New Directadmin install and DNS problem from start

[adriangrz]

Hi,

I have a new DirectAdmin server, clean install, fresh and configured. I created user account and I was trying to delegate new domain to my new server. I cant make it happen because registrar says that he cant make my dns settings in domain panel.
User domain is: atvprojekt.pl
My server hostname: server.interaktywa.com.pl

My dns:

ns1.interaktywa.com.pl
ns2.interaktywa.com.pl

Please let me know what I missed in configuration (I think I made complete config through DA panel) ?
Why I cant set domain delegation to my dns?

How can I solve this or how to bypass this?

Regards,
Adrian

 

[adriangrz]

Info from registrar:

NAME RESULT OF OPERATION atvprojekt.pl
Hosts ns1.interaktywa.com.pl, ns2.interaktywa.com.pl do not exist
In progress: 0 Suspended: 0 To be paid: 0 Completed: 0 Warnings: 0 Error: 1 Canceled: 0

 

[Ohm J]

create the glue record ns1, ns2 at your domain registra service.

 

[Zhenmue]

You need to create the NS on your registrar.

 

[adriangrz]

I created but it not work

 

[zEitEr]

I created but it not work

Your nameserver does not respond to DNS queries: the reason is either its port 53 blocked with a firewall on the server's side or no NS is running there:

# dig A atvprojekt.pl @ns1.interaktywa.com.pl
;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53
;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53
;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53

; <<>> DiG 9.11.36-RedHat-9.11.36-14.el8_10 <<>> A atvprojekt.pl @ns1.interaktywa.com.pl
;; global options: +cmd
;; connection timed out; no servers could be reached

 

[adriangrz]

I tried from my other test server:

root@server-5-75-241-36:~# dig A atvprojekt.pl @ns1.interaktywa.com.pl
;; communications error to 78.9.100.211#53: timed out
;; communications error to 78.9.100.211#53: timed out
;; communications error to 78.9.100.211#53: timed out

; <<>> DiG 9.18.16-1~deb12u1-Debian <<>> A atvprojekt.pl @ns1.interaktywa.com.pl
;; global options: +cmd
;; no servers could be reached

What I need to do to make it reachable? I made config in Directadmin like other servers. Can ISP block domain resolving in my LAN? I have public IP and it should run nornally.

 

[Zhenyapan]

@adriangrz
Can ISP block domain resolving in my LAN? - if it's home internet - yes, in most cases they block 53 port for incoming traffic.

 

[adriangrz]

Is there an option how to check it if this 53 port is blocked on my home LAN? I have public stable IP added to my network so it should be not blocked.

 

[adriangrz]

Some time ago on the same ISP I had a test DirectAdmin server and it worked fine

 

[Zhenyapan]

:~$ nmap ns1.interaktywa.com.pl

Starting Nmap 7.01 ( https://nmap.org ) at 2024-06-11 13:32 EEST
Nmap scan report for ns1.interaktywa.com.pl (78.9.100.211)
Host is up (0.044s latency).
rDNS record for 78.9.100.211: 78-9-100-211.actus-info.pl
Not shown: 988 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
443/tcp open https
993/tcp open imaps
995/tcp open pop3s
2222/tcp open EtherNetIP-1
8080/tcp open http-proxy
35500/tcp closed unknown
----
looks like open, but maybe something wrong with named/bind? check logs if your zone loaded, try restart named/bind

 

[zEitEr]

Since I get:

;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53
;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53
;; reply from unexpected source: 8.8.8.8#53, expected 78.9.100.211#53
;; connection timed out; no servers could be reached

I believe you've got a kind of caching or recursive DNS running there, that returns replies from 8.8.8.8#53. Affected by SNAT? NAT?

 

[adriangrz]

ok, I don't know what is blocking DNS resolving, there are my files settings, maybe you can find issue:


/etc/bind/named.conf.options:

options {
allow-transfer { none; };
directory "/var/cache/bind";

forwarders {
8.8.8.8;
8.8.4.4;
};

dnssec-validation auto;
recursion yes;

listen-on { any; };
listen-on-v6 { any; };
};

/etc/network/interfaces/

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto enp3s0
allow-hotplug enp3s0
iface enp3s0 inet dhcp
dns-nameservers 8.8.8.8 8.8.4.4

/usr/local/directadmin/conf/directadmin.conf

lan_ip=192.168.1.150

interaktywa.com.pl - resolving
atvprojekt.pl - not resolving

 

[adriangrz]

iptables -nL | grep 53
# Warning: iptables-legacy tables present, use iptables-legacy to see them
ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp spt:53
ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp spt:53
ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp spt:53
ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:853
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:853
ACCEPT tcp -- 0.0.0.0/0 8.8.4.4 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 8.8.4.4 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 8.8.4.4 tcp spt:53
ACCEPT udp -- 0.0.0.0/0 8.8.4.4 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 8.8.8.8 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 8.8.8.8 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 8.8.8.8 tcp spt:53
ACCEPT udp -- 0.0.0.0/0 8.8.8.8 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:853
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:853

 

[adriangrz]

C:\Users\adrian>nslookup interaktywa.com.pl
Server: UnKnown
Address: 192.168.145.61

Non-authoritative answer:
Name: interaktywa.com.pl
Address: 78.9.100.211

 

[adriangrz]

# dig interaktywa.com.pl

; <<>> DiG 9.16.48-Debian <<>> interaktywa.com.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63580
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;interaktywa.com.pl. IN A

;; ANSWER SECTION:
interaktywa.com.pl. 200 IN A 78.9.100.211

;; Query time: 27 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Jun 14 18:06:23 CEST 2024
;; MSG SIZE rcvd: 63

 

[Ohm J]

forwarders {
8.8.8.8;
8.8.4.4;
};

remove this, it's cause issued, you can't running self dns resolver for network interface on the same server.

 

[adriangrz]

Ok, I commented out this section:

//forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};

Should I wait for DNS propagation or it should work after server reboot? I rebooted but I dont see changes - atvprojekt.pl not resolving

 

[Ohm J]

check wth "dig"

dig yourdomain.com @127.0.0.1

if you want to make sure, just check with other device that's not have same the network in your server.

dig yourdomain.com @{Server IP}

 

[adriangrz]

# dig atvprojekt.pl @138.201.80.87

; <<>> DiG 9.16.48-Debian <<>> atvprojekt.pl @138.201.80.87
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5822
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fff6be35c886881401000000666c98dd4d8f8b0d68c516ee (good)
;; QUESTION SECTION:
;atvprojekt.pl. IN A

;; Query time: 0 msec
;; SERVER: 138.201.80.87#53(138.201.80.87)
;; WHEN: Fri Jun 14 19:24:13 UTC 2024
;; MSG SIZE rcvd: 70