[SOLVED] Nameserver not working

Discussion in 'ISPConfig 3 Priority Support' started by alleyoopster, Aug 19, 2015.

  1. alleyoopster

    alleyoopster New Member

    Hi,

    I would like to get some ideas about troubleshooting this issue and resolve it. I have a new install with Debian 8 which went OK. I am using NGINX, so I had to improvise a little from the standard Server guide for Debian with Apache .... install.

    Glue settings are set up at the Domain manager and I can ping the servers IP and ping the name servers by name, but cannot ping added websites or the main server address by name or of course browse the sites. Anything that is using DNS is broken. Logs show network unreachable and DNS client cache query failing with denied.

    ISPCONFIG DNS ZONE for server
    Code:
    A h1-server.com. 188.226.193.152 0 3600
    
    
    A mail 188.226.193.152 0 3600
    
    
    A www 188.226.193.152 0 3600
    
    
    MX h1-server.com. mail.h1-server.com. 10 3600
    
    
    NS h1-server.com. ns1.h1-server.com. 0 3600
    
    
    NS h1-server.com. ns2.h1-server.com. 0 3600 
    ping from home desktop to server h1-server.com
    Code:
    ping: unknown host h1-server.com

    ping from home desktop to server ns2.h1-server.com
    Code:
    PING ns2.h1-server.com (188.226.193.152) 56(84) bytes of data.
    
    64 bytes from 188.226.193.152: icmp_seq=1 ttl=48 time=164 ms
    
    64 bytes from 188.226.193.152: icmp_seq=2 ttl=48 time=164 ms
    
    64 bytes from 188.226.193.152: icmp_seq=3 ttl=48 time=164 ms
    
    
    

    Here are some logs I have.

    daemon.log
    Code:
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/A/IN': 2a01:608:ffff:a011::200#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'a.ntpns.org/A/IN': 2001:500:2e::1#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'i.ntpns.org/A/IN': 2a01:608:ffff:a011::200#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'i.ntpns.org/AAAA/IN': 2a01:608:ffff:a011::200#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/AAAA/IN': 2a01:608:ffff:a011::200#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/A/IN': 2001:500:2e::1#53
    Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'a.ntpns.org/AAAA/IN': 2001:500:2e::1#53
    Aug 19 22:11:27 cirrus named[573]: error (network unreachable) resolving 'ntp.org/DS/IN': 2001:500:c::1#53
    Aug 19 22:11:27 cirrus ntpd_intres[1258]: DNS 0.debian.pool.ntp.org -> 146.185.130.223
    Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#54127 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied
    Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#29574 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied
    Aug 19 22:11:29 cirrus named[573]: error (unexpected RCODE SERVFAIL) resolving '1.debian.pool.ntp.org/A/IN': 207.171.17.42#53
    Aug 19 22:11:29 cirrus named[573]: error (unexpected RCODE SERVFAIL) resolving '1.debian.pool.ntp.org/AAAA/IN': 207.171.17.42#53
    Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 1.debian.pool.ntp.org -> 195.242.98.57
    Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#38270 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied
    Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 2.debian.pool.ntp.org -> 82.161.250.114
    Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 3.debian.pool.ntp.org -> 141.138.138.136
    Aug 19 22:11:30 cirrus named[573]: client 67.215.86.19#56307 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied
    Aug 19 22:11:36 cirrus named[573]: client 67.215.86.17#49235 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:36 cirrus named[573]: client 67.215.86.17#30832 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.17#58335 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#19053 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.17#32010 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#34039 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#18053 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#17758 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied
    Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#48734 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#30980 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#28608 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#12175 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#59698 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#42496 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#22459 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#50496 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#26338 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#39949 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#42209 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#57882 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.11#4156 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:46 cirrus named[573]: client 67.215.86.11#36388 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:47 cirrus named[573]: client 67.215.86.11#38114 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:47 cirrus named[573]: client 67.215.86.11#2856 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#35508 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#27855 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#11381 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#11657 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#25251 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#24023 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#57739 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#27480 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#29581 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#15567 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#35368 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#48643 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied
    
    dig
    Code:
    ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57688
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;.                              IN      NS
    
    ;; ANSWER SECTION:
    .                       517630  IN      NS      m.root-servers.net.
    .                       517630  IN      NS      a.root-servers.net.
    .                       517630  IN      NS      l.root-servers.net.
    .                       517630  IN      NS      j.root-servers.net.
    .                       517630  IN      NS      c.root-servers.net.
    .                       517630  IN      NS      i.root-servers.net.
    .                       517630  IN      NS      g.root-servers.net.
    .                       517630  IN      NS      f.root-servers.net.
    .                       517630  IN      NS      h.root-servers.net.
    .                       517630  IN      NS      k.root-servers.net.
    .                       517630  IN      NS      e.root-servers.net.
    .                       517630  IN      NS      b.root-servers.net.
    .                       517630  IN      NS      d.root-servers.net.
    
    ;; Query time: 5 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Aug 19 22:16:39 SAST 2015
    ;; MSG SIZE  rcvd: 239
    

    I included some conf files, but I went over the allowed number of characters for a post here so I'll stop now.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The DNS zone is incomplete. When a zone uses subdomains of itself as NS records, then these subdomains have to be set as A recrds as well. Add a record for ns1 and one for ns2 to the zone h1-server.com.
     
  3. alleyoopster

    alleyoopster New Member

    I have added A records for ns1 and ns2 as shown below, but problem persists. (I also tried creating a new site - ping was unresolved. I was expecting to see DNS entries for the new site, but there were none. Is this correct? )

    This is now my zone h1-server.com. as shown in ispconfig
    Code:
    
    A h1-server.com. 188.226.193.152 0 3600
    
    A mail 188.226.193.152 0 3600
    
    A ns1.h1-server.com 188.226.193.152 0 300
    
    A ns2.h1-server.com 188.226.193.152 0 300
    
    A www 188.226.193.152 0 3600
    
    MX h1-server.com. mail.h1-server.com. 10 3600
    
    NS h1-server.com. ns1.h1-server.com. 0 3600
    
    NS h1-server.com. ns2.h1-server.com. 0 3600
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    - Check the syslog file for named errors.
    - Check if the created zone file has an .err file endig, if thats the case then the file has been rejected by bind due to errors.
    - Is your server

    No. DNS is a service of the BIND nameserver and a website is an apache vhost, they are not connected. You problem is a dns problem, it is not related to a website.
     
  5. alleyoopster

    alleyoopster New Member

    None
    Yes there was one for the zone. I tracked the problem down to my error adding the A records. I added ns1.h1-server.com and it should have been just ns1. Correcting this has resolved the problem of accessing the server, however not able to use websites after creation - see below
    After correcting the error I can now ping the server name and see a landing page for apache, although it is actually running NGINX.
    What I am missing now is being able to ping / access the website I created as I still get a lookup failure and see the denied message in the named log. I am coming from Virtualmin which creates a zone for each virtual server that is created, hence I was expecting a new zone when I created a website. Are extra steps needed after creating a website?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    When you add a fully qualified domain name in dns, then thi has to end with a dot. So adding ns1.h1-server.com is fine, it just has to be "ns1.h1-server.com.".

    When you see an apache page then apache is running and not nginx. Staop apache and then start nginx.
     
  7. alleyoopster

    alleyoopster New Member

    Thanks.

    Apache is definitely not running and is not installed. I checked the by stopping NGINX and the page wouldn't load, started it up and the page was back. /var/www/html has 2 files, index.html and index.nginx-debian.html. The index.html loads by default and that is the Apache page I am seeing. I have renamed now to avoid confusion and renamed the nginx one to index.html

    With regards to the problem with creating a web site, I am a little confused. I have a domain name - artdo.in. At the domain registrar It is setup with nameservers ns1/ns2.h1-server.com. When I externally ping artdo.in I get unknown host. In order for the lookup to work do I not need an entry in my nameserver on h1-server.com?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Is the hostname of the server maybe identical to this domain? This can not be the case as nginx will deliver a wrong zone then. The server hostname has to be a subdomain like server1.example.com and not example.com or www.example.com as decsribed in the perfect server guides.

    Sure. When you set your server to be the authoritive dns server for a zone, then you have to craete that zone on this server, otherwise the domain can not be resolved.
     
  9. alleyoopster

    alleyoopster New Member

    hostname -f
    cirrus.h1-server.com
    Ah OK. I think I misunderstood a while back. I was struggling with the DNS zone not being created by creating a website. I am used to seeing this with Virtualmin. Is there any reason that this is not the case? It seems to make sense to me that the ispconfig script should automatically create the zone, than have to do in manually.
    EDIT - I added the zone and hey presto all as it should be :)
     
    Last edited: Aug 20, 2015
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig is made for larger ISP setups with many servers, so unlike virtualmin it is nothing unusual in an ispconfig cluster that DNS records are managed externally or that you have several dns server clusters in your controlpanel or that domains are used for email only etc. so it is not useful to limit the functionality of the system by binding DNS records to websites as an automatically created dns record can really harm when the local dns server is not the authoritive server.
     
  11. alleyoopster

    alleyoopster New Member

    OK that makes sense. Thanks for your help with this matter till. :)
     

Share This Page