From Today my DNS server is not propagting

Discussion in 'Installation/Configuration' started by pawan, Aug 24, 2015.

  1. pawan

    pawan Member

    In ISPCONFIG control panel in monitor -services
    the report is shown like this-
    Data from: 2015-08-24 14:00
    Web-Server: Online
    FTP-Server: Online
    SMTP-Server: Online
    POP3-Server: Online
    IMAP-Server: Online
    DNS-Server: Online
    mySQL-Server: Online

    Ubuntu server 12.04
    ISPCONFIG 3.0.5.4P1

    Please help.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    For existing domains or for new domains that you add?
     
  3. pawan

    pawan Member

    for existing domains.
    Even I have tried restarting the server with no help.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to query your DNS server on the shell of your server with:

    dig @localhost domain.com

    replace domain.com with the domain name that your server shall respond.
     
  5. pawan

    pawan Member

    Thanks Till,
    I did as you suggested like
    dig @localhost lions322c2.org
    and I think I am getting the correct response like
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44305
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;lions322c2.org. IN A

    ;; ANSWER SECTION:
    lions322c2.org. 86400 IN A 117.247.67.131

    ;; AUTHORITY SECTION:
    lions322c2.org. 86400 IN NS ns1.mywebsolutions.co.in.
    lions322c2.org. 86400 IN NS ns2.mywebsolutions.co.in.

    ;; ADDITIONAL SECTION:
    ns1.mywebsolutions.co.in. 86400 IN A 117.247.67.131
    ns2.mywebsolutions.co.in. 86400 IN A 117.247.67.131

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Aug 24 18:24:46 2015
    ;; MSG SIZE rcvd: 136

    Note: But the problem is it is still not getting propagated to Authoritative servers.
     
    Last edited: Aug 24, 2015
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The output is ok, so your server is working fine. maybe its a firewall problem?

    And you can try to check the zone at intodns.com.
     
  7. pawan

    pawan Member

    I did a check at intodns.com and get a few errors, but have no idea how I go about it to resolve the same.
    As until now it was working fine.
    Code:
    Category     Status     Test name     Information
    send feedback
    Parent     Info     Domain NS records     Nameserver records returned by the parent servers are:
    
    ns1.mywebsolutions.co.in.   ['117.247.67.131'] (NO GLUE)   [TTL=86400]
    ns2.mywebsolutions.co.in.   ['117.247.67.131'] (NO GLUE)   [TTL=86400]
    
    b2.org.afilias-nst.org was kind enough to give us that information.
    Pass  -    TLD Parent Check     Good. b2.org.afilias-nst.org, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
    Pass -     Your nameservers are listed     Good. The parent server b2.org.afilias-nst.org has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
    Info  -   DNS Parent sent Glue     The parent nameserver b2.org.afilias-nst.org is not sending out GLUE for every nameservers listed, meaning he is sending out your nameservers host names without sending the A records of those nameservers. It's ok but you have to know that this will require an extra A lookup that can delay a little the connections to your site. This happens a lot if you have nameservers on different TLD (domain.com for example with nameserver ns.domain.org.)
    Pass  -   Nameservers A records     Good. Every nameserver listed has A records. This is a must if you want to be found.
    NS     Info     NS records from your nameservers    NS records got from your nameservers listed at the parent NS are:
    Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly.
    
    Pass     Recursive Queries     Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
    Pass     Same Glue     Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers.
    Pass     Glue for NS records     OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors!
    Error     Mismatched NS records     WARNING: One or more of your nameservers did not return any of your NS records.
    Error     DNS servers responded     ERROR: One or more of your nameservers did not respond:
    The ones that did not respond are:
    117.247.67.131
    Pass     Name of nameservers are valid     OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green!
    Error     Multiple Nameservers     ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
    Pass     Nameservers are lame     OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
    Pass     Missing nameservers reported by parent     OK. All NS records are the same at the parent and at your nameservers.
    Error     Missing nameservers reported by your nameservers     You should already know that your NS records at your nameservers are missing, so here it is again:
    
    ns1.mywebsolutions.co.in.
    ns2.mywebsolutions.co.in.
    
    Pass     Domain CNAMEs     OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
    Pass     NSs CNAME check     OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
    Pass     Different subnets     OK. Looks like you have nameservers on different subnets!
    Pass     IPs of nameservers are public     Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
    Pass     DNS servers allow TCP connection     OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
    Pass     Different autonomous systems     OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
    Pass     Stealth NS records sent     Ok. No stealth ns records are sent
    SOA     Error     SOA record    No valid SOA record came back!
    MX     Error     MX Records    Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!
    WWW     Error     WWW A Record     ERROR: I could not get any A records for www.lions322c2.org!
    
    (I only do a cache request, if you recently added a WWW A record, it might not show up here.) 

    Thanks Till for guiding me in proper direction.
     
  8. pawan

    pawan Member

    Dear Till,
    Today I have observed that at times the DNS server do work and some times it is not.
    Though the service for DNS server shows online all the time.
    is it being affected by some kind of DNS attack, which is preventing it to propagate.
    I am using fail2ban, but still I apprehend that there is some kind of problem, which I am not able to identify.
    may be I have not configured fail2ban for dns correctly.

    Thanks.
     
    Last edited: Aug 25, 2015
  9. hsluis

    hsluis New Member

    Hello pawan! How do you resolve this? Because I have the same problem right now.
    Thanks!
     

Share This Page