Issues with NAST Predelegation Check of Denic (alias-domain)

SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.6
Webmin version 2.111
Usermin version 2.010
Virtualmin version 7.10.0
Theme version 21.10
Package updates All installed packages are up to date

If you enter following value in the domain-field: auspuffhalter.com and keep the NS-entries empty.
If you send this request, NAST find this NS-Servers itself:

But throw errors like:

Error 901 Unexpected RCODE
Error 133 Answer must be authoritative

The Domain is an Alias-Domain (with activated DNS) in Virtualmin, the Config look like this:

Any hints and helping hands are very appreciated

just who or what are they? never heard of it/them!

What is that? Googled it, and nothing comes up.

Ok. So sounds like your missing registering nameservers.

It’s a domain I have at my server and which might not be setup in the right way.
Therefor I ask here for help.

It’s a DNS-Check-Tool of denic ( TLD= DE Registrar): https://nast.denic.de/

@stefan1959
Ok, I’ve checked the same page you checked, and want to start to fix the first error that was found:

I read the detail-info which note:

The Primary Name Server is the name server declared in your SOA file and is usually the name server that reads your records from zone files and is responsible for distributing that data to your secondary name servers. This problem is present when this primary name server is not included in the parent referrals and is almost always accompanied by a Local Parent Mismatch problem.

I do wonder, why my xst01.xstable.com is the last NS-Server in the List, and not the parent one!!
Actually xst01 should be the parent one, and all other the secondaries.

But I wonder what’s wrong at my config, as I see the right NS-Server in the SOA Entry:

And doing a dig on my NS also seems to work as expected:

 dig @xst01.xstable.com auspuffhalter.com

; <<>> DiG 9.18.26 <<>> @xst01.xstable.com auspuffhalter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41203
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4459aa237a2563f101000000665457723c20c4aadc3e64e8 (good)
;; QUESTION SECTION:
;auspuffhalter.com.             IN      A

;; ANSWER SECTION:
auspuffhalter.com.      3600    IN      A       195.201.100.20

;; Query time: 20 msec
;; SERVER: 195.201.100.20#53(xst01.xstable.com) (UDP)
;; WHEN: Mon May 27 11:50:42 CEST 2024
;; MSG SIZE  rcvd: 90

3 things to check on each NS.

  1. is it registered at a registrar like namecheap
  2. Does it have a A record. (using same IP as what you used at registrar)
  3. Does it have a NS record.

I usually have the standard ns1.domain.com ns2.domain.com etc.
Do all there names have that?
The SOA I usually use just use ns1.domain.com.

I follow those steps I never normally have a issue.

If I was setting up this domain with nameserver.
At the registrar for auspuffhalter.com I would create 4 namervers
ns1.auspuffhalter.com with IP 213.239.242.238 <–primary (nameserver whatever that is)
ns2.auspuffhalter.com with IP 213.133.100.103
ns3.auspuffhalter.com with IP 193.47.99.3
ns4.auspuffhalter.com with IP 195.201.100.20

add A records for all those names with those Ips
create 4 auspuffhalter.com NS records to those 4 names
change SOA to ns1.auspuffhalter.com.

is this the primary your editing, why is a different domain not auspuffhalter.com

@stefan1959 @Stegan I’ve got some news (and a new question :slight_smile: )

So first of all, I solved the issue for auspuffhalter.de.
I’ve looked into /etc/bind/named.conf.local and found that the allow-transfer don’t contained all the NS-IP’s in the block:

zone "auspuffhalter.com" {
       type master;
       file "/var/lib/bind/auspuffhalter.com.hosts";
       allow-transfer {
               127.0.0.1;
               localnets;
               195.201.100.20;
               213.239.242.238;
               2a01:4f8:0:a101::a:1;
               };
       };
zone "auspuffhalter.de" {
       type master;
       file "/var/lib/bind/auspuffhalter.de.hosts";
       allow-transfer {
               127.0.0.1;
               localnets;
               195.201.100.20;
               213.239.242.238;
               2a01:4f8:0:a101::a:1;
               };
       };

Thats part of the new Question. WHY?
Setup in Virtualmin and Webmin is set for this NS to be in the allowed-transfer-List:

I’ve also tried to edit those Domains and deactivate and re-activate the DNS-Settings for this Domain.

I wonder if that issue appear because the domains where added “before” the NS-Setting for the allow-transfer was made?!?

And if so… is there a way to re-configure all existing domains automatically so that the working allow-transfer-Entry is set in named.conf.local?