ISPConfig 3 DNS not working for remote domains

[phorce1]

I'm getting Query Status: REFUSED for some reason. Ideas?


Plain dig shows root servers don't show up

Code:

ns4:~# dig

; <<>> DiG 9.5.1-P1 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8802
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;.				IN	NS

;; Query time: 0 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:53:15 2009

dig for google.com gives no answer

Code:

ns4:~# dig google.com

; <<>> DiG 9.5.1-P1 <<>> google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 4673
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;google.com.			IN	A

;; Query time: 0 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:53:56 2009
;; MSG SIZE  rcvd: 28

dig for one of the domains set up on the MyDNS server returns proper answer

Code:

ns4:~# dig sysmatrix.net

; <<>> DiG 9.5.1-P1 <<>> sysmatrix.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6895
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;sysmatrix.net.			IN	A

;; ANSWER SECTION:
sysmatrix.net.		38400	IN	A	65.170.133.11

;; AUTHORITY SECTION:
sysmatrix.net.		38400	IN	NS	ns1.sysmatrix.net.
sysmatrix.net.		38400	IN	NS	ns2.sysmatrix.net.
sysmatrix.net.		38400	IN	NS	ns3.sysmatrix.net.

;; ADDITIONAL SECTION:
ns1.sysmatrix.net.	38400	IN	A	65.170.133.21
ns2.sysmatrix.net.	38400	IN	A	65.170.133.41
ns3.sysmatrix.net.	38400	IN	A	65.170.133.54

;; Query time: 1 msec
;; SERVER: 65.170.133.11#53(65.170.133.11)
;; WHEN: Wed Mar 18 10:54:29 2009
;; MSG SIZE  rcvd: 149

;; MSG SIZE rcvd: 17
[/code]

[code]

[till]

MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

[JaBa]

Quote:

Originally Posted by till

MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

Can I use BIND9 not Mydns for perfect debian 5.0 setup with ispconfig and not install webmail?

[till]

Quote:

Can I use BIND9 not Mydns for perfect debian 5.0 setup with ispconfig and not install webmail?

Bind is not compatible with ISPConfig 3. You can use Bind with ISPConfig 2.

[phorce1]

Quote:

Originally Posted by till

MyDNS is not a dns resolver. If you want to use it as a resolver, you can set a external DNS server that shall be queried in the mydns.conf file.

That's ... annoying.

As an ISP we need to provide a fully functional nameserver for our customers. So, the only way to do that is to run a separate instance of bind9 on another server as an in-house resolver --- or steal someone else' DNS bandwidth to use them as a resolver.

I suppose we can set up ISPConfig with MyDNS on the master ISPC server and run bind9 in slave mode on other servers with zone transfers enabled to have fully functioning nameserver(s) available for our customers.

[till]

Quote:

As an ISP we need to provide a fully functional nameserver for our customers. So, the only way to do that is to run a separate instance of bind9 on another server as an in-house resolver --- or steal someone else' DNS bandwidth to use them as a resolver.

Bind is not needed for that. In this case you just install a local resolver like dnsmasq and configure mydns to use it.

Take a look at this tutorial:

http://www.howtoforge.com/mydns_mydn...on_ubuntu_edgy

you have to do just the last step "Installing DNSMasq".

[y87]

Hello,

I installed DNSmasq.. Then I broke something and had to adjust some settings in my named.conf.options file so that DNSmasq would not return error: "failed to bind".

Details:

auth-nxdomain no; # conform to RFC1035
listen-on { 98.142.210.0/24; }; #attempt to fix dnsmasq
listen-on-v6 { ip6-localhost; };
(from http://tjworld.net/wiki/Linux/DnsMas...ssAlreadyInUse)

So now DNSmasq runs without error, but when I set hosteddomain.tld to ns1.serverdomain.tld and ns2.serverdomain.tld, I get a Page Load Error like the domain isn't resolving. I believe I've done everything I can to configure properly:

1.) Installed DNSmasq per
http://www.howtoforge.com/mydns_mydn...on_ubuntu_edgy
(have double checked all config files)

2.) Setup host summary at GoDaddy per
http://www.howtoforge.com/ispconfig_dns_godaddy

2.) Set up DNS in ISPconfig 3 per screen shots in
http://www.howtoforge.com/forums/showthread.php?t=27030

4.) Setup hosteddomain.tld in 'Sites'.

3.) Now, when I..
dig @ns1.serverdomain.tld any hosteddomain.tld

Returns:

; <<>> DiG 9.5.1-P2 <<>> @ns1.serverdomain.tld any hosteddomain.tld
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57766
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;hosteddomain.tld. IN ANY

;; Query time: 16 msec
;; SERVER: *serverip*#53(*serverip*)
;; WHEN: Tue Jul 7 22:07:31 2009
;; MSG SIZE rcvd: 37

This appears to not answer? Domain does not resolve. I think I'm out of things to configure, and I believe I've configured everything properly. Should this work or am I off base completely on running DNS in ISPconfig 3?

I know this is strictly DNS related because if I switch to use GD default nameservers the site resolves.

Thanks, I have found all the support here to be incredibly helpful.

[till]

Please post the output of:

netstat -tap | grep dns

[y87]

server1:~# netstat -tap | grep dns
tcp 0 0 localhost.locald:domain *:* LISTEN 3115/dnsmasq

I've been on this for a couple of days, so my head is kind of spinning, but this looks like I haven't configured myDNS properly?

[till]

mydns is not started on your server. Please start it and check if it is running then.