PDA

View Full Version : ISPConfig 3 DNS not working for remote domains


phorce1
18th March 2009, 17:59
I'm getting Query Status: REFUSED for some reason. Ideas?


Plain dig shows root servers don't show up


ns4:~# dig

; <<>> DiG 9.5.1-P1 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8802
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;. IN NS

;; Query time: 0 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:53:15 2009


dig for google.com gives no answer


ns4:~# dig google.com

; <<>> DiG 9.5.1-P1 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 4673
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;google.com. IN A

;; Query time: 0 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:53:56 2009
;; MSG SIZE rcvd: 28


dig for one of the domains set up on the MyDNS server returns proper answer


ns4:~# dig sysmatrix.net

; <<>> DiG 9.5.1-P1 <<>> sysmatrix.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6895
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sysmatrix.net. IN A

;; ANSWER SECTION:
sysmatrix.net. 38400 IN A 65.170.133.11

;; AUTHORITY SECTION:
sysmatrix.net. 38400 IN NS ns1.sysmatrix.net.
sysmatrix.net. 38400 IN NS ns2.sysmatrix.net.
sysmatrix.net. 38400 IN NS ns3.sysmatrix.net.

;; ADDITIONAL SECTION:
ns1.sysmatrix.net. 38400 IN A 65.170.133.21
ns2.sysmatrix.net. 38400 IN A 65.170.133.41
ns3.sysmatrix.net. 38400 IN A 65.170.133.54

;; Query time: 1 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:54:29 2009
;; MSG SIZE rcvd: 149

;; MSG SIZE rcvd: 17
[/code]

[code]

till
19th March 2009, 10:24
MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

JaBa
19th March 2009, 10:27
MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

Can I use BIND9 not Mydns for perfect debian 5.0 setup with ispconfig and not install webmail?

till
19th March 2009, 10:30
Can I use BIND9 not Mydns for perfect debian 5.0 setup with ispconfig and not install webmail?


Bind is not compatible with ISPConfig 3. You can use Bind with ISPConfig 2.

phorce1
19th March 2009, 10:53
MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

That's ... annoying.

As an ISP we need to provide a fully functional nameserver for our customers. So, the only way to do that is to run a separate instance of bind9 on another server as an in-house resolver --- or steal someone else' DNS bandwidth to use them as a resolver.

I suppose we can set up ISPConfig with MyDNS on the master ISPC server and run bind9 in slave mode on other servers with zone transfers enabled to have fully functioning nameserver(s) available for our customers.

till
19th March 2009, 11:10
As an ISP we need to provide a fully functional nameserver for our customers. So, the only way to do that is to run a separate instance of bind9 on another server as an in-house resolver --- or steal someone else' DNS bandwidth to use them as a resolver.

Bind is not needed for that. In this case you just install a local resolver like dnsmasq and configure mydns to use it.

Take a look at this tutorial:

http://www.howtoforge.com/mydns_mydnsconfig_dnsmasp_on_ubuntu_edgy

you have to do just the last step "Installing DNSMasq".

y87
7th July 2009, 21:18
Hello,

I installed DNSmasq.. Then I broke something and had to adjust some settings in my named.conf.options file so that DNSmasq would not return error: "failed to bind".

Details:

auth-nxdomain no; # conform to RFC1035
listen-on { 98.142.210.0/24; }; #attempt to fix dnsmasq
listen-on-v6 { ip6-localhost; };
(from http://tjworld.net/wiki/Linux/DnsMasqAddressAlreadyInUse)

So now DNSmasq runs without error, but when I set hosteddomain.tld to ns1.serverdomain.tld and ns2.serverdomain.tld, I get a Page Load Error like the domain isn't resolving. I believe I've done everything I can to configure properly:

1.) Installed DNSmasq per
www.howtoforge.com/mydns_mydnsconfig_dnsmasp_on_ubuntu_edgy
(have double checked all config files)

2.) Setup host summary at GoDaddy per
http://www.howtoforge.com/ispconfig_dns_godaddy

2.) Set up DNS in ISPconfig 3 per screen shots in
http://www.howtoforge.com/forums/showthread.php?t=27030

4.) Setup hosteddomain.tld in 'Sites'.

3.) Now, when I..
dig @ns1.serverdomain.tld any hosteddomain.tld

Returns:

; <<>> DiG 9.5.1-P2 <<>> @ns1.serverdomain.tld any hosteddomain.tld
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57766
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hosteddomain.tld. IN ANY

;; Query time: 16 msec
;; SERVER: *serverip*#53(*serverip*)
;; WHEN: Tue Jul 7 22:07:31 2009
;; MSG SIZE rcvd: 37

This appears to not answer? Domain does not resolve. I think I'm out of things to configure, and I believe I've configured everything properly. Should this work or am I off base completely on running DNS in ISPconfig 3?

I know this is strictly DNS related because if I switch to use GD default nameservers the site resolves.

Thanks, I have found all the support here to be incredibly helpful.

till
7th July 2009, 21:26
Please post the output of:

netstat -tap | grep dns

y87
7th July 2009, 21:47
server1:~# netstat -tap | grep dns
tcp 0 0 localhost.locald:domain *:* LISTEN 3115/dnsmasq

I've been on this for a couple of days, so my head is kind of spinning, but this looks like I haven't configured myDNS properly?

till
7th July 2009, 21:50
mydns is not started on your server. Please start it and check if it is running then.

y87
7th July 2009, 22:46
Thanks for showing me where the issue is! :) For some reason, even though /etc/init.d/mydns start/restart/stop appears to work, when I check my active processes, I don't see myDNS anywhere. I reconfigured with the newest version, and although myDNS will say it's starting, it doesn't, so I'm attempting to work that out. At least I don't have to focus on dnsmasq or the way I've set my configurations, now that I know the problem lies with myDNS. Any additional suggestions would also be appreciated, though I'm currently researching what may cause this behavior now.

falko
8th July 2009, 15:27
Are there any errors in your logs? Did you configure MyDNS to not listen on localhost.localdomain (since dnsmasq is listening there)?

y87
8th July 2009, 22:27
Yes, I configured myDNS to not listen when I was setting up dnsmasq. I think I've been barking up the wrong tree, though. I reinstalled Debian 5.0 and set everything up from scratch, and I still ran into the same issue. Then it occurred to me, that I never submitted a request to get Reverse Dns setup with my host, which I've now done. I check logs and saw no errors with myDNS. I'm correct in that Reverse DNS must be setup for nameservers to resolve properly, right? Thanks for all your help, and I'm pretty sure that everything was setup correctly per your many tutorials and that this was just an oversight on my part, though it will take awhile for Reverse DNS to propagate so that I know.

spikes
29th September 2009, 08:15
Hi,

I cannot get mydns to work. I have latest ispconfig3. I include below if someone can please help me. I am a newbie. Thanks in advance.

server1:~# dig @localhost www.mydomain.com

; <<>> DiG 9.5.1-P3 <<>> @localhost www.mydomain.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 40819
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mydomain.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 29 18:09:30 2009
;; MSG SIZE rcvd: 36


server1:~# netstat -tap | grep dns
getnameinfo failed
tcp 0 0 server1.mydomain:domain *:* LISTEN 1792/mydns
tcp 0 0 localhost.locald:domain *:* LISTEN 1191/dnsmasq
tcp6 0 0 [UNKNOWN]:domain [::]:* LISTEN 1792/mydns

till
29th September 2009, 10:11
As you are running dnsmasq on localhost as resolver and not the mydns serverm you can not query it with @localhost. You have to use:

dig @IPADDRESS www.mydomain.com

were you replace IPADDRESS with the IP of the server (not 127.0.0.1)

spikes
29th September 2009, 10:21
I have tried with ip address and this is what I got

server1:~# dig @IPADDRESS www.mydomain.com

; <<>> DiG 9.5.1-P3 <<>> @IPADDRESS www.mydomain.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31506
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: Messages has 476 extra bytes at end

;; QUESTION SECTION:
;www.mydomain.com. IN A

;; Query time: 0 msec
;; SERVER: IPADDRESS#53(IPADDRESS)
;; WHEN: Tue Sep 29 20:17:12 2009
;; MSG SIZE rcvd: 512

spikes
30th September 2009, 04:30
I have started over and done complete reinstall. I see something funny here: tcp6 0 0 ::1%3217472056:domain. I also keep getting REFUSED when using dig to check my server. I don't know where I go wrong as I follow the tutorials and do not get any errors during the install. I have also added the ns1 and ns2 entries at my domain registrar pointing to the server ip address. I have added reverse dns pointing to mydomain.com.

It seems that I cannot make queries to my own server? I think I do not have the experience to see what's wrong. I'm stuck. Till can you please help me. Where to from here. I moved from shared hosting to vps and my site is down.

tcp 0 0 server1.mydomain:domain *:* LISTEN
13200/mydns
tcp 0 0 localhost.locald:domain *:* LISTEN
13200/mydns
tcp6 0 0 ::1%3217472056:domain [::]:* LISTEN
13200/mydns

I can dig google ok. Nothing works for the domain that I added tho. Have tried dig with ip address also.

server1:~# dig @localhost mydomain.com

; <<>> DiG 9.5.1-P3 <<>> @localhost mydomain.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 13195
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;mydomain.com. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 30 14:23:26 2009
;; MSG SIZE rcvd: 32

till
30th September 2009, 10:20
And you are sure that you added the dns records for mydomain.com correctly? Did you use the DNS wizard? Please post a screenshot of the dns settings of mydomain.com in ispconfig.

spikes
30th September 2009, 10:49
I managed to get it fixed.

Thank you

Nikola
30th September 2009, 18:17
why *.*.tld?

*.*.com. or *.com. is right... ?

malou
18th September 2010, 00:23
I managed to get it fixed.

Thank you

For those like me who found this thread with google, I has the exact same problem as Spikes. I managed to fix it with a simple reinstall of bind9 (apt-get purge bind9, apt-get install bind9).

I had this issue again today and simply restarted bind9 and it did it.