Hi I know you probably seen this a hundred times before but i have searched and tried before posting here. I have a problem with my nameservers. My domain is eccompany.ro, ip 86.122.193.38. I have installed Debian Etch and ISPconfig using the tutorials. I have setup ns1.eccompany.ro and ns2.eccompany.ro. The domain tld has these nameservers. It's now been almost three days and this should have been enough time for the dns changes to propagate. My server is behind a router but i did port-forward all the usual ports to the server. My dnsreport shows the following problems: 1. ERROR: You have 2 nameservers, but both are on the same IP! This is not a valid setup. You are required to have at least 2 nameservers, per RFC 1035 section 2.2. I think this one is not so bad. 2. ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame: 86.122.193.38 86.122.193.38 3. ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: ns1.eccompany.ro. ns2.eccompany.ro. 4. No valid SOA record came back: is not eccompany.ro.
Sometimes dnsreport shows this fail: A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled (31 Jul 2006 UPDATE: several years after being informed of this, there is a rumor that there is a fix that allows the Watchguard DNS proxy to work).
I have told my registrar that ns1 and ns2 are my nameservers. Code: % whois.rotld.ro : % % Rights restricted by copyright. % % Specifically, this data MAY ONLY be used for Internet operational % purposes. It may not be used for targeted advertising or any % other purpose. % % Este INTERZISA folosirea datelor de pe acest server in oricare % alt scop decat operarea retelei. In special este INTERZISA % folosirea lor in scopuri publicitare. % domain-name: eccompany.ro ... nameserver: ns1.eccompany.ro 86.122.193.38 nameserver: ns2.eccompany.ro 86.122.193.38
The ports were already forwarded. Code: Scanning ecserver (86.122.193.38) [1 port] Discovered open port 53/tcp on 86.122.193.38 Completed SYN Stealth Scan at 16:27, 0.03s elapsed (1 total ports) Host ecserver (86.122.193.38) appears to be up ... good. Interesting ports on ecserver (86.122.193.38): PORT STATE SERVICE 53/tcp open domain Code: Scanning ecserver (86.122.193.38) [1 port] Completed UDP Scan at 16:26, 0.23s elapsed (1 total ports) Host ecserver (86.122.193.38) appears to be up ... good. Interesting ports on ecserver (86.122.193.38): PORT STATE SERVICE 53/udp open|filtered domain
I ran dnswalk on my domain and these are the results Code: server:~/dns_debug# ./dnswalk eccompany.ro. Checking eccompany.ro. BAD: SOA record not found for eccompany.ro. BAD: eccompany.ro. has NO authoritative nameservers! BAD: All zone transfer attempts of eccompany.ro. failed! How can i set "authorative" nameservers ?
Do you think this is the cause of the problem ? Something weird is also going on: when i do dig using localhost (the nameserver) i get no answer part of the message but when i use ns-ro.ripe.net i get answer + authority Code: server:/home/admispconfig/ispconfig/web/multidoc/edit# dig @localhost eccompany.ro ; <<>> DiG 9.3.4 <<>> @localhost eccompany.ro ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41790 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;eccompany.ro. IN A ;; Query time: 6 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 12 09:16:18 2007 ;; MSG SIZE rcvd: 30 Code: server:/home/admispconfig/ispconfig/web/multidoc/edit# dig @ns-ro.ripe.net eccompany.ro ; <<>> DiG 9.3.4 <<>> @ns-ro.ripe.net eccompany.ro ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31348 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;eccompany.ro. IN A ;; AUTHORITY SECTION: eccompany.ro. 86400 IN NS ns2.eccompany.ro. eccompany.ro. 86400 IN NS ns1.eccompany.ro. ;; ADDITIONAL SECTION: ns1.eccompany.ro. 86400 IN A 86.122.193.38 ns2.eccompany.ro. 86400 IN A 86.122.193.38 ;; Query time: 49 msec ;; SERVER: 193.0.12.181#53(193.0.12.181) ;; WHEN: Tue Jun 12 09:16:43 2007 ;; MSG SIZE rcvd: 98 It looks like my nameservers aren't answering properly.
Have you created a glue record for ns1.eccompany.ro and ns2.eccompany.ro? http://en.wikipedia.org/wiki/Dns#Circular_dependencies_and_glue_records
A glue record means that i need to specify the ip of the nameserver not only the name ? Example ns1.eccompany.ro 86.122.193.38 I did that at my registrar. Here's how the whois at the registrar looks like Code: domain-name: eccompany.ro description: Sc. Euroconsulting Srl description: Panduri, nr 100 description: Tg jiu description: Postal Code: 1400 description: Country: RO description: Phone: +0353805925 description: Fax: +0353805925 description: E-mail: [email protected] description: Registration/ID Number: j18/105/2005 description: Fiscal Code: RO17219332 admin-contact: AA930-ROTLD technical-contact: AA930-ROTLD zone-contact: AA930-ROTLD billing-contact: AA930-ROTLD nameserver: ns1.eccompany.ro 86.122.193.38 nameserver: ns2.eccompany.ro 86.122.193.38 info: Object maintained by ROTLD (.ro) registry notify: [email protected] object-maintained-by: ROTLD-MNT updated: [email protected] 20070529 updated: [email protected] 20070607 source: ROTLD application-date: 20070520 domain-status: active registration-date: 20070529
I fixed it like this: reinstalled linux, followed your debian etch tutorial (without ispconfig). I did not install ispconfig and did the configurations by hand and everything works like a charm. Thanks for all your help
Any idea why ISPconfig could be breaking it? I'm trying to do the same and I want to use ISPconfig and getting similar DNS issue.
ISPConfig is not breaking it, I use it for all my domains for years. The guy with the other problem missed to add glue records at his domain registrar, thats always needed if a nameserver record is a subdomain of the zone itself and not ispconfig specific.
I see. then could you help me with my issue? I'm experienced with registrars and I'm a windows system administrator so I have done tons of Name servers on Windows DNS. I have a feeling I'm configuring BIND incorrectly even though I followed all steps from "best server" (doing it on Centos 5.5 64 bit) getting this error from dnsstuff: Code: SOA FAIL SOA Record No valid SOA record came back: is not domain.com.
Great. hope you can help. I used default template when added zone. Also, in named.conf I edited this: listen-on port 53 { added_server_ip_here };