EDIT: Added the *.vhost.err and intoDNS errors at the comments Hello everyone: I'm a very newbie at this, is the first time that I configure a server, was searching at Google how to setup an Ubuntu server to host domains and I found: The Perfect Server - Ubuntu 16.04 (Xenial Xerus) with Apache, PHP, MySQL, PureFTPD, BIND, Postfix, Dovecot and ISPConfig 3.1 So I followed the steps to configure my "perfect" server, all was okay, I created my firsts sites with their DNS for the domains and few subdomains, the configuration at domains provider was pretty easy because I just had to set my public IP at the domain's configuration. Our DNS configuration for the domains was: Client: our client Domain: ourclientdomain(.)com IP Address: Our Public IP Address NS: ns1.ourclientdomain(.)com NS2: ns2.ourclientdomain(.)com Was a sweet dream, was the first time that I configured a server, and all is working, incredible.. But they came new clients, from Mexico so We had to register (.)mx domains, so We did it at akky(.)mx , all was going as the rest of the domains registrations, but the surprise came when We had to set the DNS of our server and the IP of the DNS, so We typed the DNS for the domain like the previous domains: DNS: ns1.ourmexicanclientdomain(.)mx IP: Our Public IP Address But this was not working, We made pings to the domains to know which IP were they using but were receiving the following error: ping: unknown host ourmexicanclientdomain(.)mx and the "Server not found" when tried to access from browsers. Akky does not provide a solution, because they just offers the domains name register, and they can't verify if my server configuration is the properly. Right now I'm stuck on this step because I've no idea how to fix this problem and why is not working as it worked with the rest of domains. Hope someone could gives me a solution, or almost tell me what's wrong at my configuration. There's the configuration of my server for the (.)mx domains: DNS Config: Client: my client Zone (SOA): myclientweb(.)mx NS: ns1.myclientweb(.)mx Email: admin@myclientweb(.)mx Refresh: 7200 Retry;540 Expire:604800 Minimum:3600 TTL:3600 Allow zone transfers to these IP's: - Sign zone (DNSSEC): not checked DNS Records Type: A Name: myclientweb(.)mx Data: my public ip priority: 0 TTL: 3600 -- Type: A Name: www Data: my public ip Priority: 0 TTL: 3600 -- Type: CNAME Name: myclientweb(.)mx Data: my public ip Priority: 0 TTL: 3600 -- Type: NS Name: myclientweb(.)mx Data: ns1.myclientweb(.)mx Priority: 0 TTL: 3600 -- Type: NS Name: myclientweb(.)mx Data: ns2.myclientweb(.)mx Priority: 0 TTL: 3600 -- Type: TXT Name: myclientweb(.)mx Data: v=spf1 mx a ~all Priority: 0 TTL: 3600 Sites Configuration: Server: myserver.example(.)com Client: myclient IPv4-Address: * Domain: myclientdomain(.)mx Document Root: /var/www/client/clientX/webX CGI: - SSI: - Perl: - Ruby: - Python: - SuEXEC: V Own Error-Documents: V Auto-Subdomain: none SSL: - Lets Encrypt SSL: - PHP: Fast-CGI PHP Version: Default Web server config: - Active: V Akky domains config: DNS: ns1.myclientweb(.)mx IP: mypublicip That's all about my basic config, if you need more information, I will be pleased to post it at comments. Thanks you so much in advance. Best regards, Alex.
ADDED VHOST ERR Expand: VHOST.ERR <Directory /var/www/myclientweb.mx> AllowOverride None Require all denied </Directory> <VirtualHost *:80> DocumentRoot /var/www/myclientweb.mx/web ServerName myclientweb.mx ServerAlias *.myclientweb.mx ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/myclientweb.mx/error.log Alias /error/ "/var/www/myclientweb.mx/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/myclientweb.mx/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client3/web8/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> # cgi enabled <Directory /var/www/clients/client3/web8/cgi-bin> Require all granted </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client3/web8/cgi-bin/ <FilesMatch "\.(cgi|pl)$"> SetHandler cgi-script </FilesMatch> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web8 client3 </IfModule> # php as fast-cgi enabled # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html <IfModule mod_fcgid.c> IdleTimeout 300 ProcessLifeTime 3600 # MaxProcessCount 1000 DefaultMinClassProcessCount 0 DefaultMaxClassProcessCount 10 IPCConnectTimeout 3 IPCCommTimeout 600 BusyTimeout 3600 </IfModule> <Directory /var/www/myclientweb.mx/web> <FilesMatch "\.php[345]?$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php3 FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php4 FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php5 Options +ExecCGI AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client3/web8/web> <FilesMatch "\.php[345]?$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php3 FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php4 FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php5 Options +ExecCGI AllowOverride All Require all granted </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web8 client3 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client3/web8/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client3/web8/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost>
ADDED intoDNS Errors Expand: intoDNS Errors Parent ( i ) Domain NS records: Nameserver records returned by the parent servers are: ns1.myclientweb.mx. ['81.202.251.206'] [TTL=86400] e.mx-ns.mx was kind enough to give us that information. ( V ) TLD Parent: Check Good. e.mx-ns.mx, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check. ( V ) Your nameservers are listed: Good. The parent server e.mx-ns.mx has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers. ( V ) DNS Parent sent Glue: Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3) ( V ) Nameservers A records: Good. Every nameserver listed has A records. This is a must if you want to be found. NS ( i ) NS records from your nameservers: NS records got from your nameservers listed at the parent NS are: Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly. ( V ) Recursive Queries: Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone. ( V ) Same Glue: Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers. ( V ) Glue for NS records: OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors! ( ! ) Mismatched NS records: WARNING: One or more of your nameservers did not return any of your NS records. ( ! ) DNS servers responded: ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 81.202.251.205 ( V ) Name of nameservers are valid: OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green! ( ! ) Multiple Nameservers: ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. ( V ) Nameservers are lame: OK. All the nameservers listed at the parent servers answer authoritatively for your domain. ( V ) Missing nameservers reported by parent: OK. All NS records are the same at the parent and at your nameservers. ( ! ) Missing nameservers reported by your nameservers: You should already know that your NS records at your nameservers are missing, so here it is again: ns1.myclientweb.mx. ( V ) Domain CNAMEs: OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. ( V ) NSs CNAME check. OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. ( V ) Different subnets: OK. Looks like you have nameservers on different subnets! ( V ) IPs of nameservers are public: Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like ( V ) DNS servers allow TCP connection: OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. ( V ) Different autonomous systems: OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down. ( V )Stealth NS records sent: Ok. No stealth ns records are sent SOA ( ! ) SOA record: No valid SOA record came back! MX ( ! ) MX Records: Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers! WWW ( ! ) WWW A Record: ERROR: I could not get any A records for www.myclientweb.mx! (I only do a cache request, if you recently added a WWW A record, it might not show up here.) Processed in 17.094 seconds.
Did you add A records for ns1.myclientweb(.)mx and ns2.myclientweb(.)mx? Also make sure you can query those nameservers from outside your network (ie. udp and tcp port 53 are both open).
Tanks for your answer Jesse: The .com domains worked pretty nice, why the .mx needs these ports open? Anyway I'll follow your instructions and post later what happeneded. EDIT: Ports TCP/UDP 53 are open right now, with no results, besides the .com Web that I had working now is displaying again the default index.hmtl, im pretty done u_u Regards, Alex.
DNS uses port 53 (udp and tcp), any DNS server requires those to be open. On a related note, it is more common to create a set of nameservers for you as the hosting provider, lets say ns1.hoster.com and ns2.hoster.com for example, and register all client domains with those nameservers. What you are doing, ie. creating new nameserver records for every client domain, is valid, and maybe that's your preference, but it does create a bit more work for you, and isn't the only (nor most common) option. Check the website settings, make sure the ip address is correct for that site (or use '*' instead of the ip address), and is also the correct ip address in DNS.
Well, could be more work now change all the ns1 of the domains that are working. But with my "method" create a ns1 for each domain should work? I checked it and is all ok :/
Yes, it works. As with everything there are pro's and con's, eg. with the way you have it, if you ever need to change the ip address or your ns1 server, you will need to login to the registrar for each domain an update the corresponding ns1.myclient.x nameserver entry.
