Nameserver problems

Discussion in 'Installation/Configuration' started by andlei, Jun 11, 2007.

  1. andlei

    andlei New Member

    Hi

    I know you probably seen this a hundred times before but i have searched and tried before posting here.
    I have a problem with my nameservers.
    My domain is eccompany.ro, ip 86.122.193.38.
    I have installed Debian Etch and ISPconfig using the tutorials.
    I have setup ns1.eccompany.ro and ns2.eccompany.ro. The domain tld has these nameservers.
    It's now been almost three days and this should have been enough time for the dns changes to propagate.
    My server is behind a router but i did port-forward all the usual ports to the server.

    My dnsreport shows the following problems:
    1. ERROR: You have 2 nameservers, but both are on the same IP! This is not a valid setup. You are required to have at least 2 nameservers, per RFC 1035 section 2.2.
    I think this one is not so bad.
    2. ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
    86.122.193.38
    86.122.193.38
    3. ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
    ns1.eccompany.ro.
    ns2.eccompany.ro.
    4. No valid SOA record came back:
    is not eccompany.ro.
     
  2. andlei

    andlei New Member

    Sometimes dnsreport shows this fail:
    A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled (31 Jul 2006 UPDATE: several years after being informed of this, there is a rumor that there is a fix that allows the Watchguard DNS proxy to work).
     
  3. mtuser

    mtuser New Member

    Have you registered ns1.eccompany.ro as your authorize name server?
     
  4. andlei

    andlei New Member

    I have told my registrar that ns1 and ns2 are my nameservers.
    Code:
    % whois.rotld.ro :
    %
    % Rights restricted by copyright.
    %
    % Specifically, this data MAY ONLY be used for Internet operational
    %   purposes. It may not be used for targeted advertising or any
    %   other purpose.
    %
    % Este INTERZISA folosirea datelor de pe acest server in oricare
    %   alt scop decat operarea retelei. In special este INTERZISA
    %   folosirea lor in scopuri publicitare.
    %
    
    
    domain-name: eccompany.ro
    ...
    nameserver:  ns1.eccompany.ro 86.122.193.38
    nameserver:  ns2.eccompany.ro 86.122.193.38
    
     
  5. mtuser

    mtuser New Member

    fwd port tcp/udp 53 to your ISPconfig server
     
  6. andlei

    andlei New Member

    The ports were already forwarded.
    Code:
    Scanning ecserver (86.122.193.38) [1 port]
    Discovered open port 53/tcp on 86.122.193.38
    Completed SYN Stealth Scan at 16:27, 0.03s elapsed (1 total ports)
    Host ecserver (86.122.193.38) appears to be up ... good.
    Interesting ports on ecserver (86.122.193.38):
    PORT   STATE SERVICE
    53/tcp open  domain
    
    Code:
    Scanning ecserver (86.122.193.38) [1 port]
    Completed UDP Scan at 16:26, 0.23s elapsed (1 total ports)
    Host ecserver (86.122.193.38) appears to be up ... good.
    Interesting ports on ecserver (86.122.193.38):
    PORT   STATE         SERVICE
    53/udp open|filtered domain
    
     
  7. andlei

    andlei New Member

    I ran dnswalk on my domain and these are the results
    Code:
    server:~/dns_debug# ./dnswalk eccompany.ro.
    Checking eccompany.ro.
    BAD: SOA record not found for eccompany.ro.
    BAD: eccompany.ro. has NO authoritative nameservers!
    BAD: All zone transfer attempts of eccompany.ro. failed!
    
    How can i set "authorative" nameservers ?
     
  8. payne

    payne New Member

    ns1 and ns2 MUST be on different IPs
     
  9. andlei

    andlei New Member

    I think it should work even if they are on the same ip. I've seen this configuration before.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    That depends on your domain registry. most registrys force you to use 2 different IP addresses.
     
  11. andlei

    andlei New Member

    Do you think this is the cause of the problem ?
    Something weird is also going on:
    when i do dig using localhost (the nameserver) i get no answer part of the message but when i use ns-ro.ripe.net i get answer + authority
    Code:
    server:/home/admispconfig/ispconfig/web/multidoc/edit# dig @localhost eccompany.ro
    
    ; <<>> DiG 9.3.4 <<>> @localhost eccompany.ro
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41790
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;eccompany.ro.                  IN      A
    
    ;; Query time: 6 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Jun 12 09:16:18 2007
    ;; MSG SIZE  rcvd: 30
    
    
    Code:
    server:/home/admispconfig/ispconfig/web/multidoc/edit# dig @ns-ro.ripe.net eccompany.ro
    
    ; <<>> DiG 9.3.4 <<>> @ns-ro.ripe.net eccompany.ro
    ; (1 server found)
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31348
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;eccompany.ro.                  IN      A
    
    ;; AUTHORITY SECTION:
    eccompany.ro.           86400   IN      NS      ns2.eccompany.ro.
    eccompany.ro.           86400   IN      NS      ns1.eccompany.ro.
    
    ;; ADDITIONAL SECTION:
    ns1.eccompany.ro.       86400   IN      A       86.122.193.38
    ns2.eccompany.ro.       86400   IN      A       86.122.193.38
    
    ;; Query time: 49 msec
    ;; SERVER: 193.0.12.181#53(193.0.12.181)
    ;; WHEN: Tue Jun 12 09:16:43 2007
    ;; MSG SIZE  rcvd: 98
    
    
    It looks like my nameservers aren't answering properly.
     
  12. falko

    falko Super Moderator Howtoforge Staff

  13. andlei

    andlei New Member

    A glue record means that i need to specify the ip of the nameserver not only the name ? Example ns1.eccompany.ro 86.122.193.38
    I did that at my registrar. Here's how the whois at the registrar looks like
    Code:
    domain-name: eccompany.ro
    description: Sc. Euroconsulting Srl
    description: Panduri, nr 100
    description: Tg jiu
    description: Postal Code: 1400
    description: Country: RO
    description: Phone: +0353805925
    description: Fax: +0353805925
    description: E-mail: [email protected]
    description: Registration/ID Number: j18/105/2005
    description: Fiscal Code: RO17219332
    admin-contact: AA930-ROTLD
    technical-contact: AA930-ROTLD
    zone-contact: AA930-ROTLD
    billing-contact: AA930-ROTLD
    nameserver:  ns1.eccompany.ro 86.122.193.38
    nameserver:  ns2.eccompany.ro 86.122.193.38
    info:        Object maintained by ROTLD (.ro) registry
    notify:      [email protected]
    object-maintained-by: ROTLD-MNT
    updated:     [email protected] 20070529
    updated:     [email protected] 20070607
    source:      ROTLD
    application-date: 20070520
    domain-status: active
    registration-date: 20070529
    
     
  14. falko

    falko Super Moderator Howtoforge Staff

    I think you should ask your registrar to make sure that you set the glue record right.
     
  15. andlei

    andlei New Member

    I fixed it like this:
    reinstalled linux, followed your debian etch tutorial (without ispconfig). I did not install ispconfig and did the configurations by hand and everything works like a charm.
    Thanks for all your help
     
  16. Polk

    Polk New Member

    Any idea why ISPconfig could be breaking it? I'm trying to do the same and I want to use ISPconfig and getting similar DNS issue.
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig is not breaking it, I use it for all my domains for years. The guy with the other problem missed to add glue records at his domain registrar, thats always needed if a nameserver record is a subdomain of the zone itself and not ispconfig specific.
     
  18. Polk

    Polk New Member

    I see. then could you help me with my issue? I'm experienced with registrars and I'm a windows system administrator so I have done tons of Name servers on Windows DNS.
    I have a feeling I'm configuring BIND incorrectly even though I followed all steps from "best server" (doing it on Centos 5.5 64 bit)

    getting this error from dnsstuff:

    Code:
    SOA	FAIL	SOA Record	No valid SOA record came back:
    is not domain.com.
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the screenshots of the dns settings that you made for this zone in ispconfig.
     
  20. Polk

    Polk New Member

    Great. hope you can help.
    I used default template when added zone.
    Also, in named.conf I edited this:
    listen-on port 53 { added_server_ip_here };

    [​IMG]

    [​IMG]
     

Share This Page