Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st August 2010, 11:22
spr spr is offline
Junior Member
 
Join Date: Aug 2009
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default DNS Error, only for Com-Domains!

Hi

We've widen up our Serverstructure and outsourced our DNS and Mailserver on two new machines. Boths are in different datacenters.

Server 1 ist the Master DNS and Mailserver
Server 2 is a complete Mirror of Server 1

Now we've the problem that Google-Mail (and some other little providers) can't send mails to our Servers!!
Only the .com Domains aren't working...

Here is what dig says:

Dig via Google-Public-DNS

dig @8.8.8.8 ns datengarten.com

; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 ns datengarten.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50702
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;datengarten.com. IN NS

;; Query time: 2449 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 1 11:19:26 2010
;; MSG SIZE rcvd: 33

Dig via T-Online DNS:

dig ns datengarten.com

; <<>> DiG 9.7.0-P1 <<>> ns datengarten.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9721
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;datengarten.com. IN NS

;; ANSWER SECTION:
datengarten.com. 11872 IN NS ns1.datengarten.net.
datengarten.com. 11872 IN NS ns2.datengarten.net.

;; ADDITIONAL SECTION:
ns1.datengarten.net. 11872 IN A 78.46.233.41

;; Query time: 3 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Sun Aug 1 11:19:51 2010
;; MSG SIZE rcvd: 100

Again, this is only on .com Domains.
Look here at .de domain also via Google-Public-DNS

dig @8.8.8.8 ns datengarten.de

; <<>> DiG 9.7.0-P1 <<>> @8.8.8.8 ns datengarten.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29605
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;datengarten.de. IN NS

;; ANSWER SECTION:
datengarten.de. 83999 IN NS ns1.datengarten.net.
datengarten.de. 83999 IN NS ns2.datengarten.net.

;; Query time: 48 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Aug 1 11:20:45 2010
;; MSG SIZE rcvd: 83

----

I absolutly helpless!
Please somebody tell me whats wrong there.

regards
spr

P.S. I've installed all servers following "Perfect Server How To for Lenny (on Lenny)" and all other features are working fine!
Reply With Quote
Sponsored Links
  #2  
Old 1st August 2010, 17:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,407
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

To get nearer to the problem, first test if it is a problem with the servers by running:

dig @localhost ALL datengarten.com

on the shell of both servers and post the output.

Additionally, post the output of:

iptables -L

from both servers.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st August 2010, 19:18
spr spr is offline
Junior Member
 
Join Date: Aug 2009
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi,

output of Server 1:

dig @localhost ALL datengarten.com

; <<>> DiG 9.6-ESV-R1 <<>> @localhost ALL datengarten.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25338
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ALL. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 1 19:07:02 2010
;; MSG SIZE rcvd: 21

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19402
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;datengarten.com. IN A

;; ANSWER SECTION:
datengarten.com. 86400 IN A 88.198.55.45

;; AUTHORITY SECTION:
datengarten.com. 86400 IN NS ns1.datengarten.net.
datengarten.com. 86400 IN NS ns2.datengarten.net.

;; ADDITIONAL SECTION:
ns1.datengarten.net. 86400 IN A 78.46.233.41

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 1 19:07:02 2010
;; MSG SIZE rcvd: 116


iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (18 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:tacacs-ds
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp
PAROLE tcp -- anywhere anywhere tcp dpt:imaps
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:munin
PAROLE tcp -- anywhere anywhere tcp dpt:6999
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:9367
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:tacacs-ds
ACCEPT udp -- anywhere anywhere udp dpt:mysql
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere


Output of Server 2:

dig @localhost ALL datengarten.com

; <<>> DiG 9.6-ESV-R1 <<>> @localhost ALL datengarten.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45876
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ALL. IN A

;; Query time: 23 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 1 17:17:04 2010
;; MSG SIZE rcvd: 21

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58057
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;datengarten.com. IN A

;; ANSWER SECTION:
datengarten.com. 86400 IN A 88.198.55.45

;; AUTHORITY SECTION:
datengarten.com. 86400 IN NS ns1.datengarten.net.
datengarten.com. 86400 IN NS ns2.datengarten.net.

;; ADDITIONAL SECTION:
ns1.datengarten.net. 86400 IN A 78.46.233.41

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 1 17:17:04 2010
;; MSG SIZE rcvd: 116


iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (17 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp
PAROLE tcp -- anywhere anywhere tcp dpt:imaps
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:munin
PAROLE tcp -- anywhere anywhere tcp dpt:6999
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:9742
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:mysql
ACCEPT udp -- anywhere anywhere udp dpt:3307
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere


I hope you can help me solving this.

thanks till.

spr
Reply With Quote
  #4  
Old 2nd August 2010, 01:33
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
Default

It looks like you haven't redelegated datengarten.com onto your new nameservers, as whois lists the nameservers as dns[1-3].nsdns.info. Having said that, ns1 & ns2.datengarten.net both respond for me with .com records.

Edit: You have something funky with the records for your nameservers. It looks like you are using a wildcard record in datengarten.net. Put proper A records in for each of ns1 and ns2.datengarten.net. Currently both come up as 78.46.233.41, where ns2 should be 85.114.140.111 according to your delegation records.

Last edited by matty; 2nd August 2010 at 03:12.
Reply With Quote
  #5  
Old 2nd August 2010, 10:09
spr spr is offline
Junior Member
 
Join Date: Aug 2009
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi

I´ve switched it to our "Domain/DNS Provider" yesterday evening to get our Mailserver reliable connected!
But if you now dig for daten-garten.com you can still see what´s happening (or not)!!

spr
Reply With Quote
  #6  
Old 3rd August 2010, 03:39
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
 
Default

Quote:
Originally Posted by spr View Post
But if you now dig for daten-garten.com you can still see what´s happening (or not)!!
Everything in daten-garten.com resolves to 88.198.55.45, but it otherwise appears to be working fine.

In my other post, I recommended you add an A record for ns2.datengarten.net in the datengarten.net zone. I think I've figured out what's actually happening. The zone for your nameservers, datengarten.net is actually delegated to ns[1-3].domaindiscount24.net. In there, you have records for ns1 & ns2.datengarten.net which point at your nameservers. Your nameserver also have a zone configured for datengarten.net, but in there you don't have a record for ns2.datengarten.net.

Also, the MX records for daten-garten.com & datengarten.com include mta1 & mta2.datengarten.net (datengarten.de doesn't) which have different answers from your servers and the domaindiscount ones. I'd really suggest you either remove the datengarten.net zone from your nameservers, or redelegate the zone to them (and add the ns2 record).

When I query records against your nameservers, I see the following error which I believe is because of the above.
Quote:
;; WARNING: recursion requested but not available

Last edited by matty; 3rd August 2010 at 03:51.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Exim Gateway with mailwatch (Unable to receive emails) siul0_0 HOWTO-Related Questions 10 8th May 2009 23:00
Squid Proxy Caching on Linux obzerver Installation/Configuration 4 13th August 2008 19:51
Google Apps dayjahone General 19 29th March 2008 17:25
DNS Configuration Problems VMartins Installation/Configuration 10 24th July 2007 14:40
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 14:34


All times are GMT +2. The time now is 12:12.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.