I have a new VPS with CWP installed. This is the file for my domain:
; Generated by CWP
; Zone file for erpuno.cl
$TTL 14400
erpuno.cl. 86400 IN SOA erpuno.cl. contacto.erpuno.cl. (
2019050600 ; serial, todays date+todays
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 )
erpuno.cl. 86400 IN NS ns1.erpuno.cl.
erpuno.cl. 86400 IN NS ns2.erpuno.cl.
erpuno.cl. IN A 45.7.228.32
vps.erpuno.cl. IN A 45.7.228.32
ns1.erpuno.cl. IN A 45.7.228.32
ns2.erpuno.cl. IN A 45.7.228.32
localhost.erpuno.cl. IN A 127.0.0.1
erpuno.cl. IN MX 0 erpuno.cl.
mail IN CNAME erpuno.cl.
www IN CNAME erpuno.cl.
ftp IN CNAME erpuno.cl.
; Add additional settings below this line
_dmarc 14400 IN TXT "v=DMARC1; p=none"
But the DNS is not resolving. I can't access de URL and DNS lookup services don't find it. What am I doing wrong?
When I run dig erpuno.cl, I get:
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> erpuno.cl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23843
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;erpuno.cl. IN A
;; ANSWER SECTION:
erpuno.cl. 14400 IN A 45.7.228.32
;; AUTHORITY SECTION:
erpuno.cl. 86400 IN NS ns1.erpuno.cl.
erpuno.cl. 86400 IN NS ns2.erpuno.cl.
;; ADDITIONAL SECTION:
ns1.erpuno.cl. 14400 IN A 45.7.228.32
ns2.erpuno.cl. 14400 IN A 45.7.228.32
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 06 21:43:27 -04 2019
;; MSG SIZE rcvd: 122
Everything seems normal. And both the config file and the zone file have no errors.
From my PC I can ping the IP of the server, but not the domain. But from the console of the VPS I can ping the domain.
The firewall has the ports open, so that's not the issue either.
Any ideas??
Make sure your resolv.conf file have the following lines:
domain yourdomain
nameserver ipaddr(of the machine with the dns server installed)
Related
I'm trying to set up DNS receiving and tracking records for Mailgun. The DNS sending records were verified and work fine, but for some reason the receiving records and tracking records don't get verified.
The domain I'm using is mg.optimizeprice.com and the DNS provider I'm using is Dynadot. There are two mx records that it wants me to set up. I took screenshots of the Mailgun DNS records page as well as the Dynadot DNS records page as I have them set up right now. What do I need to change to get this to work?
Also, here is the output of dig optimizeprice.com mx:
; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> optimizeprice.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8708
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;optimizeprice.com. IN MX
;; ANSWER SECTION:
optimizeprice.com. 10800 IN CNAME curved-aardvark-xbc5jxmn5ja3pdaq403yoxab.herokudns.com.
;; AUTHORITY SECTION:
herokudns.com. 10 IN SOA dns1.p05.nsone.net. hostmaster.nsone.net. 1563353642 600 900 1209600 10
;; Query time: 41 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Wed Jul 17 01:55:08 PDT 2019
;; MSG SIZE rcvd: 176
This seems like I am either missing something obvious, or it would have been asked before. When I query dig using the -t parameter to specify a DNS record type, the result seems to contain an answer even if the record returned is a different record type. Here is an example:
$ dig -t A -q polestar.databaseguy.com.
; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> -t A polestar.databaseguy.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33130
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 3600 IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 60 IN A 173.19.127.251
;; Query time: 30 msec
;; SERVER: 10.0.10.1#53(10.0.10.1)
;; WHEN: Mon Dec 10 14:41:50 STD 2018
;; MSG SIZE rcvd: 103
The CNAME and A records listed in the ANSWER SECTION are correct. However, the CNAME is for polestar.databaseguy.com. and the A is for databaseguy.ddns.net.. There is no A record forpolestar.databaseguy.com., which is what I queried for, so I expected there to be no results.
I am pretty confident this is the correct behavior, but I don't understand it and didn't see any explanation in the man dig pages. I also could not find other discussions online, either on this site or elsewhere. Can someone help me understand this?
This is the expected behaviour, that decreases the amount of exchanges needed, and is specific of the CNAME record.
It is covered by the core documents on DNS: RFC1034, section 3.6.2
See this:
CNAME RRs cause special action in DNS software. When a name server
fails to find a desired RR in the resource set associated with the
domain name, it checks to see if the resource set consists of a CNAME
record with a matching class. If so, the name server includes the
CNAME record in the response and restarts the query at the domain name
specified in the data field of the CNAME record. The one exception to
this rule is that queries which match the CNAME type are not
restarted.
With the clear example that completely matches your case:
For example, suppose a name server was processing a query with for
USC-ISIC.ARPA, asking for type A information, and had the following
resource records:
USC-ISIC.ARPA IN CNAME C.ISI.EDU
C.ISI.EDU IN A 10.0.0.52
Both of these RRs would be returned in the response to the type A
query, while a type CNAME or * query should return just the CNAME.
See section 5.2.2 for other points.
Sections 6.2.7 and 6.2.8 also gives examples.
It also depends if you query a recursive or an authoritative nameserver.
databaseguy.com has for nameservers:
pdns01.domaincontrol.com.
pdns02.domaincontrol.com.
If you query one of them:
$ dig A polestar.databaseguy.com. #pdns01.domaincontrol.com.
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. #pdns01.domaincontrol.com.
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e45ebc418c94c90a
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; QUERY SIZE: 65
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64115
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;polestar.databaseguy.com. IN A
;; ANSWER SECTION:
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
You get only the CNAME value because this authoritative nameserver knows only that, and is not authoritative for ddns.net.
But if you ask any recursive nameserver it does the job of recursing and giving you the "full" reply:
$ for ns in 1.1.1.1 8.8.8.8 9.9.9.9 80.80.80.80 ; do dig A polestar.databaseguy.com. #$ns +noall +ans ; done
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. #1.1.1.1 +noall +ans
;; global options: +cmd
;; connection timed out; no servers could be reached
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. #8.8.8.8 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 59m59s IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 59s IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. #9.9.9.9 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
; <<>> DiG 9.12.0 <<>> A polestar.databaseguy.com. #80.80.80.80 +noall +ans
;; global options: +cmd
polestar.databaseguy.com. 1h IN CNAME databaseguy.ddns.net.
databaseguy.ddns.net. 1m IN A 173.19.127.251
(1.1.1.1 did not reply to my query but this is irrelevant here for this question)
So about "There is no A record forpolestar.databaseguy.com., which is what I queried for, so I expected there to be no results." this is halfway wrong because that name has a CNAME which means another canonical name and this canonical name has an A record so at the end of the day it is exactly as if the starting name had an A record. Any application locally asking the OS for the IP address of that host will get the A record, as the OS will take care of the full recursive resolution and "dereferencing" the CNAME.
I would like to enable SSL for my domain assigned to the wordpress in Azure.
My domain is created in Freenom.
To finish the process I need to manually verify the domain from Azure:
Azure Domain Verification
Then I created TXT record in my domain in Freenom:
Freenom provider settings
But the TXT record is not created:
$ dig nemoz.ml TXT
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> nemoz.ml TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29489
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4096
;; QUESTION SECTION:
;nemoz.ml. IN TXT
;; ANSWER SECTION:
nemoz.ml. 5 IN CNAME nemoz.azurewebsites.net.
nemoz.azurewebsites.net. 5 IN CNAME waws-prod-am2-203.sip.azurewebsites.windows.net.
waws-prod-am2-203.sip.azurewebsites.windows.net. 5 IN CNAME waws-prod-am2-203.cloudapp.net.
;; AUTHORITY SECTION:
cloudapp.net. 5 IN SOA prd1.azuredns-cloud.net. msnhst.microsoft.com.cloudapp.net. 2110897293 900 300 604800 60
;; Query time: 299 msec
;; SERVER: 192.168.47.2#53(192.168.47.2)
;; WHEN: Tue Oct 02 16:56:54 EDT 2018
;; MSG SIZE rcvd: 250
And I am not able to verify the domain from Azure. I tried many configurations in Freenom, using networking tools, and searched many web pages. And nothing working.
Can you please help me find the problem?
It works!
I removed CNAMEs from Freenom and now I get TXT record:
$ dig nemoz.ml TXT
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> nemoz.ml TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26447
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 4000
;; QUESTION SECTION:
;nemoz.ml. IN TXT
;; ANSWER SECTION:
nemoz.ml. 5 IN TXT "phkg1hlljofbujbrfvl8pe8l62"
nemoz.ml. 5 IN TXT "nemoz.azurewebsites.net"
;; Query time: 1677 msec
;; SERVER: 192.168.47.2#53(192.168.47.2)
;; WHEN: Wed Oct 03 03:33:42 EDT 2018
;; MSG SIZE rcvd: 112
Also in Azure the domain verification is successful. Thanks a lot.
But the question is why is that? Why CNAME record prevents TXT record in domain?
Make sure you type the correct TXT record format in your domain DNS zone. named # with a valid value ph*********62in Freenom provider. And wait a few minuies for DNS propagation.
Here is an example in Azure DNS.
In Freenom replace 1examplevalue1 with the token ph*********62.
One possible problem can be that you have two TXT records with the same value.
For some reason it causes a conflict and records won't take effect.
When I run the following dig command on www.google.com with the +nssearch option I get no results:
mac$ dig www.google.com +nssearch
mac$
Can someone explain why no data is returned here? The +nssearch option reads the SOA of all the authoritative name servers I believe. Does this mean there are no authoritative name servers? How is that possible? The domain www.google.com obviously works so I was expecting some sort of result.
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40522
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 20 IN A 74.125.196.106
www.google.com. 20 IN A 74.125.196.104
www.google.com. 20 IN A 74.125.196.99
www.google.com. 20 IN A 74.125.196.147
www.google.com. 20 IN A 74.125.196.105
www.google.com. 20 IN A 74.125.196.103
;; Query time: 2 msec
;; SERVER: 192.168.186.1#53(192.168.186.1)
;; WHEN: Wed Jun 17 17:17:37 CDT 2015
;; MSG SIZE rcvd: 139
From "man dig":
+[no]nssearch
When this option is set, dig attempts to find the authoritative name servers for the zone containing the name being
looked up and display
the SOA record that each name server has for the zone.
Since there's no authority section in the response, +nssearch is going to return nothing.
www.google.com is not a zone, but a name in a zone. Therefore it doesn't have any NS records (or SOA records) for dig to display. Try dropping the www. bit and you'll get more output.
My server is a Ubuntu, and I have installed webmin/virtualmin and I´m trying to create my NSRecord ns1 and ns2.
I run this command:
dig #localhost mydomain.info
; DiG 9.7.3 #localhost mydomain.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; HEADER opcode: QUERY, status: NOERROR, id: 64570
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.info. IN A
;; ANSWER SECTION:
mydomain.info. 38400 IN A 10.28.166.120
;; AUTHORITY SECTION:
mydomain.info. 38400 IN NS ns1.mydomain.info.
;; ADDITIONAL SECTION:
ns1.mydomain.info. 38400 IN A 10.28.166.120
But 10.28.166.120 it´s my local IP, I try to find any information on /var/log/syslog about Bind and I didn´t see anything.
In Firewall I configured the ports like this:
Incoming open ports:
TCP/53
UDP/53
Outgoing open ports:
TCP/53
UDP/53
TCP/1024-65535
UDP/1024-65535
So, know I put my complete dns record:
$ttl 38400
# IN SOA ns1.mydomain.info. root.ns1.mydomain.info. (
1342267814
10800
3600
604800
38400 )
# IN NS ns1.mydomain.info.
mydomain.info. IN A 10.28.166.120
www.mydomain.info. IN A 10.28.166.120
ftp.mydomain.info. IN A 10.28.166.120
m.mydomain.info. IN A 10.28.166.120
ns1.mydomain.info. IN A 999.999.999.999
localhost.mydomain.info. IN A 127.0.0.1
webmail.mydomain.info. IN A 10.28.166.120
admin.mydomain.info. IN A 10.28.166.120
mydomain.info. IN TXT "v=spf1 a mx a:mydomain.info ip4:10.28.166.120 ?all"
999.999.999.999 = my external IP
I´m tried post some questions like this and anyone help on other forums. If anyone don´t undestand something I will try to explain.
Thank´s.
BIND runs as named, so that is what you should look for in the logs. (Though nothing is actually wrong with this setup, so I doubt there would be anything in the logs).
I'm not sure how you've set up the records in your zone, but each NS record points to an A record. The NS record looks fine, but the A record is wrong. The other NS record and/or its corresponding A record are missing. You will have to change the A record for ns1.mydomain.info. to your external address. There is no simple way to use both an internal and external IP for a single machine (for a complicated way, see split-horizon views).