Error and Confusion

35 posts / 0 new
Last post
#1 Tue, 07/30/2013 - 16:12
pcelements

Error and Confusion

My Virtualmin Server’s name: apollo.abc-domain.com

When I try to add my domain abc-domain.com as a Virtual Server I get the following error: Error

Failed to create virtual server : The DNS domain abc-domain.com is already hosted by your DNS server

So, I added another of my domains (123-domain.com) as a Virtual Server and added an index.html file to the public_html directory.

When I go to abc-domain.com or 123-domain.com I get the same index file which I added to 123-domain.com.

What do I need to do for this not to happen? Also, I want to host a website under abc-domain.com but because it is not letting me create the virtual server, I don't have a public_html folder. I am able to receive emails though. Thanks for your help!

Tue, 07/30/2013 - 22:13
andreychek

Howdy,

Hmm, did you by chance manually add abc-domain.com (or a related domain name) to your BIND DNS config? If so, that might explain the errors you're receiving.

-Eric

Tue, 07/30/2013 - 23:15 (Reply to #2)
pcelements

I'm not sure what I did, but I know I followed this instructions: http://dhru.com/knowledgebase/52/How-do-I-setup-nameservers-in-Webmin-or...

This is my DNS Config file:

// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. //

options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes;

dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";

};

logging { channel default_debug { file "data/named.run"; severity dynamic; }; };

zone "." IN { type hint; file "named.ca"; };

include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

zone "abc-domain.com" { type master; file "/var/named/abc-domain.com.hosts"; }; zone "123-domain.com" { type master; file "/var/named/123-domain.com.hosts"; allow-transfer { 127.0.0.1; localnets; 177.222.99.194; }; }; zone "other-domain.com" { type master; file "/var/named/other-domain.com.hosts"; allow-transfer { 127.0.0.1; localnets; 177.222.99.194; }; };

The IP 177.222.99.194 is not my actual IP. In fact that is the IP of my ns2.abc-domain.com. The main IP I use is another one which I use for ns1.abc-domain,com and as main server IP.

I hope this helps.

Wed, 07/31/2013 - 00:12
Locutus

You should not add DNS zones you intend to host through Virtualmin manually following some tutorials. :) If you need some administrative domain which hold the hostname of your system, you should not add that in Virtualmin.

You're seeing the 123.com contents for ABC.com now because Apache serves the alphabetically first server for hostnames it doesnt know.

Wed, 07/31/2013 - 07:20
pcelements

Ok, so, what steps do I have to take to solve this? Should I delete the DNS Zone for abc-domain.com and then add the virtual server? Thanks.

Wed, 07/31/2013 - 07:45
andreychek

Howdy,

You can also configure all that DNS from within Virtualmin. But if you manually add those ahead of time, that confuses things a bit :-)

Yeah, as you suggested, just delete the DNS zone that was manually added.

Virtualmin will create a zone for that domain when you add it into Virtualmin (assuming you enable the DNS feature for that domain) -- and then you can add and remove DNS entries as-needed.

-Eric

Wed, 07/31/2013 - 08:38
pcelements

I deleted the zone and created the new virtual server and it is working. But, I have other questions:

1- There are other DNS Zones which are created by default, do I need them or should I delete them? They are the following: Root Zone - 0 - 0000::1 - 127.0.0.1 - localhost

2- In the DNS Records File for abc-domain.com, I have 2 nameservers showing the same IP, while the ns2.abc-domain.com should be my second IP, as I have it in my domain registrar.

Wed, 07/31/2013 - 09:19
andreychek

Howdy,

I wouldn't suggest removing any zones that are setup by default, those are generally needed.

Regarding ns2.abc-domain.com -- you can always update the IP if it isn't correct.

You can edit those records using Virtualmin, by going into Server Configuration -> Edit DNS Records.

In that screen, you can add/modify/delete any DNS records setup for that domain.

-Eric

Wed, 07/31/2013 - 10:51
Locutus

1 - As Eric said, the other zones you see in BIND are created by default and are required. If you remove the root zone, BIND cannot act as a forwarding resolver anymore, because it loses information about the root nameservers. The other three are forward and reverse localhost zones which are not strictly required, but it's recommended to leave them be.

2 - After you have fixed the incorrect IP, you might want to check if newly created domains always get the wrong nameserver IP. If so, there's probably something wrong with your server template.

Wed, 07/31/2013 - 13:08
pcelements

Ok, I edit the record. When I check my domain in http://www.intodns.com I get the following warning:

"DNS servers responded
ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 173.xxx.xxx.xxx "

This IP corresponds to my ns2.abc-domain.com

The DNS port 53 is opened in the router and forwarded to the internal IP.

What do you think is going on?

Wed, 07/31/2013 - 14:07
andreychek

Howdy,

If you log into the ns2.abc-domain.com server, and run this command, what output do you receive:

netstat -an | grep :53

Wed, 07/31/2013 - 14:21
pcelements

When you say "log into", do you mean accessing my server through ssh using the ip address assigned to ns2.abc-domain.com ?

I'm unable to ssh using that IP address. I get connection timed out. I'm unable to get a response when pinging to that IP address or to ns2.abc-domain.com

Fri, 08/02/2013 - 08:06
pcelements

I wasn't able to log in my server through ssh using the external ip associated with ns2.abc-domain.com even though I have the ports opened in my router. So, I logged in using the internal ip address. I ran the command netstat -an | grep :53 and this is the output:

tcp 0 0 10.0.1.100:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
udp 0 0 10.0.1.100:53 0.0.0.0:*
udp 0 0 10.0.0.100:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 :::53 :::*

Please help as soon as you can!

Other thing, I rebooted my modem and I am now able to get a response when pinging to ns2.....

thank you!

Fri, 08/02/2013 - 09:04
Locutus

Can you summarize what exactly the current/remaining problem is? I checked "abc-domain.com" and can't find any immediate problems with it.

Are "abc-domain.com" and "123-domain.com" the actual names, or did you use dummies there? For analysis, it's important to know the exact domain names and IP addresses involved.

Fri, 08/02/2013 - 09:33
pcelements

Sorry to mislead you, those are dummy domains. My actual nameservers are ns1.pcelements.com (173.243.84.34) and ns2.pcelements.com (173.243.94.194).

1- When I check my domain's dns in http://www.intodns.com/pcelements.com, I get the following warning:

DNS servers responded
ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 173.243.94.194

also

SOA Serial
Your SOA serial number is: 1375276282. This can be ok if you know what you are doing.

2- I am unable to access my virtualmin panel through https://apollo.pcelements.com:10000 ,but yes through my external IP.

3- How do I know what settings are needed to configure my virtual domain's email accounts in Outlook or any other pop/imap client?

Thanks!

Fri, 08/02/2013 - 11:00
Locutus

1 - Apparently your second nameserver is not responding to DNS queries. Possibly a firewall is filtering UDP traffic on port 53.

About the SOA serial: Usually you use the scheme YYMMDDnnn as serial number. You can set Webmin to do so in the BIND module config.

2 - Your nameservers report "NXDOMAIN" (unknown hostname) for "apollo.pcelements.com".

3 - Can you be more specific there? In general, it's one of your system's domains that resolves to the right IP as hostname, the proper port (110 for POP3, 143 for IMAP and so on), and what username to use depends on your Virtualmin setup. (See the domain's user config screen.)

Fri, 08/02/2013 - 11:13
pcelements

1- Is the problem iptables? The ports are opened in my routers. How can I check this?

2- But, apollo.pcelements.com is the name of my server. What do I have to do for it to work?

3- What I want to know is what would be my incoming and smtp server. Ex. mail.the_virtual_domain.com and smtp.the_virtual_domain.com

Fri, 08/02/2013 - 12:46
Locutus

1 - Well I can't tell without knowing where your server is located in the network. :) I.e. is it a home machine, rented root server, stuff like that.

iptables -L will show the filter list.

2 - I suppose, add an a proper "A" resource record to the zone? Sorry, doing some guesswork here, since your setup appears quite messed up. :)

3 - Virtualmin by default creates the hostname "mail.domain.tld" for that purpose. Both for receiving and sending.

Fri, 08/02/2013 - 13:37
pcelements

1- This is a server located at my office. Each NIC is connected to its own router. Ports for http, https, dns, ftp, and ssh are opened in both routers.

This is the output for iptables -L:

Chain INPUT (policy ACCEPT) target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ftp-data ACCEPT udp -- anywhere anywhere udp dpt:ftp ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:dnp ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT) target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) target prot opt source destination

2- Ok. added the A Record and it worked. - Thanks!

3- Ok. -Thanks!

Fri, 08/02/2013 - 17:30
Locutus

The iptables output looks like the default that Virtualmin sets up. The DNS port should be open okay there. Possibly some other firewall or router in front of your office server blocks / doesn't properly forward UDP port 53 to your server.

Mon, 08/05/2013 - 10:29
pcelements

I don't know what else to do. There is just my modem, 2 routers (each configured with an external static ip and connected to a lan card with an internal ip) and my server. I don't have any other hardware in between. Port 53 is opened in both TCP and UDP.

Please help! I tried putting the route in DMZ mode for a minute and still got the same results in http://www.intodns.com/pcelements.com

Mon, 08/05/2013 - 11:47
andreychek

What output do you receive if you run this command on your server that's running BIND:

netstat -an | grep :53

Mon, 08/05/2013 - 12:35
Locutus

Is the IP 173.243.94.194 correct? Is that your router? Double-check if you forwarded port 53 TCP AND UDP in your router to the LAN IP of your BIND server. (DNS uses UDP for regular queries.)

Since you already verified before that something is listening on port 53 on your server, and that iptables isn't blocking the port, that's all I can think of. You might want to check the syslog at the time of failed query too. To additionally print the process name that's listening on ports, do netstat -pln | grep :53

Mon, 08/05/2013 - 15:18
pcelements

This the output for netstat -an | grep :53:

[root@apollo ~]# netstat -an | grep :53 tcp 0 0 10.0.1.100:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
udp 0 0 10.0.1.100:53 0.0.0.0:*
udp 0 0 10.0.0.100:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 :::53 :::*
[root@apollo ~]#

The IP 10.0.1.100 is configured in the lan card that is connected to the router which is configured with the IP 173.243.94.194

Ports 53 TCP and UDP are forwarded in both routers to the internal IP's 10.0.0.100 in router A and 10.0.1.100 in router B.

Mon, 08/05/2013 - 17:18
Locutus

In "both" routers? There can be only one router that is responsible for your external IP and has to forward it to your BIND server.

Mon, 08/05/2013 - 17:28
pcelements

But, I have 2 external IP's assigned to my nameservers: ns1.pcelements.com 173.243.84.34 - IP configured in router A and ns2.pcelements.com 173.243.94.194 - IP configured in router B

Tue, 08/06/2013 - 01:10
Locutus

Well something is obviously wrong with your network setup. What's the output of

ifconfig -a route -n

And does port forwarding from your router B work in general? Did you try it with other PCs? I'm running out of ideas here.

Tue, 08/06/2013 - 06:41
pcelements

This is the output for ifconfig -a :(I'm using eth2 and eth3)

eth0 Link encap:Ethernet HWaddr 00:13:72:4F:D5:8D
BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth1 Link encap:Ethernet HWaddr 00:13:72:4F:D5:8E
BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

eth2 Link encap:Ethernet HWaddr 00:04:23:CE:A5:62
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::204:23ff:fece:a562/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:123276 errors:0 dropped:0 overruns:0 frame:0 TX packets:128368 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49614901 (47.3 MiB) TX bytes:21928926 (20.9 MiB)

eth3 Link encap:Ethernet HWaddr 00:04:23:CE:A5:63
inet addr:10.0.1.100 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::204:23ff:fece:a563/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7498 errors:0 dropped:0 overruns:0 frame:0 TX packets:568 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:609947 (595.6 KiB) TX bytes:35043 (34.2 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:39172 errors:0 dropped:0 overruns:0 frame:0 TX packets:39172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4955513 (4.7 MiB) TX bytes:4955513 (4.7 MiB)

This is the output for route -n:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth2 169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth3 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth2

Tue, 08/06/2013 - 10:24
Locutus

You have an incorrect broadcast address on your eth3. That might be a problem. Can you ping the router's IP in the 10.0.1.* network from the server?

You might want to do a packet capture on your server, to see if DNS queries arrive via router B, and if replies go out:

tcpdump udp port 53

Tue, 08/06/2013 - 15:24
pcelements

Yes, I can ping from the server to router B )10.0.1.1). I changed the broadcast address on eth3 to 10.0.1.255 and did a reboot on the server, but no change.

I'm getting this output for tcpdump udp port 53: tcpdump: USB link-layer type filtering not implemented

So, I used this one that I found on Google, although I don't know if this is what you wanted:

tcpdump -i eth3 port 53

and the output is: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes

^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel [root@apollo ~]# tcpdump -i eth3 port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel

Tue, 08/06/2013 - 17:14
Locutus

Right, you have to tell tcpdump what interface to listen on.

But unfortunately, I'm out of ideas here. All I can say is that for some reason, the DNS query packets don't reach your server. They are filtered somewhere (it's possible your ISP does so, for security reasons, i.e. filter DNS packets that aren't replies to queries by you, after all you're probably an end user and not a server operator) or not forwarded properly by your router. All I can suggest is to re-check the router in this regard. Maybe someone else can give some more input about this.

Thu, 08/22/2013 - 11:53
pcelements

Hi Everybody! I'm still having issues and I'm desperate!

I get this error when going to http://www.intodns.com/pcelements.com :

ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 173.243.94.194

I talked with my ISP and told us that they are not blocking any ports.

Does anybody have new ideas that I can try? I'm thinking about reinstalling Centos and Virtualmin from scratch. Please Help!

Fri, 08/23/2013 - 06:32
Locutus

I fear this issue is getting too complex for me to try and solve by "remote guessing". If you'd like, I can offer you personal support by taking a look at your system myself: http://www.virtualmin.com/node/29342

Fri, 08/23/2013 - 18:12
pcelements

Thanks Locutus for your offer! But, I got a little impatient and reinstalled Centos and Virtualmin. This time, using only 1 IP address 173.243.84.34.

But, when I go to http://www.intodns.com/pcelements.com I still get some errors, but this time they are different.

Also, under System Settings -> Re-Check Configuration, I get the following message: Default IP address is set to 10.0.0.100, but the detected external address is actually 173.243.84.34. This is typically the result of being behind a NAT firewall, and should be corrected on the module configuration page.

I guess both errors are related, but I don't want to mess up my server this time. Can you guide me so I can solve this? Thanks!

Fri, 08/23/2013 - 21:04
pcelements

I figured it out. In Virtualmin-System Settings-Virtualmin Configuration-Network Settings changed from Default IP Address for DNS Records from –Same as Virtual IP to Automatically Detect external Address. I deleted the virtual server and created it again. Works Perfectly! I really appreciate all your help!!! Thank You!!!