DNS Problem. My host server & main domain don't resolve.

[jekab]

Hi to everyone,

I am a newbie in WHM/cPanel as well as in DNS.
I have my dedicated server up and run last Thursday and since that time can't sleep as have problems with DNS. I have read and tried many of helpful topics here but still haven't full success.

My problems are the following:
1. my main domain webiline.com is not resolving (not available through web)
2. my dedicated server not available through web by its hostname is-5598.webiline.com

Let me describe my current configuration.
--------------------------------------
dedicated server:
hostname is is-5598.webiline.com
main IP address 83.142.226.104

ISP DNS servers
My server provider (ISP) provides next DNS servers (which I hope should be my resolvers?):
87.117.198.200
87.117.237.100
87.117.196.200

I have many dedicated IPs delivered by the server provider (ISP)

OS and WHM/cPanel versions:
WHM 11.23.2 cPanel 11.23.4-R26138
CENTOS Enterprise 5.2 i686 on standard - WHM X v3.1.0

My main domain name:
webiline.com is registered with goDaddy.com
In WHM I have added webiline.com as an account on IP: 83.142.226.110 (as root - not as reseller)

nameservers
Yesterday (24/08/08) I requested for two custom nameservers and it seems they are now resolving fine:

ns1.webiline.com on 83.142.226.111
ns2.webiline.com on 83.142.226.112

In my godaddy account I set these namesers on my main domain name webiline.com

my IPS provides me direct facility to add reverse DNS entries so I've added two fro my nameservers:
83.142.226.111 ns1.webiline.com
83.142.226.112 ns2.webiline.com
--------------------------------------

I've done all the initial set up in WHM, done all the necessary changes/fixes
in following files:
/etc/resolv.conf
/etc/nameserverips
/etc/named.conf
/etc/hosts

so I will show there what these files contains at the moment:

/etc/wwwacct.conf

Code:

ADDR 83.142.226.104
CONTACTEMAIL
CONTACTPAGER
DEFMOD x3
ETHDEV
FTPTYPE proftpd
HOMEDIR /home
HOMEMATCH home
HOST is-5598.webiline.com
LOGSTYLE combined
MINUID
NS ns1.webiline.com
NS2 ns2.webiline.com
NS3
NS4
NSTTL 86400
SCRIPTALIAS y
TTL 14400

/etc/resolv.conf

Code:

domain webiline.com
search webiline.com
nameserver 127.0.0.1
nameserver 87.117.198.200
nameserver 87.117.237.100
#nameserver 87.117.196.200

/etc/nameserverips

Code:

10.0.6.xxx=0
83.142.226.104=0
83.142.226.110=0
83.142.226.111=NS1.WEBILINE.COM
83.142.226.112=NS2.WEBILINE.COM
83.142.226.113=0
83.142.226.114=0
83.142.226.115=0
83.142.226.116=0
83.142.226.117=0
83.142.226.118=0
83.142.226.119=0
83.142.226.120=0

/etc/hosts

Code:

::1             localhost6.localdomain6 localhost6
# that require network functionality will fail.
# Do not remove the following line, or various programs
83.142.226.104          is-5598.webiline.com is-5598
127.0.0.1               localhost

/etc/host.conf

Code:

order hosts,bind

/etc/named.conf

Code:

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

options {
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
    query-source    port 53;
    recursion no;

    // Put files that named is allowed to write in the data/ directory:
    directory "/var/named"; // the default
    dump-file             "data/cache_dump.db";
    statistics-file     "data/named_stats.txt";
    memstatistics-file     "data/named_mem_stats.txt";
};

logging {
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/nam
ed).
 *      By default, SELinux policy does not allow named to modify the /var/named
 directory,
 *      so put the default debug log file in data/ :
 */
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subn
ets:
 */

    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // all views must contain the root hints zone:
    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries

zone "webiline.com" {
        type master;
        file "/var/named/webiline.com.db";
};

zone "ns1.webiline.com" {
        type master;
        file "/var/named/ns1.webiline.com.db";
};

zone "ns2.webiline.com" {
        type master;
        file "/var/named/ns2.webiline.com.db";
};

zone "is-5598.webiline.com" {
        type master;
        file "/var/named/is-5598.webiline.com.db";
};

DNS zone for webiline.com
/var/named/webiline.com.db

Code:

; cPanel first:11.23.4-RELEASE_26138 latest:11.23.3-NIGHTLY_25990 Cpanel::ZoneFile::VERSION:1.2 mtime:1219620786
; Zone file for webiline.com
$TTL 14400
webiline.com.   86400   IN      SOA     ns1.webiline.com.       dnsadmin.is-5598.webiline.com.  (
                                                2008082410 ;Serial Number
                                                86400 ;refresh
                                                7200 ;retry
                                                3600000 ;expire
                                                86400 ;minimum
        )
webiline.com.   86400   IN      NS      ns1.webiline.com.
webiline.com.   86400   IN      NS      ns2.webiline.com.
webiline.com.   14400   IN      A       83.142.226.110
localhost       14400   IN      A       127.0.0.1
webiline.com.   14400   IN      MX      10      mail.webiline.com.
mail    14400   IN      CNAME   webiline.com.
www     14400   IN      CNAME   webiline.com.
ftp     14400   IN      A       83.142.226.110
cpanel  14400   IN      A       83.142.226.110
whm     14400   IN      A       83.142.226.110
webmail 14400   IN      A       83.142.226.110
webdisk 14400   IN      A       83.142.226.110
ns1     14400   IN      A       83.142.226.111
ns2     14400   IN      A       83.142.226.112
is-5598 14400   IN      A       83.142.226.104

DNS zone for server is-5598.webiline.com
/var/named/is-5598.webiline.com.db

Code:

; cPanel 11.23.4-RELEASE_26138
; Zone file for is-5598.webiline.com
$TTL 14400
@      86400    IN      SOA     ns1.webiline.com. root.is-5598.webiline.com. (
                2008082401      ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

is-5598.webiline.com. 86400     IN NS ns1.webiline.com.
is-5598.webiline.com. 86400     IN NS ns2.webiline.com.


is-5598.webiline.com. IN A 83.142.226.104

localhost.is-5598.webiline.com. IN A 127.0.0.1

is-5598.webiline.com. IN MX 0 is-5598.webiline.com.

Please let me know if any other information from me would be helpfull to solve the issue.

------------------------------------------------------------------------
How I tested (in next post...)

[jekab]

How I tested

Through SSH on my server (83.142.226.104)

nslookup ns1.webiline.com

Code:

root@is-5598 [~]# nslookup ns1.webiline.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ns1.webiline.com
Address: 83.142.226.111

dig ns1.webiline.com

Code:

root@is-5598 [~]# dig ns1.webiline.com

; <<>> DiG 9.3.4-P1 <<>> ns1.webiline.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32333
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;ns1.webiline.com.              IN      A

;; ANSWER SECTION:
ns1.webiline.com.       12443   IN      A       83.142.226.111

;; AUTHORITY SECTION:
ns1.webiline.com.       84443   IN      NS      ns2.webiline.com.
ns1.webiline.com.       84443   IN      NS      ns1.webiline.com.

;; ADDITIONAL SECTION:
ns2.webiline.com.       14254   IN      A       83.142.226.112

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 25 11:07:47 2008
;; MSG SIZE  rcvd: 98

host ns1.webiline.com

Code:

root@is-5598 [~]# host ns1.webiline.com
ns1.webiline.com has address 83.142.226.111
ns1.webiline.com mail is handled by 0 ns1.webiline.com.

host 83.142.226.111

Code:

root@is-5598 [~]# host 83.142.226.111
111.226.142.83.in-addr.arpa domain name pointer ns1.webiline.com.

nslookup ns2.webiline.com

Code:

root@is-5598 [~]# nslookup ns2.webiline.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ns2.webiline.com
Address: 83.142.226.112

dig webiline.com

Code:

root@is-5598 [~]# dig webiline.com

; <<>> DiG 9.3.4-P1 <<>> webiline.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62775
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;webiline.com.                  IN      A

;; ANSWER SECTION:
webiline.com.           11907   IN      A       83.142.226.110

;; AUTHORITY SECTION:
webiline.com.           53182   IN      NS      ns2.webiline.com.
webiline.com.           53182   IN      NS      ns1.webiline.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 25 10:31:44 2008
;; MSG SIZE  rcvd: 82

nslookup webiline.com

Code:

root@is-5598 [~]# nslookup webiline.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   webiline.com
Address: 83.142.226.110

nslookup is-5598.webiline.com

Code:

root@is-5598 [~]# nslookup is-5598.webiline.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   is-5598.webiline.com
Address: 83.142.226.104

nslookup webiline.com 87.117.198.200

Code:

root@is-5598 [~]# nslookup webiline.com 87.117.198.200
;; connection timed out; no servers could be reached

nslookup is-5598.webiline.com 87.117.198.200
(where 87.117.198.200 is my primary resolver)

Code:

root@is-5598 [~]# nslookup is-5598.webiline.com 87.117.198.200
;; connection timed out; no servers could be reached

If I alter resolv.conf and comment local nameserver to have:

Code:

domain webiline.com
search webiline.com
#nameserver 127.0.0.1
nameserver 87.117.198.200
nameserver 87.117.237.100
#nameserver 87.117.196.200

I have the following test results:

nslookup ns1.webiline.com

Code:

root@is-5598 [~]# nslookup ns1.webiline.com
Server:         87.117.237.100
Address:        87.117.237.100#53

Non-authoritative answer:
Name:   ns1.webiline.com
Address: 83.142.226.111

nslookup webiline.com

Code:

root@is-5598 [~]# nslookup webiline.com
;; Got SERVFAIL reply from 87.117.237.100, trying next server
;; connection timed out; no servers could be reached

nslookup is-5598.webiline.com

Code:

root@is-5598 [~]# nslookup is-5598.webiline.com
;; Got SERVFAIL reply from 87.117.237.100, trying next server
;; connection timed out; no servers could be reached

dig webiline.com

Code:

root@is-5598 [~]# dig webiline.com

; <<>> DiG 9.3.4-P1 <<>> webiline.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33686
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;webiline.com.                  IN      A

;; Query time: 2 msec
;; SERVER: 87.117.237.100#53(87.117.237.100)
;; WHEN: Mon Aug 25 10:51:53 2008
;; MSG SIZE  rcvd: 30

Test Through SSH on my other dedicated server (83.138.146.91)

nslookup ns1.webiline.com

Code:

[root@140824-app1 /]# nslookup ns1.webiline.com
Server:         83.138.151.80
Address:        83.138.151.80#53

** server can't find ns1.webiline.com: NXDOMAIN

nslookup webiline.com

Code:

[root@140824-app1 /]# nslookup webiline.com
Server:         83.138.151.80
Address:        83.138.151.80#53

Non-authoritative answer:
Name:   webiline.com
Address: 83.142.226.110

(it seems like DNS cashe)

nslookup is-5598.webiline.com

Code:

[root@140824-app1 /]# nslookup is-5598.webiline.com
Server:         83.138.151.80
Address:        83.138.151.80#53

** server can't find is-5598.webiline.com: NXDOMAIN

dig webiline.com

Code:

[root@140824-app1 /]# dig webiline.com

; <<>> DiG 9.2.4 <<>> webiline.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49330
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;webiline.com.                  IN      A

;; ANSWER SECTION:
webiline.com.           2824    IN      A       83.142.226.110

;; AUTHORITY SECTION:
webiline.com.           100162  IN      NS      ns15.domaincontrol.com.
webiline.com.           100162  IN      NS      ns16.domaincontrol.com.

;; ADDITIONAL SECTION:
ns15.domaincontrol.com. 10965   IN      A       64.202.165.118
ns16.domaincontrol.com. 2023    IN      A       208.109.255.8

;; Query time: 1 msec
;; SERVER: 83.138.151.80#53(83.138.151.80)
;; WHEN: Mon Aug 25 10:52:50 2008
;; MSG SIZE  rcvd: 130

(This dig test shows the old information, when webiline.com had godaddy's nameservers ns15.domaincontrol.com. & ns16.domaincontrol.com.)

----------------------------------------------------------------------
----------------------------------------------------------------------

Does all of this means that my nameservers
ns1.webiline.com ns2.webiline.com as well as webiline.com and is-5598.webiline.com are still not propagated. Or there are some errors & issues in my configuration and files.

Please help me find the problems and sort them out.
Thank you a lot in advance

Evgeniy

[jekab]

The whole thread conversation can be found on http://www.webhostingtalk.com/showthread.php?t=717774

SOLUTION

Hi Folks, The issue with my host availability has been totally solved.

The issue was quite a simple and standard but has taken a lot of my and your time. Thanks for your help!

First, as Techarc advised I have register is-5598.webiline.com as namserver with my registrar provider. I'm still not sure this was required but it complete just to be sure.

-------------------------------------

The main issue was related with firewall blocked 53 udp port, so DNS client and server wasn't available to work with outside world.

my CentOS 5 OS has default RH-Firewall up and run.

I've tried many iptables script but all of them was useless with enabled firewall. But what I found is the built in facility to customize firewall.

on run "setup" command configuration menu appears

go through "Firewall configuration" ->

in actions menu choose "Customize" ->

there are checkbox options to allow common services (www,ssl,ssh,smtp,etc...)
at the bottom there is a text field where you can put custom rules in format 'serviceort' separated by space ->

to allow DNS client/server add '53:udp' (or 'domain:udp') in that field.
(if you have second DNS server for transfers, put '53:tcp')

-------------------------------------

after save this options iptables will be updated with accept rules for 53 port on udp/tcp from anywhere to anywhere

Good luck for those who search for the same solution.
And thank all of you once again who helped me!

[thewebhosting]

Thanks for spending your time to provide the resolution which you have got from your side. It is very helpful exercise!!