Hi I'm writing after many googling upon forum and guides through. Sorry if you may seem it repetitive. I have ISPConfig 2 working well but can't handle the new version. BTW, since my problem not solved I upgraded to 3.2. my server information: Code: Public IP: 89.165.65.225 Server IP: 192.168.1.191 Host Name: ns1 domain name: x37.ir Server test results: 1: Code: root@ns1:/# host ns1.x37.ir 89.165.65.225 ;; reply from unexpected source: 192.168.1.1#53, expected 89.165.65.225#53 ;; reply from unexpected source: 192.168.1.1#53, expected 89.165.65.225#53 ;; connection timed out; no servers could be reached 2: Code: root@ns1:/# host ns1.x37.ir 192.168.1.191 ;; connection timed out; no servers could be reached 3: systemctl status bind9.service Code: bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-10-21 04:21:01 EDT; 32min ago Docs: man:named(8) Process: 19674 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS) Process: 20744 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS) Main PID: 19675 (named) Tasks: 27 (limit: 4915) Memory: 82.0M CGroup: /system.slice/bind9.service └─19675 /usr/sbin/named -u bind Oct 21 04:53:21 ns1 named[19675]: client @0x7fc9c8426070 209.252.188.79#2188 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:21 ns1 named[19675]: client @0x7fc9c8426070 192.221.134.137#58565 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:21 ns1 named[19675]: client @0x7fc9c848b560 193.111.144.161#34333 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:21 ns1 named[19675]: client @0x7fc9c848b560 192.221.134.143#4859 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:22 ns1 named[19675]: client @0x7fc9c8409150 192.221.134.133#53694 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:22 ns1 named[19675]: client @0x7fc9c83785b0 207.177.83.1#60600 (mail.x37.ir): query (cache) 'mail.x37.ir/A/IN' denied Oct 21 04:53:22 ns1 named[19675]: client @0x7fc9c83785b0 192.221.134.138#28831 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied another test: Code: root@ns1:/# host 89.165.65.225 89.165.65.225 ;; reply from unexpected source: 192.168.1.1#53, expected 89.165.65.225#53 ;; reply from unexpected source: 192.168.1.1#53, expected 89.165.65.225#53 ;; connection timed out; no servers could be reached grep named /var/log/syslog due to threat size, I shorten the log message Code: /query.c:7144 Oct 21 02:29:14 ns1 named[758]: client @0x7fc57047cc50 172.253.219.10#49428 (ns1.x37.ir): query: ns1.x37.ir IN A -E(0) (192.168.1.191) Oct 21 02:29:14 ns1 named[758]: client @0x7fc57047cc50 172.253.219.10#49428 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 02:29:14 ns1 named[758]: client @0x7fc57047cc50 172.253.219.10#49428 (ns1.x37.ir): query failed (REFUSED) for ns1.x37.ir/IN/A at Oct 21 02:29:18 ns1 named[758]: client @0x7fc570ea9be0 200.40.53.11#19131 (ns1.x37.ir): query: ns1.x37.ir IN AAAA -E(0)DC (101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.nus.edu.sg): query: ery.c:7144 Oct 21 02:31:26 ns1 named[758]: client @0x7fc570ea9be0 111.200.195.67#30053 (101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph): query: 101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph IN A + (192.168.1.191) Oct 21 02:31:26 ns1 named[758]: client @0x7fc570ea9be0 111.200.195.67#30053 (101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph): query (cache) '101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph/A/IN' denied Oct 21 02:31:26 ns1 named[758]: client @0x7fc570ea9be0 111.200.195.67#30053 (101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph): query failed (REFUSED) for 101773930dot12dot10211431dot89dot165dot65dot225q1w2e3rty.upd.edu.ph/IN/A at ../../../bin/named/query.c:7144 Oct 21 02:32:52 ns1 named[758]: client @0x7fc57045fd30 14.18.16.157#33151 (vpn.sontan.net): query: vpn.sontan.net IN A - (192.168.1.191) Oct 21 02:32:52 ns1 named[758]: client @0x7fc57045fd30 14.18.16.157#33151 (vpn.sontan.net): query (cache) 'vpn.sontan.net/A/IN' denied Oct 21 02:32:52 ns1 named[758]: client @0x7fc57045fd30 14.18.16.157#33151 (vpn.sontan.net): query failed (REFUSED) for vpn.sontan.net/IN/A at ../../../bin/named/query.c:7144 Oct 21 04:21:01 ns1 named[19675]: starting BIND 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c> Oct 21 04:21:01 ns1 named[19675]: running on Linux x86_64 4.19.0-11-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) Oct 21 04:21:01 ns1 named[19675]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' Oct 21 04:28:46 ns1 named[19675]: client @0x7fc9c8451720 172.253.14.1#55214 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:28:51 ns1 named[19675]: client @0x7fc9c847cdd0 172.253.14.5#65385 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:28:51 ns1 named[19675]: client @0x7fc9c847cdd0 172.253.11.5#37245 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:31:01 ns1 named[19675]: received control channel command 'reload' Oct 21 04:31:01 ns1 named[19675]: loading configuration from '/etc/bind/named.conf' Oct 21 04:31:01 ns1 named[19675]: /etc/bind/named.conf.options:23: dnssec-lookaside 'auto' is no longer supported Oct 21 04:31:01 ns1 named[19675]: reading built-in trust anchors from file '/etc/bind/bind.keys' Oct 21 04:31:01 ns1 named[19675]: initializing GeoIP Country (IPv4) (type 1) DB Oct 21 04:31:01 ns1 named[19675]: GEO-106FREE 20181108 Build Oct 21 04:31:01 ns1 named[19675]: initializing GeoIP Country (IPv6) (type 12) DB Oct 21 04:31:01 ns1 named[19675]: GEO-106FREE 20181108 Build Oct 21 04:31:02 ns1 named[19675]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Oct 21 04:31:02 ns1 named[19675]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Oct 21 04:31:02 ns1 named[19675]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Oct 21 04:31:02 ns1 named[19675]: automatic empty zone: D.F.IP6.ARPA Oct 21 04:32:36 ns1 named[19675]: client @0x7fc9c83b23f0 192.221.146.128#21670 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:32:36 ns1 named[19675]: client @0x7fc9c83b23f0 172.253.14.5#54792 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:32:36 ns1 named[19675]: client @0x7fc9c83ec230 192.221.146.138#28303 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:32:36 ns1 named[19675]: client @0x7fc9c83ec230 172.253.14.3#54204 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Oct 21 04:32:36 ns1 named[19675]: client @0x7fc9c83b23f0 192.221.146.140#26461 (ns1.x37.ir): query (cache) 'ns1.x37.ir/A/IN' denied Please help me to figure out this issue. Thanks and appreciate in advance.
@Taleman wrote a tutorial on this, which is in his signature, so do refer to it. So far that I know, ISPConfig 3.1 and 3.2 should be fine for dns server.
all those records in your dns, the ones ending in x37.ir in the name and data columns, add a trailing . to them should be eg: web.x37.ir. ns1.x37.ir. mail.x37.ir. otherwise they'll be resolving as eg web.x37.ir.x37.ir
I think you misunderstood. You posted in the Linux board. If you scroll a little further, we have a separate board for ISPConfig 3 threads.
You have to add a . (dot) after the hostname x37.ir aswell. Then wait for it to propagate which can take some.
also, another point not mentioned yet, since you're using nameservers that are part of the same domain zone they are serving, you need to provide glue records for them with your domain registration provider.
can't really give an example. depends on the domain registrars control panel, location and format are different for each one. put simply, they need to be told the ip addresses for each nameserver for that domain. wouldn't worry about it now though, if dns resolution is working ok, which it appears to be, then the glue records should already be setup. also, based on those screen shots, and nslookup results, you still need to create an A record for your mailserver ( mail or mail.x37.ir. )
I did for "mail.x37.ir." once again thanks. One more question, whatsoever I build A record until here, I made for both IPs. I mean server local IP and server public IP. Is it okey?
no. private ip's are not internet routable. they should not be included in a public dns scope. you can have split dns, and have the private ip's in a different scope so they can be used only from the local lan. probably best to avoid the extra complication until you're very familiar with dns/bind configuration and management. if you have both like this, when dns queries are made, they'll use one or the other of those ip's for the subsequent service connection, and any attempt to use the private ip from the internet will fail. should be on a round-robin basis, but you'll get a failure on roughly 50% of connection attempts. if you want servers to find each other on a local lan, without dns lookups, or when dns is broken, or to avoid traversing the firewall out and back in again, then put the private ip's into the local hosts file on each server.
Hi Taleman How are you, buddy! Thanks for everything, really. You mean this link? https://www.howtoforge.com/tutorial/setting-up-your-own-name-service-with-ispconfig/ I almost read it 10 times. I didn't notice "dots" at the end of DNS's and moreover, I didn't understand this built for those who have public IP or not. But, this article has done many things for me only few mistakes remained and resolved it by friends. You knew sometimes some points need to be told in some way to be understood.
