Results 1 to 7 of 7

Thread: Problems with nameservers

  1. #1
    Join Date
    Oct 2017
    Posts
    5

    Question Problems with nameservers

    Hello,

    I'm trying to setup 2 nameservers for directadmin but the second one is constantly refusing according to intodns
    https://intodns.com/aquariummanager.nl

    I've setup my second dns without directadmin just and the transfer from directadmin to the slave is working correctly.
    Also when I test the connection with "dig ns1.hostplus.nl aquariummanager.nl A" and "dig ns2.hostplus.nl aquariummanager.nl A" I get the same results "NOERROR":
    Code:
    NS1 (Directadmin):
    
    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> ns1.hostplus.nl aquariummanager.nl
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8782
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;ns1.hostplus.nl.               IN      A
    
    ;; ANSWER SECTION:
    ns1.hostplus.nl.        283     IN      A       37.97.142.3
    
    ;; Query time: 0 msec
    ;; SERVER: 2a01:7c8:a::c53#53(2a01:7c8:a::c53)
    ;; WHEN: Mon Oct 09 21:27:33 CEST 2017
    ;; MSG SIZE  rcvd: 60
    
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2044
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;aquariummanager.nl.            IN      A
    
    ;; ANSWER SECTION:
    aquariummanager.nl.     285     IN      A       37.97.142.3
    
    ;; AUTHORITY SECTION:
    aquariummanager.nl.     285     IN      NS      ns1.hostplus.nl.
    aquariummanager.nl.     285     IN      NS      ns2.hostplus.nl.
    
    ;; Query time: 0 msec
    ;; SERVER: 2a01:7c8:a::c53#53(2a01:7c8:a::c53)
    ;; WHEN: Mon Oct 09 21:27:33 CEST 2017
    ;; MSG SIZE  rcvd: 108
    
    NS2:
    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> ns2.hostplus.nl aquariummanager.nl
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58039
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;ns2.hostplus.nl.               IN      A
    
    ;; ANSWER SECTION:
    ns2.hostplus.nl.        300     IN      A       136.144.154.17
    
    ;; Query time: 1 msec
    ;; SERVER: 2a01:7c8:a::c53#53(2a01:7c8:a::c53)
    ;; WHEN: Mon Oct 09 21:28:21 CEST 2017
    ;; MSG SIZE  rcvd: 60
    
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54066
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;aquariummanager.nl.            IN      A
    
    ;; ANSWER SECTION:
    aquariummanager.nl.     237     IN      A       37.97.142.3
    
    ;; AUTHORITY SECTION:
    aquariummanager.nl.     237     IN      NS      ns1.hostplus.nl.
    aquariummanager.nl.     237     IN      NS      ns2.hostplus.nl.
    
    ;; Query time: 0 msec
    ;; SERVER: 2a01:7c8:a::c53#53(2a01:7c8:a::c53)
    ;; WHEN: Mon Oct 09 21:28:21 CEST 2017
    ;; MSG SIZE  rcvd: 108

    And because of the dig results I assume my named.conf is also correctly setup:
    Code:
    NS1 (Directadmin):
    
    options {                                                            
            //listen-on port 53 { 127.0.0.1; };                          
                                                                         
            //listen-on-v6 port 53 { ::1; 2a01:7c8:fff7:3 };             
            directory       "/var/named";                                
            dump-file       "/var/named/data/cache_dump.db";             
            statistics-file "/var/named/data/named_stats.txt";           
            memstatistics-file "/var/named/data/named_mem_stats.txt";    
            recursion no;                                                
                                                                         
            //allow-query     { localhost; 37.97.142.0/24; };            
                                                                         
            dnssec-enable yes;                                           
            dnssec-validation yes;                                       
            dnssec-lookaside auto;                                       
                                                                         
            /* Path to ISC DLV key */                                    
            bindkeys-file "/etc/named.iscdlv.key";                       
                                                                         
            managed-keys-directory "/var/named/dynamic";                 
    };                                                                   
                                                                         
    logging {                                                            
            channel default_debug {                                      
            file "data/named.run";                                       
                    severity dynamic;                                    
            };                                                           
    };                                                                   
                                                                         
    zone "." IN {                                                        
            type hint;                                                   
            file "named.ca";                                             
    };                                                                   
                                                                         
    include "/etc/named.rfc1912.zones";                                  
    include "/etc/named.root.key";       
    zone "aquariummanager.nl" { type master; file "/var/named/aquariummanager.nl.db"; };
    
    NS2:                         
    options {
            listen-on port 53 { 127.0.0.1; 136.144.154.17; };
            //listen-on-v6 port 53 { ::1; };
            directory       "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            //allow-query     { localhost; 37.97.142.3; };
    
            allow-recursion { 127.0.0.1; 37.97.142.3; 136.144.154.17; };
            //recursion yes;
    
            dnssec-enable yes;
            dnssec-validation yes;
    
            /* Path to ISC DLV key */
            bindkeys-file "/etc/named.iscdlv.key";
    
            managed-keys-directory "/var/named/dynamic";
    
            pid-file "/run/named/named.pid";
            session-keyfile "/run/named/session.key";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
            type hint;
            file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    zone "aquariummanager.nl" { type slave; file "/var/named/slaves/aquariummanager.nl.db"; masters { 37.97.142.3; }; };
    Is there something I missed or is there some other problem?
    And yes my ports are open 53 udp and tcp.

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,407
    Hello,

    Also when I test the connection with "dig ns1.hostplus.nl aquariummanager.nl A" and "dig ns2.hostplus.nl aquariummanager.nl A" I get the same results "NOERROR":

    When you're running dig you do it not correct... you're missing @ sing if you want to send your query to a specific NS.

    The second NS does not respond:

    Code:
    $ dig SOA aquariummanager.nl @136.144.154.17
    
    ; <<>> DiG 9.11.0-P2 <<>> SOA aquariummanager.nl @136.144.154.17
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached
    telnet goes fine:

    Code:
    $ telnet ns2.hostplus.nl 53
    Trying 136.144.154.17...
    Connected to ns2.hostplus.nl.
    Escape character is '^]'.
    You should check named logs, and made sure /var/named/slaves/aquariummanager.nl.db exists. And what about allow-transfer http://www.zytrax.com/books/dns/ch7/...allow-transfer ?
    With regards, Alex.

    Professional Server Management for web hosting companies and individuals
    Hourly Support, Disaster Recovery, Server Hardening, Monthly Subscription
    Directadmin installation and optimization

    Click here if you need a Linux Admin

  3. #3
    Join Date
    Oct 2017
    Posts
    5
    Thanks for your reply.

    That explains a lot why I couldn't find out what te problem was.
    The documentation is very helpful and will look into it.

    The file /var/named/slaves/aquariummanager.nl.db does exist with the correct values.

    I'll try to fix my problem later today following the documentation.
    Hopefully without any more problems

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,082
    Setting up master/slave is a lot of work and good looking into the configuration.

    You might consider running Directslave on your non-DA server. Makes life lots easier, does not need the allow-transfer line because it can work with DA's own multiserver setup, just as if you had 2 DA servers. There is a thread on the forums here about it.
    Greetings, Richard.

  5. #5
    Join Date
    Oct 2017
    Posts
    5
    I've tried direct slave.
    But had the same results.

    Turns out that it isn't a setting problem...
    It had something to do with my firewall.
    Turned it of ans it was working.
    Disabled it, installed iptables and set the rules.
    Now al is working.
    I'm considering changing back to directslave now.
    Now I'm using a ssh method shown elsewhere on this forum.

    Any suggestions which is better?

  6. #6
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,407
    You should choose on your own depending on your knowledge, skills and free time. The both are fine. The both have their fans.
    With regards, Alex.

    Professional Server Management for web hosting companies and individuals
    Hourly Support, Disaster Recovery, Server Hardening, Monthly Subscription
    Directadmin installation and optimization

    Click here if you need a Linux Admin

  7. #7
    Join Date
    Oct 2017
    Posts
    5
    I see my last post isn't posted...

    I tried to disable the firewall and at that point everything was working properly.
    I was using centos 7 with its standerd firewall but somehow it wouldn't let me open port 53 so I disabled it and am using iptables now instead.

    Almost like plug and play just adding some rules and everything is working accordingly.

    @Richard: I've tried setting up Directslave but it didn't work for me (stupid me it was the firewall).

    I'm now using a ssh method:
    Adding rule on Directadmin -> handle with a custom script ssh transport of dns file

    I'm not sure what the best method is for transferring DNS record.
    DirectSlave uses http (API) to send the DNS Records, is this a safe method?
    Current method, my master has ssh root access to the second server.

    Or is there a other magical method to transfer DNS Records where i currently not aware of?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •