The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS SOA exists or not

Discussion in 'Bind / DNS / Nameserver Issues' started by mobcdi, Nov 20, 2009.

  1. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
  2. votethehost.com

    votethehost.com Active Member

    Joined:
    Oct 2, 2009
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    "DNS server is not authoritative for my zone" this message is generated when a DNS requests reaches to a DNS server and the Zone for that request is not present on that DNS server.

    Also if you check the FREE DNS tool report it says you have set only one name server and not two. You should always minimum set 2 name servers for a server.
     
  3. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    I did check dns report tools except that 1 says I have SOA and the other says I don't. also I have 2 ns's for my domain.

    Is there a way in WHM or cPanel to confirm my NS is authoritative?
     
    #3 mobcdi, Nov 20, 2009
    Last edited: Nov 20, 2009
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I am seeing the following results when using "dig" to check the NS records of the parent DNS zone:
    Code:
    # dig ul.ie NS +noall +answer
    ul.ie.			3600	IN	NS	auth-ns1.ucd.ie.
    ul.ie.			3600	IN	NS	hermes.ul.ie.
    ul.ie.			3600	IN	NS	marshal.ul.ie.
    ul.ie.			3600	IN	NS	mercury.ul.ie.
    Via a whois search of "ul.ie" the same DNS servers are seen as what's reported by the NS records; this is good.

    When using "dig" again to query each of the above authoritative DNS servers, including one DNS server that is delegated authority, the following results are reported when checking the SOA and NS records:
    Code:
    # dig @auth-ns1.ucd.ie cdi.ul.ie SOA +noall +answer
    
    # dig @hermes.ul.ie cdi.ul.ie SOA +noall +answer
    cdi.ul.ie.		81545	IN	SOA	source.cdi.ul.ie. cdi.ul.ie. 2009110207 43200 7200 1209600 86400
    
    # dig @marshal.ul.ie cdi.ul.ie SOA +noall +answer
    ;; connection timed out; no servers could be reached
    
    # dig @mercury.ul.ie cdi.ul.ie SOA +noall +answer
    cdi.ul.ie.		86400	IN	SOA	source.cdi.ul.ie. cdi.ul.ie. 2009100510 86400 7200 1209600 86400
    
    # dig @source.cdi.ul.ie cdi.ul.ie SOA +noall +answer
    cdi.ul.ie.		86400	IN	SOA	source.cdi.ul.ie. cdi.ul.ie. 2009110207 43200 7200 1209600 86400
    
    # dig @auth-ns1.ucd.ie cdi.ul.ie NS +noall +answer
    
    # dig @hermes.ul.ie cdi.ul.ie NS +noall +answer
    cdi.ul.ie.		3600	IN	NS	source.cdi.ul.ie.
    
    # dig @marshal.ul.ie cdi.ul.ie NS +noall +answer
    ;; connection timed out; no servers could be reached
    
    # dig @mercury.ul.ie cdi.ul.ie NS +noall +answer
    cdi.ul.ie.		14400	IN	NS	source.cdi.ul.ie.
    cdi.ul.ie.		14400	IN	NS	mercury.ul.ie.
    
    # dig @source.cdi.ul.ie cdi.ul.ie NS +noall +answer
    cdi.ul.ie.		86400	IN	NS	mercury.ul.ie.
    cdi.ul.ie.		86400	IN	NS	source.cdi.ul.ie.

    From the above results we can see the following:
    1.) DNS server "auth-ns1.ucd.ie" does not report an answer
    2.) Connection attempt fails to DNS server "marshal.ul.ie"
    3.) The DNS servers "mercury.ul.ie" and "source.cdi.ul.ie" are delegated authority via NS records in the sub-domain zone data for "cdi.ul.ie"
    3.) The SOA records and zone serial numbers do not match; more specifically, DNS server "mercury.ul.ie" reports a conflicting zone serial number in the SOA record that is different than what is reported by DNS servers "hermes.ul.ie" and "source.cdi.ul.ie"
    4.) The NS records do not match.

    It will be necessary to ensure the zone serial numbers match, and that the NS records match; ideally, each authoritative DNS server should report matching zone data for the sub-domain ("cdi.ul.ie"). I would also consider escalating the issue to the server administrators that control the parent DNS zone ("ul.ie").
     
  5. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Hi cPanel Don,

    Thanks for the debug. I contacted the domain admin and they checked the log of the 2nd NS which is saying my primary ns is refusing to transfer the zone

    Code:
    A zone transfer request for the secondary zone cdi.ul.ie was refused by the master DNS server at 193.1.101.122. Check the zone at the master server 193.1.101.122 to verify that zone transfer is enabled to this server.
    Why would my DNS be refusing to transfer the zone and how do I correct it
     
  6. mobcdi

    mobcdi Well-Known Member

    Joined:
    Jul 13, 2009
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page