Novice DNS information

Discussion in 'Installation/Configuration' started by Airbag888, Sep 2, 2014.

  1. Airbag888

    Airbag888 New Member

    [SOLVED]Novice DNS information

    Hi All,

    After successfully following instructions to install Debian Wheezy with ISPConfig 3 with one of the Perfect server guides I'm hitting a roadblock.
    We're hosted at digitalocean (with 1 public IP) and would like to act as a hosting provider (website, email, ftp mainly)

    I'd like to point out for this question I'm talking about mymaintestdomain.com and a client domain say - clientdomain.com
    I'm also talking about a test droplet on digital ocean (199.199.0.1) and what's to become a production droplet (199.199.0.2)

    After setting up I changed the domain ns servers (on godaddy) from Godaddy's default to ns1.digitalocean.com and ns2.digitalocean.com
    This worked great for a single website with 1 domain (on the test droplet).
    We'd like to have several websites (/ domains) on the one digital ocean droplet (hence IP)

    So I created a 2nd droplet (without assigning a domain to it), configured ISPconfig 3. (nginx)
    I created a site for the test client (assigning mymaintestdomain.com ) to it.

    I created a custom host on Goddaddy pointing to our IP. Let's say ns1 and ns2 both pointing towards our IP add (2nd droplet: 199.199.0.2) Then set Godaddy's ns servers to ns1.mymaintestdomain.com and ns2.mymaintestdomain.com

    I waited 8, 24, 48hrs and more and eventually mymaintestdomain.com stopped responding. Even pings failed. I could not ping ns1.mymaintestdomain.com (or ns2) either.

    So I'm trying to understand where the fault lies (or I forgot something)

    Can someone tell me also if I understood correctly how the dns works

    accessing domain.com -> check ns of domain.com -> forward as appropriate to proper server in dns records -> server with ispconfig receive request -> checks domain asked for and redirects to the files in the proper client/site structure ?

    Thanks


    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    IP-address(es) (as per ifconfig): ***.***.***.***, ***.***.***.***
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.0.5.4p3
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 5.4.4-14+deb7u14
    
    ##### PORT CHECK #####
    
    [WARN] Port 443 (Webserver SSL) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Nginx (PID 4366)
    [INFO] I found the following mail server(s):
            Postfix (PID 3823)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 3452)
    [INFO] I found the following imap server(s):
            Dovecot (PID 3452)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 3865)
    
    ##### LISTENING PORTS #####
    (only           ()
    Local           (Address)
    [anywhere]:110          (3452/dovecot)
    [anywhere]:143          (3452/dovecot)
    [anywhere]:8080         (4366/nginx)
    [anywhere]:80           (4366/nginx)
    [anywhere]:8081         (4366/nginx)
    [anywhere]:465          (3823/master)
    [anywhere]:21           (3865/pure-ftpd)
    ***.***.***.***:53              (2275/named)
    ***.***.***.***:53              (2275/named)
    [localhost]:53          (2275/named)
    [anywhere]:22           (3879/sshd)
    [anywhere]:25           (3823/master)
    [localhost]:953         (2275/named)
    [anywhere]:993          (3452/dovecot)
    [anywhere]:995          (3452/dovecot)
    [localhost]:10024               (2207/amavisd-new)
    [localhost]:10025               (3823/master)
    [anywhere]:3306         (3342/mysqld)
    [anywhere]:587          (3823/master)
    [localhost]:11211               (2976/memcached)
    [localhost]10           (3452/dovecot)
    [localhost]43           (3452/dovecot)
    *:*:*:*::*:465          (3823/master)
    *:*:*:*::*:21           (3865/pure-ftpd)
    *:*:*:*::*:53           (2275/named)
    *:*:*:*::*:22           (3879/sshd)
    *:*:*:*::*:25           (3823/master)
    *:*:*:*::*:953          (2275/named)
    *:*:*:*::*:993          (3452/dovecot)
    *:*:*:*::*:995          (3452/dovecot)
    *:*:*:*::*:587          (3823/master)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    fail2ban-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993
    fail2ban-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    fail2ban-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    fail2ban-ssh  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain fail2ban-dovecot-pop3imap (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-pureftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-sasl (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain fail2ban-ssh (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    
     
    Last edited: Sep 3, 2014
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Most likely a issue in the zonefile of mymaintestdomain.com. Please run this command on the server where you host the dns for mymaintestdomain.com:

    dig @localhost mymaintestdomain.com

    a common mistake is that no a-records for ns1.mymaintestdomain.com and ns2.mymaintestdomain.com were added in the zone mymaintestdomain.com. These a-records are nescessary when you use subdomains of the same zone as ns records. so they are not required when you used the digitalocean dns servers but you need them when you run your own dns.
     
  3. Airbag888

    Airbag888 New Member

    Hi,

    Thanks for the incredibly fast reply. In the mean time i switched the ns back to ns1.digitalocean.com and ns2.digitalocean.com just to see if there was something else that had changed.
    Upon doing so it's now pointing to a totally seperate droplet than the one intended. I'll switch it back to ns1.mymaintestdomain.com and ns2.mymaintestdomain.com

    Here's the dig you asked from

    I think you're right I don't recall an A record before the switch back to ns1.digitalocean.com

    Should my next steps be:

    1. Switch back to ns1/ns2.mytestdomain.com
    2. Add A records pointing to the IP of my droplet?

    Where should I add the A records? In Godaddy it says that the zone file isn't accessible because of the custom NS
    Should it be done on ISPConfig's 3 DNS>Add new DNS zone with wizard (adding mytestdomain.com) > edit same domain adding a A record?
    Currently there already are dns records with A names too in there.
    Or should it be done on digitalocean for the droplet hosting ISPconfig3?
    Please see ISPConfig current DNS zone file.


    Code:
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @localhost mymaintestdomain.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36393
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    
    ;; QUESTION SECTION:
    ;mymaintestdomain.com.                 IN      A
    
    ;; ANSWER SECTION:
    mymaintestdomain.com.          1800    IN      A       1##.###.16.221
    
    ;; AUTHORITY SECTION:
    mymaintestdomain.com.          157878  IN      NS      ns2.digitalocean.com.
    mymaintestdomain.com.          157878  IN      NS      ns1.digitalocean.com.
    
    ;; ADDITIONAL SECTION:
    ns1.digitalocean.com.   157878  IN      A       1##.###.58.51
    ns2.digitalocean.com.   157878  IN      A       1##.###.59.41
    
    ;; Query time: 101 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Sep  2 10:27:04 2014
    ;; MSG SIZE  rcvd: 128
    
     

    Attached Files:

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The next steps should be:

    1) Add the two missing a-records for ns1 and ns2 inside of this zone in ispconfig. bind will not losd the current config as its incomplete and therefor it did not work the last time.

    2) then wait 1 minute until ispconfig has written down the new config and check again with the dig command. it should return your own ns servers then. If thats ok, then you can switch the dns server at the domain registry.
     
  5. Airbag888

    Airbag888 New Member

    I'm sorry I'm requiring so much handholding. I appreciate your help a lot.

    To be sure. should I add a A record in ISPconfig mapping ns1.mytestdomain.com. and ns2.mytestdomain.com. (trailing . ) to ###.###.###.### (the IP of the droplet hosting ISPconfig)

    I did it as per attached file.
    I'll gave it a few mins and it indeed is showing ns1/2.mytestdomain.com pointing to the droplet IP.

    Now for the final test... changing my NS to ns1/2.mytestdomain.com on Godaddy and waiting hours/days for propagation.

    I'll update as and when that happens
     

    Attached Files:

  6. Airbag888

    Airbag888 New Member

    Hi,

    Good news all is working thanks to you. <3

    Now I'd like to point out something:

    When I was setting up new sites apparently nginx was not setting up properly. Until I changed (rather uncommented)

    in /etc/nginx/nginx.conf

    Code:
    [...]
             server_names_hash_bucket_size 64;
    [...]
    
    
    Is that ok to do? I followed the instructions scrupulously but this was missing.
    Before that change I got this error:

    Code:
    # nginx did not start after modifying this vhost file.
    # Please check file /etc/nginx/sites-available/mytestdomain.com.vhost.err for synta
    x errors.
    
    After uncommenting the line and reloading nginx my server was no longer serving any webpages. Be it on port 80, 8080, 8081. I had to issue a reboot of the server for it to work again.

    I realise this is a bit off topic. But do you think this will have a consequence down the line? Do you know why I had to uncomment that line?

    Thanks
     

Share This Page