Primary DNS ISPConfig 3 Configuration for Akky (.mx) Domains

Discussion in 'General' started by montero92, Jul 20, 2016.

  1. montero92

    montero92 New Member

    EDIT: Added the *.vhost.err and intoDNS errors at the comments

    Hello everyone:

    I'm a very newbie at this, is the first time that I configure a server, was searching at Google how to setup an Ubuntu server to host domains and I found:
    The Perfect Server - Ubuntu 16.04 (Xenial Xerus) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1

    So I followed the steps to configure my "perfect" server, all was okay, I created my firsts sites with their DNS for the domains and few subdomains, the configuration at domains provider was pretty easy because I just had to set my public IP at the domain's configuration.

    Our DNS configuration for the domains was:

    Client: our client
    Domain: ourclientdomain(.)com
    IP Address: Our Public IP Address
    NS: ns1.ourclientdomain(.)com
    NS2: ns2.ourclientdomain(.)com

    Was a sweet dream, was the first time that I configured a server, and all is working, incredible..

    But they came new clients, from Mexico so We had to register (.)mx domains, so We did it at akky(.)mx , all was going as the rest of the domains registrations, but the surprise came when We had to set the DNS of our server and the IP of the DNS, so We typed the DNS for the domain like the previous domains:

    DNS: ns1.ourmexicanclientdomain(.)mx
    IP: Our Public IP Address

    But this was not working, We made pings to the domains to know which IP were they using but were receiving the following error: ping: unknown host ourmexicanclientdomain(.)mx and the "Server not found" when tried to access from browsers.

    Akky does not provide a solution, because they just offers the domains name register, and they can't verify if my server configuration is the properly.

    Right now I'm stuck on this step because I've no idea how to fix this problem and why is not working as it worked with the rest of domains.

    Hope someone could gives me a solution, or almost tell me what's wrong at my configuration.

    There's the configuration of my server for the (.)mx domains:

    DNS Config:

    • Client: my client
    • Zone (SOA): myclientweb(.)mx
    • NS: ns1.myclientweb(.)mx
    • Email: admin@myclientweb(.)mx
    • Refresh: 7200
    • Retry;540
    • Expire:604800
    • Minimum:3600
    • TTL:3600
    • Allow zone transfers to these IP's: -
    • Sign zone (DNSSEC): not checked

    DNS Records
    • Type: A
    • Name: myclientweb(.)mx
    • Data: my public ip
    • priority: 0
    • TTL: 3600
    --
    • Type: A
    • Name: www
    • Data: my public ip
    • Priority: 0
    • TTL: 3600
    --
    • Type: CNAME
    • Name: myclientweb(.)mx
    • Data: my public ip
    • Priority: 0
    • TTL: 3600
    --
    • Type: NS
    • Name: myclientweb(.)mx
    • Data: ns1.myclientweb(.)mx
    • Priority: 0
    • TTL: 3600
    --
    • Type: NS
    • Name: myclientweb(.)mx
    • Data: ns2.myclientweb(.)mx
    • Priority: 0
    • TTL: 3600
    --
    • Type: TXT
    • Name: myclientweb(.)mx
    • Data: v=spf1 mx a ~all
    • Priority: 0
    • TTL: 3600
    Sites Configuration:
    • Server: myserver.example(.)com
    • Client: myclient
    • IPv4-Address: *
    • Domain: myclientdomain(.)mx
    • Document Root: /var/www/client/clientX/webX
    • CGI: -
    • SSI: -
    • Perl: -
    • Ruby: -
    • Python: -
    • SuEXEC: V
    • Own Error-Documents: V
    • Auto-Subdomain: none
    • SSL: -
    • Lets Encrypt SSL: -
    • PHP: Fast-CGI
    • PHP Version: Default
    • Web server config: -
    • Active: V
    Akky domains config:
    DNS: ns1.myclientweb(.)mx
    IP: mypublicip

    That's all about my basic config, if you need more information, I will be pleased to post it at comments.
    Thanks you so much in advance.

    Best regards,
    Alex.
     
  2. montero92

    montero92 New Member

    ADDED VHOST ERR

    <Directory /var/www/myclientweb.mx>
    AllowOverride None
    Require all denied
    </Directory>
    <VirtualHost *:80>
    DocumentRoot /var/www/myclientweb.mx/web
    ServerName myclientweb.mx
    ServerAlias *.myclientweb.mx
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/myclientweb.mx/error.log

    Alias /error/ "/var/www/myclientweb.mx/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html
    <IfModule mod_ssl.c>
    </IfModule>
    <Directory /var/www/myclientweb.mx/web>
    # Clear PHP settings of this website
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler None
    </FilesMatch>
    Options +FollowSymLinks
    AllowOverride All
    Require all granted
    </Directory>
    <Directory /var/www/clients/client3/web8/web>
    # Clear PHP settings of this website
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler None
    </FilesMatch>
    Options +FollowSymLinks
    AllowOverride All
    Require all granted
    </Directory>
    # cgi enabled
    <Directory /var/www/clients/client3/web8/cgi-bin>
    Require all granted
    </Directory>
    ScriptAlias /cgi-bin/ /var/www/clients/client3/web8/cgi-bin/
    <FilesMatch "\.(cgi|pl)$">
    SetHandler cgi-script
    </FilesMatch>
    # suexec enabled
    <IfModule mod_suexec.c>
    SuexecUserGroup web8 client3
    </IfModule>
    # php as fast-cgi enabled
    # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
    IdleTimeout 300
    ProcessLifeTime 3600
    # MaxProcessCount 1000
    DefaultMinClassProcessCount 0
    DefaultMaxClassProcessCount 10
    IPCConnectTimeout 3
    IPCCommTimeout 600
    BusyTimeout 3600
    </IfModule>
    <Directory /var/www/myclientweb.mx/web>
    <FilesMatch "\.php[345]?$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php3
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php4
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php5
    Options +ExecCGI
    AllowOverride All
    Require all granted
    </Directory>
    <Directory /var/www/clients/client3/web8/web>
    <FilesMatch "\.php[345]?$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php3
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php4
    FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php5
    Options +ExecCGI
    AllowOverride All
    Require all granted
    </Directory>
    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
    AssignUserId web8 client3
    </IfModule>
    <IfModule mod_dav_fs.c>
    # Do not execute PHP files in webdav directory
    <Directory /var/www/clients/client3/web8/webdav>
    <ifModule mod_security2.c>
    SecRuleRemoveById 960015
    SecRuleRemoveById 960032
    </ifModule>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    DavLockDB /var/www/clients/client3/web8/tmp/DavLock
    # DO NOT REMOVE THE COMMENTS!
    # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
    # WEBDAV BEGIN
    # WEBDAV END
    </IfModule>
    </VirtualHost>
     
  3. montero92

    montero92 New Member

    ADDED intoDNS Errors



    Parent

    ( i ) Domain NS records: Nameserver records returned by the parent servers are: ns1.myclientweb.mx. ['81.202.251.206'] [TTL=86400] e.mx-ns.mx was kind enough to give us that information.
    ( V ) TLD Parent: Check Good. e.mx-ns.mx, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
    ( V ) Your nameservers are listed: Good. The parent server e.mx-ns.mx has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
    ( V ) DNS Parent sent Glue: Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3)
    ( V ) Nameservers A records: Good. Every nameserver listed has A records. This is a must if you want to be found.

    NS
    ( i ) NS records from your nameservers: NS records got from your nameservers listed at the parent NS are: Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly.
    ( V ) Recursive Queries: Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
    ( V ) Same Glue: Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers.
    ( V ) Glue for NS records: OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors!
    ( ! ) Mismatched NS records: WARNING: One or more of your nameservers did not return any of your NS records.
    ( ! ) DNS servers responded: ERROR: One or more of your nameservers did not respond:
    The ones that did not respond are: 81.202.251.205
    ( V )
    Name of nameservers are valid: OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green!
    ( ! ) Multiple Nameservers: ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
    ( V ) Nameservers are lame: OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
    ( V ) Missing nameservers reported by parent: OK. All NS records are the same at the parent and at your nameservers.
    ( ! ) Missing nameservers reported by your nameservers: You should already know that your NS records at your nameservers are missing, so here it is again: ns1.myclientweb.mx.
    ( V )
    Domain CNAMEs: OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
    ( V ) NSs CNAME check. OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
    ( V ) Different subnets: OK. Looks like you have nameservers on different subnets!
    ( V ) IPs of nameservers are public: Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
    ( V ) DNS servers allow TCP connection: OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
    ( V ) Different autonomous systems: OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
    ( V )Stealth NS records sent: Ok. No stealth ns records are sent

    SOA
    ( ! ) SOA record: No valid SOA record came back!

    MX
    ( ! ) MX Records: Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers!

    WWW
    ( ! ) WWW A Record: ERROR: I could not get any A records for www.myclientweb.mx!

    (I only do a cache request, if you recently added a WWW A record, it might not show up here.)
    Processed in 17.094 seconds.
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Did you add A records for ns1.myclientweb(.)mx and ns2.myclientweb(.)mx? Also make sure you can query those nameservers from outside your network (ie. udp and tcp port 53 are both open).
     
    montero92 likes this.
  5. montero92

    montero92 New Member

    Tanks for your answer Jesse:

    The .com domains worked pretty nice, why the .mx needs these ports open?
    Anyway I'll follow your instructions and post later what happeneded.

    EDIT: Ports TCP/UDP 53 are open right now, with no results, besides the .com Web that I had working now is displaying again the default index.hmtl, im pretty done u_u

    Regards,
    Alex.
     
    Last edited: Jul 21, 2016
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    DNS uses port 53 (udp and tcp), any DNS server requires those to be open.

    On a related note, it is more common to create a set of nameservers for you as the hosting provider, lets say ns1.hoster.com and ns2.hoster.com for example, and register all client domains with those nameservers. What you are doing, ie. creating new nameserver records for every client domain, is valid, and maybe that's your preference, but it does create a bit more work for you, and isn't the only (nor most common) option.

    Check the website settings, make sure the ip address is correct for that site (or use '*' instead of the ip address), and is also the correct ip address in DNS.
     
  7. montero92

    montero92 New Member

    Well, could be more work now change all the ns1 of the domains that are working.

    But with my "method" create a ns1 for each domain should work?

    I checked it and is all ok :/
     
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Yes, it works. As with everything there are pro's and con's, eg. with the way you have it, if you ever need to change the ip address or your ns1 server, you will need to login to the registrar for each domain an update the corresponding ns1.myclient.x nameserver entry.
     

Share This Page