 NS ns1.hfp.co.ir. hfp.co.ir. 3600 NS ns2.hfp.co.ir. hfp.co.ir. 3600 TXT "v=spf1 mx a ~all" I can clearly see the A record and it is not missing , why should zonecheck tell me that A is missing ? absolutely bumped
The problem is not ISPConfig here, ISPConfig is just doing what you tell him to do and until you do not add all required records in the ISPConfig DNS manager in that zone, then the zone will not be loaded by bind. You missed adding the A-Records for the NS records. Add A-Records for ns1 and ns2 with the correct IP addresses in that zone and the zone will be saved without .err ending. The records that you added are wrong, you missed the dot at the end of the fqdn domain name. In BIND, any fully qualified domain name must end with a dot, so what you added are A-Records: ns1.hfp.co.ir.hfp.co.ir and not ns1.hfp.co.ir So either use the short form "ns1" without a dot or the long form "ns1.hfp.co.ir." with a dot at the end.
Thanks for snappy replies , and I did revise that , in fact I read every word you wrote for me multiple times and I changed the whole zone making template in Ispconfig to : Code: [ZONE] origin={DOMAIN}. ns=ns1.hfp.co.ir. mbox=x.internet-x.org. refresh=3600 retry=3600 expire=604800 minimum=86400 ttl=3600 [DNS_RECORDS] A|{DOMAIN}.|94.177.255.169|0|3600 CNAME|www|{DOMAIN}.|0|3600 A|mail|94.177.255.169|0|3600 NS|{DOMAIN}.|ns1.hfp.co.ir.|0|86400 NS|{DOMAIN}.|ns2.hfp.co.ir.|0|86400 MX|{DOMAIN}.|mail.{DOMAIN}.|10|3600 and added 2 A records from ns1.hfp.co.ir and 2 manually to my valid Ip address and voila ! , the file changed from .err to a normal file , it is also written in my .local file which is fantastic , yet the result of my dig @127.0.0.1 hfp.co.ir is still the same : Code: ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 hfp.co.ir ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached root@hfp:/etc/bind# dig @127.0.0.1 hfp.co.ir ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 hfp.co.ir ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached but yes the website is browsable , it does show the apache2 default page instead of ispconfig but I can at least relate it to my server , wonder why it does not show the ispconfig page though
