ISPConfig 3 and secondary dns problems

Discussion in 'Installation/Configuration' started by xzibiz, Mar 21, 2012.

  1. xzibiz

    xzibiz New Member

    Hi

    I have an ISPconfig3 server running web, ftp, db, email and dns.
    I've tried to follow guides on howto set up an secondary dns, ns2.
    I think I've done it correct.

    Code:
    dig @ns1.domain.net any domain.com
    
    ; <<>> DiG 9.7.3 <<>> @ns1.domain.net any domain.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47636
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;domain.com.                    IN      ANY
    
    ;; ANSWER SECTION:
    domain.com.             3600    IN      A       91.189.XXX.XX
    domain.com.             3600    IN      MX      10 mail.domain.com.
    domain.com.             3600    IN      NS      ns2.domain.net.
    domain.com.             3600    IN      NS      ns1.domain.net.
    domain.com.             3600    IN      SOA     ns1.domain.net me.domain.net. 2012032002 7200 540 604800 86400
    
    ;; ADDITIONAL SECTION:
    mail.domain.com.        3600    IN      A       91.189.XXX.XX
    
    ;; Query time: 12 msec
    ;; SERVER: 81.167.96.220#53(81.167.96.220)
    ;; WHEN: Wed Mar 21 20:01:24 2012
    ;; MSG SIZE  rcvd: 176
    Code:
    dig @ns2.domain.net any domain.com
    
    ; <<>> DiG 9.7.3 <<>> @ns2.domain.net any domain.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47636
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; QUESTION SECTION:
    ;domain.com.                    IN      ANY
    
    ;; ANSWER SECTION:
    domain.com.             3600    IN      A       91.189.XXX.XX
    domain.com.             3600    IN      MX      10 mail.domain.com.
    domain.com.             3600    IN      NS      ns2.domain.net.
    domain.com.             3600    IN      NS      ns1.domain.net.
    domain.com.             3600    IN      SOA     ns1.domain.net me.domain.net. 2012032002 7200 540 604800 86400
    
    ;; ADDITIONAL SECTION:
    mail.domain.com.        3600    IN      A       91.189.XXX.XX
    
    ;; Query time: 12 msec
    ;; SERVER: 81.167.96.220#53(81.167.96.220)
    ;; WHEN: Wed Mar 21 20:01:24 2012
    ;; MSG SIZE  rcvd: 176
    So if I'm correct. It should work. Where I bought my domain.com, I've set ns1.domain.net and ns2.domain.net as nameservers.

    But if I try to make a new sub-domain with ISPconfig, it goes into the database on both servers. But nothing shows if I run:
    Code:
    dig @ns1.domain.net any sub.domain.com
    ; <<>> DiG 9.7.3 <<>> @ns1.domain any sub.domain.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20882
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;sub.domain.com.                 IN      ANY
    
    ;; AUTHORITY SECTION:
    domain.com.             3600    IN      SOA     ns1.domain.net. me.domain.net. 2012032002 7200 540 604800 86400
    
    ;; Query time: 1 msec
    ;; SERVER: 91.189.123.59#53(91.189.123.59)
    ;; WHEN: Wed Mar 21 20:08:52 2012
    ;; MSG SIZE  rcvd: 94
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    There is most likely a configuration issue in the dns record that you created in ispconfig. Please take a look into the syslog file in /var/log/, you should fine some named / bind errors there which explains why bind cant load the file.
     
  3. xzibiz

    xzibiz New Member

    Code:
    grep -i named syslog
    Mar 21 06:37:34 web2 named[807]: client 91.189.120.4#32388: query (cache) 'dynamic.vdc.vn.domain.net/A/IN' denied
    Mar 21 09:54:35 web2 named[807]: client 91.189.120.4#45565: query (cache) '245.115.119.217.in-addr.arpa.domain.net/A/IN' denied
    Mar 21 10:15:43 web2 named[807]: client 12.150.248.35#55340: query (cache) 'ns2.domain.net/AAAA/IN' denied
    Mar 21 10:15:43 web2 named[807]: client 12.150.248.35#58280: query (cache) 'ns1.domain.net/AAAA/IN' denied
    Mar 21 13:39:01 web2 named[807]: client 91.189.120.4#6426: query (cache) 'web2.bx-networks.net/MX/IN' denied
    Mar 21 15:39:12 web2 named[807]: client 91.189.120.4#47172: query (cache) 'dssb00148.lunarbreeze.com.domain.net/A/IN' denied
    Mar 21 16:51:01 web2 named[807]: client 81.167.36.3#6741: query (cache) 'isp.domain.net/A/IN' denied
    Starting bind.
    Code:
    Mar 21 17:15:32 web2 named[18287]: starting BIND 9.7.3 -u bind
    Mar 21 17:15:32 web2 named[18287]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
    Mar 21 17:15:32 web2 named[18287]: adjusted limit on open files from 1024 to 1048576
    Mar 21 17:15:32 web2 named[18287]: found 1 CPU, using 1 worker thread
    Mar 21 17:15:32 web2 named[18287]: using up to 4096 sockets
    Mar 21 17:15:32 web2 named[18287]: loading configuration from '/etc/bind/named.conf'
    Mar 21 17:15:32 web2 named[18287]: reading built-in trusted keys from file '/etc/bind/bind.keys'
    Mar 21 17:15:32 web2 named[18287]: using default UDP/IPv4 port range: [1024, 65535]
    Mar 21 17:15:32 web2 named[18287]: using default UDP/IPv6 port range: [1024, 65535]
    Mar 21 17:15:32 web2 named[18287]: listening on IPv6 interfaces, port 53
    Mar 21 17:15:32 web2 named[18287]: listening on IPv4 interface lo, 127.0.0.1#53
    Mar 21 17:15:32 web2 named[18287]: listening on IPv4 interface eth0, 10.0.0.2#53
    Mar 21 17:15:32 web2 named[18287]: generating session key for dynamic DNS
    Mar 21 17:15:32 web2 named[18287]: set up managed keys zone for view _default, file 'managed-keys.bind'
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 254.169.IN-ADDR.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: D.F.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 8.E.F.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 9.E.F.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: A.E.F.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: B.E.F.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
    Mar 21 17:15:32 web2 named[18287]: command channel listening on 127.0.0.1#953
    Mar 21 17:15:32 web2 named[18287]: command channel listening on ::1#953
    Mar 21 17:15:32 web2 named[18287]: zone 0.in-addr.arpa/IN: loaded serial 1
    Mar 21 17:15:32 web2 named[18287]: zone 127.in-addr.arpa/IN: loaded serial 1
    Mar 21 17:15:32 web2 named[18287]: zone 255.in-addr.arpa/IN: loaded serial 1
    Mar 21 17:15:32 web2 named[18287]: zone domain.com/IN: loaded serial 2012032002
    Mar 21 17:15:32 web2 named[18287]: zone localhost/IN: loaded serial 2
    Mar 21 17:15:32 web2 named[18287]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
    Mar 21 17:15:32 web2 named[18287]: managed-keys-zone ./IN: loaded serial 0
    Mar 21 17:15:32 web2 named[18287]: running
    Mar 21 17:15:32 web2 named[18287]: zone domain.com/IN: sending notifies (serial 2012032002)
    Mar 21 20:29:01 web2 named[18287]: received control channel command 'reload'
    Mar 21 20:29:01 web2 named[18287]: loading configuration from '/etc/bind/named.conf'
    Mar 21 20:29:01 web2 named[18287]: /etc/bind/named.conf.local:3: undefined ACL 'ns2.domain.net'
    Mar 21 20:29:01 web2 named[18287]: reloading configuration failed: failure
    
    I get many like this., not sure what they mean...
    Code:
    Mar 22 08:00:04 web2 named[18287]: success resolving 'security.debian.org/A' (in 'security.debian.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 10:36:52 web2 named[18287]: success resolving 'ns3.nic.fr/AAAA' (in 'nic.fr'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 10:36:52 web2 named[18287]: success resolving 'sns-pb.isc.org/AAAA' (in 'isc.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 10:36:52 web2 named[18287]: success resolving 'sns-pb.isc.org/A' (in 'isc.org'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 10:36:53 web2 named[18287]: success resolving 'ns.jsinfo.net/AAAA' (in 'jsinfo.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 10:36:53 web2 named[18287]: success resolving 'ns4.apnic.net/AAAA' (in 'apnic.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
    Mar 22 16:24:25 web2 named[18287]: success resolving 'r.arin.net/A' (in 'arin.net'?) after reducing the advertised EDNS UDP packet size to 512 octets
    
     
    Last edited: Mar 22, 2012
  4. spazio

    spazio Member

  5. pititis

    pititis Member

    Hello,

    I don't see in your queries any A records for your ns1 and ns2 (ADDITIONAL SECTION).

    You need define both A records for your name servers.

    Cheers
     
  6. spazio

    spazio Member

    Thanks pititis but I took an old tread so the beginning is not from me.
    Regarding the A record. I do have both A record for ns1 and ns2.

    Somebody know how ispconfig communicate between server ns1 and ns2?
    What are the ports needed to be open?

    S
     
  7. pititis

    pititis Member

    Ok, thanks.

    Ports 53 tcp and udp must be open
     

Share This Page