A little help with DNS/BIND

19 posts / 0 new
Last post
#1 Wed, 01/16/2013 - 05:56
bunglehaze

A little help with DNS/BIND

Hi guys, I am just looking for a little help with my BIND settings to be sure that it is all working correctly.

I am currently using a vanity nameserver, my webserver domain names are used but point to the DNS of the datacentre the server resides in, my vanity nameservers ar: ns1/ns2.webhostsheffield.com

On Virtualmin the DNS gets setup for each domain but in the nameserver settings I see:

    bikechatter.net NS - Name Server    pixel.webhostsheffield.com.
bikechatter.net NS - Name Server    dns1.sheffielddatacentre.com.
bikechatter.net NS - Name Server    dns1.sheffielddatacentre.com.

pixel.webhostsheffield.com is the FQDN/Hostname, I see no mention of the vanity nameservers there and am wondering if I am using the onboard DNS of Virtualmin properly.

So far for each of the domains I host I am having to enter their records manually into the datacentre DNS control panel, what I would prefer is to use the automatically generated DNS records in Virtualmin - can I do this or am I missing a part of how the system works?

In my mind the DNS of the Datacentre should be looking after the nameserver/FQDN aspect and then the server takes over with its own DNS.

Next up, why would the Virtualmin DNS be automatically generating records for the dns1/2.sheffielddatacentre.com when the nameservers are setup as my vanity ones? I want to avoid overcomplicating the DNS issues and causing errors as a result.

regards

Leigh

Wed, 01/16/2013 - 08:50
andreychek

Howdy,

It sounds like you're looking to use your Virtualmin server as a nameserver for your domains... there's documentation on how to do that at the following URL, in the section named "How do I setup nameservers for my server":

http://www.virtualmin.com/documentation/dns/faq

Let us know if that helps... or if you had any additional questions, feel free to ask.

-Eric

Wed, 01/16/2013 - 18:24
bunglehaze

Hi Eric, thanks for the link.

I have actually already looked at that document and must be honest, it is really no help at all.

From everything else I have tried to absorb about DNS it is one of the biggest problem areas in setting up the server and yet most of the information is found over 5 lines. I am still very much confused but even worse still I seem to have made my connection to the server worse now as I am no longer able to pick up my domain(s) on my phone.

In my case I had already setup the nameservers and added the IP glue at the registrar to point to my datacentre nameserver IP's. This is what I understand to be the correct method of using a vanity nameserver and all I can see to do is add A records for each domain that points directly to the nameserver IP. That has been done.

I set the webhostsheffield.com domain up as the nameserver and FQDN for virtualmin and although I get a number of errors when looking at intoDNS or pingdom it would seem that 'the internet' can generally see the domain so this is where I am looking to fine tune - or really, get right - my DNS settings

Does the virtualmin DNS system allow me to add the domains automatically (as it already is doing) but remove the need to then setup records in the DNS control panel of the datacentre? The reason I would prefer to do this is that the datacentre control panel is missing a few settings (SOA and PTR for instance) and I have to manually add each record for each domain - something I am not 100% sure I am doing correctly - or even if I am missing records that I should need for instance.

[quote]After registering your nameservers at your domain name registrar -- you'll want to log into Virtualmin, select your "example.com" domain, click Server Configuration -> DNS Records, and create a new "A - IPv4 Address" record for ns1.example.com and ns2.example.com.[/quote]

I had already done this

[quote]Lastly, you'll want to tell Virtualmin to use your nameservers when it generates NS records for new Virtual Servers that it creates. You can do that by going into 'System Settings' -> 'Server Templates' -> 'Default Settings' -> 'BIND DNS Domain', and set 'Master DNS server hostname' as well as 'Additional manually configured nameservers'.[/quote]

originally this was setup automatically to use my FQDN, should this not be the case? I also added the Google DNS IP's in my named.conf as somewhere else suggested using them for a speed boost and at the time my domains were just not loading at all

acl slaves {
        8.8.8.8;
        8.8.4.4;
        };

I tried using forwarders but Bind would not restart.

Perhaps I am overcomplicating matters or overthinking the process but essentially I just want to know if virtualmin can handle the DNS of any domain I place on it without needing a third party service as well. I really like the way virtualmin adds all the records and keeps things tidy.

Currently, my sites (when loading) seem to be really fast, as expected as the datacentre is only 7 miles away. They seem flaky in connectivity based on www. or non www. URL's and then of course I have the issues and errors from the DNS tests I am doing.

Pingdom keeps putting up :

Failed to find name servers of webhostsheffield.com/IN.
 
 
No name servers found at child.
 
No name servers could be found at the child. This usually means that the child is not configured to answer queries about the zone.
 
Not enough nameserver information was found to test the zone webhostsheffield.com, but an IP address lookup succeeded in spite of that.

intodns then brings up the other errors such as wrong SOA and no PTR:

The SOA record is:
Primary nameserver: dns1.sheffielddatacentre.net
Hostmaster E-mail address: hostmaster.webhostsheffield.com
Serial #: 2013011613 
Refresh: 3600 
Retry: 600 
Expire: 1209600   2 weeks
Default TTL: 86400 

How would you suggest I begin to muddle through this? I thought Virtualmin dealt with this already so clearly I have not set something up correctly.

regards

Leigh

Just to add to this. Checked out the post by Ronald : http://www.virtualmin.com/node/22091

And saw that the Master DNS should not be the FQDN (automatic) but ns1.webhostsheffield.com - I amended that and will see how it is in the morning , plus any advice you can give.

Many thanks

Wed, 01/16/2013 - 19:17 (Reply to #3)
tpnsolutions
tpnsolutions's picture

Hi,

For a small fee, I could do a screen sharing session with you and assist you in resolving the matter. If you'd like the extra help, please contact me using my email address below so we can schedule a time to get this figured out for you.

I'll be available for a few hours if you want to get things rolling immediately.

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 02:50
bunglehaze

Thanks Peter but if I were paying anyone for support it would be Virtualmin Pro, at this stage I don't have paying clients on the server so its GPL and the Virtualmin forum looking for clarification.

Thu, 01/17/2013 - 06:28
Locutus

I can provide some assistance here, problem is that you're actually writing too much. ;) Trying to read through your posts, I got lost in numerous details of your explanations.

Could you repeat your current problem, in a short and concise way? Just as a reminder: It's also important that you provide all actual domain names and IP addresses involved (which I think though you did) and not placeholders.

Thu, 01/17/2013 - 07:52
bunglehaze

:) I have never been told to type less when diagnosing a problem but I understand why in this instance.

OK:

FQDN/Hostname is pixel.webhostsheffield.com IP address for the server is 188.94.76.184

I am using the datacentre nameserver IP's which are: 188.94.74.65 and 188.94.76.66 At my registrar I setup nameservers as: ns1.webhostsheffield.com using 188.94.74.65 as GLUE ns2.webhostsheffield.com using 188.94.74.66 as GLUE

Both nameservers are purely vanity nameservers as I do not have access to a secondary IP address for now.

I have been setting up the DNS records via the datacentre control panel, manually inputting each record for each domain.

Ideally I would like to use Virtualmin as my singular DNS as it seems to setup records nicely, the datacentre control panel is not as intuitive.

Virtualmin settings:

In DNS under Server Templates I currently have:

Master DNS Server Hostname: pixel.webhostsheffield.com Additional named Directives: notify yes; allow-transfer { slaves; };

Everything else has been left as standard

Under each Virtual Server > Server Configuration > DNS Records

$ttl 38400 @ IN SOA pixel.webhostsheffield.com. root.pixel.webhostsheffield.com. ( 1357925686 10800 3600 604800 38400 )

@ IN NS pixel.webhostsheffield.com. webhostsheffield.com. IN A 188.94.76.184 www.webhostsheffield.com. IN A 188.94.76.184 ftp.webhostsheffield.com. IN A 188.94.76.184 m.webhostsheffield.com. IN A 188.94.76.184 localhost.webhostsheffield.com. IN A 127.0.0.1 webmail.webhostsheffield.com. IN A 188.94.76.184 admin.webhostsheffield.com. IN A 188.94.76.184 mail.webhostsheffield.com. IN A 188.94.76.184 webhostsheffield.com. IN MX 5 mail.webhostsheffield.com. webhostsheffield.com. IN TXT "v=spf1 a mx a:webhostsheffield.com ip4:188.94.76.184 ?all"

I have removed the domainkeys record just from this cut and paste

webhostsheffield.com. IN A 188.94.72.65 webhostsheffield.com. IN A 188.94.72.66

The bottom two A records for the nameserver IP's are what I have added manually. When everything is setup this way the domain propagates and works OK but as the DNS is being handled by the datacentres DNS I get issues with the wrong SOA, recursive DNS queries - essentially it would seem that I have either got something very wrong or need the server to handle the DNS.

The datacentre DNS system is missing an area to add SOA records and PTR records - all I have are: A, NS, MX, TXT and CNAME

The datacentre outbound DNS IP's are: 188.94.76.241 and 188.94.76.242

I am using these as slaves and have them setup in ACL as nothing seemed to work without adding them in. I may be wrong though.

Here is a link to the intoDNS page for some of the issues I mention: http://www.intodns.com/webhostsheffield.com

Many Thanks

Leigh

Thu, 01/17/2013 - 10:18
tpnsolutions
tpnsolutions's picture

Leigh,

As the report at intodns.com explains, one of the first issues I see is that your SOA record is invalid. It seems to say that the primary DNS server should be dns1.sheffielddatacentre.net, and you're using ns1.webhostsheffield.com and ns2.webhostsheffield.com.

Per your message, because you registering your DNS with your provider, you need to use the DNS servers they are providing you, as when they add it into their system they won't be using your vanity domain, and probably don't even know they exist.

That's the first error in your DNS setup, so I'd recommend getting that checked out and corrected right away.

BTW, unless you work with a provider who specifically allows you to use their service for secondary zones, you can't expect to use their servers. That is, if you're adding primary zones to their system, they're expecting to be the primary DNS server, not secondary. Secondaries pull records from the Primaries, so that also seems to be a problem.

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 14:45
bunglehaze

Peter, the DNS that you rightly mention - dns1.sheffielddatacentre.com is the nameserver that the ns1 and ns2.webhostsheffield.com is attached to as vanity domains so in that respect they are setup as intended.

I guess with the rest of what you say the question is how do I then go about turning ns1.webhostsheffield.com into a primary nameserver using virtualmin and then ns2 on either the datacentres DNS if they allowed it - or even host the secondary and/or tertiary nameservers on a free service elsewhere.

By the sounds of it this is what the virtualmin DNS is setup for - being a primary DNS server.

regards

Leigh

Thu, 01/17/2013 - 15:00
tpnsolutions
tpnsolutions's picture

Leigh,

You can host both primary and secondary from a single server. It's how many startups do it, as DNS rules require a minimum of 2 nameservers to exist.

The way to do this is:

  1. acquire 2 IP's from your data center (the one you have now can count toward this)

  2. register ns1.webhostsheffield.com and ns2.webhostsheffield.com with your domain registrar (ex. GoDaddy) through their control panel, or by contacting them (depending on how your provider allows this to be done).

*** the above step is required as your DNS address won't get recognized otherwise ***

  1. Setup Virtualmin to use your custom DNS server address through Virtualmin > System Settings > Server Templates > Default Settings > BIND DNS domain screen. Set Additional manually configured nameservers to ns2.webhostsheffield.com and Master DNS server hostname to ns1.webhostsheffield.com.

*** for existing domains, you'll need to manually adjust the DNS records by going to: Virtualmin > Server Configuration > DNS Records ***

  1. In the zone for webhostsheffield.com a an A Record for ns1.webhostsheffield.com pointing to the IP address registered at the registrar and ns2.webhostsheffield.com pointing ot the IP address registered at the registrar.

*** these IP's are the ones assigned by your data center, pointing to your server. ***

Now when you create new domains, they'll point to your two new DNS server addresses automatically, and you'll be serving up your own DNS.

*** while it's recommended to run two DNS servers on different subnets, and different servers, the above can be done, and it's actually what we used to do here years ago before we grew our cluster ***

If the above instructions seemed overwhelming, or you need assistance accomplishing the task, for a fee of $40.00 I can get this all going for you, including but not limited to assisting if needed communicating with your data center on the IP address requirements.

*** support sessions are done via a screen sharing session, so no passwords are exchanged, and you can learn what was done, if you ever need to do it again. my policy on payment is, you pay only when the job is completed to your satisfaction, and all work comes with a 7-day guarantee. ***

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/17/2013 - 17:18
bunglehaze

Thanks peter, I will take a look at a third IP address for my server ,I am already using two as I have a DRAC

regards

Thu, 01/17/2013 - 18:03 (Reply to #11)
tpnsolutions
tpnsolutions's picture

Hi,

If you've already got 2 IP's then you're set! No need to setup a third one.

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Fri, 01/18/2013 - 06:01
bunglehaze

Peter, the second IP is in use on its own NIC card for the DRAC so I dont believe I can use that, in any case I have just added a third IP to my package - hardly worth messing about with really for the low cost involved.

Is there a best order in which to do this so my current sites on the server do not suffer any loss of connectivity from propagation?

regards

Fri, 01/18/2013 - 06:31
tpnsolutions
tpnsolutions's picture

Hi,

If you can, contact me on Skype tpnsupport and I can help you create a battle plan which works best for your needs. I've done this a few times for others, and within my own environment so I understand the idea behind reducing or eliminating downtime. I'll be online for a few hours (4am, what the heck am I doing up? LoL)

*** BTW: at this hour, I'm not going to charge ANY fee as long as you're listening and taking notes :-) ***

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Fri, 01/18/2013 - 07:25
bunglehaze

Also, I forgot to mention. I have been trying to enter ns2.webhostsheffield.com in my additional nameservers area but keep getting an error : *** Failed to save server template: Nameserver ns2.webhostsheffield.com does not exist.*** Seems to now be solved*** Not sure how though

I have added both ns1.webhostsheffield.com. ns1 - 188.94.76.184 ns2.webhostsheffield.com. ns1 - 188.94.76.189 to network configuration > host addresses as well as the pixel.webhostsheffield. pixel line (I assume this needs to be left in)

Bind has been restarted. still not able to add it in though

Obviously because of this the 189 IP is not being recognised on my intodns search so until the ns2. nameserver is added I do not expect this error to clear.

next:

The SOA record is: Primary nameserver: pixel.webhostsheffield.com Hostmaster E-mail address: root.pixel.webhostsheffield.com Serial #: 1358207805 Refresh: 10800 Retry: 3600 Expire: 604800 1 weeks Default TTL: 38400

How do I change the primary nameserver (or do I need to?) and should I change the hostmaster email address? Again, do I even need to or is this SOA looking correct now - it is the same output for my other domains hosted on this server

I am getting a warning: WARNING: SOA MNAME (pixel.webhostsheffield.com) is not listed as a primary nameserver at your parent nameserver! If I add the pixel.webhostsheffield.com in as a nameserver though I get an error so I guess there is something I am missing

regards. I think with your help I have got this sorted now though - everything seems to want resolve nicely so far (although time will tell) with only the errors mentioned above, I have linked the intodns page below:

http://www.intodns.com/webhostsheffield.com

Many thanks

Fri, 01/18/2013 - 07:25
tpnsolutions
tpnsolutions's picture

Hi,

Because time is short, I'd really appreciate if you'd contact me on Skype, so we can have a real-time conversation. It's now 5am, and I'm planning on taking a knap in about 30 - 45 min. so I don't fall asleep mid-day. Heh heh

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Sat, 01/19/2013 - 06:10
bunglehaze

Thanks for the offer Peter, apologies for not responding to you but we had a snow day here yesterday so there was little to do other than hit the park with my daughter :)

Most things seem to be working on this server now, bikechatter.net runs incredibly quickly which I am happy about, the webhostsheffield domain and virtualmin logins are very slow though despite being edited at the same time as Bikechatter so i am just going through the settings and fine tuning things.

No doubt in a few days when I am sure everything should have propagated I will be back asking for advice again though.

regards

Sat, 01/19/2013 - 14:52
tpnsolutions
tpnsolutions's picture

Hi,

No worries, sounds like you're well on your way, and as always if you require any further assistance you can publish your request here, and additionally my door is always open to Virtualmin and linux related requests.

Best Regards,
Peter Knowles
TPN Solutions

E: pknowles@tpnsolutions.com
P: 604-782-9342
W: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Fri, 12/27/2013 - 10:46
wocul

I agree that bind/DNS can be particularly tricky, I found some of the mentioned diagnostics websites very helpful:

http://pingability.com/zoneinfo.jsp http://mydnscheck.com/ http://www.dnsstuff.com/ http://www.intodns.com/

My suggestion would be to integrate those with the bind diagnostics in webmin, so that people can easily run checks against their bind setup.

Obviously, it would also be great if the validation/self-check module could do some of these tests on its own, but I guess that's going to be more work than just showing a few links and use those websites.

Topic locked