Hi, I'm sorry title being off and for the extra spaces but it won't let me post without n I hope I can find some help? I've spent days on this now and am frustrated. I have installed ISPConfig setup on a public machine running a single Debian with Bullseye on it server. wget -O - https : //get. ispconfig. org | sh -s -- --lang=en The config setup went without errors. When I add any sub domain to DNS example, the sub 'test' to be test. domain. com, wait for populated changes to take effect and then ping test. domain. com, ping replies with - Name or service not known. I have cleared out the firewall rules and am running without. nslookup test. domain. com fails from outside servers but not from within. dig test. domain. com any/mx fails from outside servers but works from within. lynx test. domain. com from outside and inside the primary network fails resolving to www. test. domain .com. com though lynx to the primary domain domain.com itself works from inside and out of the network. lynx subs are accessible from within, not out. Pinging the primary domain itself, domain.com, is pingable from inside and out of the primary network though the sub. domain. com is not inside nor out.. Inside of ISPConfig adding sites works until checking the SSL/Letsencrypt option to on, saving setup, waiting, waiting, waiting until the red dot disappears, re-editing the site I just created/edited to find that the SSL/Letsencrypt option checkbox is re-unchecked. The Letsencrypt certs are not completed into the sub domains web ssl directory because it can't determine nor talk with the sub.domain.com sub IP. I added a different publiic domain name to a zone file to the bind9 setup manually, not controlled nor added by ISPConfig, and it's pingable, as well, after adding the other domain into ISPConfig, then creating a site through ISPConfig, accessing the other domain with lynx inside and outside of the primary network is successful. I enabled the ISPConfig DEBUG and don't see the error/problem in any logs. I wiped the machine clean and restarted from scratch a few times now with no success. Can someone Please help or suggest what I should start trying to do now to resolve the DNS networking resolve problem I have?
Probably just have to wait more hours before they are properly propagated if you already did everything right in your dns server.
OOOOoookay... So, I Really Hope you're right. That would maybe still be a culprit considering that I erased everything a few times n restarted, making everything refresh DNS n all. I'll wait till morrow n see. Will let u know back n either way, Thanks for your input!
As mentioned in the FAQ, please always post the log as you might not see an error but we may see one as we know e.g. when info is missing that should show up. So always post the log as mentioned in the FAQ. That's something might you get blocked at let's encrypt for days or even a week, so you won't get a certificate then even if everything is fine on your system and with your domain setup. So better not do that if you like to get a LE SSL cert. If you have a let's encrypt error, just follow the Let's Encrypt FAQ from beginning to the end and if you have not found the error by yourself till the end of the FAQ, then post the debug output here in the forum and wait. And as Ahrasis mentioned, DNS propagation takes time, so reading something and recreating it makes not much sense with LE at all, DNS propagation can take up to 24 hours. And please do not post ISPConfig questions in the forum labeled not for ISPConfig. I moved your post to the ISPConfig forum now.
My signature has link to DNS setup tutorial, it has troubleshooting instructions to verify name service is working as it should. If all is OK and the domain registered, it is just a matter of waiting for the name service info to propagate accross the Internet.
Hmm, today nothings different in that I still can't ping the domain from within the network, though a sign of hope exists with the returned ping message of: 'Temporary' failure in name resolution I also noticed that the actual zone file name is named /etc/bind/pri.adomain.com.err. I've always named my zones with endings of the domains extention, .db or .zone. Does the ending '.err' say that ISPConfig found an error and saved it that way? I have just went to DNS and removed the zone. Went to logs and cleared warns/errors. Went back to DNS and re-added the domain name into ISPConfig. While waiting for ISPConfig to do it's thing, I watched to see pri.adomain.com.'err' gone and then re-created with the same domain on the server. Pinging result: root@set ~ # ping -c1 adomain.com ping: adomain.com: Temporary failure in name resolution The log Monitor in ISPConfig with DEBUG on again now shows the errors: Writing BIND domain file failed: /etc/bind/pri.adomain.com zone adomain.com/IN: NS 'ns1.adomain.com' has no address records (A or AAAA) zone adomain.com/IN: not loaded due to errors. Reason for Bind restart failure: zone adomain.com/IN: NS 'ns1.adomain.com' has no address records (A or AAAA) zone adomain.com/IN: not loaded due to errors. REmoving the domain from ISPConfig's DNS manager and creating the zone by hand. Reloaded Bind9 and from an external network can now ping and browse ISPConfig's sub domains created for the domain. So I figurd it out not being anything wrong with Apache2 but it's rather the Bind setup. After the ISPConfig's installation by it's script, I haven't changed anything within the interface except customers beginning numbers. Thus I now presume not user error but a BUG... I really don't think the log files are going to tell me where the actual error is in the programming creating the initial domain zone file, as for it just tells the actions being performed and not the actual scripts and programs programming, buut, if it will help, which file should I post? How do I report it? I'd like to be involved with it so I can finally get this working ASAP. Or is a person here able to help? I could Maaybe give an admin access to the server? Plaese advise? Thanks everyone.
There is no bug, just a user error on your side: you missed adding some required records which BIND reminded you that they were missing. But the good thing is you posted the error message, so we know now what you did wrong. The first step to fix your error is to delete the DNS zone you manually entered, then restart bind. Now to your error, the error is clearly described in the log, see: So the mistake you made is that you are using subdomains of the zone itself without creating DNS A-Records for them. In DNS (no matter if you use ISPConfig or any other panel or write zones directly), you must create A-records for the NS records in case your NS records are part of the same zone, otherwise, BIND will throw an error to remind you to add them, as it happened in your case. So, to fix your problem: Create the zone again in ISPConfig and take care that you don't miss adding the A-records for the NS Records if you choose to use subdomains of the same zone again as NS records. Example: you add the zone: domain.tld and if you choose ns1.domain.tld and ns2.domain.tld as NS records for the zone (which means the ns records are subdomains of the zone itself), then DNS servers like BIND require it that you create A-Records for ns1 and ns2 as well.
One more thing that you might not be familiar with in DNS: when using a fully qualified domain name in DNS systems like BIND, then the domain name ends with a dot. Only short syntax uses no dot. Example: zone domain.tld ns1.domain.tld. ns1 are both equal, but if you use the long form, then the name must end with a dot. otherwise BIND will add the zone name to it and you'll get ns1.domain.tld.domain.tld Btw. the thing with A-Records for NS records is shown in the guide @Taleman posted in #5. You can see the A-Records in the screenshot from his guide: https://www.howtoforge.com/images/setting_up_your_own_name_service/big/DNS-Records.png
Ohhhhh my GOSH! Duuuuh, I can't believe how stupid that was! I was looking soooo hard and it was right in my face! I'm like, Man,, REALLY!?!! THANK YOU Sir!!!!!
