dns/name server issue

13 posts / 0 new
Last post
#1 Mon, 12/17/2012 - 22:05
adminjay

dns/name server issue

I am having an issue using virtualmin on the webserver and webmin on another server for DNS purposes and others such as backups, my issue is , is the web server now pings as both the webserver and the secondary server (by hostname) on the same IP

hostname ns.atozstoresonline.com is 98.101.219.204 hostname ns1.atozstoresonline.info should be 98.101.219.203 but pings to 98.101.219.204

Tue, 12/18/2012 - 11:28
Locutus

If a system replies to pings on two IP addresses, that system has both of those IP addresses configured. That's an issue on networking level and has nothing to do with Virtualmin or nameserver etc.

You might want to check the network config (ifconfig) on the servers involved.

Tue, 12/18/2012 - 16:52
adminjay

Hi and thanks for your help, No all the ip's are fine, ns is set to 98.101.219.204 and ns1 box is set to 98.101.219.203, but when i ping by name ns1 pulls up ns ip address, if i ping 98.101.219.203 it comes up with ns1 which is correct but it i belive is pulling a PTR record, all dns records are correct as well.in both machines, is there some place else i should be looking.

Tue, 12/18/2012 - 18:20
andreychek

The issue I see though is that when I do a DNS lookup of the name 'ns1.atozstoresonline.info', the IP '98.101.219.204' is what's returned -- not the '98.101.219.203' you mentioned.

The reverse DNS for both IP addresses appears correct, but it looks like both ns.atozstoresonline.info and ns1.atozstoresonline.info resolve to the same IP address.

-Eric

Tue, 12/18/2012 - 18:41
adminjay

hi, thanks yes and i cant figure out why, everything looks fine on both machines

203 hosts

Do not remove the following line, or various programs that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 98.101.219.203 ns1.atozstoresonline.info ns1

named: options { directory "/etc"; pid-file "/var/run/named/named.pid"; allow-recursion { localnets; 127.0.0.1; }; };

zone "." { type hint; file "/etc/db.cache"; };

above is .203, same exact specs as .204 just says 204 instead of .203 each box has 1 ip each, double checked and no virtual made as of yet.

Wed, 12/19/2012 - 04:32
Locutus

Aah okay, I figured when you mentioned "ping", that your box replied to a wrong IP address.

When you debug nameserver issues, you initially wouldn't want to test stuff with "ping", since ping takes IP addresses from the DNS resolver, which includes local or ISP caches and all kinds of things that can interfere with the actual problem.

To debug DNS stuff, use "nslookup" or even better "dig".

E.g. when I try to resolve "ns1.atozstoresonline.info", I get an NXDOMAIN (unknown host).

Tracing the resolution path, I can see that the responsible nameservers do not return valid IP addresses.

IntoDNS reports that the name servers and glue records configured at the registrar/NIC for your domain "atozstoresonline.info" are set as follows:

ns.atozstoresonline.info.   ['98.101.219.204']   [TTL=86400] 
ns1.atozstoresonline.info.   ['98.101.219.203']   [TTL=86400]

When I try to resolve ns1.atozstoresonline.info directly at those two IP addresses, I get a REFUSED from the .203, and an NXDOMAIN from .204.

Hope this helps; otherwise we'd need more info about what is behind those two IP addresses, i.e. are those two servers, or just one, and what's the BIND config and zone file. Is BIND running, listening on port 53, no firewall blocking packets, that kind of stuff.

Wed, 12/19/2012 - 13:52
adminjay

Hi thanks.

A) These are 2 physical servers NS: is configured with 98.101.219.204 (used for 12 websites) and 98.101.219.205 for a client on NS

NS1: is configured with 98.101.219.203, this box was going to be used as a name server and ftp backup, no websites

B) both binds are running on their default port, no firewall blocking

here is NS config: (inside of each domain zone file, it shows NS and it's ip address)

options {
    directory "/etc";
    pid-file "/var/run/named/named.pid";
    allow-recursion { localnets; 127.0.0.1; };
    };

zone "." {
    type hint;
    file "/etc/db.cache";
    };

zone "atozmicro.com" {
type master;
file "/var/named/atozmicro.com.hosts";
};
zone "atozmicro.info" {
type master;
file "/var/named/atozmicro.info.hosts";
};
zone "atozstoresonline.com" {
type master;
file "/var/named/atozstoresonline.com.hosts";
};
zone "atozstoresonline.info" {
type master;
file "/var/named/atozstoresonline.info.hosts";
};
zone "nowatm.info" {
type master;
file "/var/named/nowatm.info.hosts";
};
zone "sexytoysandbeyond.com" {
type master;
file "/var/named/sexytoysandbeyond.com.hosts";
};
zone "grannygumz.com" {
type master;
file "/var/named/grannygumz.com.hosts";
};
zone "dahummer.com" {
type master;
file "/var/named/dahummer.com.hosts";
};
zone "bestblo.com" {
type master;
file "/var/named/bestblo.com.hosts";
};
zone "eyestodeals.com" {
type master;
file "/var/named/eyestodeals.com.hosts";
};
zone "thesoulsjourneyllc.org" {
type master;
file "/var/named/thesoulsjourneyllc.org.hosts";
};
zone "thesoulsjourneyllc.com" {
type master;
file "/var/named/thesoulsjourneyllc.com.hosts";
};
Thu, 12/20/2012 - 05:12
Locutus

Okay, I checked your nameservers again, and it seems the .204 is okay now, except for a mismatch in nameservers listed. The parent (registar) lists "ns" and "ns1" as nameservers, your .204 only "ns". The nameservers must match between parent and your server.

Your .203 is refusing queries, which indicates it is not properly set up as slave for your zones.

Thu, 12/20/2012 - 20:15
adminjay

ui, thanks that is correct, I can't add ns1 as a name server because ns (204) won't resolve it's name ns1, it resolves by ip address 203 but when i add ns1 as a slavbe it wants the FQDN and it won't see it.

Fri, 12/21/2012 - 02:17
Locutus

I'm sorry, I can't follow you there, can you rephrase the problem with more details please?

Fri, 12/21/2012 - 02:38
adminjay

sorry about that, it's not much better for me either, ok: ns and ns1 are both set correctly , checked all config files, etc.

i can't add ns1 as a slave server because ns cannot resolve ns1.atozstoresonline.info , i use in Virtualmin to do it, try to add ns1 to the webmin servers index but it won't resolve the host name,(i attached 2 screen shots) I can add 98.101.219.203 ns1's ip to the server index, but when i add it as a cluster slave under NS, none of the dns records go over, the domains do but the records are empty on ns1.

As I'm looking today, i cannot ping ns1.atozstoresonline.info from ns which is 98.101.219.204,(i can ping it by IP address 98.101.219.203) this now leads me to believe there is a possible modem mis-configuaration? possible arp table flush?, i'm more of a switch/fiber/network guru rather then server, so please bare with me through dns issues. If i ping ns1.atozstoresonline.info from outside of the network through another connection it comes back Ok now, what do you get for ns1.atozstoresonline.info now.

Fri, 12/21/2012 - 11:45
Locutus

You could/should try adding the slave server to your master Webmin via its IP address instead of the hostname -- that does not rely on name resolution, and that's what I personally do too.

Is the zone in question managed through Virtualmin? While that is possible, it's not a good idea, due to issues like you're seeing there. It's best to use a zone/domain (I call it the "administrative domain") for your nameservers that is NOT managed through Virtualmin; you can use Webmin to manage it manually though. And you should use nameserver hostnames in that zone for all your other domains too. I do it like so:

I have a domain "tianet.de" in which all my servers have hostnames, like "australis.tianet.de", "taurus.tianet.de", "corona.tianet.de". Two of those servers work as nameservers, they additionally have the hostnames "ns1.tianet.de" and "ns2.tianet.de". That zone is not managed through Virtualmin.

All my customer domains, which ARE managed through Vmin, use those two as nameservers. Virtualmin does that automatically, since you can configure which servernames should be used as nameserver(s).

As for the rest, I can ping both your .203 and .204 systems from here; I'm using their IP addresses directly. Of course I can't say if the same system is responding or not. :)

I guess at this point it's better to offer you to take a look at your systems myself (I'd need root login to your Virtualmin and SSH for that); it's getting too complex to try and help "remotely". :)

If you'd like that, tell me a way to contact you privately. Instant Messenger is preferred due to its more direct nature, but email works too.

Sat, 12/22/2012 - 01:14
adminjay

I JUST CAN'T FIGURE IT OUT AT ALL and i built thousands of dns servers over the years, , AIM is preferred, sblaja003

Topic locked