Develop Reference

Why is the DNS for my 6-month old domain suddenly not resolving?

The domain is http://epochchartjs.com, or http://www.epochchartjs.com
Whois says it's still active, and the nameservers match what's in Zerigo, http://whois.domaintools.com/epochchartjs.com
However, it doesn't load in the browser, and host epochchartjs.com yields:
$ host www.epochchartjs.com
Host www.epochchartjs.com not found: 3(NXDOMAIN)

dig epochchartjs.com NS yields no NameSevers. Please verify with the reseller/registrar with whom you have purchased the domain. They must add the NS records for this domain.

Where to get authoritative DNS information and is whois accurate

I've been told that there is a problem with the DNS records for for the following domain: horoscope-feeds.com, but I'm not yet convinced there is a problem with it.
When I do
host -C -a horoscope-feeds.com
I get the response
Trying "horoscope-feeds.com"
Received 184 bytes from 127.0.0.1#53 in 46 ms
Trying "horoscope-feeds.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21074
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;horoscope-feeds.com. IN SOA
;; ANSWER SECTION:
horoscope-feeds.com. 86400 IN SOA ns.horoscope-feeds.com. peter.ward33.btopenworld.com. 1341590337 10800 3600 604800 10800
;; AUTHORITY SECTION:
horoscope-feeds.com. 86400 IN NS ns.horoscope-feeds.com.
;; ADDITIONAL SECTION:
ns.horoscope-feeds.com. 86400 IN A 109.228.2.80
Received 131 bytes from 109.228.2.80#53 in 44 ms
Which I understand as meaning that the authoritative name server for this domain is ns.horoscope-feeds.com. However a whois lookup for the domain yeilds two nameservers:
Nameserver: ns1.horoscope-feeds.com
Nameserver: ns2.horoscope-feeds.com
I thought that whois information is not guaranteed to be accurate and that domain information should not be taken from this source.
Can anyone tell me if the DNS set up for this domain is wrong in any way and if so how? Also where is the final authority on the DNS records for a domain and how do I get that information?
Thanks

The DNS setup inconsistent because the registry (".com" - managed by Verisign) says that the authoritative nameservers are ns1.horoscope-feeds.com and ns2.horoscope-feeds.com, but if you query one of these servers, they answer that the authoritative server is ns.horoscope-feeds.com (having the same IP as ns2).
This may sound confusing, but it's important to understand that the main record type that a resolving client jump from the root down to your domain is the NS resource record type. For any given delegated domain, such as "horoscope-feeds.com", there are two sets of such NS records -- one published by the parent zone (registry) and one published by the zone itself. These two sets should match:
Ask the registry for the set of nameservers authoritative for your domain:
$ dig +noall +authority +add #a.gtld-servers.net horoscope-feeds.com
horoscope-feeds.com. 172800 IN NS ns1.horoscope-feeds.com.
horoscope-feeds.com. 172800 IN NS ns2.horoscope-feeds.com.
ns1.horoscope-feeds.com. 172800 IN A 109.228.2.79
ns2.horoscope-feeds.com. 172800 IN A 109.228.2.80
Ask one of those nameservers:
$ dig +noall +answer +add #109.228.2.79 horoscope-feeds.com ns
horoscope-feeds.com. 86400 IN NS ns.horoscope-feeds.com.
ns.horoscope-feeds.com. 86400 IN A 109.228.2.80
A similar diagnosis can be seen here.
Generally, the information published by Whois also comes from the TLD registry (if you query the right whois server). However, there is a possibility that the registry whois database is out of sync with what is published at the DNS. Since we're dealing with DNS problems, it's best to query the DNS, i.e. ask one of dig com. NS for domains that end with ".com") :)
As for fixing this inconsistency, you should either edit your zone (at your DNS provider) to match the registry.

Linking Domain Name to Server [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
So I've delved into the world of running a server without a control panel for the first time, doing everything through the terminal and occasionally logging into the desktop gui if I need to.
I've got nearly everything working as far as I can tell, the firewall was a hassle but I think i've got it now.
The last thing I can't quite work out is how to get the domain name I purchased pointing correctly to my server (I've always done this through a control panel before which automated most of it).
These are the steps I've taken so far (These may be wrong, I've been googling the thing like mad but everywhere tells me to do something different, so please let me know if something is wrong).
Purchased name name, for sake of example "mydomain.com"
Have server running Ubuntu 64 bit. IP address for sake of example "1.2.3.4"
The host has provided me with 3 "DNS Resolvers", for sake of example: "1.1.1.1", "1.1.1.2", "1.1.1.3"
I've set the hostname on my server
Running "hostname" in the terminal outputs: mydomain
Checking /etc/hostname outputs: mydomain.com
I've added those 3 DNS resolvers to my /etc/resolv.conf file like so:
domain mydomain.com
search mydomain.com
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
I've set the virtual host up in my httpd.conf file:
<VirtualHost 1.2.3.4:80>
ServerName mydomain.com
ServerAlias mydomain
DocumentRoot /var/www/mysite
</VirtualHost>
Now from here on I've just been palying around with different things. At the moment I've gone into my domain registrar panel and set three nameservers as "ns1.mydomain.com", "ns2.mydomain.com", "ns3.mydomain.com".
I've installed webmin to try and set the DNS zone records and this is what I've got at the moment on the output of various commands:
(where 1.1.1.1, 1.1.1.2, 1.1.1.3 are those DNS resolvers)
[b]nslookup -sil localhost[/b]
conn#duckfusion:~$ nslookup -sil localhost
;; Got SERVFAIL reply from 1.1.1.2, trying next server
;; Got SERVFAIL reply from 1.1.1.3, trying next server
;; connection timed out; no servers could be reached
[b]nslookup -sil mydomain.com[/b]
conn#duckfusion:~$ nslookup -sil mydomain.com
;; Got SERVFAIL reply from 1.1.1.2, trying next server
;; Got SERVFAIL reply from 1.1.1.3, trying next server
;; connection timed out; no servers could be reached
Here is my "named.conf" file:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
[u]named.conf.options[/u]
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.1.1.1; 1.1.1.2; 1.1.1.3; 208.67.222.222; 208.67.220.220;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-query {
any;
};
listen-on port 53 {
any;
};
};
[u]named.conf.local[/u]
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "mydomain.com" {
type master;
file "/var/lib/bind/mydomain.com.hosts";
};
[u]/var/lib/bind/mydomain.com.hosts[/u] (Where 1.2.3.4 is my server's IP)
$ttl 38400
mydomain.com. IN SOA mydomain.com. me.myemail.com. (
1366054515
10800
3600
604800
38400 )
mydomain.com. IN NS mydomain.com.
mydomain.com. IN A 1.2.3.4
www.mydomain.com. IN A 1.2.3.4
mail.mydomain.com. IN A 1.2.3.4
ftp.mydomain.com. IN A 1.2.3.4
ns1.mydomain.com. IN A 1.2.3.4
ns2.mydomain.com. IN A 1.2.3.4
ns3.mydomain.com. IN A 1.2.3.4
mydomain.com. IN NS ns1.mydomain.com.
mydomain.com. IN NS ns2.mydomain.com.
mydomain.com. IN NS ns3.mydomain.com.
mydomain.com. IN MX 10 mail.mydomain.com.
That's as far as I've got.
I can obviously get to the server via IP address as URL, but as of yet not by domain name.
Could anyone let me know:
A) Where I've gone wrong
B) What I need to do to achieve this?
Thank you very much.

Running your own named is overkill and not needed. Here's what a valid setup looks like:
Your web server hosting provider (where your website lives) gave you some DNS resolvers. These are intended to provide DNS resolution to your web server, so it can find OTHER hosts on the Internet. These resolvers have nothing to do with hosting YOUR domain, and you cannot make changes to their domain definitions.
Your DNS Hosting Provider has their own DNS servers, which are used by default to host your DNS "A" record. If you truly reconfigured your DNS hosting account to use the web provider's DNS servers, this is an error. You cannot add your DNS record to those servers.
On your DNS Hosting Provider's control panel, first set it back to using their DNS servers; then create an "A" record for your domain, pointing to the IP of your web server host.
In summary:
DNS Hosting Provider
DNS Server(s) contain:
www.yourserver.com A 1.2.3.4
alias.yourserver.com CNAME www.yourserver.com (maybe)
yourserver.com MX where.you.receive.mail (maybe)
Web Hosting Provider
Your web server at 1.2.3.4
/etc/resolv.conf
nameserver 1.1.1.1
nameserver 1.1.1.2
nameserver 1.1.1.3
That's all you need to do for other people to be able to find your server.
The only reason to run your own DNS would be to host an entire network consisting of multiple machines, behind a firewall, or hosting an entire Class C or greater set of IP addresses. To do this you'd need peering and routing agreements with other providers, which I don't think you have.
EDIT
$ dig duckfusion.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> duckfusion.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32080
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 17
;; QUESTION SECTION:
;duckfusion.com. IN A
;; ANSWER SECTION:
duckfusion.com. 1800 IN A 87.117.219.53
duckfusion.com. 1800 IN A 192.31.186.140
;; AUTHORITY SECTION:
duckfusion.com. 172800 IN NS dns4.registrar-servers.com.
duckfusion.com. 172800 IN NS dns5.registrar-servers.com.
duckfusion.com. 172800 IN NS dns3.registrar-servers.com.
duckfusion.com. 172800 IN NS dns1.registrar-servers.com.
duckfusion.com. 172800 IN NS dns2.registrar-servers.com.

Keeps saying invalid domain when trying to add it to my app in app settings

When I try to add my domain and website to my app in the basic config for my app it keeps telling me it is and invalid domain, but it should work, it used to...
I try putting it into the "App Domains" and "Site Url" fields but get this error...
"Error
App Domains: illmethods.com is not a valid domain.
Site URL is not a valid URL."
The app name is IllMethods

If you asked the com authoritative DNS servers, you get these NS records and associated glue (A) records:
$ dig +norecurs +noall +auth +answer +additional illmethods.com #a.gtld-servers.net
illmethods.com. 172800 IN NS ns1.illmethods.com.
illmethods.com. 172800 IN NS ns2.illmethods.com.
ns1.illmethods.com. 172800 IN A 203.97.122.126
ns2.illmethods.com. 172800 IN A 125.236.226.87
but if you asked ns1.illmethods.com, the A record for "ns1.illmethods.com" is different from above:
$ dig +norecurs +noall +answer +additional illmethods.com #ns2.illmethods.com
illmethods.com. 14400 IN A 125.236.226.87
ns1.illmethods.com. 14400 IN A 125.236.226.87
ns2.illmethods.com. 14400 IN A 125.236.226.87
So "ns1" and "ns2" are essentially pointing to the same IP.
I think the issue is a culmination of a few factors:
negative caching. If your server was down at some point, Facebook's upstream DNS might have cached the negative response for some time.
inconsistent A records for name servers specified at the registrar vs. what's in the zone that you host.
Facebook probably has a very short timeout when it queries the DNS, since ns1 is actually not reachable (at least now from where I am), it will likely timeout before it manages to try the other IP.
So, I suggest that you remove ns1.illmethods.com at your registrar, and then remove the NS record of the same in your zone as well. Then, wait at least an hour (if you want to be doubly sure, wait 24hrs since you've specified 86400 in your SOA minimum field) and try again.
You should also use the dnscheck link that Sean Kinsey gave provided to make sure that your zone is free of errors, because these become hard-to-diagnose errors in the presence of caching and different DNS resolver implementations.

There are no valid NS servers listed for this domain and so Facebook probably can't verify it. Currently it has ns1.illmethods.com and ns2.illmethods.com, but that causes a catch 22 as you need the IP for the NS-servers in order to look up the IP for the NS-servers...
See http://dnscheck.pingdom.com/?domain=illmethods.com for more.

Bind nameserver in Virtualmin and DNS query timing out

I installed Virtualmin GPL on CentOS 6.2. The hostname of the machine is srv01.[mydomain.tld] (where [mydomain.td] is an actual registered domain). On the server I have only 1 IP, so I assigned it to both ns1.[mydomain.tld] and ns2.[mydomain.tld]. After this I updated the nameserver details for my domain on the domain registrar and pointed both ns1 and ns2 to the IP of the server.
The first issue I received was BIND-chroot issue, and after searching on the net, I removed BIND from chroot and BIND started. At this stage I was sure that everything will work normal, so I created a virtual server for [mydomain.tld]. At this point, I was sure that I can now access my site using the domain name.
So I opened network-tools.com and tried to perform a tracert for [mydomain.tld] but it failed to resolve the domain name and following are the details from the page:
Retrieving DNS records for [mydomain.tld]...
DNS servers
ns1.[mydomain.tld] [1.2.3.4]
Query for DNS records for [mydomain.tld] failed: Timed out
Whois query for [mydomain.tld]...
I tried to ping srv01.[mydomain.tld] and failed. Then I tried to ping ns1.[mydomain.tld] and it worked. My first guess was that maybe the NS on my server isn’t working, so I SSHed and performed nslookup google.com:
$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.33.39
I think that the NS is working properly on my server. After this, I performed:
$ nslookup [mydomain.tld]
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: [mydomain.tld]
Address: IP
It looks like the server is resolving the name properly locally, but not working on the Internet. I also checked all the Zone records for [mydomain.tld] and it contains the following records:
[mydomain.tld]. -- NS -- ns1.[mydomain.tld].
[mydomain.tld]. -- NS -- ns2.[mydomain.tld].
[mydomain.tld]. -- A -- IP
www.[mydomain.tld]. -- A -- IP
ns1.[mydomain.tld]. -- A -- IP
ns2.[mydomain.tld]. -- A -- IP
plus A records for subdomains ftp.[mydomain.tld], m.[mydomain.tld], localhost.[mydomain.tld], webmail.[mydomain.tld], admin.[mydomain.tld] and mail.[mydomain.tld] pointing to the server’s IP, plus MX and SPF records.

To troubleshoot it from the beginning to the end, do the following
Find address of your TLD nameservers: dig TLD NS
Find how your domain authoritative nameservers configured in the TLD: dig #[one-of-tld-nameservers] [mydomain.tld] NS. You expect to get your authoritative servers: ns1.[mydomain.tld] and ns2.[mydomain.tld] and their IP addresses (which are both pointing to your single IP). If this is NOT what you get, your problem is that you did not register your authoritative servers with your registrar.
Query your server: dig #[your IP] www.[mydomain.tld] if you request times-out, port 53 on your server is unreachable for some reason. Since it IS reachable locally, it could be firewall or NAT issue.
Now to various specifics of your question:
I tried to ping srv01.[mydomain.tld] and failed...
In the zone records in your post I don't see a record for srv01. Ping will not be able to resolve srv01 without appropriate DNS record.
Timed out Whois query for [mydomain.tld]...
Whois have nothing to do with DNS resolution, I presume it's DNS and not Whois. It seems that the nameserver defined as authoritative for mydomain.tld is not accessible.
I tried to ping ns1.[mydomain.tld] and VOLA it worked
I'm not sure, but possibly your DNS resolver knows the address ns1.[mydomain.tld] from TLD nameservers, and NOT from authoritative nameserver (also I'm not sure whether it's correct behavior or not).
Conlusion: my best guess is that port 53 of your server is not accessible from the internet.