Nameserver Issue

Check if that ip is running on your server (seems ok)
Be sure there is an A record and NS record for that nameserver on your server (seems no ok).
 
Check if that ip is running on your server (seems ok)
Be sure there is an A record and NS record for that nameserver on your server (seems no ok).

Server IP is added and linked to main IP.

Where would I add the A/NS records as these are already added on the main server domain (web-hosting-uk.com)
 
Your secondary IP is not responding to DNS queries:

j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.172
;; connection timed out; no servers could be reached
j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.171
185.42.222.171
j@9ub3:~$

Check that both IPs are listed for both UDP and TCP using this command:
Code:
netstat -lnp | grep named
 
Your secondary IP is not responding to DNS queries:

j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.172
;; connection timed out; no servers could be reached
j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.171
185.42.222.171
j@9ub3:~$

Check that both IPs are listed for both UDP and TCP using this command:
Code:
netstat -lnp | grep named

See image https://ibb.co/h1nwH8n
 
Where would I add the A/NS records as these are already added on the main server domain (web-hosting-uk.com)
That's the correct place if you already added them there.

What firewall are your running? Is it maybe only serving the main ip some way?

Try telnetting like this from your server:
Code:
telnet 185.42.222.172 53
if you can connect try
Code:
telnet ns2.web-hosting-uk.com 53
If all is well you should also be able to connect.

If yes, the port is blocked some how.
Or maybe something in your /etc/named.conf which should look like this on a DA install:
Code:
options {
        //listen-on port 53 { 127.0.0.1; };
        //listen-on-v6 port 53 { ::1; };
 
Richard G;303110 Try telnetting like this from your server: [code said:
telnet 185.42.222.172 53[/code]
if you can connect try
Code:
telnet ns2.web-hosting-uk.com 53

Seems like named is just not accepting outside connections on that IP:
Code:
[~]$ telnet 185.42.222.172 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$ telnet ns2.web-hosting-uk.com 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$

I closed port 53 in my firewall (CSF/LFD) to test the outcome of telnet to a closed port, and it times out rather than giving the connection refused error. I know that Connection refused via SSH usually implies that SSH was configured to refuse the type of connection attempted. Perhaps this is the same with named.

Can you log into the server via SSH as root and then try the telnet? Perhaps that IP is configured in named to only listen to local connections rather than remote?

Code:
telnet 185.42.222.172 53
 
Seems like named is just not accepting outside connections on that IP:
Code:
[~]$ telnet 185.42.222.172 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$ telnet ns2.web-hosting-uk.com 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$

I closed port 53 in my firewall (CSF/LFD) to test the outcome of telnet to a closed port, and it times out rather than giving the connection refused error. I know that Connection refused via SSH usually implies that SSH was configured to refuse the type of connection attempted. Perhaps this is the same with named.

Can you log into the server via SSH as root and then try the telnet? Perhaps that IP is configured in named to only listen to local connections rather than remote?

Code:
telnet 185.42.222.172 53

[root@server1 /]# telnet 185.42.222.172 53
Trying 185.42.222.172...
Connected to 185.42.222.172.

[root@server1 /]# telnet ns2.web-hosting-uk.com 53
Trying 185.42.222.172...
Connected to ns2.web-hosting-uk.com.

/etc/named.conf config

options {
allow-transfer { none; };
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats$
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
//allow-query { localhost; };

Im using CSF as my firewall.
 
Is there an /etc/named.conf.d/ or an /etc/named.d/ directory? Also, if you restart named, does it help?
 
From outside i guess port 53 is closed / csf for some.
For this one or is not configured / setup well U ns2.web-hosting-uk.com
185.42.222.172
London/England/United Kingdom (GB) - Clouvider Limited

https://mxtoolbox.com/domain/web-hosting-uk.com/

is that ip setup correct at your hosters network. only port ( from standard ports) 22 and 8080 are open from outside for that ip

Also take care of all those things!


iP address 185.42.222.171:
Support for anonymous cipher suites
Trigger This service supports 4 anonymous cipher suit
Support for RC4 cipher
Trigger The server supports a cipher suite containing the RC4 cipher.
Support for Triple DES cipher
Trigger The server supports a cipher suite containing the 3DES cipher.
Support for TLS Fallback SCSV
Trigger The server does not support TLS Fallback SCSV.

TLS 1.0

ON PORT SSh 22 for iP address 185.42.222.172:
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Support for CAST-128 cipher
Trigger The server supports the CAST-128 cipher.
Support for Blowfish cipher
Trigger The server supports the Blowfish cipher.
SSH DSA key length
Trigger The server uses a 1024-bit DSA key.
Support for RC4 cipher
Trigger The server supports the RC4 cipher.
Support for 3DES cipher
Trigger The server supports the 3DES cipher.

Regarding those test the ns2... seem to looks like a different BOX with very old settings / security and closed port 53 also
 
Last edited:
Sorry is it one box / server having those 2 ips, 185.42.222.172 and 185.42.222.171?

If so try ssh to both ips from extern to check, while port 22 is open for both ips only it looks like 2 different servers/ boxes /vpn whatever. See my test result above.

IF it are 2 different and you know and have acces to both then look at the one with 185.42.222.172 and the connection port 53 while this is from extern closed...

Normally ns1 and ns2 needed on diferent C class IP! and for more reasons on more/different boxes while else the ns1 ns2 and so on makes no sense ( for some domain tlds not possible to have it this way)

BOTH IP"S trying to connect on port 2222 with this certname
server1.web-hosting-uk.com
for that only
 
Last edited:
It seems you manage to fix it?
I was able to "telnet 185.42.222.172 53" so it's open now.

Both nameservers are working and rDNS is also correct.
Any issues left?
 
OK looks like you solved.
Also some of my remarks above to i hope we did help you out?

This one stays however:
Name Servers are on the Same Subnet
 
Last edited:
Only change I made was flushing all banned IP's from CSF so it may be the firewall causing the issue, I'll get 185.42.222.172 white listed an keep an eye on it.
 
Only change I made was flushing all banned IP's from CSF so it may be the firewall causing the issue, I'll get 185.42.222.172 white listed an keep an eye on it.

Looks like it was already added by CSF - https://ibb.co/mRFT1fM

going to leave it to do its thing and should it become blocked again i'll check the logs within CSF.
 
Last edited:
Only change I made was flushing all banned IP's from CSF so it may be the firewall causing the issue, I'll get 185.42.222.172 white listed an keep an eye on it.

Yup you have still a lott of unsafe to old software versions , settings, configs, ciphers, and and openssh 7.4
https://observatory.mozilla.org/analyze/web-hosting-uk.com#ssh
Remove these key exchange algorithms: diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1

Remove these MAC algorithms: [email protected], [email protected], [email protected], hmac-sha1

Remove these encryption ciphers: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc

Remove these authentication methods: gssapi-keyex, gssapi-with-mic, password

TLS 1.0 is to old and TLS 1.1 jan 2020 also
https://forum.directadmin.com/showthread.php?t=59202
 
How do you normally update from TLS 1.0 to 1.2, which files need changing?
 
Back
Top