Hi, I dont know what to do, none of the domains on my web server will load on a web browser, It seems like a dns issue because the lookup never finds the domains "Server not found", but my apache error log shows no issues, syslog seems ok too, I checked that ports are still open, also if i write the IP in a broswer i get directed to the apache "it works" page which is good, no issues accessing ISPConfig CP, but the domains just wont load, nothing I try works, I am lost, I dont know if this is because of a server hack or bad file upload because this issue has happend over time, getting more and more worse. please advise
Category Status Test name Information send feedback Parent Domain NS records Nameserver records returned by the parent servers are: ns1.domain.com. ['81.xx.xx.209'] [TTL=172800] ns2.domain.com. ['81.xx.xx.209'] [TTL=172800] Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records. DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 81.xx.xx.209 Name of nameservers are valid OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green! Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. Nameservers are lame OK. All the nameservers listed at the parent servers answer authoritatively for your domain. Missing nameservers reported by parent OK. All NS records are the same at the parent and at your nameservers. Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again: ns1.domain.com. ns2.domain.com. Domain CNAMEs OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. NSs CNAME check OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Different subnets OK. Looks like you have nameservers on different subnets! IPs of nameservers are public Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like DNS servers allow TCP connection OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. Different autonomous systems OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down. Stealth NS records sent Ok. No stealth ns records are sent SOA SOA record No valid SOA record came back! MX MX Records Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers! WWW WWW A Record ERROR: I could not get any A records for www.domain.com! (I only do a cache request, if you recently added a WWW A record, it might not show up here.)
Posted above is most od the output from the suggested site, the issue is, that the records are not missing so dont no why it cant find it, also yes i only have the one IP address what i use for everything but this was never an issue before.
The above errors mean that your dns server is not responding at all for that zone. Check the zone on the shell of your server with dig: dig @localhost yourdomain.com
Already did this and seen no issue, here is the output: ~# dig @localhost domain.com ; <<>> DiG 9.8.1-P1 <<>> @localhost domain.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41036 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;domain.com. IN A ;; ANSWER SECTION: domain.com. 3600 IN A 81.xx.xx.209 ;; AUTHORITY SECTION: domain.com. 3600 IN NS ns1.domain.com. domain.com. 3600 IN NS ns2.domain.com. ;; ADDITIONAL SECTION: ns1.domain.com. 3600 IN A 81.xx.xx.209 ns2.domain.com. 3600 IN A 81.xx.xx.209 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 23 15:52:03 2015 ;; MSG SIZE rcvd: 114
So it is working internally but not from outside. Please check with: netstat -tap that bind is listening on the external interface (and not just localhost) and ensure that bind is not blocked by a firewall.
# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 svr1.domainserver:10023 *:* LISTEN 3052/postgrey.pid - tcp 0 0 svr1.domainservers:9000 *:* LISTEN 12286/php-fpm.conf) tcp 0 0 svr1.domainserver:10024 *:* LISTEN 2990/amavisd (maste tcp 0 0 svr1.domainserver:10025 *:* LISTEN 4316/master tcp 0 0 *:mysql *:* LISTEN 2592/mysqld tcp 0 0 *:submission *:* LISTEN 4316/master tcp 0 0 svr1.domainserver:11211 *:* LISTEN 4127/memcached tcp 0 0 *op3 *:* LISTEN 2526/dovecot tcp 0 0 *:1935 *:* LISTEN 4352/java tcp 0 0 svr1.domainserver:spamd *:* LISTEN 3162/spamd.pid tcp 0 0 *:imap2 *:* LISTEN 2526/dovecot tcp 0 0 *:http-alt *:* LISTEN 14029/apache2 tcp 0 0 *:http *:* LISTEN 14029/apache2 tcp 0 0 *:tproxy *:* LISTEN 14029/apache2 tcp 0 0 *:ssmtp *:* LISTEN 4316/master tcp 0 0 svr1.domainservers:7634 *:* LISTEN 4099/hddtemp tcp 0 0 mmg1.local:domain *:* LISTEN 16344/named tcp 0 0 mmg1.local:domain *:* LISTEN 16344/named tcp 0 0 mmg1.morganmulti:domain *:* LISTEN 16344/named tcp 0 0 mmg1.morganmulti:domain *:* LISTEN 16344/named tcp 0 0 *:ftp *:* LISTEN 4330/pure-ftpd (SER tcp 0 0 *:ipp *:* LISTEN 2207/cupsd tcp 0 0 *:5080 *:* LISTEN 4352/java tcp 0 0 svr1.domainserversd:953 *:* LISTEN 16344/named tcp 0 0 *:smtp *:* LISTEN 1661/postscreen tcp 0 0 *:https *:* LISTEN 14029/apache2 tcp 0 0 *:9980 *:* LISTEN 4352/java tcp 0 0 *:222 *:* LISTEN 2120/sshd tcp 0 0 *:imaps *:* LISTEN 2526/dovecot tcp 0 0 svr1.domainservers:8994 *:* LISTEN 4188/php-fpm.conf) tcp 0 0 svr1.domainservers:8995 *:* LISTEN 9185/php-fpm.conf) tcp 0 0 *op3s *:* LISTEN 2526/dovecot tcp 0 0 svr1.domainservers:8996 *:* LISTEN 4198/php-fpm.conf) tcp 0 0 svr1.domainservers:8997 *:* LISTEN 4193/php-fpm.conf) tcp 0 0 svr1.domainservers:8998 *:* LISTEN 4183/php-fpm.conf) tcp 0 0 *:902 *:* LISTEN 3789/vmware-authdla tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55582 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55597 TIME_WAIT - tcp 0 0 svr1.domainserversd:222 MyHome-PC1.home:64475 ESTABLISHED 9531/sshd: root@not tcp 0 0 svr1.domainservers:http 46.229.164.98:64587 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55576 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55608 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55617 TIME_WAIT - tcp 0 0 svr1.domainservers:http 46.229.164.98:30738 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55616 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55629 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55619 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55615 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55623 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55587 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55588 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55592 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55577 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55609 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55625 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55590 TIME_WAIT - tcp 0 0 svr1.domainserver:59804 svr1.domainserversd:ftp TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55627 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55580 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55624 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55628 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55598 TIME_WAIT - tcp 1 0 svr1.domainserver:47502 mistletoe.canonica:http CLOSE_WAIT 8003/ubuntu-geoip-p tcp 0 0 svr1.domainservers:http 46.229.164.98:49259 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55575 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55573 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55635 TIME_WAIT - tcp 0 0 svr1.domainservers:http 46.229.164.98:11428 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55630 TIME_WAIT - tcp 0 0 svr1.domainserver:33337 svr1.domainserver:imap2 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55579 TIME_WAIT - tcp 0 0 svr1.domainservers:http 46.229.164.98:25136 FIN_WAIT2 - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55637 TIME_WAIT - tcp 0 0 svr1.domainserversd:222 MyHome-PC1.home:50691 ESTABLISHED 4175/0 tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55589 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55611 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55581 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55633 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55593 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55613 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55600 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55636 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55595 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55585 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55610 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55596 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55594 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55634 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55626 TIME_WAIT - tcp 0 0 svr1.domainserver:46167 svr1.domainservers:http TIME_WAIT - tcp 0 0 svr1.domainservers:http 46.229.164.98:34760 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55583 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55618 TIME_WAIT - tcp 0 0 svr1.domainservers:http 46.229.164.99:9542 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55586 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55591 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55620 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55614 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55599 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55612 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55622 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55631 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55607 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55621 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55584 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55638 TIME_WAIT - tcp 0 0 svr1.domainservers:7634 svr1.domainserver:55632 TIME_WAIT - tcp6 0 0 [::]:submission [::]:* LISTEN 4316/master tcp6 0 0 [::]op3 [::]:* LISTEN 2526/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN 2526/dovecot tcp6 0 0 [::]:ssmtp [::]:* LISTEN 4316/master tcp6 0 0 [::]:domain [::]:* LISTEN 16344/named tcp6 0 0 [::]:ftp [::]:* LISTEN 4330/pure-ftpd (SER tcp6 0 0 [::]:ipp [::]:* LISTEN 2207/cupsd tcp6 0 0 [::]:smtp [::]:* LISTEN 1661/postscreen tcp6 0 0 [::]:222 [::]:* LISTEN 2120/sshd tcp6 0 0 [::]:imaps [::]:* LISTEN 2526/dovecot tcp6 0 0 [::]op3s [::]:* LISTEN 2526/dovecot tcp6 0 0 [::]:902 [::]:* LISTEN 3789/vmware-authdla
when you say firewall do you mean IPTables? if so, what should i use to find out the output that bind would be listed in IPTables?
UPDATE: I loaded every doamin on the server and 4 out of around 20 loaded on two different browers, so the issue is not the DNS being blocked, but some other issue with the DNS I think.
Currently the dns is blocked by e.g. a firewall, you can not test dns on the browser as the browser will contact the nearest dns cache and not your server and the domain will work as long as the cache did not invalidate the old record.