Primary name server doesen't work

Discussion in 'Installation/Configuration' started by Lupi, Jun 29, 2015.

  1. Lupi

    Lupi Member

    Greatings,
    on my multiserver configuration (Debian Wheezy with ispconfig 3), every think work nice. I thought that....
    My secondary name server is outside the door and he is on static ip address. He is working nice, but my primary name server don't. He is on dynamic ip adress, as my db, mail, and web server.
    So, if I test my primary dns from outside i get error massage: ERROR: One or more of your nameservers did not respond:
    The ones that did not respond are:xxxxxxx
    Not auth... and I see address from Nameserver: 192.33.14.30 ( if I ping this adress = b.gtld-servers.net )
    Any suggestion ?
    Thank's
     
    Last edited: Jun 29, 2015
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Test the server locally:

    dig @localhost yourdomain.com

    Btw. Running a nameserver on y dynamic IP makes not much sense for me. You should better use the nameserver of your domain registry if you dont have a fixed IP.
     
  3. Lupi

    Lupi Member

    Till, this is my scheme how it is now. I would like to keep it so. Can you help me to configurate my ns1. to work properly? My ns2 works goed. On the scheme ip's are not really. If you need any informations more I.ll give to you.
    Thank's
     

    Attached Files:

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can use that scheme off course. your server is currently not responding for that zone,so the zone data that you entered in ispconfig contains most likely an error or a record is missing.
     
  5. Lupi

    Lupi Member

    I came to that point. That's correct what you said/ Is sollution after my modem " glas vesel" put as first ns1.xxxx.com and from second NIC go to router?
    or,
    what should be than right configuration as it's now. I,m trying for a day's to get working,.....
    error
    Name Server does not function properly.
    Name Server: Public IP Error: Query timed out
     
    Last edited: Jul 2, 2015
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the exact output of the command:

    dig @@localhost yourdomain.com

    that you get when you run it on your server. Replace yourdoamin.com with yur domain name.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so your primary nameserver is working correctly. This means that your issue is not a confi issue on that server.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    What you can check next is if BIND is listening on the external interface. you can do this e.g. with:

    netstat -tap
     
  9. Lupi

    Lupi Member

    root[email protected]:~# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:mysql *:* LISTEN 3222/mysqld
    tcp 0 0 *:sunrpc *:* LISTEN 1893/rpcbind
    tcp 0 0 ns1.webwobber.co:domain *:* LISTEN 23666/named
    tcp 0 0 localhost:domain *:* LISTEN 23666/named
    tcp 0 0 *:ssh *:* LISTEN 2635/sshd
    tcp 0 0 localhost:ipp *:* LISTEN 2825/cupsd
    tcp 0 0 localhost:953 *:* LISTEN 23666/named
    tcp 0 0 localhost:smtp *:* LISTEN 3636/exim4
    tcp 0 0 *:45793 *:* LISTEN 1924/rpc.statd
    tcp 0 0 ns1.webwobber.com:ssh web.webwobber.com:44982 ESTABLISHED 25810/0
    tcp 0 0 ns1.webwobber.com:59434 web.webwobber.com:mysql TIME_WAIT -
    tcp 0 0 ns1.webwobber.com:59435 web.webwobber.com:mysql TIME_WAIT -
    tcp6 0 0 [::]:sunrpc [::]:* LISTEN 1893/rpcbind
    tcp6 0 0 [::]:domain [::]:* LISTEN 23666/named
    tcp6 0 0 [::]:ssh [::]:* LISTEN 2635/sshd
    tcp6 0 0 localhost:ipp [::]:* LISTEN 2825/cupsd
    tcp6 0 0 localhost:953 [::]:* LISTEN 23666/named
    tcp6 0 0 localhost:smtp [::]:* LISTEN 3636/exim4
    tcp6 0 0 [::]:49319 [::]:* LISTEN 1924/rpc.statd
     
  10. Lupi

    Lupi Member

    And this is output from system-log
    17:47:57 ns1 named[27770]: adjusted limit on open files from 4096 to 1048576
    Jul 2 17:47:57 ns1 named[27770]: found 8 CPUs, using 8 worker threads
    Jul 2 17:47:57 ns1 named[27770]: using up to 4096 sockets
    Jul 2 17:47:57 ns1 named[27770]: loading configuration from '/etc/bind/named.conf'
    Jul 2 17:47:57 ns1 named[27770]: reading built-in trusted keys from file '/etc/bind/bind.keys'
    Jul 2 17:47:57 ns1 named[27770]: using default UDP/IPv4 port range: [1024, 65535]
    Jul 2 17:47:57 ns1 named[27770]: using default UDP/IPv6 port range: [1024, 65535]
    Jul 2 17:47:57 ns1 named[27770]: listening on IPv6 interfaces, port 53
    Jul 2 17:47:57 ns1 named[27770]: listening on IPv4 interface lo, 127.0.0.1#53
    Jul 2 17:47:57 ns1 named[27770]: listening on IPv4 interface eth0, 192.168.0.5#53
    Jul 2 17:47:57 ns1 named[27770]: generating session key for dynamic DNS
     
  11. Lupi

    Lupi Member

    Firewall is disabled, and if you ping public ip thats is open....
    Router is Cisco E-4200
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    your named is listenng n localhost only. Check the named.conf and named.conf.options file and change it ti listen on all interfaces.
     
  13. Lupi

    Lupi Member

    in named.conf.options:
    dnssec-validation auto;

    auth-nxdomain no; # conform to RFC1035
    listen-on-v6 { any; };
    listen-on { any; };
    allow-query { any; };
    Is this mean that he is listening on ip6 and ip4 ????

    named.conf:
    // This is the primary configuration file for the BIND DNS server named.
    //
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    //
    // If you are just adding zones, please do that in /etc/bind/named.conf.local

    include "/etc/bind/named.conf.options";
    include "/etc/bind/named.conf.local";
    include "/etc/bind/named.conf.default-zones";
    Here I don't see any listen ??
     
  14. Lupi

    Lupi Member

    My named.conf.options looks like:
    options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk. See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders { 0.0.0.0;
    // };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys. See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    auth-nxdomain no; # conform to RFC1035
    listen-on-v6 { any; };
    listen-on { any; };
    allow-query { any; };
    allow-notify { 83.128.174.166; 188.204.116.26; };
    recursion no;
    };
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok. Can you try to run the dif command against the ip address of the server instead of localhost?
     
  16. Lupi

    Lupi Member

    [email protected]:/etc/bind# dig @192.168.0.5 localhost

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @192.168.0.5 localhost
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64563
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;localhost. IN A

    ;; ANSWER SECTION:
    localhost. 604800 IN A 127.0.0.1

    ;; AUTHORITY SECTION:
    localhost. 604800 IN NS localhost.

    ;; ADDITIONAL SECTION:
    localhost. 604800 IN AAAA ::1

    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.5#53(192.168.0.5)
    ;; WHEN: Thu Jul 2 19:55:31 2015
    ;; MSG SIZE rcvd: 85
    You mean so?
     
  17. Lupi

    Lupi Member

    Or public:
    [email protected]:/etc/bind# dig @83.128.174.166 localhost

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @83.128.174.166 localhost
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47610
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;localhost. IN A

    ;; ANSWER SECTION:
    localhost. 604800 IN A 127.0.0.1

    ;; AUTHORITY SECTION:
    localhost. 604800 IN NS localhost.

    ;; ADDITIONAL SECTION:
    localhost. 604800 IN AAAA ::1

    ;; Query time: 1 msec
    ;; SERVER: 83.128.174.166#53(83.128.174.166)
    ;; WHEN: Thu Jul 2 19:58:52 2015
    ;; MSG SIZE rcvd: 85
     
  18. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats the wrong query, you have to query your domain name:

    dig @83.128.174.166 webwobber.com

    If this is working, then dns on your server is fine and responding correctly to the external IP.
     
    Lupi likes this.
  19. Lupi

    Lupi Member

    [email protected]:/# dig @83.128.174.166 webwobber.com

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @83.128.174.166 webwobber.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34473
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;webwobber.com. IN A

    ;; ANSWER SECTION:
    webwobber.com. 3600 IN A 83.128.174.166

    ;; AUTHORITY SECTION:
    webwobber.com. 3600 IN NS ns2.webwobber.com.
    webwobber.com. 3600 IN NS ns1.webwobber.com.

    ;; ADDITIONAL SECTION:
    ns1.webwobber.com. 3600 IN A 83.128.174.166
    ns2.webwobber.com. 3600 IN A 188.204.116.26

    ;; Query time: 1 msec
    ;; SERVER: 83.128.174.166#53(83.128.174.166)
    ;; WHEN: Thu Jul 2 21:15:33 2015
    ;; MSG SIZE rcvd: 115
     
  20. Lupi

    Lupi Member

    And this is output of:
    [email protected]:/# dig @83.128.174.166 any webwobber.com

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @83.128.174.166 any webwobber.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2903
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;webwobber.com. IN ANY

    ;; ANSWER SECTION:
    webwobber.com. 3600 IN MX 10 mail.webwobber.com.
    webwobber.com. 3600 IN NS ns1.webwobber.com.
    webwobber.com. 3600 IN NS ns2.webwobber.com.
    webwobber.com. 3600 IN A 83.128.174.166
    webwobber.com. 14400 IN SOA ns1.webwobber.com. info.webwobber.com. 2015070205 14400 3600 604800 14100

    ;; ADDITIONAL SECTION:
    mail.webwobber.com. 3600 IN A 83.128.174.166
    ns1.webwobber.com. 3600 IN A 83.128.174.166
    ns2.webwobber.com. 3600 IN A 188.204.116.26

    ;; Query time: 1 msec
    ;; SERVER: 83.128.174.166#53(83.128.174.166)
    ;; WHEN: Thu Jul 2 21:26:35 2015
    ;; MSG SIZE rcvd: 193
     

Share This Page