I am having issues getting my DNS to work correctly. I have 3 different named.comf file, named.conf - which seems to be a bare bones file that references 3 other files, 1)named.com.options 2) named.conf.default-zones 3)named.conf.local I will post the contents of these files. In the named.conf.local file, a pri.wrapyourgun.com files is referenced there, and I will post the contents of this file as well. (this is the site I am trying to get to work) None of these files have anything that is exactly like what has already been referenced here. the named.conf.local has something almost like what you have talked about, it has a listen-on-v6 line, and I added a " listen on 53 { any; }; " to that file as well with no luck. Any help would be greatly appreciated. Thanks in advance Also added, at the end of the attachments, you will see my screen shot from the intodns.com test, that shows that my server isn't responding.
Update Trying to figure all this out, I did a dig @localhost wrapyourgun.com and got this reply. After that, I did a dig with the IP address and got a different response. So for some reason my server is not responding to an outside request, but it is responding to a local request. I have forwarded port 53 to the server, which is the DNS port, and as far as I can tell I have having the server respond to any on both IPV6 and IPV4. So I am at a loss.
obsessing maybe? Yes, I just might be obsessing over this, but I really want to get it working. I have checked my firewall, disabled and re-enabled, still no response from the DNS service from the outside, even when I have completely disabled my firewall. I checked my router and the port is forwarded correctly.
What are the outputs of Code: netstat -tap and Code: netstat -uap ? What's the output of Code: iptables -L ? Also make sure that your ISP doesn't block port 53 (TCP and UDP!).
Here they are. netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:10024 *:* LISTEN 1149/amavisd (maste tcp 0 0 localhost:10025 *:* LISTEN 2968/master tcp 0 0 *:mysql *:* LISTEN 1096/mysqld tcp 0 0 localhost:spamd *:* LISTEN 1153/spamd.pid tcp 0 0 *:http-alt *:* LISTEN 3075/apache2 tcp 0 0 *:www *:* LISTEN 3075/apache2 tcp 0 0 *:tproxy *:* LISTEN 3075/apache2 tcp 0 0 *:ftp *:* LISTEN 2983/pure-ftpd (SER tcp 0 0 67.182.224.224:domain *:* LISTEN 1098/named tcp 0 0 server1.danielro:domain *:* LISTEN 1098/named tcp 0 0 localhost:domain *:* LISTEN 1098/named tcp 0 0 *:ssh *:* LISTEN 969/sshd tcp 0 0 *:smtp *:* LISTEN 2968/master tcp 0 0 localhost:953 *:* LISTEN 1098/named tcp 0 0 server1.danielromn:4507 *:* LISTEN 3232/pure-ftpd (IDL tcp 0 0 *:https *:* LISTEN 3075/apache2 tcp 0 0 server1.danielromne:www 64.255.85.238:57761 TIME_WAIT - tcp 0 48 server1.danielromne:ssh 64.255.85.238:57574 ESTABLISHED 996/sshd: administr tcp 0 0 server1.danielromne:ftp 64.255.85.238:57684 ESTABLISHED 3232/pure-ftpd (IDL tcp 0 0 localhost:mysql localhost:55075 ESTABLISHED 1096/mysqld tcp 0 0 server1.danielromne:www 209.85.238.199:61687 TIME_WAIT - tcp 55 0 localhost:35546 localhost:10025 CLOSE_WAIT 2147/amavisd (ch1-a tcp 0 0 localhost:55075 localhost:mysql ESTABLISHED 2147/amavisd (ch1-a tcp6 0 0 [::]:pop3 [::]:* LISTEN 2858/couriertcpd tcp6 0 0 [::]:imap2 [::]:* LISTEN 2824/couriertcpd tcp6 0 0 [::]:ftp [::]:* LISTEN 2983/pure-ftpd (SER tcp6 0 0 [::]:domain [::]:* LISTEN 1098/named tcp6 0 0 [::]:ssh [::]:* LISTEN 969/sshd tcp6 0 0 localhost:953 [::]:* LISTEN 1098/named tcp6 0 0 [::]:imaps [::]:* LISTEN 2844/couriertcpd tcp6 0 0 [::]:pop3s [::]:* LISTEN 2878/couriertcpd netstat -uap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 67.182.224.224:59357 192.168.0.1:domain ESTABLISHED 3091/apache2 udp 0 0 67.182.224.224:44545 192.168.0.1:domain ESTABLISHED 2786/freshclam udp 0 0 67.182.224.224:55822 192.168.0.1:domain ESTABLISHED 3308/apache2 udp 0 0 67.182.224.224:22067 192.168.0.1:domain ESTABLISHED 2147/amavisd (ch1-a udp 0 0 67.182.224.224:domain *:* 1098/named udp 0 0 server1.danielro:domain *:* 1098/named udp 0 0 localhost:domain *:* 1098/named udp 0 0 67.182.224.224:ntp *:* 3035/ntpd udp 0 0 server1.danielromne:ntp *:* 3035/ntpd udp 0 0 localhost:ntp *:* 3035/ntpd udp 0 0 *:ntp *:* 3035/ntpd udp 0 0 67.182.224.224:39129 192.168.0.1:domain ESTABLISHED 3092/apache2 udp 0 0 67.182.224.224:57646 192.168.0.1:domain ESTABLISHED 3089/apache2 udp 0 0 67.182.224.224:57646 192.168.0.1:domain ESTABLISHED 3089/apache2 udp6 0 0 [::]:domain [::]:* 1098/named udp6 0 0 localhost:ntp [::]:* 3035/ntpd getnameinfo failed udp6 0 0 [UNKNOWN]:ntp [::]:* 3035/ntpd udp6 0 0 [::]:ntp [::]:* 3035/ntpd iptable -L Code: Chain INPUT (policy DROP) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere state INVALID DROP all -- anywhere anywhere state INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT all -- 224.0.0.0/4 anywhere ACCEPT all -- anywhere 224.0.0.0/4 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] ' Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere state INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW ACCEPT udp -- anywhere anywhere state NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT udp -- anywhere anywhere udp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT udp -- anywhere anywhere udp dpt:fsp ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT udp -- anywhere anywhere udp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:25 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT udp -- anywhere anywhere udp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT udp -- anywhere anywhere udp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT udp -- anywhere anywhere udp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT udp -- anywhere anywhere udp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT udp -- anywhere anywhere udp dpt:mysql Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination
Does your ISP maybe block port 53? Or maybe (if you tried dig @public_ip from within your LAN) your router doesn't support loopbacks.
Hello, Saw this old post. It also helped me with a nameserver issue. Basically, I am using the ISPConfig API to create nameserver entries. At first all was not working even though as far as I could tell, the entries in the DB were correct. Then I saw this thread and it mentioned the /etc/resolv.conf file. I looked there and saw that an entry for the zone created (using the API) was not there. After I put it in, everything worked. So, my question is if there is some requirement that one has to place an entry into /etc/resolv.conf manually when creating new DNS entries? TIA
The file /etc/resolv.conf contains one or more external nameservers which the system can use to resolve domains, it shall not contain any local domains. So DNS entries of local domains should not be added to /etc/resolf.conf and you should remove the domain that you added manually.
If I remove them then nothing will work. From what I saw online, if I create a virtual host, (with a different domain name), then I would place an entry into /etc/hosts mapping to the IP address (for testing purposes). Under ISPConfig, if I add the create a virtual host with the Site functionality AND create a matching mail domain to go with it, what records would I place in the DNS for these 2 items? My guesses are a MX record for mail and a CNAME record for the website. Can you confirm?
Hi again - made a mistake with the info above. Above I mentioned: This was not correct. It was not /etc/resolv.conf but /etc/named.conf For /etc/named.conf had to add: /var/named/pri.faafaa.com looks like: Why is it that when a domain is created, the information is not added to named.conf? The program creates: pri.faafaa.com but does not add it to /etc/named.conf does it manually have to be added? Does this have to be done for EVERY new domain that is added? So, 80 customers with different domains means 80 entries in the /etc/named.conf file? TIA
The info has to be in the file named.conf.local and not named.conf, as nnamed.conf is managed by the package manager and additional zones have to be in named.conf.local and thats where ISPConfig adds this information. named.conf.local is included into named.conf. I guess you installed named after ispconfig was installed or you have overwritten the named.conf somehow so that the include is missing now. To correct your setup, remove everything that you added manually to the named.conf file, then run the ispconfig 3 update and choose to reconfigure services so that you named gets configured again.
Hi and thanks so much for the quick response There was a problem with one of the domains and someone had configured it this way to solve the problem. I found information here: http://www.faqforge.com/linux/controlpanels/ispconfig3/how-to-update-ispconfig-3/ This will not affect the current DNS entries - correct? Only the /etc/named.conf and /etc/named.local.conf files will be changed? I believe below was the original before changes were made.
A update will not affect current dns entries. You should update your system on a regular basis to keep it safe. But if you dont want to update, you can restore the named.conf file by using the one you posted above and then add this line at the end: include "/etc/named.conf.local"; and then restart named.
