I installed Virtualmin GPL on CentOS 6.2. The hostname of the machine is srv01.[mydomain.tld] (where [mydomain.td] is an actual registered domain). On the server I have only 1 IP, so I assigned it to both ns1.[mydomain.tld] and ns2.[mydomain.tld]. After this I updated the nameserver details for my domain on the domain registrar and pointed both ns1 and ns2 to the IP of the server.
The first issue I received was BIND-chroot issue, and after searching on the net, I removed BIND from chroot and BIND started. At this stage I was sure that everything will work normal, so I created a virtual server for [mydomain.tld]. At this point, I was sure that I can now access my site using the domain name.
So I opened network-tools.com and tried to perform a tracert for [mydomain.tld] but it failed to resolve the domain name and following are the details from the page:
Retrieving DNS records for [mydomain.tld]...
DNS servers
ns1.[mydomain.tld] [1.2.3.4]
Query for DNS records for [mydomain.tld] failed: Timed out
Whois query for [mydomain.tld]...
I tried to ping srv01.[mydomain.tld] and failed. Then I tried to ping ns1.[mydomain.tld] and it worked. My first guess was that maybe the NS on my server isn’t working, so I SSHed and performed nslookup google.com:
$ nslookup google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: google.com
Address: 173.194.33.39
I think that the NS is working properly on my server. After this, I performed:
$ nslookup [mydomain.tld]
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: [mydomain.tld]
Address: IP
It looks like the server is resolving the name properly locally, but not working on the Internet. I also checked all the Zone records for [mydomain.tld] and it contains the following records:
[mydomain.tld]. -- NS -- ns1.[mydomain.tld].
[mydomain.tld]. -- NS -- ns2.[mydomain.tld].
[mydomain.tld]. -- A -- IP
www.[mydomain.tld]. -- A -- IP
ns1.[mydomain.tld]. -- A -- IP
ns2.[mydomain.tld]. -- A -- IP
plus A records for subdomains ftp.[mydomain.tld], m.[mydomain.tld], localhost.[mydomain.tld], webmail.[mydomain.tld], admin.[mydomain.tld] and mail.[mydomain.tld] pointing to the server’s IP, plus MX and SPF records.
To troubleshoot it from the beginning to the end, do the following
Find address of your TLD nameservers: dig TLD NS
Find how your domain authoritative nameservers configured in the TLD: dig #[one-of-tld-nameservers] [mydomain.tld] NS. You expect to get your authoritative servers: ns1.[mydomain.tld] and ns2.[mydomain.tld] and their IP addresses (which are both pointing to your single IP). If this is NOT what you get, your problem is that you did not register your authoritative servers with your registrar.
Query your server: dig #[your IP] www.[mydomain.tld] if you request times-out, port 53 on your server is unreachable for some reason. Since it IS reachable locally, it could be firewall or NAT issue.
Now to various specifics of your question:
I tried to ping srv01.[mydomain.tld] and failed...
In the zone records in your post I don't see a record for srv01. Ping will not be able to resolve srv01 without appropriate DNS record.
Timed out Whois query for [mydomain.tld]...
Whois have nothing to do with DNS resolution, I presume it's DNS and not Whois. It seems that the nameserver defined as authoritative for mydomain.tld is not accessible.
I tried to ping ns1.[mydomain.tld] and VOLA it worked
I'm not sure, but possibly your DNS resolver knows the address ns1.[mydomain.tld] from TLD nameservers, and NOT from authoritative nameserver (also I'm not sure whether it's correct behavior or not).
Conlusion: my best guess is that port 53 of your server is not accessible from the internet.
Related
I set up our custom DNS server in AWS and looks like doing nslookup a dns works fine in forward but if I do nslookup it in reverse like using its IP, it gives me an error as below
** server can't find x.x.x.x.in-addr.arpa: NXDOMAIN
I can do nslookup any other public dns and IP back and forth but can't do nslookup a IP for some reason.
FYI, I used an internal IP to set this up.
Could you please give me any suggestions to resolve this?
Thanks,
When I do an nslookup on the net. zone, I get the following output:
nslookup -type=soa net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
net
origin = a.gtld-servers.net
mail addr = nstld.verisign-grs.com
serial = 1542217316
refresh = 1800
retry = 900
expire = 604800
minimum = 86400
Authoritative answers can be found from:
This means that in order to get DNS records for the net. zone, one should query the DNS Server a.gtld-servers.net. However, the IP Address of a.gtld-servers.net is not given. This results in a catch-22, because in order to get the IP address of any subzone in the net. zone, one should query a.gtld-servers.net.
So my question is, how to get out of this catch-22? How can I get the IP address of a.gtld-servers.net without having to do another DNS request?
The root server addresses can be found in a file downloaded from iana
This means that in order to get DNS records for the net. zone, one should query the DNS Server a.gtld-servers.net
You could, and at least initially, probably would, but the root servers don't move around frequently, so once you got the ip address for .net server, for example, you would use the cached value.
The domain is http://epochchartjs.com, or http://www.epochchartjs.com
Whois says it's still active, and the nameservers match what's in Zerigo, http://whois.domaintools.com/epochchartjs.com
However, it doesn't load in the browser, and host epochchartjs.com yields:
$ host www.epochchartjs.com
Host www.epochchartjs.com not found: 3(NXDOMAIN)
dig epochchartjs.com NS yields no NameSevers. Please verify with the reseller/registrar with whom you have purchased the domain. They must add the NS records for this domain.
When troubleshooting DNS issues (specifically whether a domain is resolving), what is the proper way to check so that you get accurate results? DNS info is cached throughout the internet, and different machines (like local machine) or service (like pingdom) has different results.
How to check the DNS so that you know what you will get after it propagates?
Working with Heroku and CloudFlare.
In most common cases you can use tools such as: dig or host. Both tools are made for query name servers to retrieve info. You can also use a simple "ping something.domain.com" in order to see if IP has changed. But I suggest you to use different DNS's on the computer you're using to test. Actually Google DNS replicate so fast ( 8.8.8.8 ).
Not on purpose DNS poisoning: Keep in mind if you're pinging something that is recently configured/changed on your name server and still not propagated you'll "poison" the DNS's cache and this data is going to expire, but later...( Always depending on domain name TTL's of course ).
Using a new DNS wich never has known that domain you're sure the request is made for the first time and it's going to be made without asking any cache.
Example:
To get all the DNS servers for domain.com:
$ host -t ns domain.com
domain.com name server ns2.domain.com.
domain.com name server ns3.domain.com.
To ask a domain name for something.domain.com:
$ dig #nameserver something.domain.com
You can also ask for TXT, CNAME types and so on...
Examples:
AXFR retrieval test:
$ dig #domainname domain.com AXFR
Or get all Mail Exchange (MX) server for a domain:
$ host -t MX domain.com
domain.com mail is handled by 10 smtp.godo.com.
domain.com mail is handled by 20 smtp2.godo.com.
Hope it helps.
Cheers! :)
http://en.wikipedia.org/wiki/Nslookup
To get a "Non-authoritative" answer from your local name server that would be e.g.:
nslookup test.com
To check the name server where the domain is listed that would be e.g.:
nslookup test.com nameServerOfTest.com
I am new to BIND, and thought I had a grip on DNS, but obviously I was mistaken.
BIND is installed on Windows Server 2008 Web
I created a zone (example.com) with Dyn.
I registered the domain for that zone successfully, using the Dyn nameservers
I created two subdomains (A records) on the Dyn zone: ns1.example.com and ns2.example.com
Each subdomain points to a unique IP, bound to my server where BIND is listening
When I query ns1.example.com with nslookup, for the a new domain I created on that webserver, it returns ns1 with its ip, but gives the following error:
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns1.example.com timed-out
If I run nslookup on the webserver itself, with the same query, I get:
> example.com
Server: ns1.example.com (which is the slected nameserver)
Address: xx.xx.xx.xx
Name: example.com
Address: xx.xx.xx.xx
It might be worth mentioning, that the Webserver is located in the UK, and I am located in South Africa.
My registrar, in South Africa, returns the following when I try to register domainxyz.example:
The SOA record for domainxyz.example at xxx.xxx.xxx.xxx can not be retreived.
The most common reasons for this is that the Nameserver is not currently
reachable or the Nameserver has not been configured for this domain.
I can ping and resolve ns1 and ns2 from my pc, where the nslookup fails.
After a long discussion with myself, and curiously reviewing my post... I decided I must be really burnt out.. and I opened UDP port 53 on my windows firewall on the server.
Tadaaa.....works!
Sometimes it helps bouncing something off someone, even if its a lonely sunday night web page /forum.
Maybe this helps someone else in the future. This whole new web server commisioning has so many aspects to configure, and I lost site of the basics.
Cheers, and thanks..!