Nameserver (Again)

Help! (Home for newbies)
1

Sorry to bring this up again, but I did some reading here: http://www.tldp.org/HOWTO/DNS-HOWTO-3.html and did the tests mentioned on the page, that resulted in this:

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -x 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46671
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 86400 IN PTR localhost.

;; AUTHORITY SECTION:
127.in-addr.arpa. 86400 IN NS localhost.

;; ADDITIONAL SECTION:
localhost. 604800 IN A 127.0.0.1
localhost. 604800 IN AAAA ::1

;; Query time: 0 msec
;; SERVER: 116.93.119.119#53(116.93.119.119)
;; WHEN: Sun Oct 02 11:38:46 CDT 2016
;; MSG SIZE rcvd: 132

And this “;; SERVER: 116.93.119.119#53(116.93.119.119)” is my Public IP not used (I thought) according to Virtualmin…

[root@ns1 ~]# dig pat.uio.no

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> pat.uio.no
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pat.uio.no. IN A

;; ANSWER SECTION:
pat.uio.no. 21599 IN A 129.240.6.150

;; AUTHORITY SECTION:
. 207 IN NS j.root-servers.net.
. 207 IN NS l.root-servers.net.
. 207 IN NS k.root-servers.net.
. 207 IN NS i.root-servers.net.
. 207 IN NS a.root-servers.net.
. 207 IN NS f.root-servers.net.
. 207 IN NS c.root-servers.net.
. 207 IN NS h.root-servers.net.
. 207 IN NS e.root-servers.net.
. 207 IN NS b.root-servers.net.
. 207 IN NS g.root-servers.net.
. 207 IN NS m.root-servers.net.
. 207 IN NS d.root-servers.net.

;; Query time: 375 msec
;; SERVER: 116.93.119.119#53(116.93.119.119)
;; WHEN: Sun Oct 02 11:39:49 CDT 2016
;; MSG SIZE rcvd: 266

Now that site says If I get the above responses it’s working as a Nameserver…

And Out of curiosity I did my IP for my server (Forum) and got this:

; <> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <> -x 116.93.120.121 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2944 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 8

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;121.120.93.116.in-addr.arpa. IN PTR

;; ANSWER SECTION:
121.120.93.116.in-addr.arpa. 2285 IN PTR ns1.android-x86.net.

;; AUTHORITY SECTION:
116.in-addr.arpa. 48360 IN NS tinnie.arin.net.
116.in-addr.arpa. 48360 IN NS apnic1.dnsnode.net.
116.in-addr.arpa. 48360 IN NS ns3.apnic.net.
116.in-addr.arpa. 48360 IN NS ns1.apnic.net.
116.in-addr.arpa. 48360 IN NS apnic.authdns.ripe.net.
116.in-addr.arpa. 48360 IN NS ns4.apnic.net.
116.in-addr.arpa. 48360 IN NS ns2.lacnic.net.

;; ADDITIONAL SECTION:
ns1.apnic.net. 519 IN A 202.12.29.25
ns2.lacnic.net. 1135 IN A 200.3.13.11
ns3.apnic.net. 106 IN A 202.12.28.131
ns4.apnic.net. 695 IN A 202.12.31.140
apnic.authdns.ripe.net. 367 IN A 193.0.9.9
apnic1.dnsnode.net. 1480 IN A 194.146.106.106
tinnie.arin.net. 37209 IN A 199.212.0.53

;; Query time: 0 msec
;; SERVER: 116.93.119.119#53(116.93.119.119)
;; WHEN: Sun Oct 02 11:45:08 CDT 2016
;; MSG SIZE rcvd: 374

Now my question is, Is this the correct (current) way to test the Nameserver, and if not can someone tell me the commands I can use on the server to test it?

The reason I’m asking, and I’ve been thinking this since I started trying to get the Nameserver working, Is I believe my registrar is “BSing” me telling me it’s not working, and need to know before I get on them about it…

Thanks,
Mike

2

Ok I have an Update to this, I found 2 Really useful websites, I setup DNSSEC, and all is well there here are the 2 Sites for anyone else:

http://network-tools.com/
http://dnsviz.net/

NOW, According to Network-Tools my Forum “android-x86.net” IS Authoritative!!! And “ns1.android-x86.net” isn’t, I’m assuming this means that my actual forum address is the “Nameserver”?!??!

[116.93.120.121] returned an authoritative response in 234 ms:

Header

rcode: Success
id: 0 opcode: Standard query
is a response: True authoritative: True
recursion desired: False recursion avail: False
truncated: True
questions: 1 answers: 3
authority recs: 0 additional recs: 0

SO if it is, how do I switch it to NS1?? I feel like I’m getting close to getting this working, finally!!

Mike

3

New Question On This.

My Domain Name Is Coming up for Renewal Next month, For One I plan On switching to NameCheap as I’ve heard good things…

My Question is Now, Should I change my domain Name to “NS1.DOMAINNAME.NET” or should I leave it as “DOMAINNAME.NET

The reason I’m asking is, from what I’ve read, I “SHOULD”: be able to use and “A” Record for My NS “NS1.” but it’s not working that way in CentOs 7, It sesolves to my forum “NS1.Domainname.net”, and when I had Ubuntu 16.X Installed it actually resolved to the Apache “It Works Page” Not the Forum Directly…

So What I want to know, Does anyone know what the Simplest way for me to get this working would be??

I’ve Read, Do the “NS1” at the Registrar, Then Have my DNS records in Virtualmin Point to the Actual Forum, I.E. “www.domainname.net

Would this information be correct?? Right Now I’m just looking for the Simplest way to get this done…

Thanks For any info.

Mike

4

To be honest i have hard time to understand your post. Can you post the content of your “/etc/named.conf” and “/var/named/domain.zone” (or “domain.hosts”) files. If you want edit your domain and IP but i would like to see this files as i suspect there is some miss-configuration in your Bind.

5

Ok Here you go, Thanks for the fast response!!

The **** Are either Edited for public viewing, or a comment as I’m in the middle of getting “DESSEC” Up and running…

NAMED.CONF

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;

/* 
 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
   recursion. 
 - If your recursive DNS server has a public IP address, you MUST enable access 
   control to limit queries to your legitimate users. Failing to do so will
   cause your server to become part of large scale DNS amplification 
   attacks. Implementing BCP38 within your network would greatly
   reduce such attack surface 
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;   ******** ADDED WORKING ON DSSEC *******

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
dnssec-lookaside . trust-anchor dlv.isc.org.;

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

zone “android-x86.net” {
type master;
file “/var/named/android-x86.net.hosts.signed”; ****** ADDED “.signed WORKING ON DSSSEC”
allow-transfer {
127.0.0.1;
localnets;
};
};
trusted-keys {
dlv.isc.org. 257 3 5 “*****************************”;
};

ANDROID-X86.NET.HOSTS

$ttl 38400
@ IN SOA ns1.android-x86.net. root.ns1.android-x86.net. (
1481465495
10800
3600
604800
38400 )
@ IN NS ns1.android-x86.net.
android-x86.net. IN A 1.2.3.4
www.android-x86.net. IN A 1.2.3.4
ftp.android-x86.net. IN A 1.2.3.4
m.android-x86.net. IN A 1.2.3.4
ns1.android-x86.net. IN A 1.2.3.4
localhost.android-x86.net. IN A 127.0.0.1
ns1.android-x86.net. IN A 1.2.3.4
webmail.android-x86.net. IN A 1.2.3.4
admin.android-x86.net. IN A 1.2.3.4
mail.android-x86.net. IN A 1.2.3.4
android-x86.net. IN MX 5 mail.android-x86.net.
android-x86.net IN PTR 4.3.2.1.in-addr.arpa.
ns1.andriod-x86.net IN PTR 4.3.2.1.in-addr.arpa.
android-x86.net. IN TXT “v=spf1 a mx a:android-x86.net a:www.android-x86.net a:ns1.android-x86.net ip4:1.2.3.4 ip6:******************** -all”
_dmarc.android-x86.net. IN TXT “v=DMARC1; pct=100; ruf=mailto:miker1029@android-x86.net; rua=mailto:miker1029@android-x86.net; p=reject; sp=none; rf=afrf; ri=86400”
2017._domainkey.android-x86.net. IN TXT ( "v=DKIM1; k=rsa; t=s; p="" )
$INCLUDE Kandroid-x86.net.++.key ***** DSSEC WIP ****
$INCLUDE Kandroid-x86.net.+.*.key ***** DSSEC WIP ****

I haven’t changed these files since clean install of Centos 7 Server (minimal), and Clean Install of Virtualmin, about a month ago, The **** Are from today working on getting DESSEC=*DNSSEC Up and Running…

Thanks,

Mike

6

And to Clarify a Little…

My OS (Server?) Is named NS1.ANDROID-X86.NET, My Domain (In The Registrar) is “android-x86.net”, I have Virtualmin Set for NS1.ANDROID_X86.NET as the HOST, and the Virtual Server is “android-x86.net

Dunno If that is confusing, but, really, everything I’ve read says, the Server (Operating System) should be NS1.DOMAINNAME.NET and virtualmin installs fineas that being a FQDN…

Not trying to act as if you don’t know, trying t clarify my own stupidity… LOL

Mike

7

Is this a mistake “www.android-x86.net”?

8

Is this a mistake “www.android-x86.net” or did you use this to mask your domain?

9

Are those the correct files you needed??

If you need anymore info let me know… I just really need to know what I need to point to from the Registrar to have Virtualmin Handle MY OWN DNS Requests…

The server is Called ns1.android-x86.net

The Served Pages are at http://android-x86.net/

So the simple question is, do I register ns1.android-x86.net at the registrar, then have the DNS records forward to the actual pages to be served???

The problem seems to be, that Virtualmin IS NOT handling ANY DNS tasks, As When I try to add it to the Nameservers list at my Registrar it says it doesn’t exist…

I believe I have Virtualmin setup correctly, I’ve done what has been advised, and I’ve read across many different sites looking for an answer…

I will say, ALOT of them are “Setups” from the Beginning, I.E. Installing the files and configuring them, Which I’m really wary of as, I want to keep Virtualmin in control of things, and I really don’t want to break anything…

Thanks,

Mkke

10

No, it’s actually “android-x86.net” as it seems everywhere I’ve tried to append the “www” it get’s omitted, even at the registrar, I have the “CNAME” set for “www”.

Really not sure, It just is that way…Even a ways back, google analytics suggested moving away from the “www”, So not sure, In everything I do related to associating the Domain with things I do both…

Now in my Registrar I have:

ns1.android-x86.net pointed to the new IP, Which in Virtualmin I added “ns1.android-x86.net” and the NEW IP to Bind…And My HOSTS and HOSTNAME Files (Minimally), I didn’t go Nuts with edits…

Now I was reading yesterday, Would I possible need to make a “Master” server “ns1.android-x86.net” and make my Domain a Slave (It’s set to Master Now, By Virtualmin Install)??

From what I read that would be for an NS1 - Master and NS2 for the slave…

Really I just want to be able to ADD NS1 to the nameserver at the registrar and it accept it, Really not sure WHY it’s not, I’ve checked internally, And short of Doing everything Advised in the 3rd link above, I’m not sure what else to do inside virtualmin, From reading the DOCS on it, It seems it should be a simple process for Virtualmin…

Mike

11

Hey Mike,

I’m only dropping in on this, and haven’t had a chance to read through this whole thing, but I wrote up the steps for spinning up a domain from nothing a while back on our blog here: http://inthebox.webmin.com/dns-for-web-hosting-glue-records

It sounds like the glue records are the remaining problem, maybe?

Edit: Also note that most of those steps are automated by Virtualmin; you wouldn’t need to do most of the local BIND stuff, but the stuff at the registrar has to happen for your domains to work.

12

Hey, Okay I went through the BLOG, and Everything on the Local End Reports Correct:

[root@ns1 named]# host android-x86.net android-x86.net has address {CORRECT IP} android-x86.net mail is handled by 5 mail.android-x86.net.

[root@ns1 named]# nslookup android-x86.net
Server: {CORRECT NS1 IP}
Address: {CORRECT NS1 IP}#53

Name: android-x86.net
Address: {CORRECT DOMAIN IP}

[root@ns1 named]# host android-x86.net localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

android-x86.net has address {CORRECT DOMAIN IP)
android-x86.net mail is handled by 5 mail.android-x86.net.

And the Results:

There was a problem with the NameServers you entered for the following domains: android-x86.net This is likely caused by the entered NameServers not being created yet. Please check the spelling of the NameServers you entered as well as checking to make sure they have been created at the applicable registry.

And I will say that NameSilo (Registrar) DOESN’T allow an IP for the Nameserver, I have to use “ns1.android-x86.net”… Also They say support just adding the nameserver, I just noticed the “applicable registry” in the error statement…

Which I thought WAS the “A” Record I was supposed to add for ns1.android-x86.net IN A {NS1 IP ADDRESS} in my Registrar DNS Records…(NameSilo), BUT when I add the “A” record, Typing “ns1.android-x86.net” in the Address bar, Gives me the “Index” of the site (Blank, But says Index, File, File Type) and I still get the Nameserver error from them…

REALLY Started to think it’s them, not me… I contacted my Server provider today to TRIPLE CHeck TCP/UDP 53 was open and it is.

And thanks everyone for taking the time to help me out with this!!!

Mike

13

Sorry to Re-Post I’m being moderated and can’t edit, lol, But I forgot the last 2 checks on the list…

[root@ns1 ~]# host -t ns android-x86.net
android-x86.net name server ns1.android-x86.net.

[root@ns1 ~]# host android-x86.net ns1.android-x86.net
Using domain server:
Name: ns1.android-x86.net
Address: {CORRECT NS1 IP}#53
Aliases:

android-x86.net has address {CORRECT DOMAIN IP}
android-x86.net mail is handled by 5 mail.android-x86.net.
[root@ns1 ~]#

All As it seems it should be…

Mike

14

I have an Update to this.

With All the time spread over months of trying to get this to work, I believe I was confusing setting up a single IP DNS Nameserver.

I now have one IP for the HOST (NS1.ANDROID-X86.NET) and one IP for the Virtual Server (HTTP://ANDROID-X86.NET)

The IP for NS1.ANDROID-X86.NET Resolves through the “A” Record at My Registrar, My Registrar STILL Says that NS1.ANDROID-X86.NET IS NOT A NAMESERVER… When I enter the Address (OR IP) in the Address Bar I get:

Index of /

[ICO] Name Last modified Size Description

This Is My HOSTS FIle

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
NEW.IP.0.0 ns1.anddroid-x86.net ns1

This Is Local HOSTSNAME:

ns1

changed from NS1.ANDROID-X86.NET

This is my RESOLV.CONF

Generated by NetworkManager
search android-x86.net
nameserver NEW.IP.0.0
nameserver 162.213.38.38 Virtualmin Did this on install Dunno where they come from
nameserver 178.22.66.167 Virtualmin Did this on install Dunno where they come from
nameserver 127.0.01

I added the ENS4 - New IP, In Network Config.
I added the IP’s In Bind

Not sure what else to do, I checked with INTERNIC and It’s not resolving, But I assume as long as my Registrar Isn’t allowing me to add it to nameserver that it won’t resolve…

I used these 2 Links and read alot on the last Link, But it killed my connection on server reboot…

https://www.virtualmin.com/node/18463
https://www.virtualmin.com/documentation/dns/faq

https://www.unixmen.com/setting-dns-server-centos-7/

Is there a way to just check the proper settings locally, Like not through “dig” as that reports the same dnsowl, which is my registrar nameservers…

Hope this clarifies a little the problems I’m having…

Mike

Edited:Copy/Paste Mangled in the display

15

Also Anything posted before Wed, 01/04/2017 - 10:56 on this thread is Dead info… I just came back here as I didn’t want to clutter the forums…

mIKE

16

Ok all, I got it…

It’s bad when you have a not so savy linux user as myself, and worse when the services you pay for don’t know what they’re doing…TILL

You hit the right REP!
I registered the name server, and added it to the NameServer List, Replaced the NS1.DNSOWL.COM, With NS!.ANDROID-X86.NET, And it work with the Registrar, Told them I was going to be leaving, Still Might after a year of fighting with this, and multiple emails to them…

I’m NOT gonna say solved right now, as I went in and Removed hosts “::1” as I think that was IP6 and my server doesn’t support it, and one of the test commands came back with that as the IP, So I removed it and The IP went to localhost, I also changed the RESOLV.CONF to My NS1 IP, and Not localhost as it was set for…

I have a snap shot of the server and can restore no problem, BUT now that it’s registered and done, I’ll Play Around more, Unless ADVISED OTHERWISE HERE!!! LoL!!!

But it says 1-48 Hours to Propagate, And as long as the forum keeps running I’ll let it go… And do the tests…

Thanks everyone I’ll report back on this!

Mike

17

Well Good Start…

Los Angeles CA, United States

ns1.android-x86.net

Dallas TX, United States

ns1.android-x86.net

Mountain View CA, United States

ns1.dnsowl.com
ns2.dnsowl.com
ns3.dnsowl.com

18

iNTERNIC

Domain Name: ANDROID-X86.NET
Registrar: , LLC
Sponsoring Registrar IANA ID: *****
Whois Server: whois..com
Referral URL: http://www.*********.com
Name Server: NS1.ANDROID-X86.NET
Name Server: NS2.DNSOWL.COM *** Guess I Already Posted this…
Name Server: NS3.DNSOWL.COM
Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Updated Date: 08-jan-2017
Creation Date: 27-feb-2015
Expiration Date: 27-feb-2017

Guess Gonna have to Invest in a 3rd IP, To get rid of DNSOWL (Registrar) totally, but Gonna leave as a BackUp…

Any Advice Now that I have it working, I’m Only serving my One Domain… But if I can Get Away from Anything to do with the “Registrar” I’d like to.

Mike

19

You only need two IP addresses for DNS service redundancy (ideally they’d be on two different servers on two different networks, but if all of your services are on one system, anyway, having redundancy is not so important).

Registrars are a necessary evil; you’ll have to get comfortable dealing with glue records, if you want to manage DNS records (or if you want to let Virtualmin do it for you). If you want to handle DNS through the registrar (most allow you to host your DNS records on their name servers for free), that won’t require glue records. But, good registrars make it pretty easy…I just poked around the namecheap interface today and see they have changed it a bunch…so my old blog post doesn’t really match their UI, anymore, though the principles will always be the same. But, if it makes you feel any better about it, once you understand how DNS works, it becomes pretty easy to get the basics going. Even though I only do it every six months or so and forget all the specifics in the meantime, I am usually able to do it in a few minutes.

Also, there’s a truism about problems with any networked service (web, mail, whatever): It’s always DNS. Even if you think it isn’t DNS, it’s probably DNS. (Not because DNS is unreliable, but because it is complex and people often get it wrong.)

20

Lol, Ya I agree! Basically the reason I want to manage them is, well, one for the learning experience, and two, The service really doesn’t provide everything needed for today settings, I mean, Ya, you can get by just fine with them, But Coming from “A FREE HOST”, What I started with in the VERY Beginning, To where I Am Today, I’ve learned, that, If “I” have the control “I” can fix it when needed, NOT, A Trouble Ticket, Not a REP who knows less then me, and that’s REAL BAD!! LOL

And Ya I’m sure If I paid more, I’d get what I want, But as it stands, I’m hoping to upgrade to the Virtualmin Pro, Not that I need PRO, But, The Creators of this piece of programming well deserve more then my $6 a Month, After I’ve learned the interface a little, and got over the “SHELL SHOCK” of C-Panel and a Paid host, I love it!!

And learning the proper use of back-ups, and when to do it, and all that, Example: I STILL haven’t rebooted the server, LOL, And I’ve found that’s the END all BE ALL of a working system, I know I don’t need to, But that’s my test on a working server, I still have the Snapshot before I started all this… AND I might restore it, just to see if I needed to make the changes I did…

So as It stands now, the Propagation Is Bouncing ALL OVER THE PLACE, yesterday before bed My Nameserver Propagated to about 7 of 20 Checks, now it’s on 2 of 20, Just gonna leave it be for a couple days, see how it settles out and report back here…

Then On to DNSSEC, And a couple other things…

Question tho, Would it be Better (Although I’d assume Pretty Useless in the long run) to have a second NS (NS2) that basically just points to the same IP, I’d much rather have NS1/NS2 For my Name servers, and say the registrars NS3 as A Fallback…

And as I said, as of right now the propagation is jumping around, so I’ve got a couple days to sit back and wait on it before doing anything else…

And again let me thank all of you for your input, I wouldn’t have gotten this done without the help/links, That finally got my head rapped around what I needed to get done!!!

Mike