Can't access all websites

18 posts / 0 new
Last post
#1 Sun, 01/02/2011 - 16:21
we_are_borg

Can't access all websites

I have some issues with my install of GPL Virtualmin, i created a test server here at home and i'm having trouble with some domains. The clients that i work on uses the DNS server of the server it self because all my test sites uses the tld of .loc. The server it self runs Ubuntu.

I have created these websites.

vb.loc xendevelop.loc myphpadmin.loc svn.loc

Also xendevelop is the only site that uses WebDav and svn.loc is linked to subversion.

The problem is that the clients can't access the websites except xendevelop.loc the other websites i can't open at all. IPtables has no rules and the server only used one ip address. When i SSH to the server and do a wget on the domains i get the expected result svn.loc says it needs login and password as configured, vb.loc says 403 because nothing has uploaded to there etc etc. From the clients that i have in my home all give the same error i even installed my main pc today from scratch because of hardware changes and still have the same issues. Server side it seems to be working but when i try to access from clients it does not work.

What can i check to get everything working again, because no sometimes it works other times it don't.

Sun, 01/02/2011 - 22:22
andreychek

The problem is that the clients can't access the websites except xendevelop.loc the other websites i can't open at all.

What sort of error(s) are you and your clients seeing when attempting to access those websites?

-Eric

Mon, 01/03/2011 - 04:15
Locutus

Basically there are three steps involved in successfully retrieving a web page.

1) Can the clients resolve the web site's host name? dig vb.loc for a quick test, dig vb.loc +trace for details

2) Can the clients ping the web server?

3) Can the clients telnet to the web server's port 80? telnet servername 80

And, as Eric said, it would sure help if you told us what error the clients actually see :), and what gets logged, if anything, in the Apache error log?

Tue, 01/04/2011 - 09:49
we_are_borg

When i try to access the sites by FireFox (All clients windows based) i get that de server is not found the same under telnet.

; <<>> DiG 9.7.0-P1 <<>> vb.loc ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3756 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0   ;; QUESTION SECTION: ;vb.loc.INA   ;; ANSWER SECTION: vb.loc.38400INA192.168.1.120   ;; AUTHORITY SECTION: vb.loc.38400INNSdebianjp.dyndns.org.   ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jan 3 22:18:12 2011 ;; MSG SIZE rcvd: 73 ; <<>> DiG 9.7.0-P1 <<>> vb.loc +trace ;; global options: +cmd .216678INNSl.root-servers.net. .216678INNSf.root-servers.net. .216678INNSj.root-servers.net. .216678INNSk.root-servers.net. .216678INNSh.root-servers.net. .216678INNSa.root-servers.net. .216678INNSd.root-servers.net. .216678INNSm.root-servers.net. .216678INNSe.root-servers.net. .216678INNSg.root-servers.net. .216678INNSb.root-servers.net. .216678INNSc.root-servers.net. .216678INNSi.root-servers.net. ;; Received 244 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms   .86400INSOAa.root-servers.net. nstld.verisign-grs.com. 2011010301 1800 900 604800 86400 ;; Received 99 bytes from 128.8.10.90#53(d.root-servers.net) in 118 ms

When trying on server with wget i get the following

wget svn.loc

--2011-01-03 22:19:36-- http://svn.loc/ Resolving svn.loc... 192.168.1.120 Connecting to svn.loc|192.168.1.120|:80... connected. HTTP request sent, awaiting response... 401 Authorization Required Authorization failed.

This is correct because login and pass is needed

wget xendevelop.loc

--2011-01-03 22:20:25-- http://xendevelop.loc/ Resolving xendevelop.loc... 192.168.1.120 Connecting to xendevelop.loc|192.168.1.120|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: /index.php [following] --2011-01-03 22:20:25-- http://xendevelop.loc/index.php Reusing existing connection to xendevelop.loc:80. HTTP request sent, awaiting response... 200 OK Length: 15360 (15K) [text/html] Saving to: `index.html'   100%[=============================================================================================================================>] 15,360 --.-K/s in 0s   2011-01-03 22:20:25 (422 MB/s) - `index.html' saved [15360/15360]

iptables -L

Chain INPUT (policy ACCEPT) target prot opt source destination   Chain FORWARD (policy ACCEPT) target prot opt source destination   Chain OUTPUT (policy ACCEPT) target prot opt source destination

Apache does not log anything from the client except when it displays the website. Its now also completely random sometimes it works then it does not after x min it works again etc etc.

Thank you for helping and showing me what to do.

Tue, 01/04/2011 - 03:46
Locutus

Can you please enclose your console output lines in   tags? They will be much better readable then.

Tue, 01/04/2011 - 09:49 (Reply to #5)
we_are_borg

I hope that more readable. I just forgot that code tags could be used.

Tue, 01/04/2011 - 16:39
Locutus

Yeah, much better.

I cannot see any error or problem though in the things you posted. (It's normal that a `dig +trace´ won't find anything for your domains, since they're not known in the Internet.) Can you re-iterate what exactly the problem is and the precise steps to reproduce them?

Wed, 01/05/2011 - 08:31 (Reply to #7)
we_are_borg

I try to give you the pricise steps what i do.

The following domains exist:

vb.loc myphpadmin.loc xendevelop.loc svm.loc

The following services run on the server just like before i installed Ubuntu and virtualmin.

DHCP Virtualmin and what it installed default install Samba server SABNZBD+ NFS server

The domain vb.loc and the location of the control panel are in the main tabs of FireFox and always open, on vb.loc i see 403 forbidden that should be correct because no files are yet uploaded. When i try to go to any of the other locations it can be that it opens correct and everything work, but in most cases i get that the domain will not open, i then get that server could not be found in FireFox (FTP gives the same error), usaully one location will work but from the four domains i never now witch one, if they all fail its easy i go to the virtualmin admin panel and then access the following edit virtual server and then press the domain name on that screen 9 out of 10 it will open even if it failed to do so before. The wierest problem is its random i can never know when something will happen today it seems to work just fine but Sunday when i was trying stuff it did not. First i thought that it was Bind that was acting up but its running fine.

What services can have this kind of effect and what log books can i view to trace the error. I am not really interested in a quick fix this is also fun to do btw.

Wed, 01/05/2011 - 14:14
Locutus

I think you're on the right track with suspecting "BIND". Often random connection errors like this are caused by incorrectly set up / synced nameservers. When you have two NS of which one is erroneous, clients will randomly choose one and sometimes work and sometimes not.

Unfortunately that's the only idea I currently have where you could go do some digging, otherwise your report that Firefox cannot load the page does not match the positive test results of the commands you executed.

Wed, 01/05/2011 - 16:49
we_are_borg

Well it all random try to ftp to ftp.vb.loc works, disconnect forgot something try to connect 2 min later does not work. I am going to ask someone that hase more knowledge of Bind because i hate DNS systems i always get lost.

Thu, 01/06/2011 - 07:09
Locutus

To find out if it's a nameserver issue or not, you might (instead of trying to load the web page or FTPing) try a DNS resolution those "two minutes later". If the name can be resolved one time and cannot be resolved the next time, we know where to dig further. :)

Thu, 01/06/2011 - 09:32
we_are_borg

Well when i do a DNS resolution we get the following

> ftp.vb.loc Server: UnKnown Address: 192.168.1.120   Naam: ftp.vb.loc Address: 192.168.1.123

Here you can see that the ip is 192.168.1.123 that is correct thats the ip i used, when i try to ftp to ftp.vb.loc i get

[R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #1 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #2 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #3 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #4 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #5 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #6

This is around 5 sec after the DNS resolution that i tried connecting to ftp.vb.loc its now around 2 to max 3 min later and i can now connect to ftp.vb.loc.

[R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #1 [R] Unable to resolve host: ftp.vb.loc [R] Delaying for 120 seconds before reconnect attempt #2 [R] Connecting to vBulletin Internal Test Site -> DNS=ftp.vb.loc IP=192.168.1.123 PORT=21 (attempt # 2) [R] Connected to vBulletin Internal Test Site [R] 220 ProFTPD 1.3.2c Server (Debian) [::ffff:192.168.1.123] [R] USER vbulletin [R] 331 Password required for vbulletin [R] PASS (hidden) [R] 230 User vbulletin logged in [R] SYST [R] 215 UNIX Type: L8 [R] FEAT [R] 211-Features: [R] MDTM [R] MFMT [R] UTF8 [R] MFF modify;UNIX.group;UNIX.mode; [R] MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*; [R] LANG en-US* [R] REST STREAM [R] SIZE [R] 211 End [R] OPTS UTF8 ON [R] 200 UTF8 set to on [R] PWD [R] 257 "/home/vbulletin" is the current directory [R] PASV [R] 227 Entering Passive Mode (192,168,1,123,143,27). [R] Opening data connection IP: 192.168.1.123 PORT: 36635 [R] MLSD [R] 150 Opening ASCII mode data connection for MLSD [R] 226 Transfer complete [R] List Complete: 1 KB in 0,03 seconds (60,1 KB/s)
Thu, 01/06/2011 - 10:45
Locutus

What nameservers are configured on your workstation(s)? Just the .1.120 one? Did you try emptying the resolver cache (ipconfig /flushdns under Windows)?

I just see that in your initial dig test, your nameserver returns "debianjp.dyndns.org." as NS entry for "vb.loc". I suppose that should rather be "vb.loc." as well, and your nameserver must serve an A record for that.

Fri, 01/07/2011 - 05:34
we_are_borg

I made a typo with the debianjp.dyndns.org made .loc and changed the Bind cfg's to reflect .loc

; <<>> DiG 9.7.0-P1 <<>> vb.loc ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37980 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0   ;; QUESTION SECTION: ;vb.loc.INA   ;; ANSWER SECTION: vb.loc.38400INA192.168.1.123   ;; AUTHORITY SECTION: vb.loc.38400INNSdebianjp.dyndns.loc.   ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jan 7 12:31:43 2011 ;; MSG SIZE rcvd: 70

The ipconfig /flushdns had no effect but changing the DNS on my system did i now only have one DNS running namely 192.168.1.120 it seems to work now so i test it for a few days like this if it still works sunday or so then its something with the DNS on the systems.

Fri, 01/07/2011 - 12:00
Locutus

And what nameservers did you have configured before on your workstations?

Fri, 01/07/2011 - 12:26
we_are_borg

The workstations get from the DHCP server thats installed on the same box.

subnet 192.168.1.0 netmask 255.255.255.0 { default-lease-time 86400; authoritative; deny client-updates; deny unknown-clients; range 192.168.1.2 192.168.1.254; } group { option routers 192.168.1.254; option domain-name-servers 192.168.1.120 , 192.168.1.254; deny client-updates; deny unknown-clients; option ntp-servers ntp.xs4all.nl; use-host-decl-names on; # Jeroen host SevenofNine-pc { default-lease-time 86400; ddns-updates on; option subnet-mask 255.255.255.0; deny client-updates; deny unknown-clients; hardware ethernet 00:24:21:53:86:DA; fixed-address 192.168.1.200; }

The host list is longer but its the same except the fixed-address that ofc changes every time, i have now disabled on my own station automatic DNS and only said that it need to listen to 192.168.1.120.

The IP address 192.168.1.254 is my DSL broadband router that also hold DNS from my provider.

Fri, 01/07/2011 - 13:02
Locutus

Okay, then the second (provider) nameserver was quite likely the problem. When your workstations query that one to resolve your ".loc" domains, it'll say "I have never heard about such a top-level domain". :) Hence the random failure.

Fri, 01/07/2011 - 14:25
we_are_borg

Yes but the primary was 192.168.1.120 secondary was 192.168.1.254 how i understand that when it, was not found on primary it goes to secondary but why would it go to secondary in most of the cases.