Check if that ip is running on your server (seems ok)
Be sure there is an A record and NS record for that nameserver on your server (seems no ok).
netstat -lnp | grep named
Your secondary IP is not responding to DNS queries:
j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.172
;; connection timed out; no servers could be reached
j@9ub3:~$ dig a +short web-hosting-uk.com @185.42.222.171
185.42.222.171
j@9ub3:~$
Check that both IPs are listed for both UDP and TCP using this command:
Code:netstat -lnp | grep named
That's the correct place if you already added them there.Where would I add the A/NS records as these are already added on the main server domain (web-hosting-uk.com)
telnet 185.42.222.172 53
telnet ns2.web-hosting-uk.com 53
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
Richard G;303110 Try telnetting like this from your server: [code said:telnet 185.42.222.172 53[/code]
if you can connect try
Code:telnet ns2.web-hosting-uk.com 53
[~]$ telnet 185.42.222.172 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$ telnet ns2.web-hosting-uk.com 53
Trying 185.42.222.172...
telnet: Unable to connect to remote host: Connection refused
[~]$
telnet 185.42.222.172 53
Seems like named is just not accepting outside connections on that IP:
Code:[~]$ telnet 185.42.222.172 53 Trying 185.42.222.172... telnet: Unable to connect to remote host: Connection refused [~]$ telnet ns2.web-hosting-uk.com 53 Trying 185.42.222.172... telnet: Unable to connect to remote host: Connection refused [~]$
I closed port 53 in my firewall (CSF/LFD) to test the outcome of telnet to a closed port, and it times out rather than giving the connection refused error. I know that Connection refused via SSH usually implies that SSH was configured to refuse the type of connection attempted. Perhaps this is the same with named.
Can you log into the server via SSH as root and then try the telnet? Perhaps that IP is configured in named to only listen to local connections rather than remote?
Code:telnet 185.42.222.172 53
iP address 185.42.222.171:
Support for anonymous cipher suites
Trigger This service supports 4 anonymous cipher suit
Support for RC4 cipher
Trigger The server supports a cipher suite containing the RC4 cipher.
Support for Triple DES cipher
Trigger The server supports a cipher suite containing the 3DES cipher.
Support for TLS Fallback SCSV
Trigger The server does not support TLS Fallback SCSV.
TLS 1.0
ON PORT SSh 22 for iP address 185.42.222.172:
Diffie-Hellman group security
Trigger The server supports the "diffie-hellman-group1-sha1" algorithm.
Support for CAST-128 cipher
Trigger The server supports the CAST-128 cipher.
Support for Blowfish cipher
Trigger The server supports the Blowfish cipher.
SSH DSA key length
Trigger The server uses a 1024-bit DSA key.
Support for RC4 cipher
Trigger The server supports the RC4 cipher.
Support for 3DES cipher
Trigger The server supports the 3DES cipher.
Is there an /etc/named.conf.d/ or an /etc/named.d/ directory? Also, if you restart named, does it help?
for that onlyserver1.web-hosting-uk.com
Only change I made was flushing all banned IP's from CSF so it may be the firewall causing the issue, I'll get 185.42.222.172 white listed an keep an eye on it.
Only change I made was flushing all banned IP's from CSF so it may be the firewall causing the issue, I'll get 185.42.222.172 white listed an keep an eye on it.
Remove these key exchange algorithms: diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
Remove these MAC algorithms: [email protected], [email protected], [email protected], hmac-sha1
Remove these encryption ciphers: aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
Remove these authentication methods: gssapi-keyex, gssapi-with-mic, password
Yup you have still a lott of unsafe to old software versions , settings, configs, ciphers, and and openssh 7.4
https://observatory.mozilla.org/analyze/web-hosting-uk.com#ssh
TLS 1.0 is to old and TLS 1.1 jan 2020 also
https://forum.directadmin.com/showthread.php?t=59202
The link you mentioned isn't very clear on how to update to TLS 1.2 and also the ciphers / MAC algorithms you've pointed out.
Openssh I've updated using YUM.