Hi We've widen up our Serverstructure and outsourced our DNS and Mailserver on two new machines. Boths are in different datacenters. Server 1 ist the Master DNS and Mailserver Server 2 is a complete Mirror of Server 1 Now we've the problem that Google-Mail (and some other little providers) can't send mails to our Servers!! Only the .com Domains aren't working... Here is what dig says: Dig via Google-Public-DNS dig @8.8.8.8 ns datengarten.com ; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 ns datengarten.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50702 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;datengarten.com. IN NS ;; Query time: 2449 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Aug 1 11:19:26 2010 ;; MSG SIZE rcvd: 33 Dig via T-Online DNS: dig ns datengarten.com ; <<>> DiG 9.7.0-P1 <<>> ns datengarten.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9721 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;datengarten.com. IN NS ;; ANSWER SECTION: datengarten.com. 11872 IN NS ns1.datengarten.net. datengarten.com. 11872 IN NS ns2.datengarten.net. ;; ADDITIONAL SECTION: ns1.datengarten.net. 11872 IN A 78.46.233.41 ;; Query time: 3 msec ;; SERVER: 192.168.1.254#53(192.168.1.254) ;; WHEN: Sun Aug 1 11:19:51 2010 ;; MSG SIZE rcvd: 100 Again, this is only on .com Domains. Look here at .de domain also via Google-Public-DNS dig @8.8.8.8 ns datengarten.de ; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 ns datengarten.de ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29605 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;datengarten.de. IN NS ;; ANSWER SECTION: datengarten.de. 83999 IN NS ns1.datengarten.net. datengarten.de. 83999 IN NS ns2.datengarten.net. ;; Query time: 48 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Aug 1 11:20:45 2010 ;; MSG SIZE rcvd: 83 ---- I absolutly helpless! Please somebody tell me whats wrong there. regards spr P.S. I've installed all servers following "Perfect Server How To for Lenny (on Lenny)" and all other features are working fine!
To get nearer to the problem, first test if it is a problem with the servers by running: dig @localhost ALL datengarten.com on the shell of both servers and post the output. Additionally, post the output of: iptables -L from both servers.
Hi, output of Server 1: dig @localhost ALL datengarten.com ; <<>> DiG 9.6-ESV-R1 <<>> @localhost ALL datengarten.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25338 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;ALL. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 1 19:07:02 2010 ;; MSG SIZE rcvd: 21 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19402 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;datengarten.com. IN A ;; ANSWER SECTION: datengarten.com. 86400 IN A 88.198.55.45 ;; AUTHORITY SECTION: datengarten.com. 86400 IN NS ns1.datengarten.net. datengarten.com. 86400 IN NS ns2.datengarten.net. ;; ADDITIONAL SECTION: ns1.datengarten.net. 86400 IN A 78.46.233.41 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 1 19:07:02 2010 ;; MSG SIZE rcvd: 116 iptables -L Chain INPUT (policy DROP) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh DROP tcp -- anywhere loopback/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (18 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:tacacs-ds PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:munin PAROLE tcp -- anywhere anywhere tcp dpt:6999 PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpt:9367 PAROLE tcp -- anywhere anywhere tcp dpt:webmin ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:tacacs-ds ACCEPT udp -- anywhere anywhere udp dpt:mysql DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Output of Server 2: dig @localhost ALL datengarten.com ; <<>> DiG 9.6-ESV-R1 <<>> @localhost ALL datengarten.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45876 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;ALL. IN A ;; Query time: 23 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 1 17:17:04 2010 ;; MSG SIZE rcvd: 21 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58057 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;datengarten.com. IN A ;; ANSWER SECTION: datengarten.com. 86400 IN A 88.198.55.45 ;; AUTHORITY SECTION: datengarten.com. 86400 IN NS ns1.datengarten.net. datengarten.com. 86400 IN NS ns2.datengarten.net. ;; ADDITIONAL SECTION: ns1.datengarten.net. 86400 IN A 78.46.233.41 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Aug 1 17:17:04 2010 ;; MSG SIZE rcvd: 116 iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (17 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:munin PAROLE tcp -- anywhere anywhere tcp dpt:6999 PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpt:9742 PAROLE tcp -- anywhere anywhere tcp dpt:webmin ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql ACCEPT udp -- anywhere anywhere udp dpt:3307 DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-ssh (0 references) target prot opt source destination RETURN all -- anywhere anywhere I hope you can help me solving this. thanks till. spr
It looks like you haven't redelegated datengarten.com onto your new nameservers, as whois lists the nameservers as dns[1-3].nsdns.info. Having said that, ns1 & ns2.datengarten.net both respond for me with .com records. Edit: You have something funky with the records for your nameservers. It looks like you are using a wildcard record in datengarten.net. Put proper A records in for each of ns1 and ns2.datengarten.net. Currently both come up as 78.46.233.41, where ns2 should be 85.114.140.111 according to your delegation records.
Hi I´ve switched it to our "Domain/DNS Provider" yesterday evening to get our Mailserver reliable connected! But if you now dig for daten-garten.com you can still see what´s happening (or not)!! spr
Everything in daten-garten.com resolves to 88.198.55.45, but it otherwise appears to be working fine. In my other post, I recommended you add an A record for ns2.datengarten.net in the datengarten.net zone. I think I've figured out what's actually happening. The zone for your nameservers, datengarten.net is actually delegated to ns[1-3].domaindiscount24.net. In there, you have records for ns1 & ns2.datengarten.net which point at your nameservers. Your nameserver also have a zone configured for datengarten.net, but in there you don't have a record for ns2.datengarten.net. Also, the MX records for daten-garten.com & datengarten.com include mta1 & mta2.datengarten.net (datengarten.de doesn't) which have different answers from your servers and the domaindiscount ones. I'd really suggest you either remove the datengarten.net zone from your nameservers, or redelegate the zone to them (and add the ns2 record). When I query records against your nameservers, I see the following error which I believe is because of the above.
