first of all I should mention that I'm fairly new to the world of DNS. I've purchased a VPS plan and I'm trying to run a web server and also a custom mail server (postfix and dovecot combination), which turns out to be a real pain. I'm aware of the fact that I can make my life easier by using Google App services but nonetheless I want to be able to do it myself.
I'm stuck with so called DNS records and as far as my understanding goes I should first of all create an A record for my mail.mydomain.com and afterwards a MX record, am I right? I checked every option my hosting provider provides, but unfortunately I couldn't find anything.
If I run:
nslookup -q=mx mydomain.com
it gives me:
Non-authoritative answer:
mydomain.com mail exchanger = 10 mail.mydomain.com
and for "Authoritative answers" I get nothing.
So first question: "'Authoritative answers' are answers from mydomain.com itself and to be able to give such answers I should run my own DNS Name Server and have so called 'zones file' in which I have these records setup, am I right?".
And following question would be: "to be able to do it I should have 'bind' software package installed, right?".
Another question: "if haven't done any of it how come I get 'Non-authoritative answer' for my MX query? Does it mean I already have one MX record from my service provider?".
And the last question would be, since it is for a custom mail server and if you are familiar with it: "could you tell me why do I have to have a reversed domain record (I think it is called PTR) in order to avoid my mail get landed in spam folder?"
You got Non-authoritative answer because you did not query records from name servers of the domain, and the results may contain IPs.
This result is similar as yours.
$ nslookup -q=mx google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
google.com mail exchanger = 30 alt2.aspmx.l.google.com.
google.com mail exchanger = 20 alt1.aspmx.l.google.com.
google.com mail exchanger = 40 alt3.aspmx.l.google.com.
google.com mail exchanger = 50 alt4.aspmx.l.google.com.
google.com mail exchanger = 10 aspmx.l.google.com.
Authoritative answers can be found from:
alt3.aspmx.l.google.com internet address = 173.194.204.26
alt4.aspmx.l.google.com internet address = 74.125.141.26
alt2.aspmx.l.google.com internet address = 173.194.219.27
aspmx.l.google.com internet address = 74.125.25.26
alt1.aspmx.l.google.com internet address = 74.125.193.27
So we can find name servers of the targeted domain.
$ nslookup -q=ns google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
google.com nameserver = ns3.google.com.
google.com nameserver = ns1.google.com.
google.com nameserver = ns2.google.com.
google.com nameserver = ns4.google.com.
Authoritative answers can be found from:
ns3.google.com internet address = 216.239.36.10
ns2.google.com internet address = 216.239.34.10
ns1.google.com internet address = 216.239.32.10
ns4.google.com internet address = 216.239.38.10
Then we can get authoritative answer.
$ nslookup -q=mx google.com ns1.google.com
Server: ns1.google.com
Address: 216.239.32.10#53
google.com mail exchanger = 40 alt3.aspmx.l.google.com.
google.com mail exchanger = 10 aspmx.l.google.com.
google.com mail exchanger = 30 alt2.aspmx.l.google.com.
google.com mail exchanger = 50 alt4.aspmx.l.google.com.
google.com mail exchanger = 20 alt1.aspmx.l.google.com.
As the sample you posted, you can confirm if mail.mydomain.com has pointed to a IP ( so called A record ), and mail related services maight be OK if there are correct MX & A records.
You should find out name servers of your domain before you maintain the DNS records.
I guess your service provider ( or someone else ) have set up MX record of your domain, you may get more answers from your service provider.
Related
When I do an nslookup on the net. zone, I get the following output:
nslookup -type=soa net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
net
origin = a.gtld-servers.net
mail addr = nstld.verisign-grs.com
serial = 1542217316
refresh = 1800
retry = 900
expire = 604800
minimum = 86400
Authoritative answers can be found from:
This means that in order to get DNS records for the net. zone, one should query the DNS Server a.gtld-servers.net. However, the IP Address of a.gtld-servers.net is not given. This results in a catch-22, because in order to get the IP address of any subzone in the net. zone, one should query a.gtld-servers.net.
So my question is, how to get out of this catch-22? How can I get the IP address of a.gtld-servers.net without having to do another DNS request?
The root server addresses can be found in a file downloaded from iana
This means that in order to get DNS records for the net. zone, one should query the DNS Server a.gtld-servers.net
You could, and at least initially, probably would, but the root servers don't move around frequently, so once you got the ip address for .net server, for example, you would use the cached value.
Made the purchase of a domain in a Brazilian company called UOL (Universo Online).
Once the domain has been registered, it came with the following standard DNS:
Nameserver: ns1.dominios.uol.com.br
Nameserver: ns2.dominios.uol.com.br
Nameserver: ns3.dominios.uol.com.br
I went into my hosting server and got the DNS server for me to upgrade in the field.
The DNS of the server hosting is:
http://i.imgur.com/kUTzcUZ.jpg
Went on the control panel of the company that bought the domain (UOL), removed the default DNS (ns1.dominios.uol.com.br, ns2 ... ns3 ...) and I upgraded to DNS of my webhost:
http://i.imgur.com/qk1VxB7.jpg
The company gave me a deadline 24-48 hours for DNS propagation.
I decided to enter the "intoDNS" (www.intodns.com) to check the situation and noticed that an error appears, see:
http://www.intodns.com/kiararockswithgnr.com
Is something wrong? Or is the DNS has not yet been propagated and I just wait?
According to the whois, the name servers for the domain are
Name Server: NS1.HOSTINGER.COM.BR
Name Server: NS2.HOSTINGER.COM.BR
Name Server: NS3.HOSTINGER.COM.BR
and this is confirmed by the DNS delegation
dig kiararockswithgnr.com +trace
kiararockswithgnr.com. 172800 IN NS ns1.hostinger.com.br.
kiararockswithgnr.com. 172800 IN NS ns2.hostinger.com.br.
kiararockswithgnr.com. 172800 IN NS ns3.hostinger.com.br.
;; Received 109 bytes from 192.42.93.30#53(192.42.93.30) in 2454 ms
If this is not what you are seeing, it's likely you are hitting a cached result.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
So I've delved into the world of running a server without a control panel for the first time, doing everything through the terminal and occasionally logging into the desktop gui if I need to.
I've got nearly everything working as far as I can tell, the firewall was a hassle but I think i've got it now.
The last thing I can't quite work out is how to get the domain name I purchased pointing correctly to my server (I've always done this through a control panel before which automated most of it).
These are the steps I've taken so far (These may be wrong, I've been googling the thing like mad but everywhere tells me to do something different, so please let me know if something is wrong).
Purchased name name, for sake of example "mydomain.com"
Have server running Ubuntu 64 bit. IP address for sake of example "1.2.3.4"
The host has provided me with 3 "DNS Resolvers", for sake of example: "1.1.1.1", "1.1.1.2", "1.1.1.3"
I've set the hostname on my server
Running "hostname" in the terminal outputs: mydomain
Checking /etc/hostname outputs: mydomain.com
I've added those 3 DNS resolvers to my /etc/resolv.conf file like so:
domain mydomain.com
search mydomain.com
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
I've set the virtual host up in my httpd.conf file:
<VirtualHost 1.2.3.4:80>
ServerName mydomain.com
ServerAlias mydomain
DocumentRoot /var/www/mysite
</VirtualHost>
Now from here on I've just been palying around with different things. At the moment I've gone into my domain registrar panel and set three nameservers as "ns1.mydomain.com", "ns2.mydomain.com", "ns3.mydomain.com".
I've installed webmin to try and set the DNS zone records and this is what I've got at the moment on the output of various commands:
(where 1.1.1.1, 1.1.1.2, 1.1.1.3 are those DNS resolvers)
[b]nslookup -sil localhost[/b]
conn#duckfusion:~$ nslookup -sil localhost
;; Got SERVFAIL reply from 1.1.1.2, trying next server
;; Got SERVFAIL reply from 1.1.1.3, trying next server
;; connection timed out; no servers could be reached
[b]nslookup -sil mydomain.com[/b]
conn#duckfusion:~$ nslookup -sil mydomain.com
;; Got SERVFAIL reply from 1.1.1.2, trying next server
;; Got SERVFAIL reply from 1.1.1.3, trying next server
;; connection timed out; no servers could be reached
Here is my "named.conf" file:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
[u]named.conf.options[/u]
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1; 1.1.1.2; 1.1.1.3; 208.67.222.222; 208.67.220.220;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-query {
any;
};
listen-on port 53 {
any;
};
};
[u]named.conf.local[/u]
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "mydomain.com" {
type master;
file "/var/lib/bind/mydomain.com.hosts";
};
[u]/var/lib/bind/mydomain.com.hosts[/u] (Where 1.2.3.4 is my server's IP)
$ttl 38400
mydomain.com. IN SOA mydomain.com. me.myemail.com. (
1366054515
10800
3600
604800
38400 )
mydomain.com. IN NS mydomain.com.
mydomain.com. IN A 1.2.3.4
www.mydomain.com. IN A 1.2.3.4
mail.mydomain.com. IN A 1.2.3.4
ftp.mydomain.com. IN A 1.2.3.4
ns1.mydomain.com. IN A 1.2.3.4
ns2.mydomain.com. IN A 1.2.3.4
ns3.mydomain.com. IN A 1.2.3.4
mydomain.com. IN NS ns1.mydomain.com.
mydomain.com. IN NS ns2.mydomain.com.
mydomain.com. IN NS ns3.mydomain.com.
mydomain.com. IN MX 10 mail.mydomain.com.
That's as far as I've got.
I can obviously get to the server via IP address as URL, but as of yet not by domain name.
Could anyone let me know:
A) Where I've gone wrong
B) What I need to do to achieve this?
Thank you very much.
Running your own named is overkill and not needed. Here's what a valid setup looks like:
Your web server hosting provider (where your website lives) gave you some DNS resolvers. These are intended to provide DNS resolution to your web server, so it can find OTHER hosts on the Internet. These resolvers have nothing to do with hosting YOUR domain, and you cannot make changes to their domain definitions.
Your DNS Hosting Provider has their own DNS servers, which are used by default to host your DNS "A" record. If you truly reconfigured your DNS hosting account to use the web provider's DNS servers, this is an error. You cannot add your DNS record to those servers.
On your DNS Hosting Provider's control panel, first set it back to using their DNS servers; then create an "A" record for your domain, pointing to the IP of your web server host.
In summary:
DNS Hosting Provider
DNS Server(s) contain:
www.yourserver.com A 1.2.3.4
alias.yourserver.com CNAME www.yourserver.com (maybe)
yourserver.com MX where.you.receive.mail (maybe)
Web Hosting Provider
Your web server at 1.2.3.4
/etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
That's all you need to do for other people to be able to find your server.
The only reason to run your own DNS would be to host an entire network consisting of multiple machines, behind a firewall, or hosting an entire Class C or greater set of IP addresses. To do this you'd need peering and routing agreements with other providers, which I don't think you have.
EDIT
$ dig duckfusion.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> duckfusion.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32080
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 17
;; QUESTION SECTION:
;duckfusion.com. IN A
;; ANSWER SECTION:
duckfusion.com. 1800 IN A 87.117.219.53
duckfusion.com. 1800 IN A 192.31.186.140
;; AUTHORITY SECTION:
duckfusion.com. 172800 IN NS dns4.registrar-servers.com.
duckfusion.com. 172800 IN NS dns5.registrar-servers.com.
duckfusion.com. 172800 IN NS dns3.registrar-servers.com.
duckfusion.com. 172800 IN NS dns1.registrar-servers.com.
duckfusion.com. 172800 IN NS dns2.registrar-servers.com.
I installed Virtualmin GPL on CentOS 6.2. The hostname of the machine is srv01.[mydomain.tld] (where [mydomain.td] is an actual registered domain). On the server I have only 1 IP, so I assigned it to both ns1.[mydomain.tld] and ns2.[mydomain.tld]. After this I updated the nameserver details for my domain on the domain registrar and pointed both ns1 and ns2 to the IP of the server.
The first issue I received was BIND-chroot issue, and after searching on the net, I removed BIND from chroot and BIND started. At this stage I was sure that everything will work normal, so I created a virtual server for [mydomain.tld]. At this point, I was sure that I can now access my site using the domain name.
So I opened network-tools.com and tried to perform a tracert for [mydomain.tld] but it failed to resolve the domain name and following are the details from the page:
Retrieving DNS records for [mydomain.tld]...
DNS servers
ns1.[mydomain.tld] [1.2.3.4]
Query for DNS records for [mydomain.tld] failed: Timed out
Whois query for [mydomain.tld]...
I tried to ping srv01.[mydomain.tld] and failed. Then I tried to ping ns1.[mydomain.tld] and it worked. My first guess was that maybe the NS on my server isn’t working, so I SSHed and performed nslookup google.com:
$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.33.39
I think that the NS is working properly on my server. After this, I performed:
$ nslookup [mydomain.tld]
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: [mydomain.tld]
Address: IP
It looks like the server is resolving the name properly locally, but not working on the Internet. I also checked all the Zone records for [mydomain.tld] and it contains the following records:
[mydomain.tld]. -- NS -- ns1.[mydomain.tld].
[mydomain.tld]. -- NS -- ns2.[mydomain.tld].
[mydomain.tld]. -- A -- IP
www.[mydomain.tld]. -- A -- IP
ns1.[mydomain.tld]. -- A -- IP
ns2.[mydomain.tld]. -- A -- IP
plus A records for subdomains ftp.[mydomain.tld], m.[mydomain.tld], localhost.[mydomain.tld], webmail.[mydomain.tld], admin.[mydomain.tld] and mail.[mydomain.tld] pointing to the server’s IP, plus MX and SPF records.
To troubleshoot it from the beginning to the end, do the following
Find address of your TLD nameservers: dig TLD NS
Find how your domain authoritative nameservers configured in the TLD: dig #[one-of-tld-nameservers] [mydomain.tld] NS. You expect to get your authoritative servers: ns1.[mydomain.tld] and ns2.[mydomain.tld] and their IP addresses (which are both pointing to your single IP). If this is NOT what you get, your problem is that you did not register your authoritative servers with your registrar.
Query your server: dig #[your IP] www.[mydomain.tld] if you request times-out, port 53 on your server is unreachable for some reason. Since it IS reachable locally, it could be firewall or NAT issue.
Now to various specifics of your question:
I tried to ping srv01.[mydomain.tld] and failed...
In the zone records in your post I don't see a record for srv01. Ping will not be able to resolve srv01 without appropriate DNS record.
Timed out Whois query for [mydomain.tld]...
Whois have nothing to do with DNS resolution, I presume it's DNS and not Whois. It seems that the nameserver defined as authoritative for mydomain.tld is not accessible.
I tried to ping ns1.[mydomain.tld] and VOLA it worked
I'm not sure, but possibly your DNS resolver knows the address ns1.[mydomain.tld] from TLD nameservers, and NOT from authoritative nameserver (also I'm not sure whether it's correct behavior or not).
Conlusion: my best guess is that port 53 of your server is not accessible from the internet.
I'm using nslookup to find the DNS name that has the a given IP address as one of its associated addresses. So, I use nslookup interactively...
command line > nslookup -
set query=ptr
24.248.56.68
Non-authoritative answer:
68.56.248.24.in-addr.arpa name = wsip-24-248-56-68.ri.ri.cox.net.
Authoritative answers can be found from:
24.in-addr.arpa nameserver = x.arin.net.
24.in-addr.arpa nameserver = u.arin.net.
24.in-addr.arpa nameserver = t.arin.net.
24.in-addr.arpa nameserver = v.arin.net.
24.in-addr.arpa nameserver = dill.arin.net.
24.in-addr.arpa nameserver = y.arin.net.
24.in-addr.arpa nameserver = z.arin.net.
24.in-addr.arpa nameserver = w.arin.net.
t.arin.net internet address = 199.253.249.63
u.arin.net internet address = 204.61.216.50
u.arin.net has AAAA address 2001:500:14:6050:ad::1
v.arin.net internet address = 63.243.194.2
v.arin.net has AAAA address 2001:5a0:10::2
w.arin.net internet address = 72.52.71.2
w.arin.net has AAAA address 2001:470:1a::2
x.arin.net internet address = 199.71.0.63
x.arin.net has AAAA address 2001:500:31::63
y.arin.net internet address = 192.42.93.32
z.arin.net internet address = 199.212.0.63
z.arin.net has AAAA address 2001:500:13::63
dill.arin.net internet address = 192.35.51.32
Now I want to find what name servers were contacted to do that lookup. I think I'm supposed to set query=ns but that returns the same answer. How can I find what name servers were contacted?
The server that processed your query should be displayed along with the result, e.g.
Server: 192.168.1.253
Address: 192.168.1.253#53
Non-authoritative answer:
68.56.248.24.in-addr.arpa name = wsip-24-248-56-68.ri.ri.cox.net.
Typically this is the default nameserver configured for your workstation. To select a different nameserver use the nslookup "server" command.
Since your query returned a non-authoritative answer that means your nameserver is not authoritative for that pointer. It had to query other nameserver(s) in order to respond. As far as I know, there is no nslookup option to show the lookup sequence performed by your nameserver.
If your objective is to determine the authoritative nameserver for the pointer then you need to do one or more additional nslookup queries based on the authoritative 'hints'. In your example, the first hint is "x.arin.net" (one of the internet root servers). Using this hint, your next step would be send the same query to that server, e.g.
> server x.arin.net
Default server: x.arin.net
Address: 199.71.0.63#53
> 24.248.56.68
Server: x.arin.net
Address: 199.71.0.63#53
Non-authoritative answer:
*** Can't find 68.56.248.24.in-addr.arpa.: No answer
Authoritative answers can be found from:
248.24.in-addr.arpa nameserver = ns.cox.net.
248.24.in-addr.arpa nameserver = ns.west.cox.net.
248.24.in-addr.arpa nameserver = ns.east.cox.net.
This response shows x.arin.net isn't authoritative either but the new hint indicates the next server to query is "ns.cox.net" (or "ns.west.cox.net" or "ns.east.cox.net"). Set your server to the new hint, execute the query again and repeat the process until you get an authoritative answer, e.g.
> server ns.cox.net
Default server: ns.cox.net
Address: 68.1.16.107#53
> 24.248.56.68
Server: ns.cox.net
Address: 68.1.16.107#53
Non-authoritative answer:
*** Can't find 68.56.248.24.in-addr.arpa.: No answer
Authoritative answers can be found from:
56.248.24.in-addr.arpa nameserver = ns2.coxmail.com.
56.248.24.in-addr.arpa nameserver = ns1.coxmail.com.
> server ns2.coxmail.com
Default server: ns2.coxmail.com
Address: 68.111.106.70#53
> 24.248.56.68
Server: ns2.coxmail.com
Address: 68.111.106.70#53
68.56.248.24.in-addr.arpa name = wsip-24-248-56-68.ri.ri.cox.net.
This result shows the authoritative nameserver for the pointer is "ns2.coxmail.com". Depending on how your nameserver is configured, it may have gone through the same series of queries you did. However if your nameserver is set up for caching, the next time you make the same query it may answer from its cache rather than go through the same process.
I hope this helps. Keep in mind this may not be exactly how it works for you because a lot depends on the configuration of your workstation, the configuration of your nameserver as well as the configuration of the additional nameservers that are queried.
Other tools more sophisticated than nslookup may make this process easier for you.