#1  
Old 5th March 2012, 14:49
rrijken rrijken is offline
Junior Member
 
Join Date: Feb 2011
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default DNS not working

Was using ispconfig 2 for a long time but have made the switch to ispconfig 3. Can't get DNS working though and I have no idea why. Server uses Fedora 16 and I used the perfect server setup for Fedora 15. On ispconfig 2, the old server/pc, the sites were running without a problem behind my router so DNS was working, but now on intodns.com I keep getting:

Error Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records.
Error DNS servers responded ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
204.13.249.76 122.249.2.210


Below is needed output. Help is greatly appreciated.

Service named is running:

named.service - LSB: start|stop|status|restart|try-restart|reload|force-reload DNS server
Loaded: loaded (/etc/rc.d/init.d/named)
Active: active (running) since Mon, 05 Mar 2012 21:22:22 +0900; 16min ago
Process: 8451 ExecStop=/etc/rc.d/init.d/named stop (code=exited, status=0/SUCCESS)
Process: 7537 ExecReload=/etc/rc.d/init.d/named reload (code=exited, status=0/SUCCESS)
Process: 8500 ExecStart=/etc/rc.d/init.d/named start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/named.service
└ 8506 /usr/sbin/named -u named

Dig:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29806
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;. IN NS

;; ANSWER SECTION:
. 6297 IN NS g.root-servers.net.
. 6297 IN NS b.root-servers.net.
. 6297 IN NS j.root-servers.net.
. 6297 IN NS i.root-servers.net.
. 6297 IN NS d.root-servers.net.
. 6297 IN NS h.root-servers.net.
. 6297 IN NS f.root-servers.net.
. 6297 IN NS m.root-servers.net.
. 6297 IN NS c.root-servers.net.
. 6297 IN NS k.root-servers.net.
. 6297 IN NS l.root-servers.net.
. 6297 IN NS e.root-servers.net.
. 6297 IN NS a.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net. 3554584 IN A 198.41.0.4
a.root-servers.net. 3554584 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3554584 IN A 192.228.79.201
c.root-servers.net. 3565869 IN A 192.33.4.12
d.root-servers.net. 3565869 IN A 128.8.10.90
d.root-servers.net. 3596535 IN AAAA 2001:500:2d::d
e.root-servers.net. 3596535 IN A 192.203.230.10
f.root-servers.net. 3594940 IN A 192.5.5.241
f.root-servers.net. 3554584 IN AAAA 2001:500:2f::f
g.root-servers.net. 3565869 IN A 192.112.36.4
h.root-servers.net. 3554584 IN A 128.63.2.53
h.root-servers.net. 3554584 IN AAAA 2001:500:1::803f:235
i.root-servers.net. 3554584 IN A 192.36.148.17
i.root-servers.net. 3584273 IN AAAA 2001:7fe::53

;; Query time: 17 msec
;; SERVER: 216.146.35.35#53(216.146.35.35)
;; WHEN: Mon Mar 5 21:39:28 2012
;; MSG SIZE rcvd: 512




dig @localhost mutoh-seikatsu.com
:

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>> @localhost mutoh-seikatsu.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 467
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;mutoh-seikatsu.com. IN A

;; ANSWER SECTION:
mutoh-seikatsu.com. 86400 IN A 122.249.2.210

;; AUTHORITY SECTION:
mutoh-seikatsu.com. 0 IN NS ns2.mydyndns.com.
mutoh-seikatsu.com. 0 IN NS ns1.mutoh-seikatsu.com.

;; ADDITIONAL SECTION:
ns1.mutoh-seikatsu.com. 86400 IN A 122.249.2.210

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Mar 5 21:40:25 2012
;; MSG SIZE rcvd: 113




dig @122.249.2.210 mutoh-seikatsu.com:

;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53
;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53
;; reply from unexpected source: 192.168.24.1#53, expected 122.249.2.210#53

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.2.rc1.fc16 <<>> @122.249.2.210 mutoh-seikatsu.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached






iptables -L:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- resolver1.dyndnsinternetguide.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver1.dyndnsinternetguide.com anywhere
ACCEPT tcp -- resolver2.dyndnsinternetguide.com anywhere tcpflags:! FIN,SYN,RST,ACK/SYN
ACCEPT udp -- resolver2.dyndnsinternetguide.com anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.24.255
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere server.mutoh-seikatsu.com
INBOUND all -- anywhere server.mutoh-seikatsu.com
INBOUND all -- anywhere 192.168.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Input"

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Forward"

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- server.mutoh-seikatsu.com resolver1.dyndnsinternetguide.com tcp dpt:domain
ACCEPT udp -- server.mutoh-seikatsu.com resolver1.dyndnsinternetguide.com udp dpt:domain
ACCEPT tcp -- server.mutoh-seikatsu.com resolver2.dyndnsinternetguide.com tcp dpt:domain
ACCEPT udp -- server.mutoh-seikatsu.com resolver2.dyndnsinternetguide.com udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Unknown Output"

Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.0.104 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT all -- 192.168.24.1 anywhere
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpts:bootps:bootpc
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpts:bootps:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp
ACCEPT udp -- anywhere anywhere udp dpts:ftp-data:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
ACCEPT udp -- anywhere anywhere udp dpt:imap
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT udp -- anywhere anywhere udp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
ACCEPT udp -- anywhere anywhere udp dpt:ndmp
ACCEPT tcp -- server.mutoh-seikatsu.com anywhere tcp dpt:db-lsp
ACCEPT udp -- server.mutoh-seikatsu.com anywhere udp dpt:db-lsp-disc
ACCEPT tcp -- 192.168.0.104 anywhere tcp dpt:netbios-dgm
ACCEPT udp -- 192.168.0.104 anywhere udp dpt:netbios-dgm
ACCEPT tcp -- 192.168.0.125 anywhere tcp dpt:db-lsp
ACCEPT udp -- 192.168.0.125 anywhere udp dpt:db-lsp-disc
ACCEPT tcp -- 115.179.101.100.ap.gmobb-fix.jp anywhere tcp dpt:imaps
ACCEPT udp -- 115.179.101.100.ap.gmobb-fix.jp anywhere udp dpt:imaps
ACCEPT tcp -- 115.179.101.100.ap.gmobb-fix.jp anywhere tcp dpt:imaps
ACCEPT udp -- 115.179.101.100.ap.gmobb-fix.jp anywhere udp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:25012
ACCEPT udp -- anywhere anywhere udp dpt:25012
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy
ACCEPT udp -- anywhere anywhere udp dpt:tproxy
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT udp -- anywhere anywhere udp dptop3
LSI all -- anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP tcp -- anywhere anywhere tcpflags: FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix "Inbound "
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Inbound "
DROP all -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix "Outbound "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere


netstat -tap:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:50502 *:* LISTEN 1308/rpc.statd
tcp 0 0 localhost:10024 *:* LISTEN 1508/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 1612/master
tcp 0 0 *:mysql *:* LISTEN 1347/mysqld
tcp 0 0 *:sunrpc *:* LISTEN 1123/rpcbind
tcp 0 0 *:ndmp *:* LISTEN 1664/perl
tcp 0 0 server.mutoh-seikats:domain *:* LISTEN 8506/named
tcp 0 0 server.mutoh-seikats:domain *:* LISTEN 8506/named
tcp 0 0 localhost:domain *:* LISTEN 8506/named
tcp 0 0 *:ftp *:* LISTEN 1185/pure-ftpd (SER
tcp 0 0 localhost:ipp *:* LISTEN 2084/cupsd
tcp 0 0 localhost:rndc *:* LISTEN 8506/named
tcp 0 0 *:smtp *:* LISTEN 1612/master
tcp 0 0 *:db-lsp *:* LISTEN 2259/dropbox
tcp 0 0 server.mutoh-seikatsu:56565 nrt19s11-in-f21.1e100:https TIME_WAIT -
tcp 62 0 localhost:39435 localhost:10025 CLOSE_WAIT 1830/amavisd (ch1-a
tcp 0 0 localhost:mysql localhost:45047 ESTABLISHED 1347/mysqld
tcp 38 0 server.mutoh-seikatsu:37894 v-client-4b.sjc.dropb:https CLOSE_WAIT 2259/dropbox
tcp 0 0 localhost:45047 localhost:mysql ESTABLISHED 1830/amavisd (ch1-a
tcp 0 0 server.mutoh-seikatsu:56662 nrt19s11-in-f21.1e100:https ESTABLISHED 2371/firefox
tcp 0 0 server.mutoh-seikatsu:33801 sjc-not20.sjc.dropbox.:http ESTABLISHED 2259/dropbox
tcp 0 0 *:40429 *:* LISTEN 1308/rpc.statd
tcp 0 0 *op3 *:* LISTEN 1553/couriertcpd
tcp 0 0 *:imap *:* LISTEN 1521/couriertcpd
tcp 0 0 *:sunrpc *:* LISTEN 1123/rpcbind
tcp 0 0 *:webcache *:* LISTEN 1144/httpd
tcp 0 0 *:http *:* LISTEN 1144/httpd
tcp 0 0 *:tproxy *:* LISTEN 1144/httpd
tcp 0 0 *:domain *:* LISTEN 8506/named
tcp 0 0 *:ftp *:* LISTEN 1185/pure-ftpd (SER
tcp 0 0 *:ipp *:* LISTEN 1/init
tcp 0 0 localhost:rndc *:* LISTEN 8506/named
tcp 0 0 *:smtp *:* LISTEN 1612/master
tcp 0 0 *:https *:* LISTEN 1144/httpd
tcp 0 0 *:imaps *:* LISTEN 1543/couriertcpd
tcp 0 0 *op3s *:* LISTEN 1562/couriertcpd



netstat -uap
:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 *:ipp *:* 1/init
udp 0 0 localhost:ldaps *:* 1308/rpc.statd
udp 0 0 *:871 *:* 1123/rpcbind
udp 0 0 *:db-lsp-disc *:* 2259/dropbox
udp 0 0 *:mdns *:* 997/avahi-daemon
udp 0 0 *:ndmp *:* 1664/perl
udp 0 0 *:26734 *:* 3201/dhcpd
udp 0 0 *:39846 *:* 1308/rpc.statd
udp 0 0 *:60696 *:* 997/avahi-daemon
udp 0 0 server.mutoh-seikatsu:domain *:* 8506/named
udp 0 0 server.mutoh-seikatsu:domain *:* 8506/named
udp 0 0 localhost:domain *:* 8506/named
udp 0 0 *:bootps *:* 3201/dhcpd
udp 0 0 *:sunrpc *:* 1123/rpcbind
udp 0 0 *:ntp *:* 1020/chronyd
udp 0 0 *:323 *:* 1020/chronyd
udp 0 0 *:871 *:* 1123/rpcbind
udp 0 0 *:43515 *:* 3201/dhcpd
udp 0 0 *:60526 *:* 1308/rpc.statd
udp 0 0 *:domain *:* 8506/named
udp 0 0 *:sunrpc *:* 1123/rpcbind
udp 0 0 *:ntp *:* 1020/chronyd
udp 0 0 *:323 *:* 1020/chronyd
Reply With Quote
Sponsored Links
  #2  
Old 5th March 2012, 14:52
rrijken rrijken is offline
Junior Member
 
Join Date: Feb 2011
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Am using firestarter for the firewall at the moment which setup a DHCP server that handles the internal network (wireless). If I need to get rid of firestarter, how to add the dhcp server and masquerading between internet - and local net?
Reply With Quote
  #3  
Old 5th March 2012, 15:14
rrijken rrijken is offline
Junior Member
 
Join Date: Feb 2011
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here is named.conf, note the allow-query line, when set to localhost the intodns reports that the server did not respond, when set to any, it responds but I get the error at recursive queries, anybody can use the dns server:

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

include "/etc/named.conf.local";
Reply With Quote
  #4  
Old 7th March 2012, 18:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
 
Default

Remove the recursion yes; line and add
Code:
allow-recursion { none; };
instead.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS not working in ISPconfig3 cluster archange Installation/Configuration 43 6th October 2010 14:04
ISPConfig 3 DNS not working for remote domains phorce1 Installation/Configuration 20 18th September 2010 00:23
DNS data from Standalone servers to Primary DNS server SamTzu Tips/Tricks/Mods 7 15th November 2009 14:38
Google Apps dayjahone General 19 29th March 2008 18:25
Dns question Mahir Installation/Configuration 48 14th November 2006 11:19


All times are GMT +2. The time now is 16:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.