Problem with nameservers

Discussion in 'Installation/Configuration' started by tonytroy, Oct 16, 2019.

  1. tonytroy

    tonytroy Member

    Hi there,

    I've just install a fresh new server with Debian 10 and ISPConfig following

    I added DNS zones for my websites and tried to change their DNS conf in the registrar setup to attach them to my new server. It works fine with .com TLD's but with .fr TLD's I get an error message saying "NAMESERVERS VALIDATION FAILED - The nameserver doesn't exist".

    The DNS is and if I try a host on this, i get the good IP address. If I try a host on the IP address i get the good nameserver. So i'm kind of lost.

    Does someone has an idea to fix this? Or a starting point to look for?
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  3. tonytroy

    tonytroy Member

    Hey Taleman,

    Thanks for your answer.
    As I said, the host command returns good informations on the IP address and on the nameservers.
    Bind is active and running, dig with @localhost on the domain name returns the good nameservers & IP address, the reverse is set so as /etc/hosts and /etc/hostname (server was rebooted after that).

    I'm asking help here because I've already test all that things with no clue. I can't find the origin of the problem.
    The only idea I have left is, as the reverse was set yesterday morning, maybe it still need time (but 24 hours should be more than enough).
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Not sure if I remember correctly, the .fr registry might enforce dnssec?
    Last edited: Oct 16, 2019
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    At what point do you get that error message "NAMESERVERS VALIDATION FAILED - The nameserver doesn't exist"?
    If you have two name servers and use same nameservers for all your domains, how could it not work?
    Are you using hostname or IP-number when giving the name server for the registration?
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I tested myself:
    $ host has address
    [email protected]:/tmp
    $ host
    Using domain server:
    Host not found: 5(REFUSED)
    [email protected]:/tmp
    $ dig
    ; <<>> DiG 9.10.3-P4-Debian <<>>
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 61083
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
    ;; WARNING: recursion requested but not available
    ; EDNS: version: 0, flags:; udp: 4096
    ;            IN    A
    ;; Query time: 63 msec
    ;; SERVER:
    ;; WHEN: Wed Oct 16 11:14:26 EEST 2019
    ;; MSG SIZE  rcvd: 39
    [email protected]:/tmp
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    According to
    it seems DNSSEC is not mandatory yet, but AFNIC promotes it heavily.
    Same thing with Finnish authority, in September they started encouraging adoption of DNSSEC. I'm thinking to either set up my nameservers differently or wait for ISPConfig 3.2 to start using DNSSEC.
  8. tonytroy

    tonytroy Member

    I get the error message saying nameservers doesn't exist when I try to change DNS for a .fr domain name in my registrar's interface (internetbs). When I change DNS for a .com domain name, it works.

    For all my domain names I use as NS1 and as NS2 (because I cannot add only one DNS, it requires 2 at least). It works with .com but not with .fr. is my second server, my first one works the same way (ISPConfig 3), except .fr are passing through validation on this one (with as NS1 and as NS2).
    What I need to do, is migrate all websites from my old server (sd-59739) to my new one (sd-133392) but I can't because I'm not able to modify DNS of domains with .fr TLD's.
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The error message is correct. That name server does not answer to queries about
    $ host
    Using domain server:
    Host not found: 5(REFUSED)
    Does the host command return answer if you query for your domain?
  10. tonytroy

    tonytroy Member

    Im' not sure is supposed to answer. If you try "host" you'll have the same error, however works perfectly with adding DNS of .fr domain names on internetbs as I said.

    returns mail is handled by 10

    I also tried on both servers (sd-59739 and sd-133392) this command :
    results has address

    And this one (still on both servers) :
    returns domain name pointer

    I'm totally lost...
  11. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You wrote in #1:
    That made me assume you are setting up as your name server. However, that name server does not answer to queries about domain. So it does not work as name server, at least not for that domain. Why this is the case, I do not know.
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    The name seems to be a generic name assigned by your ISP. Personally, I never use these names and assign a hostname which belongs to my own domain. Might be related to your issue or not, just as a hint.
  13. tonytroy

    tonytroy Member

    Thx to you both.

    @Taleman : When I try a host on (my other server), I get the same error for domain "Host not found: 5(REFUSED)" (you can try it). Though works perfectly for adding .com or .fr domain names from their DNS. So what would be the difference between those 2 servers ? I can't find an answer to that..

    @till : is the name of the machine (server) and it was indeed provided by my ISP. When you talk about assigning a hostname that belongs to a domain, you mean a domain name ? In this case, which one do i choose ? I have more than 20 domains on a server. If this can be a solution I'm ready to try.
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    A hostname is normally a subdomain. something like server.yourdomain.tld or when its a nameserver only, name it ns.yourdomain.tld or ns1.yourdomain.tld. Of course, you have to choose one of your domains for this, I would use the domain that matches your company name. This subdomain must point to the server in dns with a dns a-record and the reverse record of your IP should be adjusted as well. As mentioned above, this might be unrelated but that's how I set up systems.
  15. tonytroy

    tonytroy Member

    It sounds like a possible plan.

    So if I choose and I use ns1 as subdomain, I have to change the reverse of the server by ? I also will need a second DNS, I still use ?
    To attach to the server, i don't use DNS but only a redirect with A record ? With internetbs, if I use their DNS and I add an A record, that doesn't work as they have an SOA record pointing to I'm not familiar with this kind of settings. Any idea of how i should proceed ?
  16. tonytroy

    tonytroy Member

    It took time but finally the A record was accepted and the domain .fr is pointing to the server.

    Now I have another problem, as the DNS is no longer managed by the server, I cannot use the Let's Encrypt function to add SSL protocol to the website. Do you have an idea of how I can fix this ?

    I'm going to use the domain .fr to give a new name to the server and change the reverse, i'll let you know if everything work after that.
  17. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Just check the checkboxes for ssl and Let's Encrypt and save, it does not rely on dns validation.
  18. tonytroy

    tonytroy Member

    Thx Jesse, you're right, I thought the Let's Encrypt option was on the DNS settings, but it's on the website settings.

    To add the nameserver, I just have to create a A-record with ns as subdomain pointing on the IP address of the server ? Nothing to setup on the server ?
    Can I also create a DNSSEC on my server or should I use as I used to do.

Share This Page