DNS Problems

[stephenbrown]

Hello,

It just may be my mind going crazy, but after a week of changing my ns to a brand new server, still after a week they keep changing back and forth to the old server. Now I have checked my ns at the parent server (domain registry) and they have the new IP, but when I check on DNS Report, it’s a different story...

INFO NS records at your nameservers Your NS records at your nameservers are:

ns1.NAMESERVER.net. [OLD MAIN IP] [TTL=86400]
ns2.NAMESERVER.net. [OLD IP] [TTL=86400]


FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server MAIN NEW IP reports that it will do recursive lookups. [test]
Server NEW IP reports that it will do recursive lookups. [test]


See this page for info on closing open DNS servers.

FAIL Mismatched glue ERROR: Your nameservers report glue that is different from what the parent servers report. This will cause DNS servers to get confused; some may go to the IP provided by the parent servers, while others may get to the ones provided by your authoritative DNS servers. Problem record(s) are:

ns2.NAMESERVER.net.:
Parent server (e.gtld-servers.net) says A record is NEW IP, but
authoritative DNS server (NEW MAIN IP) says it is OLD IP
ns1.NAMESERVER.net.:
Parent server (e.gtld-servers.net) says A record is NEW MAIN IP, but
authoritative DNS server (NEW MAIN IP) says it is OLD MAIN IP
ns1.NAMESERVER.net.:
Parent server (e.gtld-servers.net) says A record is NEW MAIN IP, but
authoritative DNS server (NEW IP) says it is OLD MAIN IP
ns2.NAMESERVER.net.:
Parent server (e.gtld-servers.net) says A record is NEW IP, but
authoritative DNS server (NEW IP) says it is OLD IP

Now i have been starting to get complaints saying sometimes they can see their website and sometimes they cannot. I have checked my zone record and they have the new IP's in.

It’s properly something really stupid, but any ideas?

Many Thanks

 

[iquest]

pico -w /etc/named.conf

# then add the following lines (replace the "xx.xxx.xx.xxx" with your real IPs):

acl "serverips" {
xx.xxx.xx.xxx;
xx.xxx.xx.xxx;
xx.xxx.xx.xxx;
xx.xxx.xx.xxx;
xx.xxx.xx.xxx;
127.0.0.1;
};


options {
directory "/var/named";
version "not currently available";
allow-recursion { serverips; };
allow-notify { serverips; };
allow-transfer { serverips; };

# existing configurations goes here...

};

# now save it restart:

CTRL + X
Y
ENTER

service named restart

 

[Metro2]

Hi iquest,

I'm curious about something - on the line that says:

acl "serverips" {

On my server it says:

acl "trusted" {

Is there a difference?

EDIT - nevermind, kind of answered my own question. In each place where you have "serverips" in your .conf file, mine has "trusted", so I'm assuming almost any word could be used, or at least that there is more than one word that you could use there to identify with.

 

[hamper]

might also check, I've done this but each update, I keep having to do this because something keeps overwriting my changes.

and using the resursive: no; while closing it doesn't allow for server/apache updates.

best of luck.

 

[stephenbrown]

Heya,

I have fixed this now; it was extremely stupid until I finally thought what it was at 6:30 AM

My first server which I transferred from was setup for me, and what the company must of done, was they made a new zone record for each name server. Now when I checked them, the IP's were still my old ones! So I deleted the 2 zone records in question and then put in my main domain zone record:

ns1    14400    A    NEW MAIN IP
ns2    14400    A    NEW SECOND IP

, and saved and its all sorted!

Also thanks to iquest for fixing the open DNS server bit.

Told you it must of been stupid!