DNS entries required for a domain - dns

My OS is CentOS 6.7 with Plesk 12.5.x
There are always some errors when I am checking DNS records in any DNS diagnostic tool. Can anybody please advise what records are necessary to set for all domains?
Here is my Plesk=>Tools & Settings => DNS Template
Here is error screen shot:
Another domain throwing the following error:
Thanks in anticipation

So the first major problem I see with your domain is that two of the nameservers listed do not reply.
ns1.onlinenics.net. ns1.wellnessbd.com. Maybe they are firewalled ?
And looking at the whois record it shows these as the registered nameservers;
NSSEC.ONLINE.NET NS1.ONLINENICS.NET
I'd check that first - it may just be a config error, or there may be a firewall/IPtables in the way blocking the query.
to fix the spf record you need something like this in your zone with the addresses of your valid sender(s);
"v=spf1 mx ip4:<ips of valid senders>/<cidr> -all"
If you have a way to export your zone file that would be a help and much easier to read and provide corrections too, sadly I'm no use with control panel type affairs.
I found a better online web tool which tests your dns. Specific results for your domain are here

Related

whois lookup shows correct ip but why my browser can not find IP address of domain?

My website suddenly stopped working.
When I search for the domain name in WHOIS websites it is showing the correct server ip address and correct DNS IP address.
I can reach the website by its IP address but somehow when I am trying the domain name in browser its not working and its showing "This site can’t be reached"!
There is no error in my server log.
I tried different browsers and different systems and it is same issue.
I am really confused. Even when I am sending GET requests with Postman to my domain, it not reachable but sending request to IP is working!
whois and DNS resolution are two separate things and one does not imply anything for the other, so in short, except in very specific cases, if you have a DNS resolution problem you should use DNS troubleshooting tools, not the whois and especially not web-based whois (the only relevant whois is the registry one).
Now you are giving so few details that noone can really help.
Among the possible ideas to check and probable problems:
you forgot to renew the domain, your registrar put it on hold or worse deleted it (that you can see in whois)
you did a change in the DNS resolution and now it does not work anymore, use online troubleshooting tools like Zonemaster or DNSViz; alternatively your registrar and/or webhosting company should be able to help (since you are neither giving here the domain name nor details about the troubleshooting you do: for DNS problems, the browser is not the first tool to use, look instead at dig).
in appear that the problem was DNS on our local system. we changed it to 8.8.8.8 and then we could access to our domain!
it's usually because you use an addon domain, not the main domain for hosting orders that are set up on cpanel whm

Defining two sub domains of my domain as nameservers of another domain

Suppose that I own example.com that is served by my own DNS server and I can create every records that I want.
Now imagine that one of my friends get a new domain called new-domain.com and I want to help him manage his domain with his own DNS server.
So in my dns system for example.com, I create two A records as:
my.ns1.example.com -> some.ip.addr
and
my.ns2.example.com -> some.ip.addr
(some.ip.addr is the ip address of his DNS server)
and ask him to set my.ns1.example.com and my.ns2.example.com as name servers for his domain.
But he cannot set them because it gets invalid nameserver error!
Its my understanding that because example.com is working properly in DNS system and thus my.ns1.example.com and my.ns2.example.com are resolved to the IP address properly, so nothing can prevent them to be used as nameservers.
I searched around and found that some people say the nameservers should be registered. I understand registering when we have to ask for setting glue records, but for this case I have no idea why would we need to register those name.
To be more specific with real life example, why would jobs.ns.cloudflare.com is a valid nameserver but www.cloudflare.com is not?
I asked the same question on serverfault.com with this link
There, I quote important part of the answer here,
From a pure DNS perspective, an authoritative nameserver (such as those for com) should not perform any kind of recursion to learn the IP address of the nameservers that are defined in your example.com zone. Instead, the registry permits registrars to add glue records to the com domain, and those registrars can provide a user interface so that the owners of the domains that these custom nameservers live in can do so. (example: Namecheap - How do I register personal nameservers for my domain?)
(To address the elephant in the room...no, these glue records are not strictly required. But policies are policies, and if the registrar interface requires the registry level glue to be present, you have little choice in the matter.)
While the answer does not answer my updated part of the question, I picked it as the answer and decided to ask another question.
The problem does not lie in the names: my.ns1.example.com and my.ns2.example.com are fine.
The registry, and sometimes even the registrar, normally perform a few checks before approving a nameserver change. If your nameservers are rejected as invalid they are most likely not yet correctly configured for your friend's domain. I mean, the servers at my.ns1.example.com and my.ns2.example.com do not contain the minimum required records for new-domain.com.
That said, the registrar support team should be able to provide more details: if it's them who reject the change they should let you know what part of the automatic tests fails and even provide the test output so you can see by yourself. On the other hand, if they just pass the change to the registry (your friend should see a "operation pending at registry level" notice in his control panel for some time) they could do the extra effort of helping you out by providing hints based on their experience with that particular TLD. That is, if your friend didn't grab a promo offer in the 0.99$-5.99$ a year range for the domain: if he pays them something in the 20$-50$ a year range then he should expect and demand a proper, helpful support. I use one of the cheapest registrars and if my nameserver change gets rejected I still get a full report:
Dear customer,
The registry did not accept the nameservers you tried assigning to
new-domain.com because they did not pass the registry tests. Please
check the report we got from the registry below, fix the errors
and try assigning the nameservers again.
Nameservers Resolvable Test: ERROR
my.ns1.example.com. ERROR Unresolvable host my.ns1.example.com.
my.ns2.example.com. ERROR Unresolvable host my.ns2.example.com.
my.ns3.example.com. OK
my.ns4.example.com. OK
SOAQueryAnswerTest: ERROR
my.ns1.example.com. ERROR java.net.SocketTimeoutException
my.ns2.example.com. ERROR java.net.SocketTimeoutException
my.ns3.example.com. OK
my.ns4.example.com. OK
... ... ...
Update: The OP posted an update saying that as soon as the nameservers were registered with the registry, they were accepted in his friend's control panel. It appears that particular registrar checks for glue records and rejects the nameservers if they have none. This is an unnecessary check because glue records are only needed if the nameservers are within the same domain they serve, as explained in these questions. Registrars usually explain this very clearly or at least mention this above the nameserver change form:
Please note that in most cases the ip address is not required and will actually be ignored. It is only necessary if the nameservers you are entering are sub-domains of the selected domain (also called custom nameservers or vanity nameservers).
We can conclude that the friend's registrar performs an unnecessary blocking test and does not respond to user inquiries in a helpful matter. Since the OP has the following need (citation from his updated post on serverfault):
I need to be able to create dynamic nameservers programmatically and ask my users to enter their specific nameservers for their domains in their registrars.
I warmly recommend he does some research looking for a decent and reasonably priced registrar he can point his customers/friends to in case they have any issues with their current ones.

DNS record not found after testing

I am checking my website on mxtoolbox.com and getting some DNS errors. Two of those errors say "DNS Record not found". One has dmarc as category and the other is category spf.
My questions:
Does this hurt my website?
How do i go about fixing this?
My website is http://www.zilvertron.com
Thanks for your time!
No, neither of those things will directly hurt your website, though they may cause you problems with sending email if the recipients score harshly in any spam management application.
There is some info on DMARC here and some info about spf here They are both used to help validate that messages are 'allowed' to be send from your domain & hosts and that your domain is who it says it is.
If you wanted to fix/add the records you need to have a look in your dns providers control panel and see what options they support, and how to implement them. Spf is easy - it's just a text record, DMARC/DKIM requires a bit more setup.

Plesk Error - Failed domain creation - Serial Number update limit

I have an issue with my Plesk instance which really doesn't make sense to me.
I am creating a lot of subdomain for my clients on my main domain.
I don't handle any DNS on my server, service is disabled in Plesk and my 2 DNS servers for that main domain are my domain/vps provider ones (OVH).
I use then to create a subdomain as a zone DNS for each of my client in OVH backend, but know I chose to simply use a wildcard to avoid having 100s of entry.
Then I go to plesk and add a subdomain (vhost) with the associated folder where the subdomain (or domain) needs to go. It use to work fine but unfortunately now I have an error saying:
Error: Failed domain creation: Unable to update the domain data: The
serial number update limit was reached. No further change on the DNS
zone can be done today.
I really don't get it as, on my provider, I can create as many DNS zone as I want, and I really don't see the link between my server/Plesk vhosts/domains/subdomains and the DNS! I don't handle any DNS on my server and I thought creating a subdomain or domain on Plesk was just creating a vhost.
I am stuck on that one, would be great if any of you ever encounter that issue could help me.
PS: Couldn't find anything online ...
PS2: Called my provider and talked to me about SOA limitations, But again I can't see the link here. As the error is not when I try to create a DNS zone but when I try to set a new vhost.
This is a plesk bug know for me as PPPM-2590.
As workaround you can uncheck 'Use serial number format recommended by IETF and RIPE' on parent domain where you have a lot of subdomains or server-wide in 'Tools & Settings > DNS Templates > SOA record Template' and sync template with domains.
You can try this custom fix
Make sure that you have latest update #68
Backup original file:
cp /usr/local/psa/admin/plib/Dns/Zone/Abstract.php /usr/local/psa/admin/plib/Dns/Zone/Abstract.php.ORIG
Download https://docs.google.com/uc?authuser=0&id=0B7Nx66lufdvpSkxxeHpqaGtvWTg&export=download and place it to /usr/local/psa/admin/plib/Dns/Zone/Abstract.php

DNS servers pointing to site saying "owner knows site is down"?

When my site goes down, I want to change my registrar DNS settings to
point to (for example):
ns1.this_site_is_down.com
ns2.this_site_is_down.com
ns3.this_site_is_down.com
ns4.this_site_is_down.com
where these nameservers would return a fixed IP with a low TTL for all
queries (or even a CNAME), and a webpage on that IP address would read
something like:
The owner of this website knows it is down and is working to fix
it. Once the site is fixed, you will no longer see this message.
To use this service, set your DNS servers to ... [as above]
Does such a service exist?
I realize this system wouldn't be perfect, but it would be useful.
DNS and "site is offline" messages
discusses creating your own 2nd nameserver to do this, but I'm looking
to do this with an existing service/server.
It doesn't exist for A records or CNAME records (the closest you can get here is using a round robin, but that doesn't solve your issue).
Your looking for a priority tag, which exists in MX only records.
I'm afraid your best option is just on the servers send out a 503 error with a HTML page as the ErrorDocument.

Resources