Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th July 2010, 07:01
icemannz icemannz is offline
Junior Member
 
Join Date: Apr 2010
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default Bind not resolving some domain names

Hi all, I have setup the ISPConfig3 on Debian by following the guide.
The server is primarily a DNS server and I have setup Bind.
It is all up and running and resolves both local and remote domain names ok.

But there are a couple of domian names that it will not resolve.
For eg:
ns2:~# dig @localhost www.bridgebase.com

; <<>> DiG 9.5.1-P3 <<>> @localhost www.bridgebase.com
; (2 servers found)
;; global options: printcmd
;; connection timed out; no servers could be reached

And yet when I querry another external name server for the same domian name it works correctly.
I don't understand why it is only failing for a couple of domain names.

Here is the 2nd domain name that fails:
ns2:~# dig @localhost www.rabobank.com.au

; <<>> DiG 9.5.1-P3 <<>> @localhost www.rabobank.com.au
; (2 servers found)
;; global options: printcmd
;; connection timed out; no servers could be reached

Any help would be appreciated.
Reply With Quote
Sponsored Links
  #2  
Old 13th July 2010, 11:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,796
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

1) Are these domains (that fail) locally configured on your server?
2) Does a query like "dig @localhost www.google.com" work?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 14th July 2010, 03:19
icemannz icemannz is offline
Junior Member
 
Join Date: Apr 2010
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Till,
No these are remote domains that I have nothing to do with.
If I do a dig "@localhost www.google.com" - it works perfectly.
And any other domain works correctly to.

It is only these 2 domain names that fail.
Reply With Quote
  #4  
Old 14th July 2010, 04:59
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
Default

I've seen weird stuff like that before. It often comes down to some network issue between your server and one of the resolving name servers. Some possibilities could be firewalling, routing, & bogons.

One simple firewalling mistake is that some network administrators only allow port 53/UDP through, but not 53/TCP. The latter is needed when the reply is too large (and comes back truncated), it will be re-requested via TCP, and so the request fails. The other, bogons, is when the network admin blocks bogons, but hasn't updated the list when new IP ranges are activated.

From your nameserver, try "dig www.bridgebase.com +trace" and see if you can see where things fail. That might help you track down any issues.
Reply With Quote
  #5  
Old 14th July 2010, 17:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Can you post the bridgebase.com zone file?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 15th July 2010, 07:12
icemannz icemannz is offline
Junior Member
 
Join Date: Apr 2010
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi all,
as perviously mentioned the bridgebase.com domain name is not mine, it is just a domain on the internet that my name server cannot resolve.

Anyway I found that if I go to the options in Bind and put in a couple of DNS forwarders from a local ISP, then it all works.
oviously it getting the correct address from the forwarders and for now I can live with that.

I think that Matty is on the right track as when I do a traceroute to www.bridgebase.com
I get a lot of * * * * and the reply takes a long time. So I believe there may be some route issue somewhere that is causing the issues.

eg:
traceroute to www.bridgebase.com. (70.84.167.229), 30 hops max, 40 byte packets
1 10.50.0.254 (10.50.0.254) 0.290 ms 0.221 ms 0.208 ms
2 x.x.x.x (x.x.x.x) 2.118 ms 2.036 ms 2.019 ms
3 73.27.69.111.dynamic.snap.net.nz (111.69.27.73) 1.640 ms 1.588 ms 1.542 ms
4 g0-1-0-969.icore2.tspn.telstraclear.net (203.98.4.25) 44.816 ms 44.757 ms 44.702 ms
5 203.167.233.10 (203.167.233.10) 44.683 ms 44.656 ms 44.604 ms
6 i-13-1-0.wil-core02.bx.reach.com (202.84.142.110) 168.637 ms 168.171 ms 168.017 ms
7 i-1-1.eqla01.bi.reach.com (202.84.251.194) 167.948 ms 168.272 ms 168.169 ms
8 gblx-peer.eqla01.pr.reach.com (134.159.63.202) 144.826 ms 144.812 ms 144.821 ms
9 The-Planet.TenGigabitEthernet2-3.ar2.HOU1.gblx.net (64.214.196.58) 178.425 ms 178.425 ms 178.370 ms
10 et5-4.ibr03.dllstx3.theplanet.com (70.87.253.49) 179.701 ms 179.660 ms 179.633 ms
11 te3-5.dsr01.dllstx3.theplanet.com (70.87.253.86) 185.946 ms 185.902 ms te7-1.dsr01.dllstx3.theplanet.com (70.87.253.2) 184.649 ms
12 te3-3.dsr02.dllstx2.theplanet.com (70.87.253.126) 184.623 ms 42.ff.5746.static.theplanet.com (70.87.255.66) 179.578 ms te1-3.dsr02.dllstx2.theplanet.com (70.87.253.122) 180.159 ms
13 te1-1.car09.dllstx6.theplanet.com (70.87.254.202) 179.751 ms te1-2.car09.dllstx6.theplanet.com (70.87.254.206) 180.637 ms 180.557 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

dig www.bridgebase.com +trace

; <<>> DiG 9.5.1-P3 <<>> www.bridgebase.com +trace
;; global options: printcmd
. 44845 IN NS l.root-servers.net.
. 44845 IN NS a.root-servers.net.
. 44845 IN NS e.root-servers.net.
. 44845 IN NS m.root-servers.net.
. 44845 IN NS g.root-servers.net.
. 44845 IN NS c.root-servers.net.
. 44845 IN NS b.root-servers.net.
. 44845 IN NS j.root-servers.net.
. 44845 IN NS f.root-servers.net.
. 44845 IN NS d.root-servers.net.
. 44845 IN NS h.root-servers.net.
. 44845 IN NS i.root-servers.net.
. 44845 IN NS k.root-servers.net.
;; Received 288 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 499 bytes from 199.7.83.42#53(l.root-servers.net) in 150 ms

bridgebase.com. 172800 IN NS ns1.theplanet.com.
bridgebase.com. 172800 IN NS ns2.theplanet.com.
;; Received 114 bytes from 192.26.92.30#53(c.gtld-servers.net) in 223 ms

;; connection timed out; no servers could be reached
Reply With Quote
  #7  
Old 15th July 2010, 07:42
dcy dcy is offline
Junior Member
 
Join Date: Jul 2010
Posts: 24
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by icemannz View Post
I get a lot of * * * * and the reply takes a long time. So I believe there
may be some route issue somewhere that is causing the issues.
I don't think that is the problem (I also get the same asterisks (ie: filtered icmp)), but the query against my bind works correctly.

Quote:
dig www.bridgebase.com +trace
Here is how the result of the above query look on my server:
Code:
; <<>> DiG 9.5.1-P2.1 <<>> A www.bridgebase.com +trace
;; global options:  printcmd
.                       219603  IN      NS      c.root-servers.net.
.                       219603  IN      NS      g.root-servers.net.
.                       219603  IN      NS      f.root-servers.net.
.                       219603  IN      NS      m.root-servers.net.
.                       219603  IN      NS      b.root-servers.net.
.                       219603  IN      NS      d.root-servers.net.
.                       219603  IN      NS      i.root-servers.net.
.                       219603  IN      NS      j.root-servers.net.
.                       219603  IN      NS      h.root-servers.net.
.                       219603  IN      NS      a.root-servers.net.
.                       219603  IN      NS      e.root-servers.net.
.                       219603  IN      NS      k.root-servers.net.
.                       219603  IN      NS      l.root-servers.net.
;; Received 512 bytes from 172.31.1.1#53(172.31.1.1) in 0 ms

com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
;; Received 499 bytes from 128.63.2.53#53(h.root-servers.net) in 117 ms

bridgebase.com.         172800  IN      NS      ns1.theplanet.com.
bridgebase.com.         172800  IN      NS      ns2.theplanet.com.
;; Received 114 bytes from 192.26.92.30#53(c.gtld-servers.net) in 104 ms

www.bridgebase.com.     86400   IN      A       70.84.167.229
bridgebase.com.         86400   IN      NS      ns1.theplanet.com.
bridgebase.com.         86400   IN      NS      ns2.theplanet.com.
;; Received 130 bytes from 207.218.247.135#53(ns1.theplanet.com) in 159 ms
Can you try updating your root.hints file?

First find out your bind datadir (typically /etc/bind) and open your named.conf file.

Check the file for the following sections:
Code:
options {
        directory "/etc/namedb";
and
Code:
zone "." {
        type hint;
        file "root.hints";
};
So for me my root.hints file is in /etc/namedb/root.hints

Next make a backup of the existing hint file - so cp /etc/namedb/root.hints /etc/namedb/root.hints.backup.

And finally update the root.hints file:
Code:
dig +bufsize=1200 +norec NS . @a.root-servers.net > /etc/namedb/root.hints
Make a rndc reload and try testing the name resolution now.

D.
Reply With Quote
  #8  
Old 15th July 2010, 07:49
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
Default

Quote:
Originally Posted by icemannz View Post

bridgebase.com. 172800 IN NS ns1.theplanet.com.
bridgebase.com. 172800 IN NS ns2.theplanet.com.
;; Received 114 bytes from 192.26.92.30#53(c.gtld-servers.net) in 223 ms

;; connection timed out; no servers could be reached
OK, that pretty much means you can't talk DNS to ns1 & ns2.theplanet.com. I guess a dig +trace to the other domain would be similar. I had a quick look at the IPs for theplanet nameservers and they don't appear to have been bogons, so it's a good chance of 53/TCP filtering or a routing issue. Try something like "dig www.bridgebase.com +notcp +trace" and see what shakes out.

Kind of a shame to have to use forwarders as it leaves you at the mercy of the upstream DNS admin. It's like buying your own dog and then getting your neighbour's dog to do the barking.
Reply With Quote
  #9  
Old 15th July 2010, 17:01
dcy dcy is offline
Junior Member
 
Join Date: Jul 2010
Posts: 24
Thanks: 0
Thanked 2 Times in 2 Posts
 
Default

Quote:
Originally Posted by icemannz View Post
bridgebase.com. 172800 IN NS ns1.theplanet.com.
bridgebase.com. 172800 IN NS ns2.theplanet.com.
;; Received 114 bytes from 192.26.92.30#53(c.gtld-servers.net) in 223 ms
;; connection timed out; no servers could be reached
Just out of interest. Can you try running

Code:
dig NS theplanet.com @c.gtld-servers.net
please?

D.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 17:54
Unable to connect to Mysql mbascombe Installation/Configuration 12 10th January 2010 23:46
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 18:39
ISPConfig and BIND on Debian sarge (rfc1912 : failed on zonecheck) arnaud Installation/Configuration 13 6th March 2007 13:40
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 15:50


All times are GMT +2. The time now is 01:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.