Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st August 2012, 11:00
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default DNS records not saving correctly.

Everytime i make a dns record it puts peroids after the domain and replaces @ with peroids. and its making the dns records invalid. This is a fresh install.
Also have a new issue. I can dig locally but if i try to dig on an external server i get servefails. This is a dedicated live front facing ip. There isnt any ports being blocked at all.

Also did an external port scan and returned this.

XXX.XXX.XXX.XX5 is responding on port 53 (domain).

Last edited by xfxchilde; 1st August 2012 at 11:25.
Reply With Quote
Sponsored Links
  #2  
Old 1st August 2012, 11:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

The dns records are saved correctly, the problem is that you enterd the records wrong. All fully qualified domain name in dns for BIND has to end with a dot and @ is no dns record. If a dns record has no dot at the end, then it is a subbrecord of the zone. And what you refer to as @ record is the record for the zone itself, so if you create a zone for domain.tld, then the record that you refer to as @ is "domain.tld.".

Quote:
Also have a new issue. I can dig locally but if i try to dig on an external server i get servefails. This is a dedicated live front facing ip. There isnt any ports being blocked at all.
Either you block the dns port with a firewall or the dns records in the registry of the domain tld has not been changed yet to point to the new dns server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st August 2012, 11:28
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
The dns records are saved correctly, the problem is that you enterd the records wrong. All fully qualified domain name in dns for BIND has to end with a dot and @ is no dns record. If a dns record has no dot at the end, then it is a subbrecord of the zone. And what you refer to as @ record is the record for the zone itself, so if you create a zone for domain.tld, then the record that you refer to as @ is "domain.tld.".



Either you block the dns port with a firewall or the dns records in the registry of the domain tld has not been changed yet to point to the new dns server.

Ive done the dig using the new nameserver to dig from and it doesnt work. Also i'm talking about entering the email address on the template page example: you enter test@test.com and the form saves it as test.test.com I also edited my first post saying i did a external port scan and its open.
Reply With Quote
  #4  
Old 1st August 2012, 11:31
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Retrieving DNS records for abc123.com...
DNS servers
ns1.abc123.com [xxx.xxx.xxx.xxx]
ns2.abc123.com [xxx.xxx.xxx.xxx]
DNS server returned an error: Name server failed

Answer records

Authority records

Additional records


That was done using http://network-tools.com/
Reply With Quote
  #5  
Old 1st August 2012, 11:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

Quote:
Ive done the dig using the new nameserver to dig from and it doesnt work.
Then your dns is blocked b a firewall or you configured bins to listen only on localhost.

Quote:
Also i'm talking about entering the email address on the template page example: you enter test@test.com and the form saves it as test.test.com
Thats absolutely correct as mail addresses in dns records are saved in this way and ispconfig corrects your wrong input automatically. You might want to read a bit more about BIND dns file format before complaining that ispconfig handles this wrong.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 1st August 2012, 11:32
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I wasn't attacking.. i just thought it would save the way it was entered. I apologize.
Reply With Quote
  #7  
Old 1st August 2012, 11:39
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Still the port scan is saying that its there also like you suggested i researched how bind works.

"listen-on — Specifies the network interface on which named listens for queries. By default, all interfaces are used. "

Everything is default. Unless ISPconfig changes that. I followed the guide on this website to the T.
Reply With Quote
  #8  
Old 1st August 2012, 11:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
Default

The defaults depend on the Linux distribution you used and presets that might have been done by your internet provider, ispconfig does not set defaults for bind. To see if bind is listening on the correct interfaces, post the output of:

netstat -tap | grep named

and the output of:

iptables -L
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 1st August 2012, 11:53
xfxchilde xfxchilde is offline
Junior Member
 
Join Date: Jun 2012
Posts: 15
Thanks: 1
Thanked 0 Times in 0 Posts
Default

root@server1:/etc/bind# netstat -tap | grep named
tcp 0 0 localhost:953 *:* LISTEN 14323/named
tcp 0 0 server1.dynainte:domain *:* LISTEN 14323/named
tcp 0 0 localhost:domain *:* LISTEN 14323/named
tcp6 0 0 localhost:953 [::]:* LISTEN 14323/named
tcp6 0 0 [::]:domain [::]:* LISTEN 14323/named
root@server1:/etc/bind# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-courierimaps tcp -- anywhere anywhere multipo rt dports imaps
fail2ban-sasl tcp -- anywhere anywhere multiport dport s smtp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-pureftpd tcp -- anywhere anywhere multiport d ports ftp
fail2ban-courierpop3s tcp -- anywhere anywhere multipo rt dports pop3s
fail2ban-courierpop3 tcp -- anywhere anywhere multipor t dports pop3
fail2ban-courierimap tcp -- anywhere anywhere multipor t dports imap2

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-courierimap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierimaps (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3s (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-pureftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
root@server1:/etc/bind#


Also noted..

http://www.geektools.com/digtool.php
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6 < if i use ns1.abc123.com
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6 < if i use the ip of the server.

Not sure if that matters or not.

Last edited by xfxchilde; 1st August 2012 at 12:00.
Reply With Quote
  #10  
Old 1st August 2012, 12:00
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,638
Thanks: 793
Thanked 4,998 Times in 3,909 Posts
 
Default

Thats both ok.

Please take alook into the syslog file in /var/log, are there any bind errors in there.

According to your post above, you use a subdomain of the same zone as dns server name. This requires that you add glue records in the dns server of your provider were you registered the domain (not your ispconfig server). Have you added these glue records?

http://en.wikipedia.org/wiki/Domain_...d_glue_records
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sarg issue while generating reports for squid mail4vij Server Operation 3 31st December 2009 13:12
Ubuntu Server, ISPConfig, Domain name, and problems NYCSavage Server Operation 5 27th November 2009 17:45
Google Apps dayjahone General 19 29th March 2008 17:25
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34
No SPF record. beryl Installation/Configuration 6 17th May 2007 19:52


All times are GMT +2. The time now is 13:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.