[SOLVED] ISPConfig Nameserver Setup

Thanks @till

OK, so I disabled resolved;

Code:

sudo systemctl stop systemd-resolved

Checked its status;

Code:

sudo systemctl status systemd-resolved

It shows as inactive(dead)

I then stopped & restarted bind9 and re-checked its status;

Code:

systemctl stop bind9.service
systemctl start bind9.service
systemctl status bind9.service

This shows as active(exited)

I thought that perhaps forcing an update and letting it configure services would resolve the issues;

Code:

ispconfig_update.sh --force

But, when I try this I get the following error;

Code:

Unable to retrieve version file.root@server:~#

Any ideas on where to go now? I am thinking that installing ISPConfig on a new Ubuntu server, without updating DNS, then using the Migration Tool to move the installation to this new spare server. Next to re-install Ubuntu then ISPConfig on my production server, so I have a brand new setup and at the time of installation DNS propagation will be correct. Then migrate back from the spare server to my production server?

What do you suggest?

 

Thanks @till

@Th0m - if you can help I would be grateful as its only a few days and my secondary nameserver will be going offline (pending creation of a new one on another VPS), which means my whole installation will fail

 

Hi @till / @Taleman

I contacted my VPS provider and they confirmed that the provided Ubuntu image is "Ubuntu 20.04.5 LTS version with the minimal variant".
They also provided information on how to install & configure bind9, which I have followed and now I see bind9's status as active(running). The status shows as;

Code:

named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-01-24 22:28:51 UTC; 24min ago
       Docs: man:named(8)
   Main PID: 297 (named)
      Tasks: 8 (limit: 19660)
     Memory: 7.4M
     CGroup: /system.slice/named.service
             └─297 /usr/sbin/named -f -u bind

Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:200::b#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:7fd::1#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:1::53#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:2::c#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:2d::d#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:7fe::53#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:9f::42#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:500:12::d0d#53
Jan 24 22:53:39 server.mydomain.com named[297]: network unreachable resolving 'org/DS/IN': 2001:dc3::35#53
Jan 24 22:53:39 server.mydomain.com named[297]: broken trust chain resolving 'r3.o.lencr.org/A/IN': 8.8.8.8#53

In case anyone else is looking, this is what I did to enable it;
https://cloudinfrastructureservices...d-dns-on-ubuntu-20-04-server-setup-configure/

However I didn't edit the nano /etc/bind/named.conf.local file as this already has all my sites details entered by ISPConfig and I didn't want to cause any issues with ISPConfigs configuration - so I omitted the section on the above tutorial showing to add;

Code:

zone "0.16.172.in-addr.arpa" {
 type master;
 file "https://net.cloudinfrastructureservices.co.uk/etc/bind/reverse.mydomain.com";
};

I did run the following command which gave no reply, indicating there are no errors;

Code:

named-checkconf

So, I thought I would try @Taleman advice from earlier...

Code:

host mydomain.com xxx.xxx.xxx.xxx

I now get the response;

Code:

Using domain server:
Name: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Aliases:

mydomain.com has address xxx.xxx.xxx.xxx
mydomain.com mail is handled by 0 mydomain.com.mail.protection.outlook.com.

So, does this mean this is now working as a nameserver properly?

I did also try;

Code:

ispconfig_update.sh --force

But get the response;

Code:

Unable to retrieve version file.root@server:/etc/bind#

So, clearly things are still not quite right :-(

 

Yes, although you should check all the entries you have entered, that they return the expected result. And verify with whois mydomain.com the name servers are shown correctly.

 

Thanks - it certainly looks promising - I have removed the DNS zone for one (unimportant) website from the secondary nameserver (not this one) and am waiting for this to propagate so I can see if the website is still visible - if it is I will know that the address is being served from this machine (my primary nameserver).

Is there a reason why;

Code:

ispconfig_update.sh --force

throws up an error now? I am just slightly concerned that because of the installation problems that the server may prove to be less than reliable!

 

I investigated this more and

Code:

ping google.com

responds with

Code:

ping: google.com: Temporary failure in name resolution

So, clearly not right :-(

 

ping is not a good tool for testing name service. Use

Code:

host google.com

for that, and verify what name server the host on which you are testing is using. It may be not your name server at all. Perhaps examine /etc/resolv.conf to see which name servers are used.
Have you now read the DNS setup tutorial linked to in my signature?

 

This gives;

Code:

Host google.com not found: 2(SERVFAIL)

resolv.conf doesn't exist here, there is a folder /etc/resolvconf/resolv.conf.d - but I dont see resolv.conf anywhere here.

Yes, I did read through it, but haven't followed everything yet as I was trying to get the server functioning correctly before setting everything up and then if the server wont work properly having to restart from the begining.

I have contacted my VPS provider to see if they can provide me with a VPS with the standard Ubuntu image, rather than the minimal one they have provided, as I know everything works fine on that and the issue seems to be the minimal image [/CODE]

 

@till @Taleman

Many thanks for your help trying to resolve this. In the end I have created a new full blown Ubuntu VPS with a different VPS provider as the current choice can only offer a minimal installation.

I then checked that bind9 was active(running) on the new instance, and it was. So I migrated from the minimal VPS to the new one and as far as I can tell everything is working fine immediately. I updated DNS last night and it seems to have propagated completely and everything is working as expected.

So, my conclusion is that, certainly in my case, ISPConfig doesn't play well with minimal Ubuntu installations.

But, I really appreciate all the time and effort you have put in to resolving this problem and hopefully there will be some useful snippets in this thread for others to benefit from.

 

Thanks @till - thanks for that, I will bear that in mind if I need to move host again. Its a shame that the provider I was trying to set up with had modified the minimal image then.
I did contact Th0m and he did come back to me with their charges. Unfortunately, as a hobbyist not a company, and without knowing how long it would take to resolve - I couldn't commit to their hourly support charge as it could have cost $100's to get him to remedy the issue.
I am hosting 2 websites for friends who are 'one man bands', but they weren't in a position to help cover the charges... hence the move again.
As my minimal VPS doesnt close till 3rd February, I did think of seeing if I can find a list of requirements for ISPConfig and seeing what is missing from the base installation, installing them and trying a new installation to see if it works. But as there is only a couple of days to do this it may not happen!
Anyway, thanks again

 

In case anyone else has this problem with a similar set up, I have moved back to the VPS provider who will only provide a minimal Ubuntu image using resolv and everything seems to be working OK... I reinstalled the minimal O/S and before doing anything I diabled resolv and installed bind9 and got it working. I then migrated the server back to this platform and it all seems to be working perfectly - so I would suggest to anyone with similar issues to setup bind9 first before installing ISPConfig.

 

Interesting approach because normally ISPConfig Auto Installer should 've already installed bind9, so I do not see why you have to install it before hand as that negates the rule of installing ISPConfig in a clean new system.