Hello everyone. I am having some trouble here. I have set the authoritative DNS for the domain doingit.org to be ns1.doingit.org and ns2.doingit.org. However it doesn't seem to reach my Bind to resolve. If I test it get an error that the NS entries cannot be reached. On the ISPConfig panel I have set these two records to be the NS. I have also tested all port forwarding's and firewall rules. Just a few prints: Code: ; <<>> DiG 9.4.1-P1 <<>> @localhost doingit.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43591 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;doingit.org. IN A ;; ANSWER SECTION: doingit.org. 86400 IN A 87.194.8.92 ;; AUTHORITY SECTION: doingit.org. 86400 IN NS ns2.doingit.org. doingit.org. 86400 IN NS ns1.doingit.org. ;; ADDITIONAL SECTION: ns1.doingit.org. 86400 IN A 87.194.8.92 ns2.doingit.org. 86400 IN A 87.194.8.92 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 3 19:38:29 2007 ;; MSG SIZE rcvd: 113 Code: ; <<>> DiG 9.4.1-P1 <<>> @gateway.IP doingit.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18201 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;doingit.org. IN A ;; ANSWER SECTION: doingit.org. 0 IN A 208.69.32.147 ;; Query time: 1027 msec ;; SERVER: 192.168.1.254#53(192.168.1.254) ;; WHEN: Mon Dec 3 19:45:23 2007 ;; MSG SIZE rcvd: 45 Code: netstat -tap | grep named tcp 0 0 server.config:domain *:* LISTEN 9035/named tcp 0 0 localhost:domain *:* LISTEN 9035/named tcp 0 0 localhost:953 *:* LISTEN 9035/named tcp6 0 0 ip6-localhost:953 *:* LISTEN 9035/named I have now run out of ideas......
In your post I see reference to two distinct IP addresses, 87.194.8.92 and 208.69.32.147. Which of those IPs belongs to your ISPConfig machine? It appears that the name server at 87.194.8.92 is not running.
No Idea I have no idea where the 208.* IP comes from. It is returned by dig when when trying to resolve the domain outside the LAN. BIND9 however is running on 87.* as you can see from the ps posted in the original post. Inside the LAN it resolves fine. I have checked both the port forwarding on my router as well as the IP chain/firewall on my DNS server. just to show that both my glue record point to the right IP I checked them: http://ns1.doingit.org http://ns2.doingit.org
As far as I can see, everything's working now: Code: mh1:~# dig ns doingit.org ; <<>> DiG 9.2.1 <<>> ns doingit.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40023 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;doingit.org. IN NS ;; ANSWER SECTION: doingit.org. 86400 IN NS ns2.livedns.co.uk. doingit.org. 86400 IN NS ns1.doingit.org. ;; ADDITIONAL SECTION: ns1.doingit.org. 86400 IN A 87.194.8.92 ns2.livedns.co.uk. 30910 IN A 213.171.193.250 ;; Query time: 322 msec ;; SERVER: 213.191.92.84#53(213.191.92.84) ;; WHEN: Tue Dec 4 20:33:24 2007 ;; MSG SIZE rcvd: 110 mh1:~# dig ns1.doingit.org ; <<>> DiG 9.2.1 <<>> ns1.doingit.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52086 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.doingit.org. IN A ;; ANSWER SECTION: ns1.doingit.org. 86371 IN A 87.194.8.92 ;; Query time: 163 msec ;; SERVER: 213.191.92.84#53(213.191.92.84) ;; WHEN: Tue Dec 4 20:33:53 2007 ;; MSG SIZE rcvd: 49 mh1:~# dig @ns1.doingit.org doingit.org ; <<>> DiG 9.2.1 <<>> @ns1.doingit.org doingit.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61857 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;doingit.org. IN A ;; ANSWER SECTION: doingit.org. 86400 IN A 87.194.8.92 ;; AUTHORITY SECTION: doingit.org. 86400 IN NS ns1.doingit.org. doingit.org. 86400 IN NS ns2.livedns.co.uk. ;; ADDITIONAL SECTION: ns1.doingit.org. 86400 IN A 87.194.8.92 ;; Query time: 575 msec ;; SERVER: 87.194.8.92#53(ns1.doingit.org) ;; WHEN: Tue Dec 4 20:34:12 2007 ;; MSG SIZE rcvd: 110 mh1:~#
unfortunately not I have made some changes to my name servers, which explains the valid reply. However if you try to resolve doingit.org through ns1.doingit.org it still isn't working. However if I un-install ISPConfig the DNS queries get resolved just fine. Code: ; <<>> DiG 9.3.2 <<>> @ns1.doingit.org doingit.org ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached For some reason that I have not yet grasped it now returns this if the following if dig is executed within the LAN. Code: dig @ns1.doingit.org doingit.org ;; reply from unexpected source: 192.168.1.254#53, expected 87.194.8.92#53 Furthermore I spoted some errors in the syslog: Dec 4 11:45:26 server named[2162]: client 217.72.203.203#32834: query 'doingit.org/MX/IN' denied Dec 4 11:45:26 server named[2162]: client 217.72.203.203#32834: query 'doingit.org/MX/IN' denied Dec 4 11:45:26 server named[2162]: client 195.20.224.103#49256: query 'doingit.org/MX/IN' denied Dec 4 11:45:26 server last message repeated 3 times
Code: [root@server1 ~]# dig @ns1.doingit.org doingit.org ; <<>> DiG 9.3.3rc2 <<>> @ns1.doingit.org doingit.org ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached [root@server1 ~]# Is ns1.doingit.org running? Is port 53 (TCP and UDP) open?
this worked for me I had the same problem. I found a solution here: http://ubuntu-tutorials.com/2009/03/21/configure-bind-9-for-ipv4-or-ipv6-only/ hope it helps
