Need help with one customer account's domain name, which fails to resolve externally, despite resolving internally

[BicklesCTO]

Hi folks, I'm baffled & struggling with a domain name resolution failure for just one of my customers' accounts.

Other accounts & domains on the server are working fine.

I've tried Reset a DNS Zone.

I've tried switching from PowerDNS (pdns) to BIND.

I've tried backing up and restoring the customer's account.

I've double-checked my resolv.conf and csf/lfd config.

Below, I've replaced the IP address and domain names.

The failure experienced when using nslookup from my workstation on a remote network:

> server my.cpanelserver.com
Default Server:  my.cpanelserver.com
Address:  123.123.123.123

> customeraccountdomain.ca
Server:  my.cpanelserver.com
Address:  123.123.123.123

*** my.cpanelserver.com can't find customeraccountdomain.ca: Server failed

Locally, ssh'd into the server, it works:

> customeraccountdomain.ca
Server:         my.cpanelserver.com
Address:        123.123.123.123#53

Name:   customeraccountdomain.ca
Address: 123.123.123.123

Any advice or troubleshooting tips would be appreciated! I'll provide the actual IPs & domains if it helps.

 

[andrew.n]

This could be a lot of things so if you can tell us at least one of the domains then we might be able to better advise here

 

[cPRex]

@andrew.n - it's best that people don't post personal details in a forum reply, which is why you likely won't see cPanel team members asking for it. The reason for that is bots constantly scan forums looking for public details (domains, IPs, emails, etc.), and then those get used in malicious ways.

@BicklesCTO - if you're having issues that you need to share personal data with to identify, it's likely best to open a ticket with our team using the link in my signature.

 

[andrew.n]

@cPRex right, absolutely, without that info it's a bit hard to help the OP though...maybe you can implement a hidden text field on which we have to click to appear? maybe this way bots can be tricked...just a suggestion

 

[cPRex]

Not a terrible idea.......but it's not something that could be automated easily as the domain and IP fields can be butchered in many interesting ways. This would mean that each poster would need to manually edit their post data to have this happen using a certain tag, and that might get messy.

 

[ffeingol]

A really simple one, but are you 100% sure that the domain points to your name servers?

 

[cPRex]

For the original issue, I'd also mention that testing connectivity to the nameservers over port 53 is always good, just to ensure your servers are responding. From another Linux =based system, I used something like this:

nmap -sU ns1.yourdomain.com -p 53

That command specifically checks for UDP connections on port 53, which is what the DNS system would be using.