Hello team, I encountered an issue with one of my ISPConfig servers recently. While I can access Apache using both local and public IPs, none of the domains seem to be functioning. I've included the server logs below. Your assistance is greatly appreciated. Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 11 (bullseye) [INFO] uptime: 02:50:01 up 6 days, 21:26, 3 users, load average: 0.01, 0.14, 0.38 [INFO] memory: total used free shared buff/cache available Mem: 125Gi 3.2Gi 116Gi 24Mi 5.7Gi 121Gi Swap: 974Mi 0B 974Mi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● mailman3.service loaded failed failed Mailman3 server LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.9 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.33 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.33 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 2121685) [INFO] I found the following mail server(s): Postfix (PID 2036108) [INFO] I found the following pop3 server(s): Dovecot (PID 1906) [INFO] I found the following imap server(s): Dovecot (PID 1906) [INFO] I found the following ftp server(s): PureFTP (PID 1554) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10023 (1336/postgrey) [localhost]:10024 (1142/amavisd-new) [localhost]:10025 (2036108/master) [anywhere]:3306 (2107694/mariadbd) [localhost]:10026 (1142/amavisd-new) [localhost]:10027 (2036108/master) [anywhere]:587 (2036108/master) [localhost]:11211 (1045/memcached) [anywhere]:110 (1906/dovecot) [anywhere]:143 (1906/dovecot) [anywhere]:465 (2036108/master) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) ***.***.***.***:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [localhost]:53 (2084838/named) [anywhere]:21 (1554/pure-ftpd) [anywhere]:22 (2063064/sshd:) [localhost]:10808 (1563055/opt/xray/xr) [localhost]:953 (2084838/named) [anywhere]:25 (2036108/master) [localhost]:10809 (1563055/opt/xray/xr) [anywhere]:993 (1906/dovecot) [anywhere]:995 (1906/dovecot) *:*:*:*::*:10023 (1336/postgrey) *:*:*:*::*:587 (2036108/master) [localhost]10 (1906/dovecot) [localhost]43 (1906/dovecot) *:*:*:*::*:8080 (2121685/apache2) *:*:*:*::*:80 (2121685/apache2) *:*:*:*::*:8081 (2121685/apache2) *:*:*:*::*:465 (2036108/master) *:*:*:*::*:21 (1554/pure-ftpd) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*eeb1:d7ff:fe8a:53 (2084838/named) *:*:*:*::*:22 (2063064/sshd:) *:*:*:*::*:25 (2036108/master) *:*:*:*::*:953 (2084838/named) *:*:*:*::*:443 (2121685/apache2) *:*:*:*::*:993 (1906/dovecot) *:*:*:*::*:995 (1906/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-pure-ftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ##### LET'S ENCRYPT #####
Would help if you could explain what you mean by this? Do Websites not load, result in an error or redirect to another page that they shouldn't?
Previously DNS worked perfectly but now I don't know what happened. For example my public IP call Apache without any problem 2.186.123.193 but domain not resolving for example payamosh.com
here is server nameserver configuration: nano /etc/resolv.conf # Generated by NetworkManager nameserver 8.8.8.8 nameserver 4.2.2.4 nameserver 1.1.1.1 nameserver 1.0.0.1 # Use local DNS server nameserver 192.168.1.1 nameserver 208.67.222.222
That is not relevant here. The Domain payamosh.com seems to be not connected at all. Whereever you bought that domain e.g. the registrar is where you set options for the domain, there you set the authorative NS for the Domain. These settings must point to a Nameserver that is authorative for the domain. The domain seems completly disconnected which can happen if the NS entries you've set that the registrar are incorrect or the NS server are not authorativ for the domains for a longer time. You can use dig to check this or https://intodns.com/payamosh.com Please check at the registrar where you bought the domain and see what is set in the Nameserver settings for said domain
sorry I can't get the point. this server was working perfectly a while ago but it stopped at once. main DNS, ns1.iibi.ir and ns2.iibi.ir working well but iibi.ir site not opening. Also, payamosh.com pointed to this ns1.iibi.ir and also not working. I don't know exactly what is going on or maybe I can get your explanation. Are there other online sites to investigate more on this issue?
The intodns.com site shows the reason for the error, so why do you want to use other tools? The DNS servers for domain iibi.ir are subdomains of the same domain, this means you must set glue records for ns1.iibi.ir and ns2.iibi.ir at the domain registry (this is not about your DNS servers, this is about wrong / missing settings at the domain registry). So to fix your issue, login to the system where you registered that domain and add glue records for ns1 and ns2 pointing to the correct IP addresses of ns1 and ns2. If you do not know how to do that, contact the support of the company where you registered that domain and ask them to set up glue records or to tell you how to set up glue records in their DNS system.
Hi till hope you are fine Thanks for the explanation, I got the point but there is an issue, since mostly we are working with IR extensions, and the main issuer of these domains just provides us with this configuration. As you can see below picture we are only allowed to set DNSs and this is not like GoDaddy or other US providers with other options like adding A Record, etc... Also, I have other servers in which they settled like this and working well.
We have now told you multiple times what the cause is (you are referring to nameservers that are subdomains of the domain you are setting them for without having GLUE records for ns1.iibi.ir and ns2.iibi.ir) and how you can resolve this (either by creating GLUE records yourself or asking your provider to do so, or setting different nameservers that do not refer to hostnames with the same domain) - what more do you expect from us now?
You should just set up DNS name servers with IP with glue records, but this did not happen for this domain. Contact them and tell them they should check why the glue records are not there.
And also double-check that your name servers are having DNS-A Records for ns1 and ns2 as well in that zone (and not just NS records).
you are right bro, but here things are done a little bit differently. There is not much configuration in our hands.
glad to hear from you till. thanks a lot for a clear explanation of the problem. Yesterday, I called the NIC organization ( responsible for all IR domains ) explained my problem, and told them they must add the GLUE record to my server function accordingly but then they replied there is not much configuration on their side and I must configure via my own panel. BTW, I have another server which configured in the same way ns1.x37.ir and it is working. https://intodns.com/x37.ir https://intodns.com/shasfa.com
maybe the source of the problem is very silly but I don't why the working server not working at once.
You configured this domain to use the following name servers: ns1.iibi.ir and ns2.iibi.ir but these subdomains do not exist. You must take care that you add an a-record ns1 in the zone iibi.ir pointing to the primary name server and you must add another A-record in the zone iibi.ir for ns2 pointing to your second name server.
The records look fine, but the whole zone iibi.ir is not reachable when you query. Neither is ns1 or ns2 reachable.
I know my explanation might be meaningless but explaining what happened after all. I called them a couple of times to the Domain provider and told them we had a Glue record problem but they were denied and for the sake of assurance I made all configurations null and set again in the Domain provider site. Then reinstalled the ISPConfig but the problem persists.
You missed adding a dot after ns1.ibii.ir and ns2.ibii.ir in the ns1 and ns2 A-Record in the screenshot in ISPConfig above. Any fully qualified domain in DNS must ens with a dot. I can recommend having a look at @Talemans ISPConfig DNS tutorial, which shows how to add a DNS zone in detail. Reinstalling ISPConfig was not necessary, there was no issue with your ISPConfig installation.
