Hi, I would like to get some ideas about troubleshooting this issue and resolve it. I have a new install with Debian 8 which went OK. I am using NGINX, so I had to improvise a little from the standard Server guide for Debian with Apache .... install. Glue settings are set up at the Domain manager and I can ping the servers IP and ping the name servers by name, but cannot ping added websites or the main server address by name or of course browse the sites. Anything that is using DNS is broken. Logs show network unreachable and DNS client cache query failing with denied. ISPCONFIG DNS ZONE for server Code: A h1-server.com. 188.226.193.152 0 3600 A mail 188.226.193.152 0 3600 A www 188.226.193.152 0 3600 MX h1-server.com. mail.h1-server.com. 10 3600 NS h1-server.com. ns1.h1-server.com. 0 3600 NS h1-server.com. ns2.h1-server.com. 0 3600 ping from home desktop to server h1-server.com Code: ping: unknown host h1-server.com ping from home desktop to server ns2.h1-server.com Code: PING ns2.h1-server.com (188.226.193.152) 56(84) bytes of data. 64 bytes from 188.226.193.152: icmp_seq=1 ttl=48 time=164 ms 64 bytes from 188.226.193.152: icmp_seq=2 ttl=48 time=164 ms 64 bytes from 188.226.193.152: icmp_seq=3 ttl=48 time=164 ms Here are some logs I have. daemon.log Code: Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/A/IN': 2a01:608:ffff:a011::200#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'a.ntpns.org/A/IN': 2001:500:2e::1#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'i.ntpns.org/A/IN': 2a01:608:ffff:a011::200#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'i.ntpns.org/AAAA/IN': 2a01:608:ffff:a011::200#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/AAAA/IN': 2a01:608:ffff:a011::200#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'e.ntpns.org/A/IN': 2001:500:2e::1#53 Aug 19 22:11:17 cirrus named[573]: error (network unreachable) resolving 'a.ntpns.org/AAAA/IN': 2001:500:2e::1#53 Aug 19 22:11:27 cirrus named[573]: error (network unreachable) resolving 'ntp.org/DS/IN': 2001:500:c::1#53 Aug 19 22:11:27 cirrus ntpd_intres[1258]: DNS 0.debian.pool.ntp.org -> 146.185.130.223 Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#54127 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#29574 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied Aug 19 22:11:29 cirrus named[573]: error (unexpected RCODE SERVFAIL) resolving '1.debian.pool.ntp.org/A/IN': 207.171.17.42#53 Aug 19 22:11:29 cirrus named[573]: error (unexpected RCODE SERVFAIL) resolving '1.debian.pool.ntp.org/AAAA/IN': 207.171.17.42#53 Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 1.debian.pool.ntp.org -> 195.242.98.57 Aug 19 22:11:29 cirrus named[573]: client 67.215.86.19#38270 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 2.debian.pool.ntp.org -> 82.161.250.114 Aug 19 22:11:29 cirrus ntpd_intres[1258]: DNS 3.debian.pool.ntp.org -> 141.138.138.136 Aug 19 22:11:30 cirrus named[573]: client 67.215.86.19#56307 (ns1.h1-server.com): query (cache) 'ns1.h1-server.com/A/IN' denied Aug 19 22:11:36 cirrus named[573]: client 67.215.86.17#49235 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:36 cirrus named[573]: client 67.215.86.17#30832 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.17#58335 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#19053 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.17#32010 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#34039 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#18053 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:37 cirrus named[573]: client 67.215.86.13#17758 (ns2.h1-server.com): query (cache) 'ns2.h1-server.com/A/IN' denied Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#48734 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#30980 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#28608 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:45 cirrus named[573]: client 67.215.86.15#12175 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#59698 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#42496 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#22459 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#50496 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#26338 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#39949 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.21#42209 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.15#57882 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.11#4156 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:46 cirrus named[573]: client 67.215.86.11#36388 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:47 cirrus named[573]: client 67.215.86.11#38114 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:47 cirrus named[573]: client 67.215.86.11#2856 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#35508 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#27855 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:47 cirrus named[573]: client 67.215.86.15#11381 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#11657 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#25251 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#24023 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#57739 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#27480 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#29581 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#15567 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.11#35368 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied Aug 19 22:11:48 cirrus named[573]: client 67.215.86.15#48643 (h1-server.com): query (cache) 'h1-server.com/A/IN' denied dig Code: ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57688 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 517630 IN NS m.root-servers.net. . 517630 IN NS a.root-servers.net. . 517630 IN NS l.root-servers.net. . 517630 IN NS j.root-servers.net. . 517630 IN NS c.root-servers.net. . 517630 IN NS i.root-servers.net. . 517630 IN NS g.root-servers.net. . 517630 IN NS f.root-servers.net. . 517630 IN NS h.root-servers.net. . 517630 IN NS k.root-servers.net. . 517630 IN NS e.root-servers.net. . 517630 IN NS b.root-servers.net. . 517630 IN NS d.root-servers.net. ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Aug 19 22:16:39 SAST 2015 ;; MSG SIZE rcvd: 239 I included some conf files, but I went over the allowed number of characters for a post here so I'll stop now.
The DNS zone is incomplete. When a zone uses subdomains of itself as NS records, then these subdomains have to be set as A recrds as well. Add a record for ns1 and one for ns2 to the zone h1-server.com.
I have added A records for ns1 and ns2 as shown below, but problem persists. (I also tried creating a new site - ping was unresolved. I was expecting to see DNS entries for the new site, but there were none. Is this correct? ) This is now my zone h1-server.com. as shown in ispconfig Code: A h1-server.com. 188.226.193.152 0 3600 A mail 188.226.193.152 0 3600 A ns1.h1-server.com 188.226.193.152 0 300 A ns2.h1-server.com 188.226.193.152 0 300 A www 188.226.193.152 0 3600 MX h1-server.com. mail.h1-server.com. 10 3600 NS h1-server.com. ns1.h1-server.com. 0 3600 NS h1-server.com. ns2.h1-server.com. 0 3600
- Check the syslog file for named errors. - Check if the created zone file has an .err file endig, if thats the case then the file has been rejected by bind due to errors. - Is your server No. DNS is a service of the BIND nameserver and a website is an apache vhost, they are not connected. You problem is a dns problem, it is not related to a website.
None Yes there was one for the zone. I tracked the problem down to my error adding the A records. I added ns1.h1-server.com and it should have been just ns1. Correcting this has resolved the problem of accessing the server, however not able to use websites after creation - see below After correcting the error I can now ping the server name and see a landing page for apache, although it is actually running NGINX. What I am missing now is being able to ping / access the website I created as I still get a lookup failure and see the denied message in the named log. I am coming from Virtualmin which creates a zone for each virtual server that is created, hence I was expecting a new zone when I created a website. Are extra steps needed after creating a website?
When you add a fully qualified domain name in dns, then thi has to end with a dot. So adding ns1.h1-server.com is fine, it just has to be "ns1.h1-server.com.". When you see an apache page then apache is running and not nginx. Staop apache and then start nginx.
Thanks. Apache is definitely not running and is not installed. I checked the by stopping NGINX and the page wouldn't load, started it up and the page was back. /var/www/html has 2 files, index.html and index.nginx-debian.html. The index.html loads by default and that is the Apache page I am seeing. I have renamed now to avoid confusion and renamed the nginx one to index.html With regards to the problem with creating a web site, I am a little confused. I have a domain name - artdo.in. At the domain registrar It is setup with nameservers ns1/ns2.h1-server.com. When I externally ping artdo.in I get unknown host. In order for the lookup to work do I not need an entry in my nameserver on h1-server.com?
Is the hostname of the server maybe identical to this domain? This can not be the case as nginx will deliver a wrong zone then. The server hostname has to be a subdomain like server1.example.com and not example.com or www.example.com as decsribed in the perfect server guides. Sure. When you set your server to be the authoritive dns server for a zone, then you have to craete that zone on this server, otherwise the domain can not be resolved.
hostname -f cirrus.h1-server.com Ah OK. I think I misunderstood a while back. I was struggling with the DNS zone not being created by creating a website. I am used to seeing this with Virtualmin. Is there any reason that this is not the case? It seems to make sense to me that the ispconfig script should automatically create the zone, than have to do in manually. EDIT - I added the zone and hey presto all as it should be
ISPConfig is made for larger ISP setups with many servers, so unlike virtualmin it is nothing unusual in an ispconfig cluster that DNS records are managed externally or that you have several dns server clusters in your controlpanel or that domains are used for email only etc. so it is not useful to limit the functionality of the system by binding DNS records to websites as an automatically created dns record can really harm when the local dns server is not the authoritive server.