Hello forum members! I will try to describe my situation here and hope that someone will help me. Here is what i have : 1. Account on go daddy with following records in hostnames And Folowing in nameservers 2. On ISPConfig i have following for domain 3. Into DNS Shows 4. Server says he is unable to resolve Any thoughts comments how can i fix that one ?
I try to check ns server locally i see result like that Site meanwhile still cannot be reached from outside Any ideas someone ?
According to the output, your DNS server is working fine, but there must be a firewall in front of it that blocks access from the internet, or your ISP (the one that provides the internet access for this server) blocks incoming DNS requests.
Can I somehow check it from server ? I ask because my thoughts were same and I called provider . They assume me that they unblocked port 53 but picture is still same , I also checked router on my side yesterday and ensured that I have there a port map for dns
You can only check this from the internet as its the connection internet to server that is blocked. What you can check on the server is that BIND runs and is reachable and that it returns the correct zone data, and that's what you did already. The only other thing that you can check using: iptables -L is that no local iptables firewall blocks incoming DNS traffic.
Your server uses RFC 1918 private address space addresses. Can the server be reached using the internet routable address? If you use port forwarding, is port 53 forwarded? My signature has link to name service tutorial, it has info on troubleshooting.
@Taleman I checked on firewall in front of server it has a bunch of ports opened and mapped including 53 and 433 and 80, webserver is accessible with same mapping so i assume that firewall on network router is not a reason why it doesnt work, in previous posts we have ufw status and iptables , both doesnt block anything.. Looks like its ISP firewall that block incoming on 53 for me Then dig Then Status In status what bothers me most is that ns in is denied ... grep named /var/log/syslog - Results as empty
While your stamement may be absolutely true, tutorial does have this info: Sorry for mistyping the name of the command. Memory faulty.
okay sorry for being not attent when was reading your tutorial So i dont have a err files in listing at all As for named checkzone
its gmail forwarderr record fixed it anyways it doesnt relates to overall status of name resolution i think
It is good to fix reported errors, one less thing to worry when troubleshooting. Your name server can not be reached from the public internet. Code: $ ping -c 3 178.18.44.142 PING 178.18.44.142 (178.18.44.142) 56(84) bytes of data. 64 bytes from 178.18.44.142: icmp_seq=1 ttl=52 time=70.1 ms 64 bytes from 178.18.44.142: icmp_seq=2 ttl=52 time=69.9 ms 64 bytes from 178.18.44.142: icmp_seq=3 ttl=52 time=70.0 ms --- 178.18.44.142 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 4ms rtt min/avg/max/mdev = 69.891/69.990/70.112/0.318 ms tale@ika ~ $ host aloraprim.com 178.18.44.142 ;; connection timed out; no servers could be reached You have tested it works from your local subnet, so the name server is OK. Hard to say why it can not be reached. Looks like ping and SSH does go to your server, how was this set up?
okay lets dig deeper into history , its a old ubuntu that was built using perfect server guide from here. it worked okay on previous domain registar now we were forced to move on another one , so now its godaddy. And i strugling to make it work here. From things that i changed in config 1. Added 2 ns records that point to external ip of machine to get rid of nasty errors 2. Removed disabled txt record and fixed typo in another txt record
Did you previously use name servers of the domain registrar? Follow this https://forum.howtoforge.com/threads/please-read-before-posting.58408/ and post the report in CODE tags.
Code: # cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 18.04.4 LTS [INFO] uptime: 10:11:16 up 4 days, 19:40, 2 users, load average: 0.05, 0.07, 0.09 [INFO] memory: total used free shared buff/cache available Mem: 3.8G 1.9G 1.0G 21M 929M 1.7G Swap: 3.8G 221M 3.6G [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.4 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.2.24-0ubuntu***.***.***.*** [INFO] php-cgi (used for cgi php in default vhost!) is version 7.2.24 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 14612) [INFO] I found the following mail server(s): Postfix (PID 1622) [INFO] I found the following pop3 server(s): Dovecot (PID 1719) [INFO] I found the following imap server(s): Dovecot (PID 1719) [INFO] I found the following ftp server(s): PureFTP (PID 1757) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:110 (1719/dovecot) [anywhere]:143 (1719/dovecot) [anywhere]:465 (1622/master) ***.***.***.***:53 (4607/named) [localhost]:53 (4607/named) ***.***.***.***:53 (25968/systemd-resol) [anywhere]:21 (1757/pure-ftpd) [anywhere]:22 (20917/sshd) [localhost]:953 (4607/named) [anywhere]:25 (1622/master) [anywhere]:993 (1719/dovecot) [anywhere]:995 (1719/dovecot) [localhost]:10023 (1543/postgrey) [localhost]:10024 (1669/amavisd-new) [localhost]:9000 (969/php-fpm:) [localhost]:10025 (1622/master) [localhost]:10026 (1669/amavisd-new) [localhost]:10027 (1622/master) [anywhere]:587 (1622/master) [localhost]:11211 (1003/memcached) [localhost]10 (1719/dovecot) [localhost]43 (1719/dovecot) *:*:*:*::*:8080 (14612/apache2) *:*:*:*::*:80 (14612/apache2) *:*:*:*::*:8081 (14612/apache2) *:*:*:*::*:465 (1622/master) *:*:*:*::*:53 (4607/named) *:*:*:*::*:21 (1757/pure-ftpd) *:*:*:*::*:22 (20917/sshd) *:*:*:*::*:953 (4607/named) *:*:*:*::*:25 (1622/master) *:*:*:*::*:443 (14612/apache2) *:*:*:*::*:993 (1719/dovecot) *:*:*:*::*:995 (1719/dovecot) *:*:*:*::*:10024 (1669/amavisd-new) *:*:*:*::*:10026 (1669/amavisd-new) *:*:*:*::*:3306 (1209/mysqld) *:*:*:*::*:587 (1622/master) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### Certbot is installed in /usr/bin/letsencrypt
You seem to be using old version of Ubuntu and very old version of ISPConfig. Ubuntu 18.04 may have old name server software bind9, unfortunately https://packages.ubuntu.com/ shows old Ubuntus only to 20.04. You could check version of bind9 with Code: apt policy bind9 I had to upgrade Bind9 v 9.11 to 9.16 to get a properly working name server. But version does not matter if the name queries do not reach your server. If you just changed domain registrar, it should now affect the working of your name server. Are you sure you did not use the registrars name servers previously? Troubleshoot why queries do not reach your server. On my Linux workstation I can do this on root window: Code: # tcpdump -n -i enp0s25 host 178.18.44.142 to see where the traffic is going and in another window Code: host -v aloraprim.com 178.18.44.142 Try similar things on your name server host to see if any traffic reaches it. If not, something blocks access to port 53. Your NAT setup may be the reason.
