Hello, Just done fresh install and totally confused due to my bad level with the command line ! I don't understand my DNS are not working. 1- First of all I imported one dedicated Ip Failover to use it for one domain name, then I have one IP for the VPS and one IP for the domain name 2- Created Client accouint 3- Setup website 4- Setup Dns After I checked if it's working with Bind Code: sudo rndc status version: BIND 9.11.5-P4-5.1-Debian (Extended Support Version) <id:998753c> running on vps730322: Linux x86_64 4.19.0-5-cloud-amd64 #1 SMP Debian 4.19.37-5+deb10u2 (2019-08-08) boot time: Sat, 21 Sep 2019 02:33:04 GMT last configured: Sat, 21 Sep 2019 05:20:01 GMT configuration file: /etc/bind/named.conf CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 103 (97 automatic) debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/900/1000 tcp clients: 3/150 server is up and running Bind OK after Code: dig @localhost clear-optical.com ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> @localhost clear-optical.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1392 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: dc8820ad2a86bdfc08a06aff5d85c26d751484220ce5090d (good) ;; QUESTION SECTION: ;clear-optical.com. IN A ;; ANSWER SECTION: clear-optical.com. 3600 IN A 87.98.149.60 ;; AUTHORITY SECTION: clear-optical.com. 3600 IN NS ns2.clear-optical.com. clear-optical.com. 3600 IN NS ns1.clear-optical.com. ;; ADDITIONAL SECTION: ns1.clear-optical.com. 3600 IN A 87.98.149.60 ns2.clear-optical.com. 3600 IN A 87.98.149.60 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Sat Sep 21 08:25:49 CEST 2019 ;; MSG SIZE rcvd: 158 Apparantly everything looks Ok, but the website is not browserable Do you see any errors in my DNS ?
There is tutorial on setting up DNS, see my signature. That includes chapter on testing, that should aid in finding out what is wrong. One error is that there are no name servers responding: Code: $ host clear-optical.com Host clear-optical.com not found: 2(SERVFAIL) Meanwhile, you can test how the website works using this: https://www.faqforge.com/linux/cont...ess-a-namebased-website-without-a-dns-record/
Yes I followed your tutorial Set up DNS with ISPConfig and after I came here ;-) Do you see any error above ? and what I can test to check it more ?
One thing is very strange ! If I can see my Dns zone in Ipsconfig normaly I can see it as well in /etc/bind/ right ? Then in /etc/bind/ I have only this file "pri.clear-optical.com.err" concerning this domain name ! Why I do not get more files in /etc/bind/ concerning this domain name ???
You may have used my Tutorial, but you have not read it. Read the part about named-checkzone, perhaps search for string named-checkzone Have you properly registered your domain and its name servers? Code: whois clear-optical.com | egrep -i "(name server|nserver)" Name Server: NS1.CLEAR-OPTICAL.COM Name Server: NS2.CLEAR-OPTICAL.COM Name Server: ns1.clear-optical.com Name Server: ns2.clear-optical.com Are those two name servers the hosts you have set up with ISPConfig?
Code: Have you properly registered your domain and its name servers? This domain name was working perfectly with Plesk on an other Vps, I didn't change anything on this domain name even the IP is still the same, I just moved My IP failover to this new VPS with Ispconfig (Debian 10). Code: Are those two name servers the hosts you have set up with ISPConfig? I am sorry I do not understand your question because the answer was in my first post, what do you mean ?
of course I am ready to restart all the process to setup the DNS with Ispconfig but before I would like to get some answers of my questions just above to do not restart and get after the same result.
If you have .err file in bind directory, that means the zone has some error that causes bind not to load it. What that error is I do not know, but you can find it out by using the name-checkzone command. I went to the trouble of writing that DNS Tutorial after noticing threads in this forum on name service setup were basically going nowhere. I had high hopes that after that tutorial we would at least be in the same ballpark and get name service issues fixed faster. Of course, now I see my plan has a flaw: the tutorial does not help at all when persons setting up name service do not read it. Back to the old drawing board.
Anyway, thanks for your help.... Maybe you can help me step by step ? If I'm using : Code: named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com.err I get this result Code: # named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com.err zone clear-optical.com/IN: NS 'ns1.clear-optical.com' has no address records (A or AAAA) zone clear-optical.com/IN: not loaded due to errors. But How this is can be possible ? because in IspConfig I have already one A record Which A record is expected ? Here is the file : /etc/bind/pri.clear-optical.com Code: $TTL 3600 @ IN SOA ns1.clear-optical.com. vps730322.gestion-des-domaines.com. ( 2019092107 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; clear-optical.com. 3600 A 87.98.149.60 ns1.clear-optical.com 3600 A 87.98.149.60 ns2.clear-optical.com. 3600 A 87.98.149.60 clear-optical.com. 3600 NS ns1.clear-optical.com. clear-optical.com. 3600 NS ns2.clear-optical.com. ns1.clear-optical.com. 3600 NS clear-optical.com. ns2.clear-optical.com. 3600 NS clear-optical.com. $INCLUDE Kclear-optical.com.+007+19806.key $INCLUDE Kclear-optical.com.+007+46400.key Here is the file : /etc/bind/pri.clear-optical.com.err Code: $TTL 3600 @ IN SOA ns1.clear-optical.com. vps730322.gestion-des-domaines.com. ( 2019092115 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; clear-optical.com. 3600 A 87.98.149.60 ns1.clear-optical.com 3600 A 87.98.149.60 ns2.clear-optical.com. 3600 A 87.98.149.60 www.clear-optical.com. 3600 CNAME clear-optical.com. clear-optical.com. 3600 NS ns1.clear-optical.com. clear-optical.com. 3600 NS ns2.clear-optical.com. If I'm using this command Code: named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com without .err at the end Code: # named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com dns_master_load: /etc/bind/pri.clear-optical.com:20: Kclear-optical.com.+007+19806.key: file not found dns_master_load: /etc/bind/pri.clear-optical.com:22: Kclear-optical.com.+007+46400.key: file not found zone clear-optical.com/IN: loading from master file /etc/bind/pri.clear-optical.com failed: file not found zone clear-optical.com/IN: not loaded due to errors. I get more confused because it answer that there is no file named pri.clear-optical.com, BUT I can see this file with Sftp ! and Code: # host clear-optical.com 87.98.149.60 ;; connection timed out; no servers could be reached That's crazy !!! I really don't undertand....
Code: ns1.clear-optical.com 3600 A 87.98.149.60 ns2.clear-optical.com. 3600 A 87.98.149.60 Compare the two lines carefully. The first does not have dot character at end of the name.
Yes, now the file /etc/bind/pri.clear-optical.com.err has disappeared but Code: named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com without .err at the end Still give me this error Code: # named-checkzone clear-optical.com /etc/bind/pri.clear-optical.com dns_master_load: /etc/bind/pri.clear-optical.com:20: Kclear-optical.com.+007+19806.key: file not found dns_master_load: /etc/bind/pri.clear-optical.com:22: Kclear-optical.com.+007+46400.key: file not found zone clear-optical.com/IN: loading from master file /etc/bind/pri.clear-optical.com failed: file not found zone clear-optical.com/IN: not loaded due to errors. Even if these files already exist ! What can be this problem ? that's not normal to get this difference beetween Putty and WinSCP !
You have to put the included files in a directory bind loads files from, or instead of relative path give full pathname for the files. Instead of Code: $INCLUDE Kclear-optical.com.+007+19806.key write Code: $INCLUDE /etc/bind/Kclear-optical.com.+007+19806.key if you put those files in that directory. If you want to use the relative filename, put the $INCLUDED files to the same directory where you have the zone files. By the way, what are these included files and where did they come from?
I don't know this was done by ISPConfig not by me, add /etc/bind/ manually is not the right way... Done already but I still get this Code: named-checkzone clear-optical.com /var/named/clear-optical.com zone clear-optical.com/IN: loading from master file /var/named/clear-optical.com failed: file not found zone clear-optical.com/IN: not loaded due to errors. these is no folder /named/ ! Arf what's wrong !
As in my screenshot above the is no folder /var/named Code: # ls -lh /var/named/ ls: cannot access '/var/named/': No such file or directory This is a fresh install with Debian 10 And This is working Code: dig @localhost clear-optical.com ; <<>> DiG 9.11.5-P4-5.1-Debian <<>> @localhost clear-optical.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6849 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 6575a18cb2d35605e28bf4595d8628acabb9ee9ee1ff4ca1 (good) ;; QUESTION SECTION: ;clear-optical.com. IN A ;; ANSWER SECTION: clear-optical.com. 3600 IN A 87.98.149.60 ;; AUTHORITY SECTION: clear-optical.com. 3600 IN NS ns2.clear-optical.com. clear-optical.com. 3600 IN NS ns1.clear-optical.com. ;; ADDITIONAL SECTION: ns1.clear-optical.com. 3600 IN A 87.98.149.60 ns2.clear-optical.com. 3600 IN A 87.98.149.60 ;; Query time: 1 msec ;; SERVER: ::1#53(::1) ;; WHEN: Sat Sep 21 15:42:04 CEST 2019 ;; MSG SIZE rcvd: 158 But Not Code: host clear-optical.com 87.98.149.60 ;; connection timed out; no servers could be reached I have headache
Forget that bogus named-checkzone command, you do not have /var/named directory on that host so /var/named/clear-optical.com really does not exist so the error message is correct. Why care about /var/named/clear-optical.com when it does not exist? On my Debian name server using bind /var/named does not exist either. I assume you have now followed the instrunctions in that DNS Tutorial on how to test name service is working? Now show results of this command: Code: ip a or if that fails then Code: ifconfig -a Then show output of this: Code: grep -i listen-on /etc/bind/*
Code: ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether fa:16:3e:78:f1:0e brd ff:ff:ff:ff:ff:ff inet 51.77.159.133/32 brd 51.77.159.133 scope global dynamic eth0 valid_lft 81563sec preferred_lft 81563sec inet6 fe80::f816:3eff:fe78:f10e/64 scope link valid_lft forever preferred_lft forever Code: ifconfig -a eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 51.77.159.133 netmask 255.255.255.255 broadcast 51.77.159.133 inet6 fe80::f816:3eff:fe78:f10e prefixlen 64 scopeid 0x20<link> ether fa:16:3e:78:f1:0e txqueuelen 1000 (Ethernet) RX packets 277612 bytes 28638043 (27.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 106837 bytes 42746027 (40.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 14725 bytes 4396762 (4.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14725 bytes 4396762 (4.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Code: grep -i listen-on /etc/bind/* /etc/bind/named.conf.options: listen-on-v6 { any; }; grep: /etc/bind/slave: Is a directory In all case I have done my best, I'm a beginner My VPS is hosted by OVH, the IP for this VPS is automaticly setup with my VPS name https://vps730322.ovh.net:8080/ that I am using to be connected on Ispconf. For this reason I didn't used your config with in-addr.arpa, on some other VPS that I used I never did this and it was working well.. The IP's failover for the domain name are automatically sticked on this VPS by the architecture of OVH servers. ns1.domain.com and ns2.domain.com are managed by Ovh in the interface of my domain name. My case looks like to far from your tutorial for using multiserver setup, for a beginner it's like impossible to sort out what I need to keep or not in this tutorial, this tutorial is too advanced for a beginner.
Try command Code: host clear-optical.com 51.77.159.133 This should work, since 51.77.159.133 is the IP-address of your host. At least it is the IP-number of the host on which you run the ip a -command. Is your setup a single server? I have so far assumed it is, but now that I read this thread from the beginning I note there has not been a mention of that. Anyway, with the correct IP number, check how the name service works now.
Code: # host clear-optical.com 51.77.159.133 Using domain server: Name: 51.77.159.133 Address: 51.77.159.133#53 Aliases: clear-optical.com has address 87.98.149.60 But the IP address of clear-optical.com is 87.98.149.60 and not 51.77.159.133 (Ip Adress of the VPS) and I get a wrong result Code: # host clear-optical.com 87.98.149.60 ;; connection timed out; no servers could be reached Maybe something is wrong with the PTR reserve of 87.98.149.60 ?
There are two different IP-addresses here, or two different concepts. The IP-address your host has and which it uses is 51.77.159.133. You can verify this is so using the ip a -command. The IP-address entered in DNS Name service for clear-optical.com in your name server is 87.98.149.60, as can be seen by querying it with command host from your name server. The ip-addresses you have entered for ns1 and ns2 are: Code: $ host ns1.clear-optical.com 51.77.159.133 Using domain server: Name: 51.77.159.133 Address: 51.77.159.133#53 Aliases: ns1.clear-optical.com has address 87.98.149.60 $ host ns2.clear-optical.com 51.77.159.133 Using domain server: Name: 51.77.159.133 Address: 51.77.159.133#53 Aliases: ns2.clear-optical.com has address 87.98.149.60 If you fix the entries for ns1 and ns1 to be 51.77.159.133, that would be one step forward.