Hi All,
Thanks for a great product and support. I seem to have ISPConfig setup and running correctly. On first boot, ISPConfig isn't running but the other services are started.

In this configuration, I can resolve external addresses:

-bash-3.2# ping google.com
PING google.com (74.125.45.100) 56(84) bytes of data.
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=248 time=1.53 ms
64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=248 time=2.67 ms

However, when I start ispconfig_server with /etc/init.d/ispconfig_server restart

(And enter the passphrase for the SSL cert) DNS resolution no longer works for anything outside of the hosted domains. Stopping ISPConfig and restarting BIND doesn't change the situation. All the services that ISPConfig manages work properly regardless of which scenario except the external resolution of domains. I can start ISPConfig (thereby losing external DNS resolution) create/alter accounts and restart the server and retain the settings and have the resolution of names I need... However, since the server restarted, ISPConfig isn't running and thus the process repeats.

Any advice is appreciated.

Which distribution are you using?

Do you use a firewall on the system and have switched on the ISPConfig firewall? In that case, both firewalls most likely interfere with each other.

Thanks for the help falko.

Prior to starting ISPConfig

Distro:
-bash-3.2# cat /etc/redhat-release
CentOS release 5.2 (Final)

Firewall:
-bash-3.2# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Security Level:
-bash-3.2# system-config-securitylevel-tui
setenforce: SELinux is disabled


Starting ISPConfig:

-bash-3.2# /etc/init.d/ispconfig_server restart
Shutting down ISPConfig system...
/root/ispconfig/httpd/bin/apachectl stop: httpd (no pid file) not running
ISPConfig system stopped!
Starting ISPConfig system...
Apache/1.3.41 mod_ssl/2.8.31 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server <removed>:81 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/root/ispconfig/httpd/bin/apachectl startssl: httpd started

ISPConfig system is now up and running!


Firewall is on in ISPConfig

Going to:
Management -> System Config -> Settings -> Firewall Tab


Firewall Rule
Name Port Type Active
FTP 21 tcp yes
SSH 22 tcp yes
SMTP 25 tcp yes
DNS 53 tcp yes
DNS 53 udp yes
WWW 80 tcp yes
ISPConfig 81 tcp yes
POP3 110 tcp yes
IMAP2 143 tcp yes
SSL (www) 443 tcp yes
Webmin 10000 tcp yes


Checking iptables seems to show the correct info?
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere
DROP all -- 224.0.0.0/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (10 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere


I'm starting to get the impression I'm missing something obvious here. =)

Thanks again for your help.

And... Disabling the firewall in ISPConfig makes external resolution work again... Re-enabling firewall makes it break. Am I missing a port to open?

What's in /etc/resolv.conf?

-bash-3.2# cat /etc/resolv.conf
nameserver 69.73.151.18
nameserver 69.73.181.168
nameserver 69.73.181.166


The contents of this file doesn't seem to change when turning firewall on and off. The first nameserver is the IP of the ISPConfig host... Would it be better to set it to localhost?

Please try an external nameserver as the first nameserver, e.g. from your ISP.

Using the other two nameservers as the first nameserver didn't seem to change anything. I'll see if I can add the iptables rules manually and see if they work.