IspConfig Dns Issue

Discussion in 'Server Operation' started by tipsntricks, Nov 21, 2020.

  1. tipsntricks

    tipsntricks New Member

    Hi All,

    I installed isconfig(ISPConfig Version: 3.2dev20201119) a few days ago following link (https://www.howtoforge.com/tutorial...l-pureftpd-bind-postfix-doveot-and-ispconfig/) and it s completed without any error.

    I oppened a dns zone for test but i can t reach on my test account. Dns working, firewall rules ok and if i send dig +short @93.x.x.13 NS k***m.com returning result but when i m trying to ping it s not answering.
    ns3.s***k.name.tr.
    ns4.s***k.name.tr.

    Also i ve Microsft Dns server if i create zone on it, it s working perfect.
    Do you have any idea or offer whats happening on it. By the way i bought support from schaal it but we can t solve. Thanks for your help.
     
    Last edited: Nov 22, 2020
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I did not understand what problem you have. But my signature has link to DNS tutorial, use that and show what test are failing and how.
    You have to wait some hours before the new name service info has propagated around the world. So if it is not working now, test directly from your name server it has correct info, and then try again after 4 hours with ping.
     
    ahrasis likes this.
  3. tipsntricks

    tipsntricks New Member

    When i m pinging my domain cant reach. That the my problem. Simple, dns doesn t answers my ping.
    when i dig the dns with dig +short @93.x.x.13 NS k***m.com result turning like bellow.
    ns3.s***k.name.tr.
    ns4.s***k.name.tr.
    but when i m tryin to ping there s no domain.
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It would certainly be easier to troubleshoot with the real domain name and addrs. Is the ip you are querying above one of the registered nameservers for the domain? Are the NS records returned correct? Do those nameserver hostnames exist in dns with the correct address? Can you reach then from the internet with dns queries on port 53?
     
    ahrasis and Th0m like this.
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    ping command is not very useful for troubleshooting name service. Depending on the setup, it may not query DNS at all. Test with host command like the DNS tutorial shows.
     
    ahrasis likes this.
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you don't say what firewall rules you have in place. or even what firewall.
    ping and it's reply use icmp. you need to allow icmp through your firewalls.
    ICMP has no ports and is neither TCP nor UDP. ICMP is IP protocol 1 (see RFC792), TCP is IP protocol 6 (described in RFC793) and UDP is IP protocol 17(see RFC768). UDP and TCP have ports, ICMP has no ports.
    you could, if the service is enabled, use echo, which uses port 7 (tcp and udp) to 'ping' the server instead.

    but besides all that, if you want to find out if there's a problem with your dns causing pings to fail, the solution is simple. bypass dns completely. ping the ip address of your server, if that responds, ping is working, and allowed through your firewall, and you have a dns issue. if ping doesn't get a reply, you have a firewall somewhere blocking icmp. no amount of dns changes are going to affect that.

    or continue trying to ping your server name. if the first line of the result is
    PING <your server fqdn> (<ip address>) 56 data bytes
    then again your dns is working and it's finding an ip to ping. if the lines below this mention 100% packet loss, then ping (icmp) is being blocked (or your server is offline). if the ip address doesn't match your servers ip address, you have the wrong ip set in your A records, or a dns change hasn't fully propagated yet.
    if the response is
    ping: <your server fqdn>: Name or service not known
    then yes, you have a problem with your dns.
     
    ahrasis and Th0m like this.
  7. tipsntricks

    tipsntricks New Member

    We ve Microsoft Dns behind the same firewall and it s working perfectly.
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share the exact command and host you are using to ping?
     
  9. tipsntricks

    tipsntricks New Member

    Hi, what do you mean exact command of ping? Command is : ping hostname.com, ping x.x.x.x. I can close the post couse of all of you like kidding. I m looking where is the camera.
     
  10. tipsntricks

    tipsntricks New Member

    Please do not reply the post, you can count solved the issue, couse you r not helping !!!!
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    We are trying to help you out with your problem. There is something wrong with your setup and we are trying to find what the problem is. The reason ping doesn't work is probably because there is no A record for the hostname you are pinging on the nameserver for that domain.

    It's not like we can magically fix your issue if you don't provide any details. We cant diagnose it because you don't share the real hostname. If you want help you need to accept it when one offers it.
     
  12. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you claim that you have a problem because dns doesn't answer ping, even though ping and dns are completely separate.
    you claim it's not the firewall because microsoft dns works, that doesn't mean ping works though, and if it does, that could be because the firewall only allows icmp to the microsoft server ip, and even if that firewall allows icmp to all servers, the linux servers could also be runnig their own firewall and blocking icmp.

    if you follow the any of the options i posted, it would confirm what your problem is. firewall or dns.
    the first step in fixing an issue is to identify exactly where the issue is, currently it could be one of multiple issues.
    instead of saying we're being unhelpful, or treating it like a joke, try providing us with information relevant to what we've suggested.

    we can't help you if you're unwilling to help yourself.

    stop hiding the domain name, ip's, and nameservers, if the system was working that would all be publicly accessible information, so hiding it on here helps no-one, it just makes it harder for us to help you.

    what is the server fqdn? what is the full public ip of the server? is it a standalone ispconfig server or multiserver? if multi-server what are the fqdn's and ip's of the nameservers.
    what is the domain used for the test zone you created, what A records did you create for it? what ns records did you create for it?
    please provide what you set for both the name and the data fields.
     
    Th0m likes this.
  13. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    @tipsntricks, please be nice and have an open mind when people are trying to help. You did mention you bought special service and that didn't help, we noted that and so far that we are concerned you can keep buying professional services to resolve your problems.

    That's aid, for DNS setup and troubleshooting, I used to depend a lot on @Taleman's in maintaining dns servers but I realized do not need them, since for now, using free CloudFlare service suffices for me.

    Reading your thread, the only problem you claimed facing is pinging the domain (hostname.com) and its ip using ping command of which you seemed to be very hesitant to reply.

    From the possible firewall problem put up by @nhybgtvfr above, you can try enhancing the ping to specific port that is opened on your server by telnet command instead of ping. You can also use nmap to determine what port is indeed opened in your server.

    I don't know about this, but my wild guess is, it may cause some redundancy of the port usages and issues for dns there (and maybe other services too) since it could mean all of your dns servers (and may be other servers too) are behind the same firewall.
     
    Th0m likes this.

Share This Page