DNS headaches

[glenoaks]

Hi Everyone. Please help!

For the past 7-weeks, I have been trying, desperately, to troubleshoot my Ubuntu Authoritative-Only server (using Ubuntu 16.04.1) and it is still not working, and I cannot figure out what is wrong.

These are the particulars:

My static IP address (from Bright House Networks) is 50.xx.xx.214. Bright House Networks also supplied values for my router (connection status) are as follows:

IP address: 50.xx.xx.214;
Subnet mask: 255.255.255.252;
Default gateway: 50.xx.xx.213;
DNS server: 75.xxx.xx.1 and 75.xxx.xx.2

My Netgear Router has different values (I assume) for local network configuration. I have assigned a local Static IP for the Master Server. It is 192.168.0.2 and for the Slave, 192.168.0.9

My Apache-Based website is "unreachable" when I enter "www.aglowintheknight.com" is every browser (Edge, Firefox, Chrome, IE, etc).

I tested the integrity of my DNS system via intodns.com and wormly.com, and all test failed.

Errors include "Failed to resolve server hostname"; Mismatched NS records; Missing nameservers reported by your nameservers, No valid SOA record came back, one or more of your servers did not respond, etc."

Some of my setup files are as follows:

(1)
glkglen@ns1:~$ sudo cat /etc/hosts
[sudo] password for glkglen:
127.0.0.1 localhost
50.xx.xx.214 ns1.aglowintheknight.com ns1

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
glkglen@ns1:~$


(2)
glkglen@ns1:~$ sudo cat /etc/bind/zones/db.aglowintheknight.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.aglowintheknight.com. admin.aglowintheknight.com. (
9 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;

; Name servers
; aglowintheknight.com. IN NS ns1.aglowintheknight.com.
; aglowintheknight.com. IN NS ns2.aglowintheknight.com.
@ IN NS ns1.aglowintheknight.com.
@ IN NS ns2.aglowintheknight.com.

; A records for the name servers
ns2 IN A 50.xx.xx.213
ns1 IN A 50.xx.xx.214

; Other A records
@ IN A 50.xx.xx.214
www IN A 50.xx.xx.214
;www IN A 192.168.0.2
@ IN A 192.168.0.2
glkglen@ns1:~$

(3)
glkglen@ns1:~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto enp2s0
iface enp2s0 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameservers 192.168.0.1 192.168.0.2 50.xx.xx.214
dns-domain aglowintheknight.com
dns-search aglowintheknight.com
glkglen@ns1:~$

(4)
glkglen@ns1:~$ sudo cat /etc/resolv.conf
[sudo] password for glkglen:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.1
nameserver 192.168.0.2
nameserver 50.xx.xx.214
search aglowintheknight.com
glkglen@ns1:~$

My registrar is EasyDNS.com where a glue record has been created as follows:
ns1.aglowintheknight.com/50.xx.xx.214
ns2.aglowintheknight.com/50.xx.xx.213

I will be thankful for some help with correcting the problems with my setup that are preventing me from running a "working dns" and accessing my website courtesy of the Apache webserver on the same machine / server with the local static IP, 192.168.0.2.

I've read everything in sight, and ran all kinds of recommended tests to NO avail. Thanks for your help. It is greatly appreciated.
Glenoaks

 

[toml]

So, based on what I see you have have a sever behind your netgear router and attempting to access any service behind that router isn't accessible from the internet. If that is the case, then it appears as though you aren't forwarding the correct ports from the netgear router to the server(s) behind the router.

 

[glenoaks]

Thanks, toml, for the response.

These ports have been forwarded via the Netgear Router:
Ports 53, 80, 443 and 25 forwarded to 192.168.0.2
Also, these ports have been enabled in Ubuntu firewall, ufw.

I have tried accessing the website (www.aglowintheknight.com) from both inside the network as well as outside. The result is the same - "cannot reach the server".
I have used both 192.168.0.2, 50.88.31.214 and aglowintheknight from within the network; and 50.88.31.214 from Starbucks / McDonald's as well as the customary url, aglowintheknight.

I am not sure whether the hosts files, zone files etc. are created properly. The checkzone tests were OK, but (1) why can't I access my website and (2) intodns.com and wormly.com websites cannot resolve the hostname or get info from the DNS

Edited with Additional information

/etc/bind/named.conf.local

// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "aglowintheknight.com" {
type master;
file "/etc/bind/zones/db.aglowintheknight.com";
allow-transfer { 192.168.0.9; };

};

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168.0";
};

----------------------------------------------------
/etc/bind/named.conf.options

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

recursion no;
allow-transfer { none; };


//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Hope this helps in diagnosing my problems!

 

[Richard G]

Just to be sure about one thing. You opened ports 80 and 443 and 25, those are TCP ports, but you mentioned port 53 on the same line of text.
I presume you know port 53 should be UDP?

 

[glenoaks]

Sorry about the double-posting. It was not intentional. I will make sure that I'm in the right place before any posting is submitted.

In answer to the question, I just grabbed a status output from ufw, the firewall daemon.

Status: active

To Action From
-- ------ ----
22 DENY Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
53 ALLOW Anywhere
53/udp ALLOW Anywhere
53/tcp ALLOW Anywhere
22 (v6) DENY Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
53/udp (v6) ALLOW Anywhere (v6)
53/tcp (v6) ALLOW Anywhere (v6)
53/udp ALLOW OUT Anywhere
53/tcp ALLOW OUT Anywhere
53/udp (v6) ALLOW OUT Anywhere (v6)
53/tcp (v6) ALLOW OUT Anywhere (v6)

Also, I ran a port check utilizing "canyouseeme" website. The returned results are as follows:-

Success: I can see your service on 50.88.31.214 on port (53)
Your ISP is not blocking port 53

Thanks for the help!

 

[toml]

try posting your named.conf that might shed some light. For example since the server is is really using the IP 192.168.0.2, you want to make sure that named is bound to that address. If you aren't binding to a specific address, then you need to make sure that anyone can query that name server. If you allowed DA to set it up, I would be surprised it wasn't done automatically for you.

 

[glenoaks]

Thanks for your response, toml. My named.conf seems to be empty. Here is the output:

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

There is nothing else in this file.

 

[Richard G]

Toml is right, you have to use internal ip addresses only.

Check this link, it's a nice tutorial with examples on how to do what you want with Ubuntu:
https://www.digitalocean.com/commun...-a-private-network-dns-server-on-ubuntu-14-04

Just out of interest, do you have Directadmin running on that server? Because in that case DA should have setup most things indeed.

 

[glenoaks]

Thanks, Richard, for your input!
I do not have Directadmin running on the server. Should I go ahead and install it there? Is it apt-get install directadmin?
In the interim, I will explore the suggested link and try to implement your recommendations as well as Toml's. Thanks.

 

[toml]

This forum is intended to support DirectAdmin control panel servers. If you aren't using DirectAdmin then you are much better off asking these questions in an Ubuntu and/or Linux forum. Not that none of us here couldn't figure out and help you, but all questions should be related to DirectAdmin and the software it uses.

 

[glenoaks]

Got it! I appreciate the assistance so far. Thanks

 

[Richard G]

Thanks, Richard, for your input!

You're welcome. I hope you will succeed in your efforts and the link will be of some help to you.

For linux questions (when not running the Directadmin panel) there is a great community you might consider to make use of too:
http://www.linuxquestions.org/questions/linux-forums-50/

Good luck!