dns server not working

Hi,
this morning the primary dns server stopped reposing to dns requests.
port scan of IP show not listening
i did "ispconfig_update --force" and had this error after saying no to ssl

Code:

[Thu 20 Feb 10:57:36 GMT 2025] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6

using https://intodns.com shows both nameservers not responding

 

Thanks Till,
I restarted named, it did not complain.
I ran

Code:

service named status
root@ns1:~# service named status
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-02-20 11:37:40 GMT; 29s ago
       Docs: man:named(8)
   Main PID: 5834 (named)
     Status: "running"
      Tasks: 8 (limit: 4643)
     Memory: 32.7M
        CPU: 156ms
     CGroup: /system.slice/named.service
             └─5834 /usr/sbin/named -f -u bind

BUT!!

Code:

Feb 20 11:37:40 ns1 named[5834]: network unreachable resolving 'ns2.tlwebservies.co.uk/A/IN': 2001:502:2eda::3#53

so, ?? firewall issue??

 

it does resolve to my external for all my hostnames to the correct external IP.
So firewall issue

 

when i do

Code:

dave@DavePC:~$ dig @ns2.tlwebservices.co.uk mail.thinkvans.com

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @ns2.tlwebservices.co.uk mail.thinkvans.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48595
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: bb8e8113e5b2f8ad0100000067b71912631fe7a44e165a57 (good)
;; QUESTION SECTION:
;mail.thinkvans.com.        IN    A

;; Query time: 0 msec
;; SERVER: 146.66.81.103#53(ns2.tlwebservices.co.uk) (UDP)
;; WHEN: Thu Feb 20 11:59:14 GMT 2025
;; MSG SIZE  rcvd: 75

but using

Code:

https://intodns.com/tlsystems.co.uk

states name servers not giving records.
still nothing resolving

 

No till, not deleted anything for tlwebservices.co.uk.

 

It started working about 1 hr ago, i have asked the isp now if there was a routing issue as the firewall support (pfsense) stated

 

Hey,
I believe all is ok now, i can ping the nameservers and the IP.
I have some tinkering to do, looks like dns 2 cannot get updates from 1 or vice versa.
so, i add a client, domain, email, mailbox etc, then dns and then secondary dns.
I have multiserver setup with 2 dns servers.
ns2 is not a mirror of ns1
so i add records to DNS -> Zones -> WIZARD (fill in the info, naming ns1 and ns2), then i go back in to the domain -> ZONE SETTINGS and add to "Allow zone transfers to these IP's (comma seperated list): IP of ns2, then i goto Secondary DNS-ZONE -> ADD NEW Sec Zone and add the same domain.
am i doing this wrong as i secondary cannot communicate to primary dns

Code:

Feb 21 13:17:16 ns2 named[187751]: transfer of 'tlsystems.uk/IN' from 146.66.81.102#53: failed while receiving responses: REFUSED
Feb 21 13:17:16 ns2 named[187751]: transfer of 'tlsystems.uk/IN' from 146.66.81.102#53: Transfer status: REFUSED
Feb 21 13:17:16 ns2 named[187751]: transfer of 'tlsystems.uk/IN' from 146.66.81.102#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec) (serial 0)

 

The isp confirm they fixed the issue.
Following on from your post.
My registrar for tlwebservices - i have entries for both ns1 and ns2 that point to both IP's.
ispconfig for tlwebservices.co.uk -> dns -> zone
2 entries, 1 for ns1 pointing to external IP and 1 for ns2 pointing to external IP.
internally they use a 10.0.0.0 number inside.

Code:

dave@DavePC:~$ dig @ns2.tlwebservices.co.uk tlsystems.co.uk

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @ns2.tlwebservices.co.uk tlsystems.co.uk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53341
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 090814ea91ebda420100000067c5e6f6f1d8584ea384f847 (good)
;; QUESTION SECTION:
;tlsystems.co.uk.        IN    A

;; Query time: 0 msec
;; SERVER: 146.66.81.103#53(ns2.tlwebservices.co.uk) (UDP)
;; WHEN: Mon Mar 03 17:29:26 GMT 2025
;; MSG SIZE  rcvd: 72

to me this looks good, but when i use mxtoolbox.com or intodns.com they both state ns2 is not responding.
any ideas?

 

Hey Till

Code:

root@ns2:~# dig @localhost tlsystems.co.uk

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @localhost tlsystems.co.uk
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24934
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 62a53a2fb4e7b84d0100000067c70663b3408377c1c200dd (good)
;; QUESTION SECTION:
;tlsystems.co.uk.        IN    A

;; Query time: 4 msec
;; SERVER: ::1#53(localhost) (UDP)
;; WHEN: Tue Mar 04 13:55:47 GMT 2025
;; MSG SIZE  rcvd: 72

 

root@ns1:~# dig @tlsystems.co.uk

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @tlsystems.co.uk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2473
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1424
;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 86400 IN NS f.root-servers.net.
. 86400 IN NS e.root-servers.net.
. 86400 IN NS k.root-servers.net.
. 86400 IN NS h.root-servers.net.
. 86400 IN NS l.root-servers.net.
. 86400 IN NS j.root-servers.net.
. 86400 IN NS a.root-servers.net.
. 86400 IN NS d.root-servers.net.
. 86400 IN NS i.root-servers.net.
. 86400 IN NS c.root-servers.net.
. 86400 IN NS g.root-servers.net.
. 86400 IN NS b.root-servers.net.
. 86400 IN NS m.root-servers.net.

;; Query time: 12 msec
;; SERVER: 146.66.81.98#53(tlsystems.co.uk) (UDP)
;; WHEN: Tue Mar 04 13:54:07 GMT 2025
;; MSG SIZE rcvd: 239

 

Sorry

Code:

root@ns1:~# dig @localhost tlsystems.co.uk

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @localhost tlsystems.co.uk
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61157
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0435a6faf04773690100000067c71a2f69e886b0f92c5dad (good)
;; QUESTION SECTION:
;tlsystems.co.uk.        IN    A

;; ANSWER SECTION:
tlsystems.co.uk.    3600    IN    A    146.66.81.98

;; Query time: 0 msec
;; SERVER: ::1#53(localhost) (UDP)
;; WHEN: Tue Mar 04 15:20:15 GMT 2025
;; MSG SIZE  rcvd: 88

 

I followed https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/

 

to clarify, under secondary dns zone
NS (IP-address) = 146.66.81.102 (primary NS)
Allow zone transfers to these IP's = 146.66.81.103

is this correct - the manual says it is