DNS Server problem

**maever** · 10-28-2005 09:40 AM

Okay, i have recently taken over a webhosting business and i am moving it to my own servers in a datacenter.

I am having some problems and i don't exactly know where to start on solving them

first off i have a serious DNS server problem,
it seems to be forgetting all subdomain entries and www. prefixes around every hour.
at a certain point in time it just will not let me connect to www. prefixes and subdomains,
the problem only lasts for like 5 minutes but if its repeated around every hour this will become a problem. sometimes the domains even disconnect for a few minutes.
this is NOT an ISP related issue, i had this tested on multiple PCs with diffrent ISPs.
sometimes the subdomain gives a timeout error on first connection attempt and then right after i press refresh it starts working just fine.

I couldn't find anything in my kernel logs, then again, am i checking the right files?.

I am running CentOS 3.5 and have a total of 3 servers clustered to eachother with DNS clustering though the problem i had was even before i had these servers clustered.

Also the FTP on the servers has been shutting down or stops recieving connections.
if i reboot it its fine for another hour or so. but i don't want to reboot the ftp server every hour, anyone know what this could be, the error i get is 'The machine actively refuses the connection' i've tried it with multiple FTP programme's and Multiple computers with diffrent ISPs.

So anyone any suggestions ??

Thanks

Also, I know this is not the "real" place for support.
but my datacenter also does not know the exact answer,
I've tried finding other solutions, but i found none and the ones on this forum dont seem to completly match my issue.

I really hope someone can find the time to help me with this.
it will be greatly apriciated.

**maever** · 10-31-2005 10:49 AM

I wonder if anyone here would know about the solution to this problem.
Otherwise i'm lost here and would just need to use another OS and Controlpanel.

**nickp666** · 10-31-2005 11:01 AM

is your server being attacked? this could possibly explain the failures

**maever** · 10-31-2005 11:18 AM

Thanks for the reply but no, loads are between 0.09 and 1.9 at the moment,
we are getting some password ssh bruteforcers on one of the servers but they cause nothing serious at the moment, i wish them good luck in trying though.
but i doubt its because of that. any other ideas?

**sawbuck** · 10-31-2005 11:34 AM

Have you checked your dns setup thru dnsreport.com?

**maever** · 10-31-2005 11:44 AM

i see an issue here
http://dnsreport.com/tools/dnsreport...=provenance.nu
stealth nameservers, mmm how do i set such a thing????
could that be a reason why all the www. prefixes + subdomains are failing on me.
anyone know?

**sawbuck** · 10-31-2005 12:29 PM

The root servers are reporting ns1.provenance.nu and ns2.provenance.nu as authority for the domain but your name servers are being shown as 206.222.12.206.provenance.nu and 206.222.12.205.provenance.nu.

Check the zone file in WHM for provenance.nu and see what name servers are listed. Would also be a good idea to check at the registrar for provenance.nu to confirm what name servers are listed as authority for the domain.

**maever** · 10-31-2005 01:38 PM

Okay the thing we found is this:

Domain settings (in registar config page)

Nameservers:
1 ns1.provenance.nu 206.222.12.205
2 ns2.provenance.nu 206.222.12.206

childdomains:
1 ns1.provenance.nu 206.222.12.205
2 ns2.provenance.nu 206.222.12.206

Domain settings (on our server)

name: Entry Type: TLL: address:
ns1 A 14400 205.222.12.205
ns2 A 14400 206.222.12.206

in nameserver menu:
206.222.12.205 ns1.provenance.nu
206.222.12.206 ns2.provenance.nu

i think the config is currently a bit double
as its forwarded in the domain registar config aswell as the server DNS zone ,
we are not sure which one should be removed.

any ideas?

**sawbuck** · 10-31-2005 02:37 PM

When you say "name server menu" are you referring to this?
WHM >> Main >> Networking Setup >> Nameserver IPs

If so that looks okay.

Would check to see what /etc/nameserverips shows and also check /etc/resolv.conf.

Can't say I'm familiar with the "childdomains" reference.

**maever** · 10-31-2005 03:49 PM

Child domains should be the same as 'sub domains'
could it be those subdomains which create resolve issues?
or anything else mentioned above?

resolve.conf server1:
search server
nameserver 209.51.192.194
nameserver 206.222.1.3
nameserver 194.134.5.5

nameserverips server1:
206.222.12.202=0
206.222.12.203=ns1.gamingforce.nl
206.222.12.204=ns2.gamingforce.nl
206.222.12.205=ns1.provenance.nu
206.222.12.206=ns2.provenance.nu

resolv.conf server2:
; generated by /sbin/dhclient-script
search thenap.com
(these ips dont belong to me)
nameserver 206.222.1.2
nameserver 206.222.1.3

nameserverips server2:
209.190.18.10=ns1.webhostingboy.com
209.190.18.11=NS2.WEBHOSTINGBOY.COM
(seems to be correct)

**sawbuck** · 10-31-2005 09:08 PM

The resolv.conf file is usually setup such on a cPanel box:

domain "server name"
search "server name"
nameserver "primary shared IP"
nameserver "primary name server IP"
nameserver "secondary name server IP"

There are variations on that but that is a good place to start.

As to the resolv.conf on server 2. It appears that the file is being dynamically written by a dhclient script. May have something to do with the DNS clustering setup you mentioned in the first post.

Since the IPs in the server2 resolv.conf don't belong to you then investigating that setup should lead to some additional answers.

**maever** · 11-01-2005 02:49 AM

I think the second resolv could be the good one as:
search thenap.com

thenap.com is my datacenter.

as in the resolv.conf all ips in both of them are not mine.
they are datacenter resolve-servers i believe, it figures.

any ideas on what i can actualy do, I'm still a bit confused on the domain issue where the stealth domains fail, i don't see ways to fix it.
again.. the information given in the domain is double,
cuz the domain registar forwards it aswell as the server itself has A entries for the domain.
which one should i remove...

**Zaf** · 11-01-2005 08:27 AM

I found the following problems with your DNS report, which should help you solve the problem (hopefully).
1. You dont have a reverse dns set for your IPS. Your data center should be able to help you with that.
2. Your SOA contains your Master server as 206.222.12.205.provenance.nu. which should actually be ns1.provenance.nu.
3. I'm not too sure but it seems your zone file has two missing records of NS type.

Code:

provenance.nu.	IN	NS	ns1.provenance.nu.
provenance.nu.	IN	NS	ns2.provenance.nu.

**maever** · 11-01-2005 12:32 PM

Thank you very much,

This indeed did fix some of the nameserver problems.
it seems to be pretty much okay now.

I am not sure if the www. prefix problem has disapeared but i will get back on this if i see it happening again.

THANKS ALL OFF YOU!!
YOU HAVE BEEN GREAT SUPPORT AND I AM TRULY THANKFULL TO ALL THAT REPLIED

**Zaf** · 11-01-2005 12:59 PM

Originally Posted by maever

This indeed did fix some of the nameserver problems.
it seems to be pretty much okay now.

Your site is resolving perfectly fine from here and the DNSReport is almost fine too. Guess you did not check my PM where I had sent a sample DNS zone file that you could use as a reference.

Originally Posted by maever

but not everything is working the way it should.
one of the problems is seen here:
http://dnsreport.com/tools/dnsreport...n=babypuma.com

Serious problems with that zone I guess, you should look at your PM where I have sent you a good sample of how your zone file should look like. Also make sure you change your zone templates too for avoiding future problem whenever you add domains. If you are facing a lot of problems on the DNS front for the domains on your server, maybe you could PM me and I'll try to take care of it.

LinkBack

Thread Tools

DNS Server problem

problem in dns server

Problem with dns/name server

Some problem in DNS server

DNS-only cpanel server problem

Problem with WHM for DNS only server