The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Checking DNS Results Questions

Discussion in 'Bind / DNS / Nameserver Issues' started by Spork Schivago, May 25, 2016.

  1. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Hello,

    I go to intodns.com/example.com and I see stuff that I don't like. Some of them I think I understand but don't know how to fix, like this one:


    Different subnets WARNING: Not all of your nameservers are in different subnets

    I believe the solution would be to move one of my nameservers to a physically different server some how. Not sure how I'd do that. Would I have to rent another VPS from the people I'm renting from? (GoDaddy)

    Then, I get this:

    Different autonomous systems WARNING: Single point of failure

    I think maybe this means because all of my nameservers are on the same subnet, if the server with the nameservers goes down, no one can get to my site. Maybe if I had a nameserver on a different physical server, this warning would go away?

    This one I don't understand at all and have no idea how to fix it or if it should even be fixed. Maybe it's supposed to be this way?


    SOA MNAME entry WARNING: SOA MNAME (ns1.secureserver.net) is not listed as a primary nameserver at your parent nameserver!

    And I believe this is the last one. Not sure how to change that number or what number it should be changed to...

    SOA EXPIRE Your SOA EXPIRE number is: 3600000. That is NOT OK


    I have to admit, the DNS stuff really confused me when I was setting all this up. It was the only time I ever set that stuff up before and I'm not even sure I did everything right. Thanks for any help you guys can provide!!!
     
    #1 Spork Schivago, May 25, 2016
    Last edited by a moderator: May 25, 2016
  2. sarath8372

    sarath8372 Active Member

    Joined:
    Jan 6, 2015
    Messages:
    35
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Kochi, India
    cPanel Access Level:
    Root Administrator
    The warning indicates that the IP addresses associated with your name server use the same subnet. And because of this, there is less redundancy, but it won't actually cause any problems with DNS resolution. It's best to spread your nameservers around on the internet, so that if one of your networks goes down, at least clients can still resolve your domain names.

    If you just move one of the nameservers to a different server (with an IP in a different subnet/network), name resolution will work fine even if the first server goes down. But if your data/webserver is setup on the first server, your websites will be still down. So you can probably just ignore that warning if you are not looking to setup a high availability system with failover cluster.

    Yes, you are right. My reply for the first issue is applicable in this case as well. So basically 1 and 2 are just warnings about a lack of redundancy, and not error messages.

    An SOA record looks like :
    Code:
    # dig +short google.com SOA
    ns4.google.com. dns-admin.google.com. 123279165 900 900 1800 60
    Here first field is "mname" which should be the name of the PRIMARY domain name server, followed by "rname" which is the zone admin email (using a . instead of an @) and then serial, refresh, retry, expire, and Time-To-Live for records.

    So to correct that warning, you need to set the primary name server as domain's mname. Check the "Nameserver records returned by the parent servers" field in intoDNS result (should be the first category) and set one of the nameservers shown there as mname. You should be able to edit SOA record from WHM using "Edit DNS Zone" (Home »DNS Functions »Edit DNS Zone) if DNS of the domain is managed on your cPanel server.

    You can adjust SOA EXPIRE value from WHM using "Edit DNS Zone" option. RFC1912 recommends setting a value around 2-4 weeks (in seconds).
     
    Spork Schivago likes this.
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I figured that was exactly what it meant. I had researched this a bit before. I saw a similar message somewheres else. I'm not very good with the server stuff yet, I'm still learning. I don't know what a failover cluster is. Does that just mean a duplicate system so when one server goes down, the other one(s) take over? Kind of like RAID with hard drives?

    I'd like to move one of my nameservers to a different server with an IP address in a different subnet / network. But that'd mean if I'd to rent another server, right? There's no places that offer any free services, like setting the nameservers up, right? I've tried searching on the internet but couldn't find anything. I think the fact that I don't know a lot didn't help much. Thanks for helping and teaching me stuff.

    This is something that I'm going to have trouble with, I'm certain! I don't fully understand everything you've said but it's late and I will reread it tomorrow, when I wake up. It might make more sense then. I remember there was something weird with GoDaddy. Something about some special way they set stuff up and if I tried to circumvent it, I'd lose my account. It had something to do with preventing bad stuff I believe. Like if I wanted to mass mail a million people with spam, with the normal setup, I wouldn't be able to do it. If I tried to circumvent that normal setup, I'd lose my account. This secureserver.net stuff, I wondered if that had something to do with that weird setup. I know I get this e-mail pretty often that says something about an invalid hostname was detected. But everytime I check, the hostname is what I set it too. I'll try to find one of the e-mails tomorrow as well.

    Thanks!
     
  4. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Okay, I understand a bit more today than last night. Here's what I get when I run the dig command.
    Code:
    dig +short example.com SOA
    ns1.secureserver.net. info.example.secureserver.net. 2016012611 86400 7200 3600000 86400
    
    So, mname for my server is ns1.secureserver.net and rname is info.example.secureserver.net (where the first . is supposed to be an @ symbol).

    I check "Nameserver records returned by the parent servers" and see:
    Code:
    Nameserver records returned by the parent servers are:
    
    ns1.example.com.  ['104.238.xxx.xxx']  [TTL=172800]
    ns2.example.com.  ['104.238.xxx.xxx']  [TTL=172800]
    
    l.gtld-servers.net was kind enough to give us that information.
    
    So, what you're saying is I have to go into WHM and the SOA record using the Edit DNS Zone File option or whatever it is. In there, I should see something that says ns1.secureserver.net and I should change that to something like ns1.example.com

    And, in that area, I should be able to fix the e-mail address as well, right? Thanks for all the help!
     
    #4 Spork Schivago, May 26, 2016
    Last edited by a moderator: May 26, 2016
  5. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I'm in the Edit DNS Zone. I noticed there's some other issues that I don't like either. Stuff like www.subdomain.maindomain.com works. I don't want that. I want just subdomain.maindomain.com working, not www.subdomain.maindomain.com. I'd probably fix that in this Edit DNS Zone, wouldn't I? I see entries for subdomain and then directly under that, entries for www.subdomain. Can I just erase the www.subdomain entry? Just make it blank or something? Thanks!
     
  6. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I think I fixed it all. I removed the www.subdomain entries but left the subdomain entries. The www.subdomain's still work when I use a Google Chrome incognito window, so maybe it'll just take some time for everything to update and then they'll stop working.

    The intodns.com/example.com seems to be working just right now. I'd still like to get a nameserver setup on a physically different server or subnet, just to remove the error messages. I know it wouldn't do much good, having just one server. If the nameserver goes down, so does the main server. So, even if a nameserver is up and running and it points to my server, if the nameserver on my main server is down, so's the main server, which means it wouldn't do any good. Just something I'd rather do, then I wouldn't see the warnings anymore.
     
    #6 Spork Schivago, May 26, 2016
    Last edited by a moderator: May 26, 2016
  7. sarath8372

    sarath8372 Active Member

    Joined:
    Jan 6, 2015
    Messages:
    35
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Kochi, India
    cPanel Access Level:
    Root Administrator
    Hello,

    In my opinion, the best and inexpensive option to resolve those warnings would be to use nameservers of a DNS service provider. You can find a list of top DNS providers at : DNS Speed Comparison Report - SolveDNS . Some of the providers like CloudFlare offers free plan and provide nameservers on different subnets.
     
  8. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Wow. How did you learn so much about this stuff? It's like you're a networking genius or something. I majored in networking at Corning Community College and took all four CCNA classes. Granted, our teacher had some issues and was the only networking teacher there, I still felt being Cisco CCNA classes, we learned a good amount of information. But we didn't learn anything at all about DNS servers or any of this stuff! Thanks for all the help!!!

    I think I'm going to try one of those CloudFlare free plan offers and see what happens. I might need more help figuring out how to setup a third name server on that CloudFlare thing.
     
  9. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Okay, so I'm trying to setup the CloudFlare free one. I scan my DNS records or whatever and I see stuff that is missing from what cPanel's DNS Zone Editor shows. For example, in the Zone Editor, I see:
    Code:
    default._domainkey           [TXT]
    default._domainkey.cpanel    [TXT]
    ns1                          [A]
    ns2                          [A]
    franklin (my hostname)       [A]
    ...
    
    Are they needed? Should I add them? Also, I don't really want the hostname to be accessible via the net, like franklin.mydomain.com....but it seems cPanel / WHM use the hostname and require stuff like franklin.mydomain.com to exist. Can I just remove the DNS record for that? Or will it break stuff with cPanel / WHM?

    Finally, there's some MX called jetbbs. I think it is for my mail but I'm not sure. I noticed with that CloudFlare, there's no cloud for the MX entry and it shows that it can be hit by DoS's / DDoS's. I don't remember setting it up manually or anything. I wonder why I can't enable the "cloud" to protect it from DDoS / DoS's.
     
    #9 Spork Schivago, May 26, 2016
    Last edited: May 26, 2016
  10. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I think I'm so close. I found this:

    My email or mail stopped working. What should I do?

    Which explains the problem and how to fix it, I just don't understand the fix or how to implement it. I go to webmail.mydomain.com for my mail stuff. But I use mailx I think it's called and sendmail to send mail from the prompt, so I know there's some sort of pop / smtp server setup somewheres on that server.
     
  11. sarath8372

    sarath8372 Active Member

    Joined:
    Jan 6, 2015
    Messages:
    35
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Kochi, India
    cPanel Access Level:
    Root Administrator
    Did you add MX record in CloudFlare? If you haven't already switched nameservers of the domain to CloudFlare, you can find MX record of the domain at : MX Lookup Tool - Check your DNS MX Records online - MxToolbox . If the MX record is domain itself, then you will need to use a sub domain (something like mail.domain.com or mail2.domain.com) as MX record in CloudFlare and point the subdomain to your mail server as mentioned in : My email or mail stopped working. What should I do?

    If you don't know what MX record should your domain use, contact your hosting company and tell them your requirement. They will assist you.

    To setup a third nameserver, you might need a paid plan. Please see : Can I get vanity or custom NameServers using CloudFlare? or contact CloudFlare support.
     
    Spork Schivago likes this.
  12. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Thanks. I still have the CloudFlare account but I'm temporarily putting it on hold. I found away to add more IP addresses through GoDaddy, for my site, for free. I get a few of them I guess, I didn't know that. I added a new one, I changed my ns2.mydomain.com to point to the new IP address. This new IP address is on a different subdomain, which is great. But it causes a new problem. The parent server is using the old ns2.mydomain.com IP address.

    intodns.com/example.com

    I think if I could fix the same glue error message, then I wouldn't need CloudFlare. What do you think? Is it worth trying to fix that or should I just stick with the CloudFlare stuff and setup the MX Record and sub-domain? Thanks.
     
    #12 Spork Schivago, May 26, 2016
    Last edited by a moderator: May 27, 2016
  13. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I think I finally got it! The IP address was the key. I had to do some funky stuff with hostnames on GoDaddy's site. I found a host for my two nameservers. The both had the same IP. So, I took the second hostname, ns2, and modified it. I gave it the new IP address and everything seems fine now! I don't have any DDoS / DoS protection like I might have with CloudFlare, but at least the warnings are gone! Thanks for all the help!!!!!
     
  14. sarath8372

    sarath8372 Active Member

    Joined:
    Jan 6, 2015
    Messages:
    35
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    Kochi, India
    cPanel Access Level:
    Root Administrator
    Glad to know that you have resolved the errors/issues yourself :)
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page