Nameserver Changes

P

Pat_Coed

Verified User
Joined
Jan 20, 2013
Messages
27
Hoping someone can help.

In the process of moving servers due to new server location and new IP's. DA on "old" server and DA on "new" server. Everything setup and running happily, and so decided to transfer one of my unused domain names just to check it was all functioning correctly, then was going to do a backup/restore.

On the "new" server logged into DA and I added the user & domain in question (lets call it mydomain.co.uk) then went to the "old" server, reseller level, list users, selected relevant user, then modified nameservers. When I try to save the new name servers I get the message below though; (If I resubmit the changes, it doesnt come up though)


Details

Unable to change NameServers: Cannot write zone for mydomain.co.uk: Unable to save dns zone: named-zonecheck returned:
loading "mydomain.co.uk" from "/var/named/mydomain.co.uk.db.temp" class "IN"
dns_master_load: /var/named/mydomain.co.uk.db.temp:18: empty label
zone mydomain.co.uk/IN: loading from master file /var/named/mydomain.co.uk.db.temp failed: empty label
zone mydomain.co.uk/IN: not loaded due to errors.


I dont know if this makes any difference, but the old server has a primary domain of server.mywebsite.co.uk (and hosts the mywebsite.co.uk domain) and is currently using the nameservers of ns01.mywebsite.co.uk & ns02.mywebsite.co.uk - I created 2 new NS records for ns1/ns2.mywebsite.co.uk in the DNS records area for mywebsite.co.uk to the 2 new IP's which resolve fine. The "new" DA install on the "new" server I also setup to use the same name (server.mywebsite.co.uk) but with ns1/ns2 rather than ns01/ns02 - Whenever I try to change the nameservers (or resubmit) from the ns01/ns02 to ns1/ns2 it doesnt take, but if I change the A records individually it then ends up looking at the "new" server.

Being a newbie, not quite sure if they fault is with DA, the server or the user.... i.e. me. :-\
 
Hi and thanks for the reply.

Haven't tried debug mode yet but thought I would post back output from file while I go play with DA. :-)

Line 17 and 18 give the output below;


mywebsite.co.uk. 300 IN NS ns1.mydomainname.co.uk.
mywebsite.co.uk. 300 IN NS ns2.mydomainname.co.uk.


If I do a DNS check on dnsstuff.com then it shows the parent nameservers as the "old" ones (ns01/ns02) but in the nameserver section below under unique nameserver IP's it shows the new nameservers and IP's. The new nameservers (ns1/ns2.mydomain.co.uk) I registered through DA in the DNS section for mydomain.co.uk and created A records which I think is correct. (DNS check at nabber shows that Im changing the the domain nameservers not the parent nameservers....)

Also, I set the TTL to 300 but the dnsstuff report shows TTL as 172800

Out of curiosity, but I havent checked the "new" server yet, if I haven't fully configured all of the relevant ports on the "new" server within IPTABLES would this cause issues with setting nameservers from the "old" server? Im *assuming* that the problem is with the "old" server, just curious if anything could be affected by the "new" server.
 
Just to add on a separate note....

I always believed that if I wasnt using the registrars nameservers, then I had to make any changes to nameservers from the current nameservers. Is that correct? I emailed the registrar for the domain name I was using as a guinea pig, and they gave me login details for the domain where I can alter the nameservers. I have changed them from the "old" (ns01/ns02.mydomain.co.uk) ones to the "new" ones (ns1/ns2.mydomain.co.uk)

I don't know if doing that will make any difference, but thought I would try to see what happens within the next 48 hours....
 
Any dns changes have to be made on whatever nameservers the domain currently resides on. You can check that by doing a whois lookup on the domain. My guess is something is wrong with the nameserver changer in directadmin or you entered input wrong, but I doubt that.

The only ports for dns you need to open on iptables are 53 udp and tcp.
 
Right, been playing with DA in debug mode.

Sods law, it isnt coming up with the error message anymore when changing nameservers....

Now, Im not sure if its because of an error on my behalf. When I first went to change the nameservers, I thought I could do this through the DNS Administration section and went in and changed the NS records from the "old" ns01/ns02.mydomain.co.uk to ns1/ns2.mydomain.com - I then (after seeing that nothing had changed within a couple of days) realised I should have done this in the user settings instead. Soooo, Im not sure if its because I had put the "new" nameservers into the NS records and also then changed the nameservers within the user settings. Dunno if that would cause an issue or not. Looking at the new server too, my iptables config is possibly a little too aggresive, as I can see in the logs it has been having some issues resolving isc.org and ultradns.org through port 53 - I *think* these are due to IPV6 issues which I resolved but have disabled (nervously) iptables for 24 hours just to be safe. (ssh very secure though, non standard port and only 1 custom user allowed access)

Hopefully as there were no errors coming up this time it has taken. Will update shortly I hope.
 
chatwizrd said:
Any dns changes have to be made on whatever nameservers the domain currently resides on. You can check that by doing a whois lookup on the domain. My guess is something is wrong with the nameserver changer in directadmin or you entered input wrong, but I doubt that.

The only ports for dns you need to open on iptables are 53 udp and tcp.
Click to expand...



Ok - Thanks for that. :-)

I did check and double check the nameservers which were showing correctly. I did automatically add the trailing dot when entering the new nameservers in the user settings in DA but it didn't change them unless I left it off but otherwise correct, I think.

Checked on the current/old server and port 53 open on both udp and tcp - not sure on new server just going through iptables config again but disabled for moment. Talking about iptables, I did notice on the current/old server that all of the relevant protocols were added to iptables by something during setup, install and config of cent/DA/other stuff/etc whereas on my new server I had to create them all from scratch. Not sure if last time I just found some simple script from DA (if such a thing exists) but not a bad thing either way as made me a LOT more conscious of my firewall config and security rather than taking it for granted.
 
chatwizrd said:
If you want a really good firewall you should look at: http://configserver.com/cp/csf.html
Click to expand...

I looked at this before, and didn't bother with it as I had never heard of it or used it. I suppose it was also partly because I got a bit more conscious of my firewall config and liked the clean and simple iptables rules and partly as I was unsure if it would have any negative affect on performance. Thinking about it, I suppose any affect on performance is going to minimal really, I'm just impatient and obsessive about speed of websites. Lol.

Can you configure it to automatically block IP's similar to the brute force script from DA?
 
Just read the details properly, and yep does include a brute force monitor and will automatically block ips similar to the DA Brute Force script.

Anyone else use this? Will install on weekend when I get a minute anyway, just curious really.
 
Nameservers still not taking

Well, not had a lot of success with this.

In summary, changing nameservers for users on "old" server just wont seem to override the parent nameservers and just adds additional records pointing to "new" server.

Out of curiosity though, I contacted my registrar and asked for login details for the spare domain Im using, even though I wasnt using their nameservers. I logged in and changed the nameservers in their control panel and bang. 5 mins later my nameservers changed.

Im after knowing is this normal? I didnt think I should be able to change the nameservers from the registrar unless using their nameservers?

When I made the nameservers changes to the domains I had with them (registrar) when I started my vps server several months back, everytime I submitted nameserver changes for every domain I received an error message stating that they couldn't be sent but they changed in the fields anyway. Some I had to ask them to change as I couldnt. Is it possible that broken information has been sent which would now prevent me from making changes to nameservers?
 
Without knowing the domain name it's impossible to debug DNS issues; with knowing, it's quite easy. Keep that in mind :).

Jeff
 
Im after knowing is this normal? I didnt think I should be able to change the nameservers from the registrar unless using their nameservers?
Click to expand...

You need to change NS at registrar so other could know what NS servers are used for a domain. Check whois, it's output always contains a list of NS if a domain is delegated properly.
 
Thanks for the help with this.

I always thought I had to change nameservers from the ip of the nominated nameservers. Changed them at the registrar and job a good 'un. :-)

The joys and fun of learning curves.....
 
Short explanation: you also need to change them at the registrar to get glue records into the root servers. Because otherwise the lookup just wouldn't work... for example:

Whereis is example.com?

Look it up at the nameserver for example.com.

Whereis the nameserver for example.com?

Don't know; it's not in the root servers.

Jeff
 
You must log in or register to reply here.
Back
Top