I’m certain this is not an VM issue at all and just an operator error on my part.
I am attempting to move our name servers to 1 locally hosted NS as well as one EC2 hosted NS.
I am pretty sure I have the DNS configs right in bind, because when I do a dig any domainname.com all returns well.
But when I change over to the nameservers, our domain goes kaboom. I then do an intodns.com diagnostic and it returns this:
Category Status Test name Information send feedback
Parent Info Domain NS records Nameserver records returned by the parent servers are:
ns3.mobiusllc.net. [‘174.129.4.202’] [TTL=172800]
ns4.mobiusllc.net. [‘71.164.20.45’] [TTL=172800]
a.gtld-servers.net was kind enough to give us that information.
Pass TLD Parent Check Good. a.gtld-servers.net, the parent server I interogated, has information for your TLD. This is a good thing as there are some other domain extensions like “co.us” for example that are missing a direct check.
Pass Your nameservers are listed Good. The parent server a.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
Pass DNS Parent sent Glue Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide “bootstrapping” information to the nameserver.(see RFC 1912 section 2.3)
Pass Nameservers A records Good. Every nameserver listed has A records. This is a must if you want to be found.
NS Info NS records from your nameservers NS records got from your nameservers listed at the parent NS are:
Oups! I could not get any nameservers from your nameservers (the ones listed at the parent server). Please verify that they are not lame nameservers and are configured properly.
Pass Recursive Queries Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
Pass Same Glue Hmm,I do not consider this to be an error yet, since I did not detect any nameservers at your nameservers.
Pass Glue for NS records OK. Your nameservers (the ones reported by the parent server) have no ideea who your nameservers are so this will be a pass since you already have a lot of errors!
Error Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records.
Error DNS servers responded ERROR: One or more of your nameservers did not respond:
The ones that did not responded are:
174.129.4.202 71.164.20.45
Pass Name of nameservers are valid OK. The nameservers reported by the parent send out nothing as shown above. I can’t check nothing so it’s a green!
Error Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
Pass Nameservers are lame OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
Pass Missing nameservers reported by parent OK. All NS records are the same at the parent and at your nameservers.
Error Missing nameservers reported by your nameservers You should already know that your NS records at your nameservers are missing, so here it is again:
ns3.mobiusllc.net.
ns4.mobiusllc.net.
Pass Domain CNAMEs OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Pass NSs CNAME check OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Pass Different subnets OK. Looks like you have nameservers on different subnets!
Pass IPs of nameservers are public Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
Pass DNS servers allow TCP connection OK. Seems all your DNS servers allow TCP connections. This is a good thing and usefull even if UDP connections are used by default.
Pass Different autonomous systems OK. It seems you are safe from a single point of failure. You must be carefull about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
Pass Stealth NS records sent Ok. No stealth ns records are sent
SOA Error SOA record No valid SOA record came back!
MX Error MX Records Oh well, I did not detect any MX records so you probably don’t have any and if you know you should have then they may be missing at your nameservers!
WWW Error WWW A Record ERROR: I could not get any A records for www.mobiusllc.net!
(I only do a cache request, if you recently added a WWW A record, it might not show up here.)
Basically, it’s saying my nameservers are not responding. Are there ports other than 53 I should be opening up/forwarding?