Hi I have installed ISPConfig multiserver with Debian my problem is that i can not reach my dns i have open the ports from firewall that i have in front but something is blocking them from the server inside i have fail2ban installed. I want to check if my port is opened netstat -an | grep "LISTEN " but 0.0.0.0:53 is not listed. There are listened my local ip:53 and 127.0.0.1:53 they but i still take lot of errors and i see that port 53 is not communicating https://intodns.com/ssvag.com you can check here. I have no errors at my servers everything looks fine but i can not connect with my domains.
Most likely, bind is configured to listen on localhost only and not on 'any'. Please take a look into the file: /etc/bind/named.conf.options to check if it listens to localhost or to any.
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; this what is showing
This file is ok so far. Please use the coomand "named-checkzone" to test the zone file of the affected zone. and post the output of: netstat -tap | grep named
named-checkzone ssvag.com /var/named/ssvag.com zone ssvag.com/IN: loading from master file /var/named/*.ssvag.com failed: file not found zone ssvag.com/IN: not loaded due to errors. netstat -tap | grep named doesn't show nothing
I guess you either you used a wrong directory or wrong file name in the command. On Debian, the zone files should be in the /etc/bind/ directory and the files start with pri. , so the command should be like: named-checkzone ssvag.com /etc/bind/pri.ssvag.com
zone ssvag.com/IN: 'ssvag.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record zone ssvag.com/IN: loaded serial 2017032205 OK root@ns1:~# netstat -tap | grep named tcp 0 0 ns1.ssvag.com:domain *:* LISTEN 542/named tcp 0 0 localhost:domain *:* LISTEN 542/named tcp 0 0 localhost:953 *:* LISTEN 542/named tcp6 0 0 [::]:domain [::]:* LISTEN 542/named tcp6 0 0 localhost:953 [::]:* LISTEN 542/named after i reinstalled all the servers again exactly as the manual that you have write now except dns also ftp is not working is offline
that's ok, SPF records these days are TXT records, the old type "SPF" is deprecated. Please post the content of the file: /etc/bind/pri.ssvag.com Try to restat pure-ftpd-mysql and if it is not restarting, then check the syslog file for the exact error message.
$TTL 3600 @ IN SOA ns1.ssvag.com. ylli.ssvag.com. ( 2017032205 ; serial, todays date + todays serial # 7200 ; refresh, seconds 540 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; ssvag.com. 3600 A 192.168.110.105 www 3600 A 192.168.110.105 mail 3600 A 192.168.110.105 ssvag.com. 3600 NS ns1.ssvag.com. ssvag.com. 3600 NS ns2.ssvag.com. ssvag.com. 3600 MX 10 mail.ssvag.com. ssvag.com. 3600 TXT "v=spf1 mx a ~all" ns1 3600 A 192.168.110.106 ns2 3600 A 192.168.110.107
i also scaned with different tools my ip for dns 185.30.144.212/213 port udp 53 is opened from my firewall here is what i get from dig localy root@web:~# dig @192.168.110.106 ssvag.com ; <<>> DiG 9.9.5-9+deb8u10-Debian <<>> @192.168.110.106 ssvag.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49965 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ssvag.com. IN A ;; ANSWER SECTION: ssvag.com. 3600 IN A 192.168.110.105 ;; AUTHORITY SECTION: ssvag.com. 3600 IN NS ns2.ssvag.com. ssvag.com. 3600 IN NS ns1.ssvag.com. ;; ADDITIONAL SECTION: ns1.ssvag.com. 3600 IN A 192.168.110.106 ns2.ssvag.com. 3600 IN A 192.168.110.107 ;; Query time: 1 msec ;; SERVER: 192.168.110.106#53(192.168.110.106) ;; WHEN: Wed Mar 22 18:31:55 CET 2017 ;; MSG SIZE rcvd: 122
Ok, so dns is working fine. If you can not reach it from outside, then your router, an external firewall or your ISP is blocking the dns requests.
Thank Till After i installed and reinstalled more than 10 times ispconfig multiserver i realized that my ISP was blocking udp port 53 as you said. 2 weeks of frustration and more than 12 hours per day checking everything i realized that someone to protect himself from ddos attacks closed this port. I finally gave up from dns hosted by myself and i am using single server setup now everything looks fine except roundcube i can not access the link of webmail when i try to pen it gives error 404 but i guess i have to recheck the installation. maybe is connected with also another error when i try to connect to ftp i can only access it with ip and not with the domain. Thank you very much for your support.
The webmail URL is configurable in ISPConfig, it might be that you just have to set the correct URL under System > Interface config. Try the following URL's: http://yourserver/webmail http://yourserver/roundcube http://yourserver:8081/webmail and check if you reach RoundCube on one of them. If you can reach it, then set that URL under System > Interface config as webmail url.
