ISPCONFIG - BIND9 not resolving from internet

Discussion in 'Installation/Configuration' started by Sniperrr, May 12, 2017.

  1. Sniperrr

    Sniperrr New Member

    Can anyone please help me with the following problem:

    Problem: DNS not resolving from the Internet

    My progression:
    1) Clean install of Ubuntu 16.04
    2) Installed ISPCONFIG (https://www.howtoforge.com/tutorial/ispconfig-automated-install-script/) - everything fine
    3) Created client,web etc.. in ISPConfig
    4) Created DNS zone with these records :
    Code:
    Ano
    A    ezweb.cz.    10.0.0.2    0    3600   
    Ano
    A    mail    10.0.0.2    0    3600   
    Ano
    A    ns1    10.0.0.2    0    3600   
    Ano
    A    ns2    10.0.0.2    0    3600   
    Ano
    A    www    10.0.0.2    0    3600   
    Ano
    MX    ezweb.cz.    mail.ezweb.cz.    10    3600   
    Ano
    NS    ezweb.cz.    ns1.ezweb.cz.    0    3600   
    Ano
    NS    ezweb.cz.    ns2.ezweb.cz.    0    3600   
    Ano
    TXT    ezweb.cz.    v=spf1 mx a ~all    0    3600
    5) If i use 10.0.0.2 as DNS on local network i can see ezweb.cz working fine
    6) Setup NS with glue records on domain registrator side, DNS trace overwiev from simpledns:
    Code:
    Loading root server list (static data):
    -> a.root-servers.net (198.41.0.4)
    -> b.root-servers.net (192.228.79.201)
    -> c.root-servers.net (192.33.4.12)
    -> d.root-servers.net (128.8.10.90)
    -> e.root-servers.net (192.203.230.10)
    -> f.root-servers.net (192.5.5.241)
    -> g.root-servers.net (192.112.36.4)
    -> h.root-servers.net (128.63.2.53)
    -> i.root-servers.net (192.36.148.17)
    -> j.root-servers.net (192.58.128.30)
    -> k.root-servers.net (193.0.14.129)
    -> l.root-servers.net (199.7.83.42)
    -> m.root-servers.net (202.12.27.33)
    Sending request to "j.root-servers.net" (192.58.128.30)
    Received referral response - DNS servers for "cz":
    -> a.ns.nic.cz (194.0.12.1)
    -> b.ns.nic.cz (194.0.13.1)
    -> c.ns.nic.cz (194.0.14.1)
    -> d.ns.nic.cz (193.29.206.1)
    Sending request to "a.ns.nic.cz" (194.0.12.1)
    Received referral response - DNS servers for "ezweb.cz":
    -> ns1.ezweb.cz (90.178.114.101)
    -> ns2.ezweb.cz (90.178.114.101)
    Sending request to "ns1.ezweb.cz" (90.178.114.101)
    Timeout waiting for response
    Sending request to "ns2.ezweb.cz" (90.178.114.101)
    Timeout waiting for response
    Failed to resolve - no more DNS servers left to try
    7) Telnet on 90.178.114.101:53 works fine
    8) /etc/bind/named.conf.options
    Code:
    options {
        directory "/var/cache/bind";
    
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
    
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders. 
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
    
        // forwarders {
        //     0.0.0.0;
        // };
    
        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
    
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        listen-on { any; };
    };
    9) /etc/bind/named.conf.local
    Code:
    zone "ezweb.cz" {
            type master;
            allow-transfer {none;};
            file "/etc/bind/pri.ezweb.cz";
    };
    
    10) /etc/bind/named.conf.default-zones
    Code:
    // prime the server with knowledge of the root servers
    zone "." {
        type hint;
        file "/etc/bind/db.root";
    };
    
    // be authoritative for the localhost forward and reverse zones, and for
    // broadcast zones as per RFC 1912
    
    zone "localhost" {
        type master;
        file "/etc/bind/db.local";
    };
    
    zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
    };
    
    zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
    };
    
    zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
    };
    

    Can somebody help? Im new in linux and ISPCONFIG (one week user :)
     
  2. Taleman

    Taleman Member

    Can you be more specific about what does not work? What do you mean by
     
  3. Sniperrr

    Sniperrr New Member

    Sorry, my EN is bad .
    ad6) Request for ezweb.cz from internet
    Sending request to "ns1.ezweb.cz" (90.178.114.101)
    Timeout waiting for response
    Sending request to "ns2.ezweb.cz" (90.178.114.101)
    Timeout waiting for response

    My BING9 behind 90.178.114.101 wont work ... bud on local network is everthing fine
     
  4. Taleman

    Taleman Member

    whois ezweb.cz show among others
    Code:
    nsset:        EZWEB
    nserver:      ns1.ezweb.cz (90.178.114.101)
    nserver:      ns2.ezweb.cz (90.178.114.101)
    
    So both name servers have the same IP. There should be two separate name servers, but that is not the reason for not getting responses.
    The host answers to ping from the internet:
    Code:
    $ ping -c 3 90.178.114.101
    PING 90.178.114.101 (90.178.114.101) 56(84) bytes of data.
    64 bytes from 90.178.114.101: icmp_seq=1 ttl=51 time=54.6 ms
    64 bytes from 90.178.114.101: icmp_seq=2 ttl=51 time=56.6 ms
    64 bytes from 90.178.114.101: icmp_seq=3 ttl=51 time=55.7 ms
    
    --- 90.178.114.101 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2002ms
    rtt min/avg/max/mdev = 54.614/55.669/56.672/0.884 ms
    
    How did you check the dns works on local network? Try command
    Code:
    host ezweb.cz 90.178.114.101
    If that works bind9 should be running on the host. If not, fix that.
    Check firewall rules from the Internet, maybe the DNS port is blocked.
    Use command dig to see that the bind9 has eaten, and try to see what is wrong.
     
  5. Sniperrr

    Sniperrr New Member

    Basically is it old server behind router (ports forwarded) This is the reason of one IP on both NS records.

    If im on same local network with my notebook (DNS in network connections manually set to 10.0.0.2) ezweb.cz give me websites
    Code:
    Using domain server:
    Name: 90.178.114.101
    Address: 90.178.114.101#53
    Aliases:
    
    ezweb.cz has address 10.0.0.2
    ezweb.cz mail is handled by 10 mail.ezweb.cz.
    
    extrenal port check:
    Code:
    Port check – Tests if TCP port is opened on specified IP
    IP address or host name:    
    90.178.114.101
    Port number:    
    53
    
    90.178.114.101:53 port is open
     
  6. webguyz

    webguyz Active Member HowtoForge Supporter

Share This Page