Nameservers are failing at registrar

Rigmarole

Rigmarole

Verified User
Joined
Mar 3, 2020
Messages
10
I'm new to DA and trying to make the switch form cPanel/WHM. I've added to IP's with IP manager and assigned them to admin. Under reseller it added the IP's as nameservers. Under DNS for the domain I added the ns1/ns2 A record for 1.2.3.4 IP addresses.
Now when i go to my domain registrar and try to add the new nameservers they fail.

If someone could kindly help me out it would be much appreciated.

Port 53 is open for tcp/udp and listening for all IP's
Named is running.

I can access my server via host name locally.

**This is a LAN setup on external IP running Centos 8
External IP address: 47.197.128.240 ( Apache is functioning normally )
 
dig seems to get a decent reply

Code: 
[activate@linux ~]$ dig google.com @47.197.128.240

; <<>> DiG 9.11.6Mageia-1.1.mga7 <<>> google.com @47.197.128.240
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 61481
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 44d2df875b999e4a5ef6f2eb5e5fae463fce4eef413e3d2c (good)
;; QUESTION SECTION:
;google.com.            IN    A

;; Query time: 144 msec
;; SERVER: 47.197.128.240#53(47.197.128.240)
;; WHEN: wo mrt 04 14:33:58 CET 2020
;; MSG SIZE  rcvd: 67
 
ehostpk said:
Hi,

run below command and share output

cat /etc/named.conf
Click to expand...
Code: 
[root@___ ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        allow-transfer { none; };
        //listen-on port 53 { 127.0.0.1; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        secroots-file   "/var/named/data/named.secroots";
        recursing-file  "/var/named/data/named.recursing";
        //allow-query     { localhost; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        //recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";

        /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
        include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "server.xxx.com" { type master; file "/var/named/server.xxx.com.db"; };
 
So I was able to set my glue records with my domain registrar. Now when I run a DNS check if shows a lot of errors and the domain doesn't resolve.

"ERROR: One or more of your nameservers did not respond"

Anyone know how to fix this?
Thanks.
 
Your entire zone fails.
Your glue points to 74.175.172.239 74.175.172.240 but those IP's aren't listening.
You are referring to 47.197.128.240 (47-197-128-240.tamp.fl.frontiernet.net) as being the IP address of your server
Your www record is pointing to 66.96.162.130 (130.162.96.66.static.eigbox.net.)

It's all a bit confusing to say the least. What are your domains fixed DNS servers? I assume that 47 address since that one is responding with the right zone. How did you get the ns1 & ns2 IP's? Who is hosting those?
 
iworx said:
Your entire zone fails.
Your glue points to 74.175.172.239 74.175.172.240 but those IP's aren't listening.
You are referring to 47.197.128.240 (47-197-128-240.tamp.fl.frontiernet.net) as being the IP address of your server
Your www record is pointing to 66.96.162.130 (130.162.96.66.static.eigbox.net.)

It's all a bit confusing to say the least. What are your domains fixed DNS servers? I assume that 47 address since that one is responding with the right zone. How did you get the ns1 & ns2 IP's? Who is hosting those?
Click to expand...

The glued IP's "ns1 74.175.172.239 and ns2 74.175.172.240 "are what I setup in IP manager for the name servers. 47.197.128.240 is my external public IP which is linked to my server IP that was setup by the auto install of DA. I'm running DA on Centos 8 over LAN IP.

The A record is domain.com's IP from when i registered my domain at domain.com. Which isn't showing anymore in the DNS.
I agree, it's confusing me as well.

Code: 
[root@server ~]# dig brightwheat.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> brightwheat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 28548
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;brightwheat.com.               IN      A

;; Query time: 9 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Mar 07 10:38:37 EST 2020
;; MSG SIZE  rcvd: 44
dig 47.197.128.240

Code: 
[root@server ~]# dig @47.197.128.240 brightwheat.com

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el8 <<>> @47.197.128.240 brightwheat.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52462
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 117589a79a17fae908e6f4c95e63c1336ec148d8ca201653 (good)
;; QUESTION SECTION:
;brightwheat.com.               IN      A

;; ANSWER SECTION:
brightwheat.com.        14400   IN      A       47.197.128.240

;; AUTHORITY SECTION:
brightwheat.com.        14400   IN      NS      ns1.brightwheat.com.
brightwheat.com.        14400   IN      NS      ns2.brightwheat.com.

;; ADDITIONAL SECTION:
ns1.brightwheat.com.    14400   IN      A       74.175.172.239
ns2.brightwheat.com.    14400   IN      A       74.175.172.240

;; Query time: 0 msec
;; SERVER: 47.197.128.240#53(47.197.128.240)
;; WHEN: Sat Mar 07 10:43:47 EST 2020
;; MSG SIZE  rcvd: 156
 
This looks good, but it seems your nameservers are still not working at your registrar.
When doing a lookup for brightwheat.com it can not be found.

The nameserver ip's are pointing to something else:
Code: 
240.128.197.47.in-addr.arpa     name = 47-197-128-240.tamp.fl.frontiernet.net.
same for the other nameserver.
 
Richard G said:
This looks good, but it seems your nameservers are still not working at your registrar.
When doing a lookup for brightwheat.com it can not be found.

The nameserver ip's are pointing to something else:
Code: 
240.128.197.47.in-addr.arpa     name = 47-197-128-240.tamp.fl.frontiernet.net.
same for the other nameserver.
Click to expand...
47.197.128.240 is my public IP that is linked to my LAN IP.
I assume that's why the nameserver IP's are linking back to it???
 
In resolv.conf my nameserver is "nameserver 192.168.0.1" and there's nothing else. Would this be correct for a LAN setup?
 
Rigmarole said:
I assume that's why the nameserver IP's are linking back to it???
Click to expand...
Yes that would be the cause. I didn't know you have 2 external ip's at home. It's mentioned in your forst post but I forgot it again, sorry.

I'm sorry, I'm not familiar with LAN setup at this point.
However, the resolv.conf is used for lookups from your server to external things. On our servers in the datacenter we use "nameserver 127.0.0.1" as first entry in the resolv.conf file. I don't know for sure, but it might be better.

It looks in any way that your nameservers are not propagating the domains present on the server, including the nameservers.
But I don't know how to fix this on a LAN setup.
 
looks like you just set simple NSs at registar, but you need to create hosts/glue records
but you can't because:
dig @74.175.172.239 ns1.brightwheat.com
connection timed out; no servers could be reached
the same with second IP.
So check is there DNS zone at 74.175.172.239 and 74.175.172.240 with appropriate DNS zone for brightwheat.com
 
Richard G said:
Yes that would be the cause. I didn't know you have 2 external ip's at home. It's mentioned in your forst post but I forgot it again, sorry.

I'm sorry, I'm not familiar with LAN setup at this point.
However, the resolv.conf is used for lookups from your server to external things. On our servers in the datacenter we use "nameserver 127.0.0.1" as first entry in the resolv.conf file. I don't know for sure, but it might be better.

It looks in any way that your nameservers are not propagating the domains present on the server, including the nameservers.
But I don't know how to fix this on a LAN setup.
Click to expand...
No worries. I'm sure it's a simple fix or something I'm overlooking. Thanks for your help.
 
Zhenyapan said:
looks like you just set simple NSs at registar, but you need to create hosts/glue records
but you can't because:
dig @74.175.172.239 ns1.brightwheat.com
connection timed out; no servers could be reached
the same with second IP.
So check is there DNS zone at 74.175.172.239 and 74.175.172.240 with appropriate DNS zone for brightwheat.com
Click to expand...
I just updated the nameservers to use the server default nameservers instead of the custom NS for the domain. I'll report back here once everything updates. Thank you for your help.
 
You must log in or register to reply here.
Back
Top