HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   DNS records not saving correctly. (http://www.howtoforge.com/forums/showthread.php?t=58148)

xfxchilde 1st August 2012 11:00

DNS records not saving correctly.
 
Everytime i make a dns record it puts peroids after the domain and replaces @ with peroids. and its making the dns records invalid. This is a fresh install.
Also have a new issue. I can dig locally but if i try to dig on an external server i get servefails. This is a dedicated live front facing ip. There isnt any ports being blocked at all.

Also did an external port scan and returned this.

XXX.XXX.XXX.XX5 is responding on port 53 (domain).

till 1st August 2012 11:25

The dns records are saved correctly, the problem is that you enterd the records wrong. All fully qualified domain name in dns for BIND has to end with a dot and @ is no dns record. If a dns record has no dot at the end, then it is a subbrecord of the zone. And what you refer to as @ record is the record for the zone itself, so if you create a zone for domain.tld, then the record that you refer to as @ is "domain.tld.".

Quote:

Also have a new issue. I can dig locally but if i try to dig on an external server i get servefails. This is a dedicated live front facing ip. There isnt any ports being blocked at all.
Either you block the dns port with a firewall or the dns records in the registry of the domain tld has not been changed yet to point to the new dns server.

xfxchilde 1st August 2012 11:28

Quote:

Originally Posted by till (Post 283078)
The dns records are saved correctly, the problem is that you enterd the records wrong. All fully qualified domain name in dns for BIND has to end with a dot and @ is no dns record. If a dns record has no dot at the end, then it is a subbrecord of the zone. And what you refer to as @ record is the record for the zone itself, so if you create a zone for domain.tld, then the record that you refer to as @ is "domain.tld.".



Either you block the dns port with a firewall or the dns records in the registry of the domain tld has not been changed yet to point to the new dns server.


Ive done the dig using the new nameserver to dig from and it doesnt work. Also i'm talking about entering the email address on the template page example: you enter test@test.com and the form saves it as test.test.com I also edited my first post saying i did a external port scan and its open.

xfxchilde 1st August 2012 11:31

Retrieving DNS records for abc123.com...
DNS servers
ns1.abc123.com [xxx.xxx.xxx.xxx]
ns2.abc123.com [xxx.xxx.xxx.xxx]
DNS server returned an error: Name server failed

Answer records

Authority records

Additional records


That was done using http://network-tools.com/

till 1st August 2012 11:31

Quote:

Ive done the dig using the new nameserver to dig from and it doesnt work.
Then your dns is blocked b a firewall or you configured bins to listen only on localhost.

Quote:

Also i'm talking about entering the email address on the template page example: you enter test@test.com and the form saves it as test.test.com
Thats absolutely correct as mail addresses in dns records are saved in this way and ispconfig corrects your wrong input automatically. You might want to read a bit more about BIND dns file format before complaining that ispconfig handles this wrong.

xfxchilde 1st August 2012 11:32

I wasn't attacking.. i just thought it would save the way it was entered. I apologize.

xfxchilde 1st August 2012 11:39

Still the port scan is saying that its there also like you suggested i researched how bind works.

"listen-on Specifies the network interface on which named listens for queries. By default, all interfaces are used. "

Everything is default. Unless ISPconfig changes that. I followed the guide on this website to the T.

till 1st August 2012 11:41

The defaults depend on the Linux distribution you used and presets that might have been done by your internet provider, ispconfig does not set defaults for bind. To see if bind is listening on the correct interfaces, post the output of:

netstat -tap | grep named

and the output of:

iptables -L

xfxchilde 1st August 2012 11:53

root@server1:/etc/bind# netstat -tap | grep named
tcp 0 0 localhost:953 *:* LISTEN 14323/named
tcp 0 0 server1.dynainte:domain *:* LISTEN 14323/named
tcp 0 0 localhost:domain *:* LISTEN 14323/named
tcp6 0 0 localhost:953 [::]:* LISTEN 14323/named
tcp6 0 0 [::]:domain [::]:* LISTEN 14323/named
root@server1:/etc/bind# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-courierimaps tcp -- anywhere anywhere multipo rt dports imaps
fail2ban-sasl tcp -- anywhere anywhere multiport dport s smtp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-pureftpd tcp -- anywhere anywhere multiport d ports ftp
fail2ban-courierpop3s tcp -- anywhere anywhere multipo rt dports pop3s
fail2ban-courierpop3 tcp -- anywhere anywhere multipor t dports pop3
fail2ban-courierimap tcp -- anywhere anywhere multipor t dports imap2

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-courierimap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierimaps (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3s (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-pureftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
root@server1:/etc/bind#


Also noted..

http://www.geektools.com/digtool.php
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6 < if i use ns1.abc123.com
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6 < if i use the ip of the server.

Not sure if that matters or not.

till 1st August 2012 12:00

Thats both ok.

Please take alook into the syslog file in /var/log, are there any bind errors in there.

According to your post above, you use a subdomain of the same zone as dns server name. This requires that you add glue records in the dns server of your provider were you registered the domain (not your ispconfig server). Have you added these glue records?

http://en.wikipedia.org/wiki/Domain_...d_glue_records


All times are GMT +2. The time now is 10:32.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.