My server is a Ubuntu, and I have installed webmin/virtualmin and I´m trying to create my NSRecord ns1 and ns2.
I run this command:
dig #localhost mydomain.info
; DiG 9.7.3 #localhost mydomain.info
; (1 server found)
;; global options: +cmd
;; Got answer:
;; HEADER opcode: QUERY, status: NOERROR, id: 64570
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mydomain.info. IN A
;; ANSWER SECTION:
mydomain.info. 38400 IN A 10.28.166.120
;; AUTHORITY SECTION:
mydomain.info. 38400 IN NS ns1.mydomain.info.
;; ADDITIONAL SECTION:
ns1.mydomain.info. 38400 IN A 10.28.166.120
But 10.28.166.120 it´s my local IP, I try to find any information on /var/log/syslog about Bind and I didn´t see anything.
In Firewall I configured the ports like this:
Incoming open ports:
TCP/53
UDP/53
Outgoing open ports:
TCP/53
UDP/53
TCP/1024-65535
UDP/1024-65535
So, know I put my complete dns record:
$ttl 38400
# IN SOA ns1.mydomain.info. root.ns1.mydomain.info. (
1342267814
10800
3600
604800
38400 )
# IN NS ns1.mydomain.info.
mydomain.info. IN A 10.28.166.120
www.mydomain.info. IN A 10.28.166.120
ftp.mydomain.info. IN A 10.28.166.120
m.mydomain.info. IN A 10.28.166.120
ns1.mydomain.info. IN A 999.999.999.999
localhost.mydomain.info. IN A 127.0.0.1
webmail.mydomain.info. IN A 10.28.166.120
admin.mydomain.info. IN A 10.28.166.120
mydomain.info. IN TXT "v=spf1 a mx a:mydomain.info ip4:10.28.166.120 ?all"
999.999.999.999 = my external IP
I´m tried post some questions like this and anyone help on other forums. If anyone don´t undestand something I will try to explain.
Thank´s.
BIND runs as named, so that is what you should look for in the logs. (Though nothing is actually wrong with this setup, so I doubt there would be anything in the logs).
I'm not sure how you've set up the records in your zone, but each NS record points to an A record. The NS record looks fine, but the A record is wrong. The other NS record and/or its corresponding A record are missing. You will have to change the A record for ns1.mydomain.info. to your external address. There is no simple way to use both an internal and external IP for a single machine (for a complicated way, see split-horizon views).
Related
I have a new VPS with CWP installed. This is the file for my domain:
; Generated by CWP
; Zone file for erpuno.cl
$TTL 14400
erpuno.cl. 86400 IN SOA erpuno.cl. contacto.erpuno.cl. (
2019050600 ; serial, todays date+todays
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 )
erpuno.cl. 86400 IN NS ns1.erpuno.cl.
erpuno.cl. 86400 IN NS ns2.erpuno.cl.
erpuno.cl. IN A 45.7.228.32
vps.erpuno.cl. IN A 45.7.228.32
ns1.erpuno.cl. IN A 45.7.228.32
ns2.erpuno.cl. IN A 45.7.228.32
localhost.erpuno.cl. IN A 127.0.0.1
erpuno.cl. IN MX 0 erpuno.cl.
mail IN CNAME erpuno.cl.
www IN CNAME erpuno.cl.
ftp IN CNAME erpuno.cl.
; Add additional settings below this line
_dmarc 14400 IN TXT "v=DMARC1; p=none"
But the DNS is not resolving. I can't access de URL and DNS lookup services don't find it. What am I doing wrong?
When I run dig erpuno.cl, I get:
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> erpuno.cl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23843
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;erpuno.cl. IN A
;; ANSWER SECTION:
erpuno.cl. 14400 IN A 45.7.228.32
;; AUTHORITY SECTION:
erpuno.cl. 86400 IN NS ns1.erpuno.cl.
erpuno.cl. 86400 IN NS ns2.erpuno.cl.
;; ADDITIONAL SECTION:
ns1.erpuno.cl. 14400 IN A 45.7.228.32
ns2.erpuno.cl. 14400 IN A 45.7.228.32
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 06 21:43:27 -04 2019
;; MSG SIZE rcvd: 122
Everything seems normal. And both the config file and the zone file have no errors.
From my PC I can ping the IP of the server, but not the domain. But from the console of the VPS I can ping the domain.
The firewall has the ports open, so that's not the issue either.
Any ideas??
Make sure your resolv.conf file have the following lines:
domain yourdomain
nameserver ipaddr(of the machine with the dns server installed)
dig redhat.com
;; QUESTION SECTION:
;redhat.com. IN A
;; ANSWER SECTION:
redhat.com. 3600 IN A 209.132.183.105
We get the ip address 209.132.183.105----the A record of domain redhat.com.
Now i want to get the domain name from the ip--209.132.183.105.
Maybe you introduce two ways to get it.
nslookup 209.132.183.105
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
105.183.132.209.in-addr.arpa name = redirect.redhat.com.
Authoritative answers can be found from:
dig -x 209.132.183.105
; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> -x 209.132.183.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;105.183.132.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
105.183.132.209.in-addr.arpa. 519 IN PTR redirect.redhat.com.
;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Nov 19 15:11:33 CST 2016
;; MSG SIZE rcvd: 90
It is unlucky taht the result is not redhat.com and redirect.redhat.com is a PTR record with 209.132.183.105.
Could i draw a conclusion that no way to get a domain name from the IP address in condition of that the ip is A record of domain name?
You are correct in that there is no way to get the info reliably.
Anyone who owns a domain name can point any A, AAAA or CNAME to whatever IP address they like irrespective if they control that IP address.
It gets even more complex in that if you have the reverse delegation set up for your IP address(es) you can set whatever PTR record you like - even stuff that's invalid or none existent.
If you owned the domain rubber-chickens.com there is nothing stopping you creating the following;
google.rubber-chickens.com A 216.58.210.36 - Which points to google or
200.200.120.11 PTR msn.microsoft.com. - Which when you did a traceroute or dig would appear to show the hostname msn.microsoft.com
IP's and domains are just made up in this example.
I have some DNS issues and I am trying to figure out if this is a correct I should get when I run this on VPS
getent hosts test.com
69.xx.xx.xxx server.test.com server www.test.com www test.com test testuser
for other sites the answer looks like this
getent hosts justhost.com
74.220.195.132 justhost.com
Are the first result ok? where are the values taken from?
Update:
If it helps
nslookup test.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
server can't find test.com: NXDOMAIN
dig #localhost test.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56197
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 24 14:32:24 2015
;; MSG SIZE rcvd: 41
Pinging the ns1 gives me the correct server ip
Pinging the domain name gives me the old server ip
Is this usual?
From an analysis on intoDNS (http://www.intodns.com/blackcatadvertising.com) it seems that the nameserver are not setted properly. Check both on your DNS provider (if it's not you) and on cPanel how they are setted. If you are sure that they are right as they are right now I would ask when did you created the domain? Sometime is required after the creation in order to let the DNS spread
fixed via How to fix a dig command with status: REFUSED?, basically I had to edit names.conf to have allow-query to any, and restart names
Some time ago I setup a site with some subdomains (example.com, test.example.com...)
Last week I added a new subdomain new.example.com and today I've realize that when I dig to the secondary server I get the SOA record as a response, not the answer itself:
root#Nigeria:~$ dig new.example.com #ns.kimsufi.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> new.example.com #ns.kimsufi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11559
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;new.example.com. IN A
;; AUTHORITY SECTION:
example.com. 86400 IN SOA ns345678.ip-93-122-113.eu. info.test.com. 2015021005 28800 7200 604800 86400
;; Query time: 36 msec
;; SERVER: 213.186.33.199#53(213.186.33.199)
;; WHEN: Mon Feb 16 11:14:35 2015
;; MSG SIZE rcvd: 108
I'm wondering why I'm getting an authority response instead of the right response. If I dig into 'ns345678.ip-93-122-113.eu' which is the right server where my website and my DNS server is hosted, I get the expected response:
;; ANSWER SECTION:
new.example.com. 86400 IN A 93.122.113.255
Why the secondary DNS is not giving an answer to the new subdomain? It is giving an answer to old subdomains like 'test.example.com'. And how I must interpret the SOA response? What does it mean?
A SOA record in the Authority segment together with having the AA flag set is an indication that the reply is authoritative. So what the response you pasted means is that ns.kimsufi.com says that it knows with certainty that the name you asked for (new.example.com) does not exist.
And if you hadn't hidden the actual domain name, someone might have been able to tell you the reason you're not getting the response you expect. But as it is, this is about all you will get.
Here is the main problem:
dig maktabkhooneh.info +trace
works perfectly fine and returns the right answer.
dig maktabkhooneh.info
(without +trace) returns:
; <<>> DiG 9.8.1-P1 <<>> maktabkhooneh.info
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58716
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
What could be the reason? I was reading this. Is it the only possible reason that I changed domain data 12hrs ago? Isn't there any other possible reason for SERVFAIL?
extra info:
I have two BIND servers working on 168.144.251.73 (master) and 168.144.92.50 (slave).
and on the master I have:
$TTL 300
maktabkhooneh.info. IN SOA ns1.maktabkhooneh.info.
admin.maktabkhooneh.info. (
2012060201 ; Serial
86400 ; Refresh
7200 ; Retry
3600000 ; Expire
300 ) ; Minimum
maktabkhooneh.info. IN A 168.144.97.83
maktabkhooneh.info. IN NS ns1.maktabkhooneh.info.
maktabkhooneh.info. IN NS ns2.maktabkhooneh.info.
ns1 IN A 168.144.251.73
ns2 IN A 168.144.92.50
www IN CNAME maktabkhooneh.info.
dig +trace follows the whole chain from the beginning - it queries root servers, then .info servers then your namservers. Thus it avoids any caching resolvers, and also avoids propagation issues.
dig +notrace (the default) queries your default DNS resolver (on Linux, whatever specified in /etc/resolv.conf).
There's some problem with that resolver - maybe it's misconfigured, maybe it has old data in its caches, maybe it can not reach your authoritative nameservers, etc.
In my case was a problem related to /etc/named.conf file. I could resolve this with the previous answer from Sandman and googling the way to fix a corrupted named.conf in cpanel. I had to access to shell console and type the following commands:
for backup the file
mv /etc/named.conf /etc/named.conf.bak
for rebuild the file
/usr/local/cpanel/scripts/rebuilddnsconfig
for restart the named service
/etc/init.d/named restart
ref: https://www.web24.com.au/tutorials/named-conf-fix-corrupted-named-conf-cpanel