can't access to server

[gokhanweb]

Hello,
i formatted/installed server four times but can not solve this problem.
i have ded.server on hetzner.

Installed OS : CentOS 6.0 64bit (minimal install)
Installed Directadmin.
i registered nameservers of domain with my server ip yesterday.
at now, i can not access to server via domainname (addess.com) but can access via ip (eg: 176.xx.xx.21/~user/).

how can i use my new server with domain name? what can i do for solve this problem? must i make any configuration for network settings in os (gateway, mask or etc.)

i did not change any settings in auto installed centos.
only doing this:

yum update
yum -y install nano gcc gcc-c++ make quota perl perl-CPAN diffutils dbus libcom_err-devel libcom_err libxml2-devel libxslt-devel
cpan -fi Archive::Tar Digest::SHA Mail::SPF IP::Country Net::Ident IO::Socket::INET6 Compress::Zlib Mail::DKIM LWP::UserAgent HTTP::Date Encode::Detect ExtUtils::MakeMaker NetAddr::IP Mail::SpamAssassin::Plugin::Razor2 Razor2::Client::Agent IO::Socket::SSL DBI

i talked with hetzner support and they say "this is software problem, we can not support about this".

searched on google, but can not find any solution.
checked domain zones, zones are normal. i have 3 directadmin installed server. i compared all of setting with them. there is not any difference.

thanks.

 

[gokhanweb]

apache error_log output:

[Wed Aug 24 09:45:39 2011] [notice] caught SIGTERM, shutting down
[Wed Aug 24 09:45:40 2011] [notice] SSL FIPS mode disabled
[Wed Aug 24 09:45:40 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Aug 24 09:45:40 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 24 09:45:40 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Aug 24 09:45:41 2011] [notice] SSL FIPS mode disabled
[Wed Aug 24 09:45:41 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Aug 24 09:45:41 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Aug 24 09:45:41 2011] [notice] Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/1.0.0-fips DAV/2 PHP/5.2.17 configured -- resuming normal operations

 

[gokhanweb]

and i have a problem while install directadmin.

when i install directadmin via installguide, default mysql is not install.

i think, i must install some components to server before install directadmin, but which components? which components must be installed on server before directadmin?

 

[mr.applesauce]

http://help.directadmin.com/item.php?id=354

http://directadmin.com/installguide.html

 

[gokhanweb]

yes i'm doing this:
http://help.directadmin.com/item.php?id=354

yum install gcc gcc-c++ flex bison make bind bind-libs bind-utils openssl openssl-devel perl quota libaio libcom_err-devel

and reading http://directadmin.com/installguide.html

but at now domain can not resolve

 

[SeLLeRoNe]

first at all, without domain name no investigation should be correctly made.

Second, check your domain on intodns.com/DOMAINNAME for see if there are error on your configuration.

Remember that DNS take UP to 48hours for propagations.

Regards

 

[gokhanweb]

i can browsing my site using this: http://17x.xx.xx.21/~username

http://www.intodns.com/hiddenaddress.com
returns some errors. can u look this please?

adds:
dns stuff can not resolve:
http://www.dnsstuff.com/tools/tracert/?tool_id=68&token=&toolhandler_redirect=0&ip=hiddenaddress.com

 

[SeLLeRoNe]

The fact you can browse website using the IP is absolutly normal.

Regarding the errors seems that 176.9.23.21 and 176.9.23.28 doesnt respond.

Make sure named is started and be sure that firewall is not blocking connection to port 53.

Regards

 

[gokhanweb]

i am not using any firewall on server.
and named service is running

problem not solved. must i contant my domain registrar? can they help me?

thanks SeLLeRoNe.

 

[SeLLeRoNe]

No they cant.

Ive tried to telnet port 53 and it say connection refues, so, or you have a firewall/iptables enabled or your named service is not running.

Post the output of:

netstat -antp | grep 53

iptables -L

/etc/init.d/named restart

Regards

 

[gokhanweb]

netstat -antp | grep 53

tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      32225/named
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      32225/named
tcp        0      0 ::1:53                      :::*                        LISTEN      32225/named
tcp        0      0 ::1:953                     :::*                        LISTEN      32225/named

--

iptables -L

WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

--

restarted named :

Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

service named status : named (pid 32510) is running...

 

[gokhanweb]

can anyone help me for solve this please?

 

[SeLLeRoNe]

Named isnt listening on your public IP, thats why doesnt work:

On my server ive got:

tcp        0      0 89.97.218.93:53             0.0.0.0:*                   LISTEN      9479/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      9479/named

You are missing two lines (one for each extenal IP) listening on port 53.

Actually i dont know why is not listening on the correct IP, ive checked my own named.conf but mine doenst have the Server IP in it...

Have you set the right ip to the domains?

 

[gokhanweb]

ok, i understood the problem.

my other server (running without error):

tcp        0      0 178.xx.xxx.210:53           0.0.0.0:*                   LISTEN      5778/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      5778/named

how can i solve this?

 

[gokhanweb]

ok, i solved the problem.
edited named.conf file

old named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1552.zones";

zone "srv1.xxxx.com" { type master; file "/var/named/srv1.xxxx.com.db"; };
zone "xxxx.com" { type master; file "/var/named/xxxx.com.db"; };
zone "yyyy.com" { type master; file "/var/named/yyyy.com.db"; };

new named.conf file

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        //listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        //allow-query     { localhost; };
        allow-query { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1552.zones";

zone "srv1.xxxx.com" { type master; file "/var/named/srv1.xxxx.com.db"; };
zone "xxxx.com" { type master; file "/var/named/xxxx.com.db"; };
zone "yyyy.com" { type master; file "/var/named/yyyy.com.db"; };

is there a security issue?

thank you SeLLeRoNe

 

[SeLLeRoNe]

Absolutly not, port 53 must be open for dns service.. strange is that wasnt.... maybe you arent using a standard directadmin named.conf file cause my own have not many line that your have...

Regards

 

[gokhanweb]

yes, i saw named.conf differences oldserver and newserver.
i am using CentOS 6.0 and named 9.7.0

i did not change anything, only installed directadmin and "changes in previous message".
i have another error at now. when i changed these settings, at now i can not connect my other server in same datacenter via wget (using ip). but can connect others and files.directadmin.com

i think, none must not install centos 6.0 beta. too many differences and errors... i am tired.

i will wait new directadmin updates.

can i downgrade named version ?

must i change "listen-on port 53 { any; };" to "listen-on port 53 { Ip1; Ip2; ... Ipn; };" ?

 

[SeLLeRoNe]

thats strange, using ip should not be related in any way to dns resolution...

What error you get?

 

[gokhanweb]

getting timeout error. did not understand anything.

 

[SeLLeRoNe]

You using wget http://IP/FILE right?

Is the apache active on the other server? Have any firewall?

If you try (from server) to do telnet IP 80 does it connect?

Regards