Hi! For some reasons, my DNS servers (ns1 and ns2.bitworx.cloud) are not publishing TXT records for domain seifenatelier.net Only the spf-record is displayed with dig. Code: root@ns1:~# dig any seifenatelier.net | grep "TXT" seifenatelier.net. 3600 IN TXT "v=spf1 mx a ~all" I set up a new test TXT record: test.seifenatelier.net. - dsafaqerfaawbghtkkzuukhvbnvbn== - 3600 I restarted bind on ns1 and ns2 and waited over the night (other records are there as well for a much longer time than 24h and also not displayed with dig) What can be the problem? In /etc/log/syslog i can't find any errors related to "named" or "bind" What bothers me: Code: Jul 28 09:53:01 ns1 named[1123575]: none:100: 'max-cache-size 90%' - setting to 1745MB (out of 1939MB) and I have a VERY LOT of RRSIG querys from a domain pizzaseo.com - can I block these somehow? I don't have an option in my hosters firewall... Thanks! Dennis
Use this command to test your server: dig @localhost TXT seifenatelier.net and run it on both servers locally and check the result.
I already did - it also shows only the SPF-TXT record and 2 RRSIG Code: root@ns1:~# dig @localhost ANY seifenatelier.net | grep "TXT" seifenatelier.net. 3600 IN TXT "v=spf1 mx a ~all" seifenatelier.net. 3600 IN RRSIG TXT 7 2 3600 20210813065002 20210728065002 30402 seifenatelier.net. C98uFUuwmtHMU9P/cQN1SCHJsD4Ua6cVBtqKHFGsinuAXd27hZGBXtj5 pQ7IlCdeLhenbUuKdZqyhetqo8H53n+UELkmS+WTg6Y7j/MZS7JMC5Yt rf0YANRzfS95qkvqrgVHqt0P+e//Zvx5Kca/2/ANhxN4EP1HAUUpi0jK 0h0ZLxTbOfScuAWouXl282OFubaRK4nM0G4A4Co6H6DQPqPhtS3sWP00 Xkz9iSn7ckd/UFzw/HmhUmPL55PGMv9UdL3ByF2d+UfUhCwMlUm1F8qN DRdcPdrsX04ZtCv706BSNgKdFnFiF1e93htM8tBwzG1UVW7KbwbAGeyq 4BaziA== seifenatelier.net. 3600 IN RRSIG TXT 13 2 3600 20210813065002 20210728065002 37273 seifenatelier.net. 1mLhyUwUq5NGGlCJotPz+kUsnr7bil/R7vGxsm5ADhI62UrIsPhLkwE4 dzUtkCRu4AcJPww0M5da/Q6I64Zm7A==
Ok, then check the zone file directory of your DNS server to see if the zone file contains the TXT record and if not, check if there is a zone file with .err file ending for this zone. And Btw., the command you ran is not the one I asked you to run.
Sorry - copied the wrong window - btw - it's looking the same on ns2, so i didnt copy it in here. Code: root@ns1:~# dig @localhost TXT seifenatelier.net ; <<>> DiG 9.16.1-Ubuntu <<>> @localhost TXT seifenatelier.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36726 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: bf9f7d4e07767a6d01000000610114824ef6b99eeea8eb93 (good) ;; QUESTION SECTION: ;seifenatelier.net. IN TXT ;; ANSWER SECTION: seifenatelier.net. 3600 IN TXT "v=spf1 mx a ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 28 10:25:38 CEST 2021 ;; MSG SIZE rcvd: 103 and yes, the zone file includes the mentioned record(s) and there is no .err file in /etc/bind Code: root@ns1:/etc/bind# cat pri.seifenatelier.net $TTL 3600 @ IN SOA ns1.bitworx.cloud. office.bitworx.digital. ( 2021072802 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; mail 3600 A 52.29.179.158 seifenatelier.net. 3600 A 52.29.179.158 www 3600 A 52.29.179.158 seifenatelier.net. 3600 AAAA 2a05:d014:78f:7600:5f96:c7dc:3721:89fb 2o2l5vd4maqb74dr6begfpfucda7k5rt._domainkey 3600 CNAME 2o2l5vd4maqb74dr6begfpfucda7k5rt.dkim.amazonses.com 5dxh6k4kk76ku7pnstnwcvzjlbuvlwjb._domainkey 3600 CNAME 5dxh6k4kk76ku7pnstnwcvzjlbuvlwjb.dkim.amazonses.com 5zyety25tgukzk6pyhjrg5xully4jzi2._domainkey 3600 CNAME 5zyety25tgukzk6pyhjrg5xully4jzi2.dkim.amazonses.com seifenatelier.net. 3600 MX 10 mail.bitworx.cloud. seifenatelier.net. 3600 NS ns1.bitworx.cloud. seifenatelier.net. 3600 NS ns2.bitworx.cloud. dkim._domainkey.seifenatelier.net. 3600 TXT "v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9ouj1Wr3c4FNVKIPVCHBQ3VaWZ9UULfTwSOHJkoo4racqux3P98b1hhLVtW3LcH1XbQeOTh7yWEC4sOsvoYs1U9vJlkRD4WtcSBqJW5Zbk9Kig3oBDIBGqenbYq+syjMBIk60d0oLw/FNrd6TJLZIDR13WYpIOJOs2Ak6Nj+aEI13yHNS0d5yZuw5Dt5JA3j5R" "2qyoL9Rwox2jGU4XERNdlCNCvfiFUnrFoHD5K0kUml2bJvON75CcNhvhnxQskAyDxYPDhbsuRi9YIbZVyOlz3hwb1Uj4Vl+C9LmMQTkDZZC+fHDd8E0/NxM/G31rjAOqug3pQH8IHPVlP6kANGQIDAQAB" seifenatelier.net. 3600 TXT "v=spf1 mx a ~all" test 3600 TXT "dsafaqerfaawbghtkkzuukhvbnvbn==" _amazonses.seifenatelier.net. 3600 TXT "bZycy+tVYadhSIhB1ubmfJgM/d+Of7SrtNHrEUkXPlw=" $INCLUDE Kseifenatelier.net.+013+17426.key $INCLUDE Kseifenatelier.net.+013+37273.key $INCLUDE Kseifenatelier.net.+007+28285.key $INCLUDE Kseifenatelier.net.+007+30402.key
Try to stop named, check with ps command that really no instances are running anymore, if there are still instances, kill them, and then start it again and test if it's there now. maybe named hangs in a way that it does not load zones files anymore.
and btw. did you try: dig @localhost TXT _amazonses.seifenatelier.net As you probably miss this record, which is a subdomain and not a TXT record of the zone name.
i did it the following way: (root is su) Code: service named stop ps -e | grep "named" ps -e (double checked with manual reading through processes) service named start but sadly: Code: root@ns1:~# dig @localhost TXT seifenatelier.net ; <<>> DiG 9.16.1-Ubuntu <<>> @localhost TXT seifenatelier.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65053 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: a1830fa287d579d701000000610119174ed6041b5399f8f9 (good) ;; QUESTION SECTION: ;seifenatelier.net. IN TXT ;; ANSWER SECTION: seifenatelier.net. 3600 IN TXT "v=spf1 mx a ~all" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 28 10:45:11 CEST 2021 ;; MSG SIZE rcvd: 103
well, thanks for the explaining - that's indeed what i am looking for. but how is this a subdomain? I'm not a newbie, but that's out of my context of knowing :edit forget it, i got it.... took me a time and it works - so sorry for bothering
