Error and Confusion

pcelements · July 30, 2013, 9:12pm

My Virtualmin Server’s name:
apollo.abc-domain.com

When I try to add my domain abc-domain.com as a Virtual Server I get the following error:
Error

Failed to create virtual server : The DNS domain abc-domain.com is already hosted by your DNS server

So, I added another of my domains (123-domain.com) as a Virtual Server and added an index.html file to the public_html directory.

When I go to abc-domain.com or 123-domain.com I get the same index file which I added to 123-domain.com.

What do I need to do for this not to happen? Also, I want to host a website under abc-domain.com but because it is not letting me create the virtual server, I don’t have a public_html folder.
I am able to receive emails though.
Thanks for your help!

Eric · July 31, 2013, 3:13am

Howdy,

Hmm, did you by chance manually add abc-domain.com (or a related domain name) to your BIND DNS config? If so, that might explain the errors you’re receiving.

-Eric

pcelements · July 31, 2013, 4:15am

I’m not sure what I did, but I know I followed this instructions:
http://dhru.com/knowledgebase/52/How-do-I-setup-nameservers-in-Webmin-or-Virtualmin-.html

This is my DNS Config file:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

zone “abc-domain.com” {
type master;
file “/var/named/abc-domain.com.hosts”;
};
zone “123-domain.com” {
type master;
file “/var/named/123-domain.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
177.222.99.194;
};
};
zone “other-domain.com” {
type master;
file “/var/named/other-domain.com.hosts”;
allow-transfer {
127.0.0.1;
localnets;
177.222.99.194;
};
};

The IP 177.222.99.194 is not my actual IP. In fact that is the IP of my ns2.abc-domain.com. The main IP I use is another one which I use for ns1.abc-domain,com and as main server IP.

I hope this helps.

Locutus · July 31, 2013, 5:12am

You should not add DNS zones you intend to host through Virtualmin manually following some tutorials. If you need some administrative domain which hold the hostname of your system, you should not add that in Virtualmin.

You’re seeing the 123.com contents for ABC.com now because Apache serves the alphabetically first server for hostnames it doesnt know.

pcelements · July 31, 2013, 12:20pm

Ok, so, what steps do I have to take to solve this?
Should I delete the DNS Zone for abc-domain.com and then add the virtual server?
Thanks.

Eric · July 31, 2013, 12:45pm

Howdy,

You can also configure all that DNS from within Virtualmin. But if you manually add those ahead of time, that confuses things a bit

Yeah, as you suggested, just delete the DNS zone that was manually added.

Virtualmin will create a zone for that domain when you add it into Virtualmin (assuming you enable the DNS feature for that domain) – and then you can add and remove DNS entries as-needed.

-Eric

pcelements · July 31, 2013, 1:38pm

I deleted the zone and created the new virtual server and it is working. But, I have other questions:

1- There are other DNS Zones which are created by default, do I need them or should I delete them? They are the following:
Root Zone - 0 - 0000::1 - 127.0.0.1 - localhost

2- In the DNS Records File for abc-domain.com, I have 2 nameservers showing the same IP, while the ns2.abc-domain.com should be my second IP, as I have it in my domain registrar.

Eric · July 31, 2013, 2:19pm

Howdy,

I wouldn’t suggest removing any zones that are setup by default, those are generally needed.

Regarding ns2.abc-domain.com – you can always update the IP if it isn’t correct.

You can edit those records using Virtualmin, by going into Server Configuration -> Edit DNS Records.

In that screen, you can add/modify/delete any DNS records setup for that domain.

-Eric

Locutus · July 31, 2013, 3:51pm

1 - As Eric said, the other zones you see in BIND are created by default and are required. If you remove the root zone, BIND cannot act as a forwarding resolver anymore, because it loses information about the root nameservers. The other three are forward and reverse localhost zones which are not strictly required, but it’s recommended to leave them be.

2 - After you have fixed the incorrect IP, you might want to check if newly created domains always get the wrong nameserver IP. If so, there’s probably something wrong with your server template.

pcelements · July 31, 2013, 6:08pm

Ok, I edit the record.
When I check my domain in http://www.intodns.com I get the following warning:

"DNS servers responded
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
173.xxx.xxx.xxx "

This IP corresponds to my ns2.abc-domain.com

The DNS port 53 is opened in the router and forwarded to the internal IP.

What do you think is going on?

Eric · July 31, 2013, 7:07pm

Howdy,

If you log into the ns2.abc-domain.com server, and run this command, what output do you receive:

netstat -an | grep :53

pcelements · July 31, 2013, 7:21pm

When you say “log into”, do you mean accessing my server through ssh using the ip address assigned to ns2.abc-domain.com ?

I’m unable to ssh using that IP address. I get connection timed out.
I’m unable to get a response when pinging to that IP address or to ns2.abc-domain.com

pcelements · August 2, 2013, 1:06pm

I wasn’t able to log in my server through ssh using the external ip associated with ns2.abc-domain.com even though I have the ports opened in my router.
So, I logged in using the internal ip address. I ran the command netstat -an | grep :53 and this is the output:

tcp 0 0 10.0.1.100:53 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.100:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 :::53 :::* LISTEN
udp 0 0 10.0.1.100:53 0.0.0.0:*
udp 0 0 10.0.0.100:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 :::53 :::*

Please help as soon as you can!

Other thing, I rebooted my modem and I am now able to get a response when pinging to ns2…

thank you!

Locutus · August 2, 2013, 2:04pm

Can you summarize what exactly the current/remaining problem is? I checked “abc-domain.com” and can’t find any immediate problems with it.

Are “abc-domain.com” and “123-domain.com” the actual names, or did you use dummies there? For analysis, it’s important to know the exact domain names and IP addresses involved.

pcelements · August 2, 2013, 2:33pm

Sorry to mislead you, those are dummy domains.
My actual nameservers are ns1.pcelements.com (173.243.84.34) and ns2.pcelements.com (173.243.94.194).

1- When I check my domain’s dns in http://www.intodns.com/pcelements.com, I get the following warning:

DNS servers responded
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
173.243.94.194

also

SOA Serial
Your SOA serial number is: 1375276282. This can be ok if you know what you are doing.

2- I am unable to access my virtualmin panel through https://apollo.pcelements.com:10000 ,but yes through my external IP.

3- How do I know what settings are needed to configure my virtual domain’s email accounts in Outlook or any other pop/imap client?

Thanks!

Locutus · August 2, 2013, 4:00pm

1 - Apparently your second nameserver is not responding to DNS queries. Possibly a firewall is filtering UDP traffic on port 53.

About the SOA serial: Usually you use the scheme YYMMDDnnn as serial number. You can set Webmin to do so in the BIND module config.

2 - Your nameservers report “NXDOMAIN” (unknown hostname) for “apollo.pcelements.com”.

3 - Can you be more specific there? In general, it’s one of your system’s domains that resolves to the right IP as hostname, the proper port (110 for POP3, 143 for IMAP and so on), and what username to use depends on your Virtualmin setup. (See the domain’s user config screen.)

pcelements · August 2, 2013, 4:13pm

1- Is the problem iptables? The ports are opened in my routers. How can I check this?

2- But, apollo.pcelements.com is the name of my server. What do I have to do for it to work?

3- What I want to know is what would be my incoming and smtp server.
Ex. mail.the_virtual_domain.com and smtp.the_virtual_domain.com

Locutus · August 2, 2013, 5:46pm

1 - Well I can’t tell without knowing where your server is located in the network. I.e. is it a home machine, rented root server, stuff like that.

iptables -L will show the filter list.

2 - I suppose, add an a proper “A” resource record to the zone? Sorry, doing some guesswork here, since your setup appears quite messed up.

3 - Virtualmin by default creates the hostname “mail.domain.tld” for that purpose. Both for receiving and sending.

pcelements · August 2, 2013, 6:37pm

1- This is a server located at my office. Each NIC is connected to its own router. Ports for http, https, dns, ftp, and ssh are opened in both routers.

This is the output for iptables -L:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp – anywhere anywhere udp dpt:ftp-data
ACCEPT udp – anywhere anywhere udp dpt:ftp
ACCEPT udp – anywhere anywhere udp dpt:domain
ACCEPT tcp – anywhere anywhere tcp dpt:dnp
ACCEPT tcp – anywhere anywhere tcp dpt:ndmp
ACCEPT tcp – anywhere anywhere tcp dpt:https
ACCEPT tcp – anywhere anywhere tcp dpt:http
ACCEPT tcp – anywhere anywhere tcp dpt:imaps
ACCEPT tcp – anywhere anywhere tcp dpt:imap
ACCEPT tcp – anywhere anywhere tcp dpt:pop3s
ACCEPT tcp – anywhere anywhere tcp dpt:pop3
ACCEPT tcp – anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp – anywhere anywhere tcp dpt:ftp
ACCEPT tcp – anywhere anywhere tcp dpt:domain
ACCEPT tcp – anywhere anywhere tcp dpt:submission
ACCEPT tcp – anywhere anywhere tcp dpt:smtp
ACCEPT tcp – anywhere anywhere tcp dpt:ssh
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:ssh
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

2- Ok. added the A Record and it worked. - Thanks!

3- Ok. -Thanks!

Locutus · August 2, 2013, 10:30pm

The iptables output looks like the default that Virtualmin sets up. The DNS port should be open okay there. Possibly some other firewall or router in front of your office server blocks / doesn’t properly forward UDP port 53 to your server.