Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th September 2012, 06:14
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default DNS Seems dont Work on NAT

Hi guys,

Today i was setting somethings when i discovered my local dns servers runing ISPConfig dont have the control of my domains...
I did some records, and waited at least 6 hours, and dindt see the results....

So, looking on the registrar, i checked my domain was on networksolutions with an * (wildcard), because this man setting i already have did, seems be done, but the wildcard was behind this...

I clicked to point to my DNS server, and now nothing is working...

My setup is:

1 Webserver
1 Mailserver
1 Databaseserver
2 DNS Servers

My Netwroking:

1 Modem from ISP on bridge mode with pppoe
1 PC as server with 2 NICs
1 VMWare runing pfsense as firewall / router on the Server PC doing bridge on those 2 NICs

All other servers on same Server PC, before point the dns for my local DNS Server was working fine.

Some data from my dns server:

name.con.default-zones

Quote:
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
named.conf.local

Quote:
zone "domain1.com" {
type master;
allow-transfer {none;};
file "/etc/bind/pri.domain1.com";
};
zone "domain2.com" {
type master;
allow-transfer {none;};
file "/etc/bind/pri.domain2.com";
};
zone "domain3.com" {
type master;
allow-transfer {none;};
file "/etc/bind/pri.domain3.com";
};

named.conf.options

Quote:
options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.


forwarders {
208.67.222.222; // OpenDNS
208.67.220.220; // Open DNS
};

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

pri.domain2.com

Quote:
$TTL 3600
@ IN SOA ns1.domain1.com. admin.domain2.com. (
2012090709 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;

domain2.com. 3600 A XXX.XXX.XXX.XXX
domain2.com. 3600 MX 10 mail.domain2.com.
domain2.com. 3600 NS ns1.domain1.com.
domain2.com. 3600 NS puck.nether.net.
domain2.com. 86400 RP admin.domain1.com.
domain2.com. 86400 TXT "v=spf1 a mx ptr -all"
mail 3600 A XXX.XXX.XXX.XXX
mail._domainkey.domain2.com. 3600 TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQasd803j3gQDHbB 3x2AZOe/sDdjK+e5zbRFBP/LT5zdvzzhLrkSNN5WUvaF3jeykZ1Akq50/bFKZO1OHAOP3MBPOumlkamt7X/xahvDQhwCwOT+bphNQnqjtctDx5cJe68+aB66ZchT4qYLXLdiL 5z9ajWxVoofXfd2dBYvAcND9CQIDAQAB"
www 3600 A XXX.XXX.XXX.XXX
Note: I Set all ips to my static public IP

nslookup domain1.com i get this error:

** server can`t find domain.com: SERVFAIL

Wheres i`missing?

Last edited by Wisdown; 7th September 2012 at 06:22.
Reply With Quote
Sponsored Links
  #2  
Old 7th September 2012, 09:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

run:

dig @localhost domain1.com
dig @localhost domain2.com
dig @localhost domain3.com

on the shell of your server (the one that runs the bind dns server) and post the output. If you get a failure, check the /var/log/syslog for named errors and post them.

Common mistakes are that the A records for the NS records are missing. E.g. if

domain1.com uses ns1.domain1.com. as NS record, then there must exist A record for ns1.domain1.com. as well, otherwise the ns record can not be resolved.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 7th September 2012, 10:31
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

I addded the ns1 record like you sayed, not sure if is correct i did:

ns1.domain1.com for domain1.com
ns1.domain2.com for domain2.com
ns1.domain3.com for domain3.com

The answer:

Quote:
; <<>> DiG 9.7.3 <<>> @localhost domain1.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:44177
;; flag: qr rd ra; QUERY 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain1.com. IN A

;; Query time: 1 msec;; SERVER: 127.0.01#43(127.0.0.1)
;; WHEN: Fri Sep 7 04:23:50 2012
;; MSG SIZE rcvd: 30
Same msg for all 3 domains, chaging ony the WHEN and id from query
Runing same comand for the domain without @localhost , now i see the internal IP from the DNS server

I need add another A record now for each server using the internal IP?

Using nslookup domain1.com i get

Quote:
;; Got SERVFAIL reply cfrom 192.168.0.6, trying next server
;; Got SERVFAIL reply cfrom 192.168.0.7, trying next server
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: domain1.com
Address: 192.168.0.3
192.168.0.1 is my pfsense working as fireway / gateway, i added an dns forwarder alias on him for be able to use:

domain1.com
domain2.com
domain3.com

Inside of my LAN.

Before run the dig i did:

cat /dev/null > /var/log/syslog

After run dig i checked the logs and there only msgs from ispconfig cron jobs

Last edited by Wisdown; 7th September 2012 at 10:44.
Reply With Quote
  #4  
Old 7th September 2012, 10:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
I addded the ns1 record like you sayed, not sure if is correct i did:

ns1.domain1.com for domain1.com
ns1.domain2.com for domain2.com
ns1.domain3.com for domain3.com
According to your posting above, you use ns1.domain1.com as primary dns server for all domains (at least for domain 2), so you just j´have to add ns1.domain1.com as A-Record to domain1.com, there has nothing to be added in domain2 and domain3.

Quote:
Runing same comand for the domain without @localhost , now i see the internal IP from the DNS server
the @localhost is required to get a proper result from the local dns server. The nsloookup output is not relevant as well as the output from dig without the @localhost as it queried the wrong server. Please just post the output of the dig command I asked you for, the only thing to be replaced is the domain name and dont remove the @localhost.

Quote:
Same msg for all 3 domains, chaging ony the WHEN and id from query
Please take a look at the syslog file in /var/log and post the named errors like I suggested above, you will find the relevant error messages there.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 7th September 2012, 11:14
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

The outupt from dig is same like previous post:

Quote:
; <<>> DiG 9.7.3 <<>> @localhost domain1.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id:44177
;; flag: qr rd ra; QUERY 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain1.com. IN A

;; Query time: 1 msec;; SERVER: 127.0.01#43(127.0.0.1)
;; WHEN: Fri Sep 7 04:23:50 2012
;; MSG SIZE rcvd: 30
I removed the extas ns1 A record from domain 2 and 3, and then some errors come on /var/log/syslog , the dig comand wasnt send errors to sys log

Quote:
Sep 7 04:51:01 ns1 /USR/SBIN/CRON[7877]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:51:25 ns1 mpt-statusd: detected non-optimal RAID status
Sep 7 04:52:01 ns1 /USR/SBIN/CRON[7904]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:53:01 ns1 /USR/SBIN/CRON[7912]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:54:01 ns1 /USR/SBIN/CRON[7920]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:55:01 ns1 /USR/SBIN/CRON[7928]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:56:01 ns1 /USR/SBIN/CRON[7967]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:57:01 ns1 /USR/SBIN/CRON[7975]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:58:01 ns1 /USR/SBIN/CRON[7983]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 04:59:01 ns1 /USR/SBIN/CRON[7991]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:00:01 ns1 /USR/SBIN/CRON[7999]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:01:01 ns1 /USR/SBIN/CRON[8049]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:01:25 ns1 mpt-statusd: detected non-optimal RAID status
Sep 7 05:02:01 ns1 /USR/SBIN/CRON[8066]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:03:01 ns1 /USR/SBIN/CRON[8074]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:04:01 ns1 /USR/SBIN/CRON[8082]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:04:01 ns1 named[1703]: received control channel command 'reload'
Sep 7 05:04:01 ns1 named[1703]: loading configuration from '/etc/bind/named.conf'
Sep 7 05:04:01 ns1 named[1703]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 7 05:04:01 ns1 named[1703]: using default UDP/IPv4 port range: [1024, 65535]
Sep 7 05:04:01 ns1 named[1703]: using default UDP/IPv6 port range: [1024, 65535]
Sep 7 05:04:01 ns1 named[1703]: reloading configuration succeeded
Sep 7 05:04:01 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain2.com:15: near eol: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain2.com/IN: not loaded due to errors.
Sep 7 05:04:01 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain1.com:15: near eol: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain1.com/IN: loading from master file /etc/bind/pri.domain1.com failed: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain1.com/IN: not loaded due to errors.
Sep 7 05:04:01 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain3.com:20: near eol: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain3.com/IN: loading from master file /etc/bind/pri.domain3.com failed: unexpected end of input
Sep 7 05:04:01 ns1 named[1703]: zone domain3.com/IN: not loaded due to errors.
Sep 7 05:04:01 ns1 named[1703]: reloading zones succeeded
Sep 7 05:05:01 ns1 /USR/SBIN/CRON[8095]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:05:03 ns1 named[1703]: received control channel command 'reload'
Sep 7 05:05:03 ns1 named[1703]: loading configuration from '/etc/bind/named.conf'
Sep 7 05:05:03 ns1 named[1703]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 7 05:05:03 ns1 named[1703]: using default UDP/IPv4 port range: [1024, 65535]
Sep 7 05:05:03 ns1 named[1703]: using default UDP/IPv6 port range: [1024, 65535]
Sep 7 05:05:03 ns1 named[1703]: reloading configuration succeeded
Sep 7 05:05:03 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain2.com:15: near eol: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain2.com/IN: loading from master file /etc/bind/pri.domain2.com failed: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain2.com/IN: not loaded due to errors.
Sep 7 05:05:03 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain1.com:15: near eol: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain1.com/IN: loading from master file /etc/bind/pri.domain1.com failed: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain1.com/IN: not loaded due to errors.
Sep 7 05:05:03 ns1 named[1703]: dns_rdata_fromtext: /etc/bind/pri.domain3.com:19: near eol: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain3.com/IN: loading from master file /etc/bind/pri.domain3.com failed: unexpected end of input
Sep 7 05:05:03 ns1 named[1703]: zone domain3.com/IN: not loaded due to errors.
Sep 7 05:05:03 ns1 named[1703]: reloading zones succeeded
Sep 7 05:06:02 ns1 /USR/SBIN/CRON[8140]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:07:01 ns1 /USR/SBIN/CRON[8147]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:08:01 ns1 /USR/SBIN/CRON[8159]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:09:01 ns1 /USR/SBIN/CRON[8170]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
Sep 7 05:09:01 ns1 /USR/SBIN/CRON[8171]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -delete)
Reply With Quote
  #6  
Old 7th September 2012, 11:26
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

i dont know what this means:

Quote:
unexpected end of input
I have removed from ispconfig all other things:

Kim key
v=spf1 a mx ptr -all

Letting only the default ones created by the wizard.
Gonna look for an example of dns file to check the differ.

Seems i need do an bind course
I lost the control of my server, dindt run anything (offcourse i now bind is runing, but isnt only for answer queries?), i see this message on log now:

Quote:
ns1 named[8557]: success resolving 'domain1.com.multi.uribl.com/A' (in 'multi.uribl.com'?) after disabling EDNS
Looking for the info about this message now.
Should i get hacked?

Last edited by Wisdown; 7th September 2012 at 11:38.
Reply With Quote
  #7  
Old 7th September 2012, 11:38
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Please send me the file /etc/bind/pri.domain1.com by pm without changing amnything in the file so I can take a look at it.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 7th September 2012, 11:46
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
Default

Snded

Thanks for the help!!!

Let me know please if i got hacked.
I see this message now on syslog:

Quote:
ns1 named[8557]: success resolving 'domain1.com.multi.uribl.com/A' (in 'multi.uribl.com'?) after disabling EDNS
But i havent did nothing, was looking on google for dns templates
I have an snapshot of the servers to restore just in case any problem.
Reply With Quote
  #9  
Old 7th September 2012, 11:57
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Thats fine, not related to any hacking attempts. This is the spam filtering system that uses antispam RBL's.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 7th September 2012, 12:04
Wisdown Wisdown is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 7
Thanked 2 Times in 2 Posts
 
Default

I found an command to check the zone files:

named-checkzone daomain1.com /etc/bind/pri.domain1.com

Quote:
I got this output:

dns_rdata_fromtext: /etc/bind/pri.domain.com:14: near eol: enexpected end of input
zone domain1.com/IN loading from master file /etc/bind/pri.domain1.com failed: enexpected end of input
then i followed to file and removed the line 14

Quote:
mail 3600 A XXX.XXX.XXX.XXX
Check runing ok

Gonna try add more things, and check for errors
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS doesn't work? Skprorok Installation/Configuration 7 26th July 2011 17:58
Public IP Vs. Private IP, DNS, and NAT midcarolina Server Operation 4 19th July 2011 19:02
CENTOS Rel 5.6 - Getting DNS to work correctly VK3TY Installation/Configuration 0 13th June 2011 13:55
IspConfig Dns work like slave patrykmarek Installation/Configuration 0 7th October 2009 11:03
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 15:34


All times are GMT +2. The time now is 18:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.