I have the domain icebuddha.com that I am trying to associate with a static Github Page (https://github.com/0xdabbad00/icebuddha). When I ping or dig this address I get no IP see here. I've configured this domain in Route53 as follows:
Name servers match NS record. I don't know what the SOA record is.
Other name server view:
dig records (normal, notice it has no A records):
$ dig icebuddha.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> icebuddha.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50957
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;icebuddha.com. IN A
;; Query time: 273 msec
;; SERVER: 192.168.106.2#53(192.168.106.2)
;; WHEN: Sat Jun 18 13:11:26 2016
;; MSG SIZE rcvd: 31
dig records when I specify the name server to use (notice it does have A records, which is good):
$ dig icebuddha.com #ns-10.awsdns-01.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> icebuddha.com #ns-10.awsdns-01.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18793
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;icebuddha.com. IN A
;; ANSWER SECTION:
icebuddha.com. 300 IN A 192.30.252.154
icebuddha.com. 300 IN A 192.30.252.153
;; AUTHORITY SECTION:
icebuddha.com. 172800 IN NS ns-10.awsdns-01.com.
icebuddha.com. 172800 IN NS ns-1447.awsdns-52.org.
icebuddha.com. 172800 IN NS ns-1607.awsdns-08.co.uk.
icebuddha.com. 172800 IN NS ns-737.awsdns-28.net.
;; Query time: 69 msec
;; SERVER: 205.251.192.10#53(205.251.192.10)
;; WHEN: Sat Jun 18 13:11:43 2016
;; MSG SIZE rcvd: 199
The solution was to ensure all three mentions of Name Servers and NS records are the same. By using that last image as the authoritive answer, and setting the middle image to those values, this worked.
Related
I'm trying to parse a DIG request and I'm not quite sure what all the sections mean. My guess is that 151.101.53.164 is the authoritative name server's IP.
User-Desktop:Desktop user$ dig www.nytimes.com
; <<>> DiG 9.8.3-P1 <<>> www.nytimes.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1148
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.nytimes.com. IN A
;; ANSWER SECTION:
www.nytimes.com. 63 IN CNAME nytimes.map.fastly.net.
nytimes.map.fastly.net. 24 IN A 151.101.53.164
;; AUTHORITY SECTION:
fastly.net. 2204 IN NS ns3.fastly.net.
fastly.net. 2204 IN NS ns1.fastly.net.
fastly.net. 2204 IN NS ns2.fastly.net.
fastly.net. 2204 IN NS ns4.fastly.net.
;; ADDITIONAL SECTION:
ns1.fastly.net. 2344 IN A 23.235.32.32
ns2.fastly.net. 2344 IN A 104.156.80.32
ns3.fastly.net. 171545 IN A 23.235.36.32
ns4.fastly.net. 2345 IN A 104.156.84.32
;; Query time: 48 msec
;; SERVER: 131.252.120.128#53(131.252.120.128)
;; WHEN: Tue May 9 12:41:15 2017
;; MSG SIZE rcvd: 221
I want to point my subdomain (w.example.com) to (ns1.w.example.com)
NS w.example.com directs to ns1.w.example.com.
A ns1.w.example.com directs to 192.0.2.139
>> dig w.example.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> w.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20571
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;w.example.com. IN A
;; Query time: 195 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Thu Feb 14 12:10:13 UTC 2019
;; MSG SIZE rcvd: 43
Why is it breaking DNS resolution & let me know the proper way to point my subdomain (w.example.com) to (ns1.w.example.com)
And what it is the proper way to do this?
At the zone of domain.com you need the delegation AND a glue record. Respectively the forlast and last record here:
$ORIGIN example.com.
# NS auth.dns.example
# NS auth.dns.example
# NS auth.dns.example
...
w NS ns1.w
ns1.w A 192.0.2.139
The glue record is "out-of-zone" data, needed to pre-indicate the address of that nameserver - as without that info a resolver can't guess it.
At the zone of w.example.com you need to have
$ORIGIN w.example.com.
# NS ns1
ns1 A 192.0.2.139
I have two mirrored forward DNS server(for simplifying, named f1, f2) which forward some domain request to my authoritative DNS server(also named a1, a2), I added some new domain to my authoritative DNS server, but when I nslookup the new domain from f1 or f2, I got Non-existent domain error like the following. If I nslookup from a1 or a2, it worked.
C:\Users\Liu.D.H>nslookup www.yqsbfiles.ynu.edu.cn
Server: ynu-public-dns-a.ynu.edu.cn
Address: 113.55.13.51
*** ynu-public-dns-a.ynu.edu.cn can't find www.yqsbfiles.ynu.edu.cn: Non-existent domain
C:\Users\Liu.D.H>
I also used dig to get more debug info.
C:\Users\Liu.D.H>dig www.yqsbfiles.ynu.edu.cn #113.55.13.52
; <<>> DiG 9.10.6 <<>> www.yqsbfiles.ynu.edu.cn #113.55.13.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28130
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yqsbfiles.ynu.edu.cn. IN A
;; AUTHORITY SECTION:
ynu.edu.cn. 9936 IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. 2016062301 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 113.55.13.52#53(113.55.13.52)
;; WHEN: Fri Jun 08 10:44:35 China Standard Time 2018
;; MSG SIZE rcvd: 101
C:\Users\Liu.D.H>
But the strange thing was that if I did rndc flush on one of f1 or f2, then I can request successfully.
C:\Users\Liu.D.H>dig www.yqsbfiles.ynu.edu.cn #113.55.13.51
; <<>> DiG 9.10.6 <<>> www.yqsbfiles.ynu.edu.cn #113.55.13.51
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4168
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yqsbfiles.ynu.edu.cn. IN A
;; ANSWER SECTION:
www.yqsbfiles.ynu.edu.cn. 86400 IN CNAME lb-http.ynu.edu.cn.
lb-http.ynu.edu.cn. 86393 IN A 202.203.208.41
;; AUTHORITY SECTION:
ynu.edu.cn. 86391 IN NS secdns.ynu.edu.cn.
ynu.edu.cn. 86391 IN NS pridns.ynu.edu.cn.
;; ADDITIONAL SECTION:
pridns.ynu.edu.cn. 86396 IN A 202.203.208.33
pridns.ynu.edu.cn. 86396 IN AAAA 2001:250:2800:2::33
secdns.ynu.edu.cn. 86391 IN A 202.203.208.34
secdns.ynu.edu.cn. 86391 IN AAAA 2001:250:2800:2::34
;; Query time: 2 msec
;; SERVER: 113.55.13.51#53(113.55.13.51)
;; WHEN: Fri Jun 08 10:43:02 China Standard Time 2018
;; MSG SIZE rcvd: 221
C:\Users\Liu.D.H>
I noticed that this two dig output had something different in AUTHORITY SECTION.
Any help would be appreciated. Thanks in advance.
You need to register the Authoritative Domain name server with the domain registrar for your new domain pointing to a1 and a2. After that it will work fine.
I'am using OpenSuse Harlequin, and yast DNS (named) for my domain DNS server, and got something that i don't understand = nslookup or dig resolve server.zone.domaine and don't resolve zone.domaine.
edserv:~ # dig edserv.nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> edserv.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28633
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;edserv.nobugg.fr. IN A
;; ANSWER SECTION:
edserv.nobugg.fr. 172800 IN A 192.168.0.3
edserv.nobugg.fr. 172800 IN A 82.234.159.172
;; AUTHORITY SECTION:
nobugg.fr. 172800 IN NS edserv.
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:21:52 CEST 2016
;; MSG SIZE rcvd: 136
and for the zone
edserv:~ # dig nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nobugg.fr. IN A
;; AUTHORITY SECTION:
nobugg.fr. 86400 IN SOA edserv. root.edserv. 2016051107 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:22:13 CEST 2016
;; MSG SIZE rcvd: 85
there is no answers.
the same with nslookup
edserv:~ # nslookup nobugg.fr
Server: 192.168.0.3
Address: 192.168.0.3#53
***** Can't find nobugg.fr: No answer**
edserv:~ # nslookup edserv.nobugg.fr
Server: 192.168.0.3
Address: 192.168.0.3#53
Name: edserv.nobugg.fr
Address: 192.168.0.3
Name: edserv.nobugg.fr
Address: 82.234.159.172
When there is the servername it is ok. When there is only the zone it doesn't worK
edserv:~ # dig www.nobugg.fr
; <<>> DiG 9.9.6-P1 <<>> www.nobugg.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57239
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nobugg.fr. IN A
;; ANSWER SECTION:
www.nobugg.fr. 172800 IN A 82.234.159.172
;; AUTHORITY SECTION:
nobugg.fr. 172800 IN NS edserv.
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
;; ADDITIONAL SECTION:
edserv.nobugg.fr. 172800 IN A 192.168.0.3
edserv.nobugg.fr. 172800 IN A 82.234.159.172
;; Query time: 0 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Wed May 11 17:38:24 CEST 2016
;; MSG SIZE rcvd: 156
I think nobugg.fr should be resolved by nslookup normally, but it is not the case.
here my named.conf
options {directory "/var/lib/named/";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on port 53 { 127.0.0.1;192.168.0.3 ;};
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
include "/etc/named.d/forwarders.conf";
listen-on-v6 { any;};
allow-query {any;};
allow-recursion {any;};
hostname "edserv.nobugg.fr";
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
include "/etc/named.conf.include";
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
};
zone "nobugg.fr" in {
file "dyn/nobugg.frXXX";
type master;
allow-transfer { any; localhost; localnets; };
allow-update { key 1; };
};
zone "nobugg.fr.in-addr.arpa" in {
file "dyn/nobugg.fr.in-addr.arpaXX";
type master;
allow-transfer { any; localhost; localnets; };
allow-update { key 1; };
};
/var/lib/named/dyn/nobugg.frXXX
$TTL 172800
# IN SOA edserv. root.edserv. (
2016051107
10800
3600
604800
86400)
IN NS edserv.nobugg.fr.
IN NS slv2.1and1.fr.
IN NS edserv
IN NS edserv.
IN MX 0 mx00.1and1.fr.
www.nobugg.fr. IN A 82.234.159.172
nobugg.fr IN NS edserv.nobugg.fr.
nobugg.fr IN A 192.168.0.3
nobugg.fr IN A 82.234.159.172
localhost IN A 127.0.0.1
slv2 IN NS slv2.1and1.fr.
edserv.nobugg.fr. IN A 192.168.0.3
edserv.nobugg.fr. IN A 82.234.159.172
/var/lib/named/dyn/nobugg.fr.in-addr.arpaXX
$TTL 172800
# IN SOA edserv. root.edserv. (
2016051105
10800
3600
604800
86400)
IN NS edserv.nobugg.fr.
IN NS slv2.1and1.fr.
3.0.168.192 IN PTR edserv.nobugg.fr.
172.159.234.82 IN PTR edserv.nobugg.fr.
172.159.234.82 IN PTR www.nobugg.fr.
172.159.234.82 IN PTR nobugg.fr.
nobugg.fr IN NS edserv.
slv2 IN NS slv2.1and1.fr.
resolv.conf
search nobugg.fr free.fr
nameserver 192.168.0.3
nameserver 212.27.40.240
nameserver 212.27.40.241
172.159.234.82 is my public IP. The domain come from 1and1, where i have declared first server name = 172.159.234.82 and second server slv2.1and1.fr.
212.27.40.240 is the dns of my provider (free.fr)
Thanks for any help. I'am looking for this problem since a week every days, i spended a lot of hours and don't found what happen.
OK, let's investigate :):
Check which name servers are responsible for .fr TLD:
[vagrant#localhost ~]$ dig fr ns #a.root-servers.net +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> fr ns #a.root-servers.net +noall +answer +authority
;; global options: +cmd
fr. 172800 IN NS e.ext.nic.fr.
fr. 172800 IN NS f.ext.nic.fr.
fr. 172800 IN NS g.ext.nic.fr.
fr. 172800 IN NS d.nic.fr.
fr. 172800 IN NS d.ext.nic.fr.
Let's pick the d.nic.fr and use it to find authoritative name servers for nobugg.fr:
[vagrant#localhost ~]$ dig nobugg.fr ns #d.nic.fr +noall +answer +authority
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr ns #d.nic.fr +noall +answer +authority
;; global options: +cmd
nobugg.fr. 172800 IN NS slv2.1and1.fr.
nobugg.fr. 172800 IN NS edserv.nobugg.fr.
Next, let's what the first one, slv2.1and1.fr., has to say about your zone:
[vagrant#localhost ~]$ dig nobugg.fr #slv2.1and1.fr
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr #slv2.1and1.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59911
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
Query refused, which probably means that slv2.1and1.fr has no idea about your domain! You should either remove this name server (using your domain registrar console - and provide another one since two is the minimum) or have them host your zone (since 1nd1 is your domain's registrar it should probably be doable but you need to check with their support hw to do it)
Until you fix that, we nned to check if at least edserv.nobugg.fr provides some sensible info about nobugg.fr domain:
[vagrant#localhost ~]$ dig nobugg.fr #edserv.nobugg.fr
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobugg.fr #edserv.nobugg.fr
;; global options: +cmd
;; connection timed out; no servers could be reached
If you take a closer look, we are trying to query server edserv.nobug.fr, and we still don't have any info about the nobugg.fr. That is not unusual but glue record is than needed at upstream nameserver, let's see if there is one at d.nic.fr:
[vagrant#localhost ~]$ dig #d.nic.fr nobugg.fr +noall +additional
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> #d.nic.fr nobugg.fr +noall +additional
; (2 servers found)
;; global options: +cmd
edserv.nobugg.fr. 172800 IN A 82.234.159.172
edserv.nobugg.fr. 172800 IN AAAA 2002::52ea:9fac
OK, we know that we should query #82.234.159.172 .But then it is a bit strange why our previous dog timed out, it should also be able to come with this info. Maybe the next steps will shed some light, let's check what 82.234.159.172 knows:
[vagrant#localhost ~]$ dig nobug.fr #82.234.159.172
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> nobug.fr #82.234.159.172
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35302
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nobug.fr. IN A
;; ANSWER SECTION:
nobug.fr. 1800 IN A 151.80.186.210
;; AUTHORITY SECTION:
nobug.fr. 1800 IN NS dns1.kalitys.com.
nobug.fr. 1800 IN NS dns2.kalitys.com.
;; Query time: 88 msec
;; SERVER: 82.234.159.172#53(82.234.159.172)
;; WHEN: Thu May 12 11:34:23 CEST 2016
;; MSG SIZE rcvd: 102
Well. It is either all f*cked up or OP is changing it as I write. Let's make a break :)
Background: I've setup a site on Squarespace, got a domain on domain.com, used domain.com's DNS manager to create CNAME for squarespace (like they recommend).
I changed the nameservers yesterday to slicehost (a failed experiment) and back to domain.com's tonight. Now when I run a dig, I get the following:
; <<>> DiG 9.6.0-APPLE-P2 <<>> veganhopeworkshop.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54930
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;veganhopeworkshop.com. IN A
;; Query time: 300 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Jun 15 23:23:02 2010
;; MSG SIZE rcvd: 39
Does the "status: SERVFAIL" indicate anything wrong about my configuration?
At the time of writing (09:30 GMT on 16th June) none of the three name servers at domain.com (ns1, ns2 and ns3.domain.com) are correctly serving your zone.
% dig +norec #ns3.domain.com. veganhopeworkshop.com ns
; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec #ns3.domain.com. veganhopeworkshop.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52861
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;veganhopeworkshop.com. IN NS
...
So, in the first instance, you need to talk to them to find out why not.