Jump to content
Froxlor Forum
  • 0

Nameserver TLD resolution issues


steve_adams
 Share

Question

I've got a Froxlor install on Debian Buster configured with Bind9 as an authoritative nameserver and I'm experiencing missing information in the dig results.

dig ns1.radicalcomputingconcepts.com

; <<>> DiG 9.10.6 <<>> ns2.radicalcomputingconcepts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27849
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ns2.radicalcomputingconcepts.com. IN    A

;; Query time: 94 msec
;; SERVER: 2001:558:feed::1#53(2001:558:feed::1)
;; WHEN: Wed Jul 28 17:35:38 MDT 2021
;; MSG SIZE  rcvd: 61

=============

Prior to installing Bind9 I had DjbDns installed and results looked like this:

dig ns1.radicalcomputingconcepts.com

; <<>> DiG 9.10.6 <<>> ns1.radicalcomputingconcepts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17268
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.radicalcomputingconcepts.com. IN    A

;; ANSWER SECTION:
ns1.radicalcomputingconcepts.com. 86339    IN A    149.56.97.154
ns1.radicalcomputingconcepts.com. 86339    IN A    149.56.97.154

;; Query time: 85 msec
;; SERVER: 2603:300b:7d6:1800:82b2:34ff:fe4b:1789#53(2603:300b:7d6:1800:82b2:34ff:fe4b:1789)
;; WHEN: Wed Jul 28 17:37:23 MDT 2021
;; MSG SIZE  rcvd: 82

===================

Further irregularities occur as the parent domain to the NS is not responsive to DNS lookups and ping attempts:

ping radicalcomputingconcepts.com
ping: cannot resolve radicalcomputingconcepts.com: Unknown host

AND the domain of my froxlor server as set in the system settings also becomes unresponsive as well

ping mail.radicalcomputingconcepts.com
ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host

There is nothing unusual about the Bind installation and all the services have been configured according to the tempates

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 0

In the immortal words of Homer Simpson, "D'oh!"

I think I found it! I was running Rspamd in order to supply DKIM and it was occupying port 53 with records for the NS1 and NS2. So when the named-checkzone ran it detected that there were pre-existing A records and refused to load the zone!

Doop, vielen dank für deine geduld mit mir !

Link to comment
Share on other sites

  • 0

It appears I still had ipv6 enabled. I disabled it by adding

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
GRUB_CMDLINE_LINUX="ipv6.disable=1"

to /etc/default/grub and restarting.

Upon restart, postfix is broken and cannot authenticate via SASL:

warning: SASL: Connect to private/auth failed: Connection refused
Jul 29 15:07:01 mail postfix/smtpd[1490]: fatal: no SASL authentication mechanisms
Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1481 exit status 1
Jul 29 15:07:01 mail postfix/master[1147]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1482 exit status 1
Jul 29 15:07:01 mail postfix/master[1147]: warning: process /usr/lib/postfix/sbin/smtpd pid 1483 exit status 1

I appear to have a conflict with Bind9 and IPv6? Please advise

 

 

Link to comment
Share on other sites

  • 0

I've installed ipv6 information into my network interfaces and eliminated the bind errors in syslog. From and external host name resolution fails for the primary domain, the domain specified in the system settings, and dig responses are missing answer sections:

syslog:

Restarting bind9 (via systemctl): bind9.service.
root@mail:/home/steve# tail -f /var/log/syslog
Jul 29 18:11:27 mail named[6374]: zone flatironscannabis.com/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: zone jaith.net/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: zone mailinglist.boulevardbread.com/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: zone ragustudio.com/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: zone oddballsinvitations.net/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: zone boulevardbread.com/IN: sending notifies (serial 2021072900)
Jul 29 18:11:27 mail named[6374]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jul 29 18:11:27 mail named[6374]: resolver priming query complete

external host resolution:

ping mail.radicalcomputingconcepts.com
ping: cannot resolve mail.radicalcomputingconcepts.com: Unknown host

ping radicalcomputingconcepts.com
ping: cannot resolve radicalcomputingconcepts.com: Unknown host

zone files for hosts that are failing resolution:

$TTL 600
$ORIGIN radicalcomputingconcepts.com.
@    600    IN    SOA    ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600
@    600    IN    A    149.56.97.154
www    600    IN    A    149.56.97.154
@    600    IN    NS    ns1.radicalcomputingconcepts.com.
@    600    IN    NS    ns2.radicalcomputingconcepts.com.

$TTL 600
$ORIGIN mail.radicalcomputingconcepts.com.
@    600    IN    SOA    ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021072901 3600 900 604800 600
@    600    IN    A    149.56.97.154
@    600    IN    NS    ns1.radicalcomputingconcepts.com.
@    600    IN    NS    ns2.radicalcomputingconcepts.com.
@    600    IN    CAA    0 issue "letsencrypt.org"

missing answer sections from  dig:

dig radicalcomputingconcepts.com

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> radicalcomputingconcepts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31804
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: e05667de07e9c60614b1b8ed610328e82bba2257178535e9 (good)
;; QUESTION SECTION:
;radicalcomputingconcepts.com.    IN    A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 29 18:17:12 EDT 2021
;; MSG SIZE  rcvd: 85

 

Link to comment
Share on other sites

  • 0

I added a domain in froxlor control panel for radicalcomputingconcepts.com.

The zone file looks like this:

$TTL 600
$ORIGIN radicalcomputingconcepts.com.
@    600    IN    SOA    ns1.radicalcomputingconcepts.com. steve.keystonedesign.com. 2021073002 3600 900 604800 600
@    600    IN    A    149.56.97.154
www    600    IN    A    149.56.97.154
@    600    IN    NS    ns1.radicalcomputingconcepts.com.
@    600    IN    NS    ns2.radicalcomputingconcepts.com.


running named-checkzone yields:

named-checkzone radicalcomputingconepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone
/etc/bind/domains/radicalcomputingconcepts.com.zone:3: ignoring out-of-zone data (radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:5: ignoring out-of-zone data (radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:6: ignoring out-of-zone data (www.radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:7: ignoring out-of-zone data (radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:8: ignoring out-of-zone data (radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:12: ignoring out-of-zone data (mail.radicalcomputingconcepts.com)
/etc/bind/domains/radicalcomputingconcepts.com.zone:13: ignoring out-of-zone data (mail.radicalcomputingconcepts.com)
zone radicalcomputingconepts.com/IN: has 0 SOA records
zone radicalcomputingconepts.com/IN: has no NS records
zone radicalcomputingconepts.com/IN: not loaded due to errors.

I can find no documentation on the Froxlor site nor in the forums on configuration of GLUE records...please advise

Link to comment
Share on other sites

  • 0

HA! Please forgive me....I mistyped the domain in my named-checkzone query. Fat fingers and not enough coffee!

root@mail:/etc/bind/domains# named-checkzone radicalcomputingconcepts.com /etc/bind/domains/radicalcomputingconcepts.com.zone
zone radicalcomputingconcepts.com/IN: NS 'ns1.radicalcomputingconcepts.com' has no address records (A or AAAA)
zone radicalcomputingconcepts.com/IN: NS 'ns2.radicalcomputingconcepts.com' has no address records (A or AAAA)
zone radicalcomputingconcepts.com/IN: not loaded due to errors.

FYI, Glue records are in place at the registrar and have been for almost a decade or more...

root@mail# dig ns com

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37906
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;com.                IN    NS

;; ANSWER SECTION:
com.            86400    IN    NS    g.gtld-servers.net.
com.            86400    IN    NS    a.gtld-servers.net.
com.            86400    IN    NS    e.gtld-servers.net.
com.            86400    IN    NS    d.gtld-servers.net.
com.            86400    IN    NS    j.gtld-servers.net.
com.            86400    IN    NS    k.gtld-servers.net.
com.            86400    IN    NS    c.gtld-servers.net.
com.            86400    IN    NS    f.gtld-servers.net.
com.            86400    IN    NS    l.gtld-servers.net.
com.            86400    IN    NS    b.gtld-servers.net.
com.            86400    IN    NS    m.gtld-servers.net.
com.            86400    IN    NS    i.gtld-servers.net.
com.            86400    IN    NS    h.gtld-servers.net.

;; Query time: 88 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Fri Jul 30 12:43:11 EDT 2021
;; MSG SIZE  rcvd: 256

root@mail:/etc/bind# dig ns radicalcomputingconcepts.com @e.gtld-servers.net

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ns radicalcomputingconcepts.com @e.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57187
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;radicalcomputingconcepts.com.    IN    NS

;; AUTHORITY SECTION:
radicalcomputingconcepts.com. 172800 IN    NS    ns1.radicalcomputingconcepts.com.
radicalcomputingconcepts.com. 172800 IN    NS    ns2.radicalcomputingconcepts.com.

;; ADDITIONAL SECTION:
ns1.radicalcomputingconcepts.com. 172800 IN A    149.56.97.154
ns2.radicalcomputingconcepts.com. 172800 IN A    96.81.53.27

;; Query time: 68 msec
;; SERVER: 2001:502:1ca1::30#53(2001:502:1ca1::30)
;; WHEN: Fri Jul 30 12:44:09 EDT 2021
;; MSG SIZE  rcvd: 125

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...