DNS in DirectAdmin?

[ashworth102680]

I recently setup a machine (Fedora 3) and have DA running on it.

All the ftp accounts and things are good, but I am not able to see any websites on the machine.

The DNS for the ns1 and ns2 nameserver entries seem to resolve correctly to the machine, but the machine doesn't appear to be hosting the domain or broadcasting it correctly.

ANy ideas? The domain is pa-owned.com

http://www.dnsreport.com/tools/dnsreport.ch?domain=pa-owned.com

A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. If you have a Watchguard Firebox, it's due to a bug in their DNS Proxy, which must be disabled..

Is it possible that bind isn't running correctly?

 

[Titam]

Strange, i have da and FC3 too and all is running well.

 

[ashworth102680]

Yeah, I'm not perfect. It COULD be a DNS issue on my end, but everything looks to be normal in my setup.

Could someone maybe look at that dnsstuff.com link and see if it rings any bells?

Once we fix this, all domains will just work

 

[DirectAdmin Support]

Hello,

Looks like you've got a firewall blocking 53. Try

/sbin/service iptables stop
/sbin/chkconfig iptables off

(Assuming that named is running)

John

 

[ashworth102680]

Cannot turn off iptables, because there's no protection....we're on a DMZ and they had to take me out from behind it. That was my only option if I were to use DA.

I will open up port 53 and see if that helps. Thanks!

 

[dbeames]

I agree with John.. he's the man. LoL. Here is my findings:

[root@server /]# dig @ns1.stat.vpi.net pa-owned.com

; <<>> DiG 9.2.3 <<>> @ns1.stat.vpi.net pa-owned.com
;; global options:  printcmd
;; connection timed out; no servers could be reached
[root@server /]#

You gotta enable port 53 traffic for both TCP and UDP (Mainly UDP).

Cannot turn off iptables, because there's no protection....

Yeah, and no one can even resolve your domain. So you are REALLY protected. hehehe.

 

[Mikej0h]

What also might be the problem is you have none DNS servers for your own server.
You must set at least one DNS server in "/etc/resolv.conf".

Of course you can set this to 127.0.0.1, but reconsider using a 3rd party DNS server.

 

[ashworth102680]

I do....

# cat /etc/resolv.conf
search vpi.net
nameserver 64.58.142.2
nameserver 64.58.142.3

Should this be formatted differently??

 

[Mikej0h]

The formatting is the way it should be, so this is not the problem.
As long as the nameservers are recursive it is good.

EDIT: are that your own dns servers ? or dns servers somewhere else in the network ?

 

[nobaloney]

# cat /etc/resolv.conf
search vpi.net
nameserver 64.58.142.2
nameserver 64.58.142.3

Should this be formatted differently??

You really don't need that first line; the purpose of it is so that if your users leave off a domain name in an address, URL, etc., the resolver will presume that domain.

In a shared hosting server it's absolutely worthless (though totally harmless). We've been leaving it off for several years.

I've tested both those nameservers, and they are recursive, and they don't block, so any problem is in your server reaching them.

John's recommendation to turn off iptables wasn't to be meant as turning it off permanently, but just long enough for a test. If you're still having problems I recommend that as well, as it will tell you in a few seconds what otherwise could take hours of trial-and-error.

I'm leaving you a private message on another subject.

Jeff