I recently moved from plesk back to ISPconfig for the second time, and once again I cant get DNS working. The problem this time seems to be different.

I have two domains(and others, but Ill worry about them after these two work)

appalhost.info and xenotype.net

My registrar is 1and1, and the way Ive always done it is to use two subdomains of appalhost.info (ns1.appalhost.info and ns2.appalhost.info) as my nameservers. These I create at the registrar and are not on my server. The A record of the subdomains point to each of my server's two ips (207.210.77.119 and 65.254.53.154)

Works in plesk fine. I got it working for ISPConfig once before.

Ive created both domains on my server, the nameservers are correct for each.

Yet Im getting no dns for them at all. Whois says the nameservers are right, but they wont work.

I have a shallow understanding of dns in many places so forgive me for any blatant stupidity.

Here is the output of netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 16070/mysqld
tcp 0 0 *:pop3 *:* LISTEN 6091/dovecot
tcp 0 0 *:imap *:* LISTEN 6091/dovecot
tcp 0 0 *:http *:* LISTEN 9553/httpd
tcp 0 0 *:hosts2-ns *:* LISTEN 9523/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 14009/proftpd: (acc
tcp 0 0 svr.appalhost.info:domain *:* LISTEN 19962/named
tcp 0 0 *:ssh *:* LISTEN 9463/sshd
tcp 0 0 *:smtp *:* LISTEN 14110/master
tcp 0 0 svr.appalhost.info:rndc *:* LISTEN 19962/named
tcp 0 0 *:imaps *:* LISTEN 6091/dovecot
tcp 0 0 *:pop3s *:* LISTEN 6091/dovecot
tcp 0 888 207.210.77.119:ssh adsl-222-162-3.clt.be:50351 ESTABLISHED 3435/0


And the contents of hosts
127.0.0.1 svr.appalhost.info 207.210.77.119 65.254.53.154 svr server localhost localhost.localdomain

All services are up and running fine including bind.

What am I missing?

What happens if you do a:

# host www.appalhost.info 207.210.77.119

This way your checking the DNS server direct.

Error messages from bind are generally in the /var/logs/messages

Sorry, forgot to mention the distro, Fedora 5 64 bit.

host command isnt found

there are no errors in messages

# nslookup www.appalhost.info 207.210.77.119


That should work or there's more wrong then just your DNS...

Nope doesnt work.

Some utilities may be missing from my server.

Please try:

dig @localhost www.appalhost.info

dig @localhost www.xenotype.net

Im missing the dig command too. Im running this server on a virtuozzo VPS, so their image may be missing some parts that I need to yum, but I dont know what the yum command to install dig is.

On Debian the package is called dnsutils. You can search for the appropriate Fedora package like this:
yum search dnsutils
yum search dig

Nope, cant yum dnsutils or dig by itself or nslookup by itself

Any help? Any reason why I cant get those utilities?

Unfortunately I don't know how the package is named on Fedora. You could try to search for DNS related packages like this:
yum search dns

Got it, bind-utils

dig @localhost www.appalhost.info

; <<>> DiG 9.3.4 <<>> @localhost www.appalhost.info
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached


nslookup www.appalhost.info 207.210.77.119
;; connection timed out; no servers could be reached


dig @localhost www.xenotype.net

; <<>> DiG 9.3.4 <<>> @localhost www.xenotype.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
[root@svr ~]#


Theres the results.

So whats going on? Are my domains just lost in the internet cloud?

Ok, the above means that no DNS server is running on localhost. Please post the output of:

netstat -tap

and the content of the file /etc/hosts

Sorry for the delay in response, I was waiting for a new post email about it, but never got one.

Already posted in the first post.


Here is the output of netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 16070/mysqld
tcp 0 0 *:pop3 *:* LISTEN 6091/dovecot
tcp 0 0 *:imap *:* LISTEN 6091/dovecot
tcp 0 0 *:http *:* LISTEN 9553/httpd
tcp 0 0 *:hosts2-ns *:* LISTEN 9523/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 14009/proftpd: (acc
tcp 0 0 svr.appalhost.info:domain *:* LISTEN 19962/named
tcp 0 0 *:ssh *:* LISTEN 9463/sshd
tcp 0 0 *:smtp *:* LISTEN 14110/master
tcp 0 0 svr.appalhost.info:rndc *:* LISTEN 19962/named
tcp 0 0 *:imaps *:* LISTEN 6091/dovecot
tcp 0 0 *:pop3s *:* LISTEN 6091/dovecot
tcp 0 888 207.210.77.119:ssh adsl-222-162-3.clt.be:50351 ESTABLISHED 3435/0


And the contents of hosts
127.0.0.1 svr.appalhost.info 207.210.77.119 65.254.53.154 svr server localhost localhost.localdomain

All services are up and running fine including bind.

What am I missing?

The content of your /etc/hosts file seems to be corrupt. Please try to replace it with the following content:


127.0.0.1 localhost localhost.localdomain
207.210.77.119 svr.appalhost.info svr server

I did but it still seems to be the same problem. I tried restarting named but still the domains arent resolving.

Is port 53 open in your firewall (TCP and UDP)?

Yes. Checked the ISPConfig CP and Virtuozzo Panel. Firewall isnt blocking 53 on TCP or UDP.

Maybe a instance of named is hanging and can not be stopped or restarted by the init script. Please stop named, then check with "netstat -tap" that there is really no instance of named running anymore.

[root@svr ~]# service named stop
Stopping named: . [ OK ]
[root@svr ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:mysql *:* LISTEN 16070/mysqld
tcp 0 0 *:pop3 *:* LISTEN 6091/dovecot
tcp 0 0 *:imap *:* LISTEN 6091/dovecot
tcp 0 0 *:http *:* LISTEN 9553/httpd
tcp 0 0 *:hosts2-ns *:* LISTEN 9523/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 1890/proftpd: (acce
tcp 0 0 *:ssh *:* LISTEN 9463/sshd
tcp 0 0 *:smtp *:* LISTEN 2007/master
tcp 0 0 *:imaps *:* LISTEN 6091/dovecot
tcp 0 0 *:pop3s *:* LISTEN 6091/dovecot
tcp 0 0 svr.appalhost.info:39993 svr.appalhost.info:rndc TIME_WAIT -
tcp 0 888 207.210.77.119:ssh adsl-222-162-3.clt.be:50147 ESTABLISHED 27986/0
[root@svr ~]#


That doesn't appear to be the problem, but I don't know.

Ok, now start BIND again. Does it work then?

Already did and no, still nothing. Its very frustrating.

What's in your /etc/resolv.conf?

/etc/resolv.conf
nameserver 209.51.143.76
nameserver 66.150.227.15


Should those be my IPs? I didn't set that, those must have been there by default from my host.

Please try this instead:
nameserver 145.253.2.75
nameserver 193.174.32.18

Done, restarted server. Still didn't fix it, server still isn't picking up the domains.

Did you specify nameservers for your domains at your domain registrar? Because there don't seem to be any nameservers for appalhost.info:

mh1:~# dig ns appalhost.info

; <<>> DiG 9.2.1 <<>> ns appalhost.info
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39520
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;appalhost.info. IN NS

;; Query time: 5008 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Wed Jul 18 18:30:56 2007
;; MSG SIZE rcvd: 32

mh1:~#

whois.net shows my nameservers.

The nameservers are set correctly at the registrar. At the registrar I created two subdomains from appalhost.info, ns1 and ns2, and set the A record on each to my ips.

It worked before with ISPConfig and worked with Plesk.

The nameservers are set correctly at the registrar. At the registrar I created two subdomains from appalhost.info, ns1 and ns2, and set the A record on each to my ips.

It worked before with ISPConfig and worked with Plesk.
I guess you're missing the glue record: http://en.wikipedia.org/wiki/Dns#Circular_dependencies_and_glue_records

Well, I switched my xenotype.net domain to another registrar, Namecheap, and registered nameservers with it to my two ips.

I still cant get it working. The records are correct but the DNS server for some reason isnt responding.

http://www.dnsstuff.com/tools/traversal.ch?domain=xenotype.net&type=A

Heres the one for appalhost.info:
http://www.dnsstuff.com/tools/traversal.ch?domain=appalhost.info&type=A

The records are correct but the server wont respond. All services are up and the firewall is open.

It doesnt make any sense.

I don't get an answer for appalhost.info with dig, but for xenotype.net:

mh1:~# dig any xenotype.net

; <<>> DiG 9.2.1 <<>> any xenotype.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62522
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;xenotype.net. IN ANY

;; ANSWER SECTION:
xenotype.net. 172779 IN NS ns2.xenotype.net.
xenotype.net. 172779 IN NS ns1.xenotype.net.

;; ADDITIONAL SECTION:
ns1.xenotype.net. 172779 IN A 207.210.77.119
ns2.xenotype.net. 172779 IN A 65.254.53.154

;; Query time: 9 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Fri Jul 27 18:41:01 2007
;; MSG SIZE rcvd: 98

mh1:~#So the glue records for xenotype.net exist (but apparently not for appalhost.info).

But ns1.xenotype.net doesn't respond:

mh1:~# dig @ns1.xenotype.net ns1.xenotype.net

; <<>> DiG 9.2.1 <<>> @ns1.xenotype.net ns1.xenotype.net
;; global options: printcmd
;; connection timed out; no servers could be reached
mh1:~#Maybe a firewall problem?

We already looked at that. The firewall isnt blocking it.

Actually I realized Ive had my firewall OPEN this entire time. I fixed it, but all of the necesary ports are open input and output, including port 53.

Should I just take this problem to my host?

Are 207.210.77.119 and 65.254.53.154 your IP addresses? And is BIND really running?

[root@svr ~]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:562962838380565 errors:0 dropped:0 overruns:0 frame:0
TX packets:651771061892378 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:88666490314153 (80.6 TiB) TX bytes:562967134099807 (512.0 TiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:133411 errors:0 dropped:0 overruns:0 frame:0
TX packets:95062 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13020298 (12.4 MiB) TX bytes:14935390 (14.2 MiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:207.210.77.119 P-t-P:207.210.77.119 Bcast:207.210.77.119 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:65.254.53.154 P-t-P:65.254.53.154 Bcast:65.254.53.154 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

[root@svr ~]# service named status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
[root@svr ~]#


Yes and yes.

You assigned 127.0.0.1 to two interfaces. Maybe that's a problem?

And how do I unassign that to one ip?

Hi ringofire

snip ~

RX packets:562962838380565 errors:0 dropped:0 overruns:0 frame:0
TX packets:651771061892378 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:88666490314153 (80.6 TiB) TX bytes:562967134099807 (512.0 TiB)

~

512 terabyte transmitted and 80 tb recd on your loopback interface.....

Assigning the same ip address to 2 different interfaces is going to cause a loop. Why do you have venet0 set to 127.0.0.1. Did your isp/hoster set this up? Perhaps an email to them would help.

This is no solution but domething you may want to look at.

Andrew

Alright, I talked to my host, and he found the problem in 5 min.

ISPConfig didnt write the zones to the conf file. Nor did it configure named to listen on internet devices or to allow outside requests.

When I add a new domain in ISPconfig it still doesnt write it to the conf file.

And, now that I have the domains working by manually adding the dns entries, when I try to add users, it doesnt write the users to the proftpd conf file!

Any reason why ispconfig wont write any of this stuff?

Any errors in /home/admispconfig/ispconfig/ispconfig.log? What's the output of ls -la /root/ispconfig?

Additionally to falkos request, did you configure bind exactly as described in the perfect setup for your linux distribution?

03.08.2007 - 13:08:43 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1927: WARNING: could not groupadd -g 12001 web1_anonftp &> /dev/null
03.08.2007 - 13:08:43 => WARN - /root/ispconfig/scripts/lib/config.lib.php, Line 1928: WARNING: could not useradd -d /var/www/web1/ftp -g web1_anonftp -m -s /bin/false -u 12001 web1_anonftp &> /dev/null


Other than that, no other errors besides it failing to restart postfix a couple of times. It had no problem adding other users apparently, only adding the anonymous ftp users.

[root@svr ~]# ls -la /root/ispconfig
total 72
drwxr-xr-x 9 root root 1024 Aug 3 13:17 .
drwxr-x--- 3 root root 1024 Aug 3 13:19 ..
-rw-r--r-- 1 root root 8 Aug 3 13:17 .old_path_httpd_root
-rwxr-xr-x 1 root root 40157 Jun 3 14:16 cronolog
-rwxr-xr-x 1 root root 9673 Jun 3 14:16 cronosplit
drwxr-xr-x 12 root root 1024 Jun 3 12:13 httpd
drwxr-xr-x 14 root root 2048 Jun 3 14:16 isp
drwxr-xr-x 6 root root 1024 Jun 3 12:08 openssl
drwxr-xr-x 6 root root 1024 Jun 3 12:29 php
drwxr-xr-x 4 root root 1024 Jun 3 14:16 scripts
drwxr-xr-x 4 root root 1024 Jun 3 14:16 standard_cgis
drwxr-xr-x 2 root root 1024 Jun 3 14:16 sv
-rwx------ 1 root root 9389 Jun 3 14:16 uninstall


did you configure bind exactly as described in the perfect setup for your linux distribution?

Yes. Followed the directions to the letter.

Installed Packages
Name : bind-chroot
Arch : x86_64
Epoch : 30
Version: 9.3.4
Release: 1.fc5
Size : 0.0
Repo : installed
Summary: A chroot runtime environment for the ISC BIND DNS server, named(8)

And what's the output of ls -la /root/ispconfig?

[root@svr ~]# ls -la /root/ispconfig
total 72
drwxr-xr-x 9 root root 1024 Aug 3 13:17 .
drwxr-x--- 3 root root 1024 Aug 3 13:19 ..
-rw-r--r-- 1 root root 8 Aug 3 13:17 .old_path_httpd_root
-rwxr-xr-x 1 root root 40157 Jun 3 14:16 cronolog
-rwxr-xr-x 1 root root 9673 Jun 3 14:16 cronosplit
drwxr-xr-x 12 root root 1024 Jun 3 12:13 httpd
drwxr-xr-x 14 root root 2048 Jun 3 14:16 isp
drwxr-xr-x 6 root root 1024 Jun 3 12:08 openssl
drwxr-xr-x 6 root root 1024 Jun 3 12:29 php
drwxr-xr-x 4 root root 1024 Jun 3 14:16 scripts
drwxr-xr-x 4 root root 1024 Jun 3 14:16 standard_cgis
drwxr-xr-x 2 root root 1024 Jun 3 14:16 sv
-rwx------ 1 root root 9389 Jun 3 14:16 uninstall



Already had it in there.

Looks ok. What's the output of ps aux | grep wconf?

[root@svr ~]# ps aux | grep wconf
root 23645 0.0 0.0 6516 1184 ? S May31 0:25 /bin/bash /root/ispconfig/sv/ispconfig_wconf
root 5343 0.0 0.0 3904 608 pts/0 S+ Jun21 0:00 grep wconf


Normal?

Yes, that's how it's supposed to be.
Do you get any error messages when you run
/root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php on the shell?

[root@svr ~]# /root/ispconfig/php/php /root/ispconfig/scripts/writeconf.php
start
ende
[root@svr ~]#


Fine Im guessing?

Yes, that's fine. I'm coming to my wit's end... :(

Isnt there any reason why ISPconfig wouldnt write dns config and ftp config?

The result in #47 means that the config has already been written or in other words, that there are no chnages pending to be written to the config files.

Maybe the config has been written but to wrong locations. Which bind config directory is set in ispconfig under management > server > settings ?

Ok, after looking at this in more detail,

ISPConfig IS writing new dns entries to /etc/named.conf, but for some reason bind isnt reading named.conf, its reading /var/named/chroot/etc/named.caching-nameserver.conf for config and named.rfc1912.zones in the same directory for dns entries.

Setting ISPConfig to use named.rfc1912.zones as the named.conf file doesnt work, because it overwrites the top of the file with configuration data that causes named to crash.

How do I change it so that its using /etc/named.conf like it should be for dns entries?

Also, ISPConfig still isnt writing in new FTP users or email accounts.

Please reconfigure your nameserver as described in the perfect setup guide for your linux distribution.

Thats the problem, I followed the guide and its configured wrong. The guide just says to yum bind-chroot which I did and to chmod the directories for it to the right levels.

The guide does not mention named.conf or any other config files, it says "ISPConfig will configure bind"

You posted above that your nameserver uses the file /var/named/chroot/etc/named.caching-nameserver.conf and thats definately not the file that is used when the named server is installed as described in the howto.

Please run:

yum install bind-chroot

and post the output.